1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

[Solved] HELP:Internet works but adobe creative cloud,chrome and IE say it doesnt???

Discussion in 'Malware Removal Help' started by Hamlap, Oct 30, 2015.

  1. Hamlap

    Hamlap Registered Members

    Joined:
    Oct 30, 2015
    Messages:
    15
    Operating System:
    Windows 10
    Hello guys

    I am having a problem with google chrome, malware bytes,internet explorer and adobe creative.Yesterday all off sudden I had no internet connect when using these softwares my internet is on an working only edge works at this moment all the other ones have no internet connection what should I do? I already tried to change the dns but it did nothing. I looked at other threads which suggest that I might have a malware.
    I tried to scan with malware bytes yesterday but it didn't work so I unistalled to install but an error pops up when I try to install malware bytes? any expert no why I have this problem?
     
  2. allheart55 (Cindy E)

    allheart55 (Cindy E) Administrator Administrator

    Joined:
    Jun 11, 2009
    Messages:
    10,518
    Location:
    Pennsylvania
    Operating System:
    Windows 10
    Computer Brand or Motherboard:
    ASUS M4A77TD AM3 AMD 770 ATX AMD
    CPU:
    AMD Phenom II X6 1090T-Thuban 3.2GHz
    Memory:
    Crucial-DDR3 SDRAM 1333-8GB
    Hard Drive:
    WD Caviar Black SE HDD 640 GB - WD Caviar Black SE HDD 500 GB
    Graphics Card:
    Sapphire Radeon HD-7870 2GB
    Power Supply:
    CORSAIR CMPSU-750W
    Hello Hamlap and welcome to Computer Help Forums.

    What kind of error are you getting when you try to install Malwarebytes?
    Do you know what the error said?
     
  3. Hamlap

    Hamlap Registered Members

    Joined:
    Oct 30, 2015
    Messages:
    15
    Operating System:
    Windows 10
    Hi allheart thank you!

    Runtime error (at 85:137):

    could not call proc.

    and all of a sudden EDGE is also acting slow
    and I tried to install Mozilla firefox but it just crashes
     
  4. Tony D

    Tony D Administrator Administrator

    Joined:
    Sep 25, 2009
    Messages:
    5,084
    Location:
    SE Pennsylvania, USA
    Operating System:
    Windows XP Professional
    Something is definately amiss here. Issues like this are a bit difficult to diagnose as it may be related to your network, your software, hardware, or even malware.

    Curious, what made you think changing your DNS would help?

    If this started all of a sudden, consider restoring your computer to an earlier point in time. If this doesn't work, we'll have to move you to a forum where our malware removal experts can help you.

    I'm sure allheart and others will chime in as things progress.

    Here are instructions from Microsoft's site at http://windows.microsoft.com/en-us/windows-10/windows-10-recovery-options

    Restore from a system restore point
    This option takes your PC back to an earlier point in time, called a system restore point. Restore points are generated when you install a new app, driver, or Windows update, and when you create a restore point manually. Restoring won’t affect your personal files, but it will remove apps, drivers, and updates installed after the restore point was made.
    1. Right-click (or press and hold) the Start button, and then select Control Panel.
    2. Search Control Panel for Recovery.
    3. Select Recovery > Open System Restore > Next.
    4. Choose the restore point related to the problematic app, driver, or update, and then select Next > Finish.
     
  5. Hamlap

    Hamlap Registered Members

    Joined:
    Oct 30, 2015
    Messages:
    15
    Operating System:
    Windows 10
    When I had the no connection error thing in google it said something about DNS so I went and found a youtube tut that said to
    resolve the connection problem u need to change ur DNS,Unfortunatly changing it did not solve the problem
    il try the system restore and il let u know if it worked thanks for the reply
     
  6. Hamlap

    Hamlap Registered Members

    Joined:
    Oct 30, 2015
    Messages:
    15
    Operating System:
    Windows 10
    Hi guys just restored to an earlier time but it did not work chrome is not opening now and malware bytes says the application was unable to start correctly
     
  7. Tony D

    Tony D Administrator Administrator

    Joined:
    Sep 25, 2009
    Messages:
    5,084
    Location:
    SE Pennsylvania, USA
    Operating System:
    Windows XP Professional
    Are you using the same computer to access this site now? If so, you do have Internet access.
     
  8. Hamlap

    Hamlap Registered Members

    Joined:
    Oct 30, 2015
    Messages:
    15
    Operating System:
    Windows 10
    yeah Iam using same computer I have internet but chrome,internet,adobe creative and steam says I don't have internet conneciton
     
  9. Hamlap

    Hamlap Registered Members

    Joined:
    Oct 30, 2015
    Messages:
    15
    Operating System:
    Windows 10
    btw iam using edge which apparently is the only software that has internet connection
     
  10. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Step 1
    Run CMD as admininstrator.
    Right click on the Windows icon (on the taskbar) and then select Command Prompt (Admin)

    ff9e11867aad00f39256146a1719a4bf.png

    In the command line type: netsh winsock reset

    65008a6db3b48ad3ca96be78d2a37618.png

    Press the Enter key on your keyboard.
    Now restart your PC.

    Step 2
    • Try to Uninstall Malwarebytes' Anti-Malware .
    • Restart your computer (very important).
    • Then download mbam clean and save to your Desktop.
    • Please close all open applications and temporarily shutdown your antivirus to avoid any conflicts when running the tool.
    • Locate the file mbam-clean.exe and double-click to run it... Vista/Windows 7/8/10 users right-click and select Run As Administrator.. and follow the onscreen prompts.
    • It will ask to restart your computer, please allow it to do so (very important)
    • After the computer restarts..........
    • Ensure that your antivirus is enabled and download the latest version of Malwarebytes Anti-Malware from Here and save it to your desktop.
    • Now close all open applications including your browser and again temporarily disable your antivirus as before and launch the Malwarebytes installer you just downloaded.
    • When installation is complete....Make sure you re-enabled your Anti-Virus/Internet-Security applications.
    Then see if MBAM will update... if so run a scan and post the report here.

    Let us know how this goes and then we can take it from there if required
     
  11. Hamlap

    Hamlap Registered Members

    Joined:
    Oct 30, 2015
    Messages:
    15
    Operating System:
    Windows 10
    hi sorry for such a late reply I tried doing those steps but it didn't work when I try to uninstall malware bytes it says:malware bytes does not exist
     
  12. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    If it says MBAM doesn't exist ... don't worry.
    Just move on to the MBAM Clean step.
    Then install a fresh copy from the link I gave.
     
  13. Hamlap

    Hamlap Registered Members

    Joined:
    Oct 30, 2015
    Messages:
    15
    Operating System:
    Windows 10
    Hi starbuck I followed the instructions but it says Runtime error (at:97:137): could not call proc.
    when installing mbam
     
  14. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Hamlap

    I've moved your thread to the Malware Removal forum so that we can take a more indepth look at your system.

    Note:
    There are both 32-bit and 64-bit versions of Farbar Recovery Scan Tool available. Please pick the version that matches your operating system's bit type.

    If you are unsure what you're system bit type is..... click Here for help.

    For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop.

    For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.

    • Double-click the downloaded icon to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator

      a1e30894cbd1e51d77798ccaebcd6fa0.png
    • When the tool opens click Yes to disclaimer.

      6c81f32e4cfa276b33b2c5b126a03416.png
    • Make sure that Addition.txt is selected at the bottom
    • Press Scan button.

      1b8c7ec40ba5fc57455a82d8388da693.png
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.


    In your next reply, please submit:
    Both reports from FRST

    If the Windows SmartScreen or your AntiVirus throw up a message about any of the tools we use..... just ignore the message and click to "Run anyway",

    25661e16d4998b13082ea89485756ae8.png

    ebdc4374dab5a2286e35a8968de4af59.png


    Thanks.
     
  15. Hamlap

    Hamlap Registered Members

    Joined:
    Oct 30, 2015
    Messages:
    15
    Operating System:
    Windows 10
    Hi starbuck

    Thanks for the reply here are the files

    thank you

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-11-2015
    Ran by CIVY (administrator) on HAMED (05-11-2015 21:28:26)
    Running from C:\Users\CIVY\Desktop
    Loaded Profiles: CIVY (Available Profiles: CIVY)
    Platform: Windows 10 Pro (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
    (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
    (M-Audio) C:\Program Files (x86)\M-Audio\Oxygen\AudioDevMon.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
    (Splice) C:\Users\CIVY\AppData\Local\Splice\Splice.WinClient\Splice.WinClient.exe
    (Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
    () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1026.13580.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1510.13020.0_x64__8wekyb3d8bbwe\Calculator.exe
    (Image-Line) C:\Program Files (x86)\Image-Line\FL Studio 11\System\Tools\Bridge\64bit\ilbridge.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.15081.0_x64__8wekyb3d8bbwe\Video.UI.exe
    (Image-Line) C:\Program Files (x86)\Image-Line\FL Studio 11\System\Tools\Bridge\64bit\ilbridge.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    (Microsoft Corporation) C:\Windows\System32\browser_broker.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-04-11] (Intel Corporation)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-09-04] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-21] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3779496 2015-10-19] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2015-07-23] (Power Software Ltd)
    HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2292912 2015-09-17] (Adobe Systems Incorporated)
    HKU\S-1-5-21-196304569-3554425786-1367066649-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2901584 2015-10-14] (Valve Corporation)
    HKU\S-1-5-21-196304569-3554425786-1367066649-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd)
    ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
    ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
    ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
    Startup: C:\Users\CIVY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2015-09-02]
    ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
    Startup: C:\Users\CIVY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Splice for Windows.lnk [2015-09-02]
    ShortcutTarget: Splice for Windows.lnk -> C:\Users\CIVY\AppData\Local\Splice\Splice.WinClient\Splice.WinClient.exe (Splice)
    BootExecute: autocheck autochk /m /P \Device\HarddiskVolume2autocheck autochk *

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{0240b48c-05d4-4654-9acb-5864d32a6d74}: [DhcpNameServer] 192.168.0.1

    Internet Explorer:
    ==================
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-196304569-3554425786-1367066649-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-196304569-3554425786-1367066649-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
    BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-07-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe

    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-09-07] ()
    FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-09-17] (Adobe Systems)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-09-07] ()
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-09-17] (Adobe Systems)

    Chrome:
    =======
    CHR Profile: C:\Users\CIVY\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (No Name) - C:\Users\CIVY\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2015-10-30]
    CHR Extension: (No Name) - C:\Users\CIVY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-10-30]
    CHR Extension: (No Name) - C:\Users\CIVY\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2015-10-30]
    CHR Extension: (No Name) - C:\Users\CIVY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-30]
    CHR Extension: (No Name) - C:\Users\CIVY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2015-10-30]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [669872 2015-09-15] (Adobe Systems Incorporated)
    R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2015936 2015-09-29] (Adobe Systems, Incorporated)
    R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [335656 2015-10-19] (AVG Technologies CZ, s.r.o.)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-04-11] (Intel Corporation)
    R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [351120 2015-07-17] (Intel Corporation)
    R2 OxygenAudioDevMon; C:\Program Files (x86)\M-Audio\Oxygen\AudioDevMon.exe [1632776 2010-03-04] (M-Audio)
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
    R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [297904 2015-08-19] (AVG Technologies CZ, s.r.o.)
    R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
    R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [304560 2015-08-04] (AVG Technologies CZ, s.r.o.)
    R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-10-01] (Intel Corporation)
    R3 OXYGEN; C:\Windows\system32\DRIVERS\MAudioOxygen.sys [134664 2010-03-04] (M-Audio)
    R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek )
    S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
    S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
    R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
    R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
    R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
    S1 bsdriver; \??\C:\WINDOWS\system32\drivers\bsdriver.sys [X]
    S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-11-05 21:28 - 2015-11-05 21:28 - 00012851 _____ C:\Users\CIVY\Desktop\FRST.txt
    2015-11-05 21:28 - 2015-11-05 21:28 - 00000000 ____D C:\FRST
    2015-11-05 21:26 - 2015-11-05 21:26 - 02198528 _____ (Farbar) C:\Users\CIVY\Desktop\FRST64.exe
    2015-11-05 21:16 - 2015-11-05 21:16 - 00016148 _____ C:\WINDOWS\system32\HAMED_CIVY_HistoryPrediction.bin
    2015-11-04 18:55 - 2015-11-04 18:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\M-Audio
    2015-11-04 18:55 - 2015-11-04 18:55 - 00000000 ____D C:\Program Files\M-Audio
    2015-11-04 18:55 - 2015-11-04 18:55 - 00000000 ____D C:\Program Files (x86)\M-Audio
    2015-11-04 18:54 - 2015-11-04 18:54 - 09859459 _____ C:\Users\CIVY\Downloads\Oxygen_1_3_0.zip
    2015-11-04 18:47 - 2015-11-04 18:47 - 22908888 _____ (Malwarebytes ) C:\Users\CIVY\Desktop\mbam-setup-2.2.0.1024.exe
    2015-11-04 18:41 - 2015-11-04 18:41 - 00321848 _____ (Malwarebytes Corporation) C:\Users\CIVY\Desktop\mbam-clean-2.1.1.1001.exe
    2015-11-03 20:09 - 2015-11-03 20:18 - 487712223 _____ C:\Users\CIVY\Documents\name 1.mp4
    2015-11-03 18:59 - 2015-11-03 18:59 - 00000000 _____ C:\Users\CIVY\Downloads\2358fb53-e793-4c15-a8c7-001ade2e7d50.png.j53q2q3.partial
    2015-11-03 18:59 - 2015-11-03 18:59 - 00000000 _____ C:\Users\CIVY\Downloads\2358fb53-e793-4c15-a8c7-001ade2e7d50 (2).png.y7ro0zj.partial
    2015-11-03 18:59 - 2015-11-03 18:59 - 00000000 _____ C:\Users\CIVY\Downloads\2358fb53-e793-4c15-a8c7-001ade2e7d50 (1).png.0qa8rv0.partial
    2015-11-03 18:07 - 2015-11-03 18:35 - 1405291110 _____ C:\Users\CIVY\Documents\Untitled.mp4
    2015-11-03 18:00 - 2015-11-03 20:02 - 00289800 _____ C:\Users\CIVY\Desktop\civy 23 22.sfk
    2015-11-03 17:31 - 2015-11-03 17:49 - 00002624 _____ C:\Users\CIVY\Desktop\wav 2.sfk
    2015-11-03 17:31 - 2015-11-03 17:31 - 00654890 _____ C:\Users\CIVY\Desktop\wav 2.wav
    2015-11-03 17:29 - 2015-11-03 17:29 - 00352440 _____ C:\Users\CIVY\Documents\Untitled.wav
    2015-11-03 17:27 - 2015-11-03 17:29 - 00001344 _____ C:\Users\CIVY\Desktop\wav 1.sfk
    2015-11-03 17:27 - 2015-11-03 17:27 - 00327538 _____ C:\Users\CIVY\Desktop\wav 1.wav
    2015-11-03 17:26 - 2015-11-03 17:26 - 00144236 _____ C:\Users\CIVY\Desktop\Untitled.wav
    2015-11-03 17:24 - 2015-11-03 17:25 - 00001873 _____ C:\Users\CIVY\Documents\My Project.aaf,3-11-2015,17-24-28.log
    2015-11-03 17:24 - 2015-11-03 17:24 - 00240640 _____ C:\Users\CIVY\Documents\My Project.aaf
    2015-11-03 17:23 - 2015-11-03 17:24 - 00001442 _____ C:\Users\CIVY\Documents\My Project.aaf,3-11-2015,17-23-34.log
    2015-11-03 17:23 - 2015-11-03 17:23 - 00281088 _____ C:\Users\CIVY\Desktop\My Project.aaf
    2015-11-03 00:14 - 2015-11-03 00:14 - 00000000 ____D C:\Users\CIVY\.thumbnails
    2015-11-03 00:13 - 2015-11-03 00:14 - 00000000 ____D C:\Users\CIVY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blender
    2015-11-03 00:13 - 2015-11-03 00:13 - 00001189 _____ C:\Users\CIVY\Desktop\blender.lnk
    2015-11-03 00:13 - 2015-11-03 00:13 - 00000000 ____D C:\Program Files\Blender Foundation
    2015-11-03 00:12 - 2015-11-03 00:13 - 83719096 _____ C:\Users\CIVY\Downloads\blender-2.76-windows64.msi
    2015-11-02 15:09 - 2015-11-02 15:30 - 1381378388 _____ C:\Users\CIVY\Documents\video 56.mp4
    2015-11-02 15:00 - 2015-11-02 15:00 - 00298432 _____ C:\Users\CIVY\Downloads\bensound-retrosoul.mp3.sfk
    2015-11-02 14:13 - 2015-11-02 14:13 - 00003264 _____ C:\WINDOWS\System32\Tasks\{DF216AC6-422A-4124-A1FF-E13C283FD6AA}
    2015-11-02 14:03 - 2015-11-04 00:30 - 00000000 ____D C:\Users\CIVY\Desktop\video 6
    2015-11-01 01:01 - 2015-11-01 01:01 - 00031200 _____ C:\Users\CIVY\Desktop\gsdfg.veg
    2015-11-01 00:32 - 2015-11-01 00:40 - 359650397 _____ C:\Users\CIVY\Desktop\Untitled.mp4
    2015-10-31 23:57 - 2015-10-31 23:57 - 00025120 _____ C:\Users\CIVY\Desktop\gads.veg
    2015-10-31 23:33 - 2015-10-31 23:42 - 455420063 _____ C:\Users\CIVY\Documents\video 31.mp4
    2015-10-31 23:10 - 2015-10-31 23:26 - 864473045 _____ C:\Users\CIVY\Documents\hamed
    2015-10-31 22:58 - 2015-10-31 22:59 - 00061272 _____ C:\Users\CIVY\Downloads\1960s Pop Loop.mp3.sfk
    2015-10-31 22:44 - 2015-11-01 01:04 - 00000000 ____D C:\Users\CIVY\Desktop\video 5
    2015-10-31 22:42 - 2015-10-31 22:42 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
    2015-10-31 10:35 - 2015-10-31 10:35 - 00000000 ____D C:\ProgramData\ATI
    2015-10-30 22:37 - 2015-10-30 22:37 - 00061917 _____ C:\WINDOWS\SysWOW64\CCCInstall_201510302237454974.log
    2015-10-30 22:37 - 2015-10-30 22:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
    2015-10-30 22:37 - 2015-10-30 22:37 - 00000000 ____D C:\Program Files\ATI Technologies
    2015-10-30 22:36 - 2015-10-30 22:36 - 00061037 _____ C:\WINDOWS\SysWOW64\CCCInstall_201510302236478569.log
    2015-10-30 22:33 - 2015-10-30 22:33 - 47794160 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl64.dll
    2015-10-30 22:33 - 2015-10-30 22:33 - 39712768 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl.dll
    2015-10-30 22:33 - 2015-10-30 22:33 - 30776304 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atio6axx.dll
    2015-10-30 22:33 - 2015-10-30 22:33 - 27544560 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl12cl64.dll
    2015-10-30 22:33 - 2015-10-30 22:33 - 25320432 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atioglxx.dll
    2015-10-30 22:33 - 2015-10-30 22:33 - 22327280 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl12cl.dll
    2015-10-30 22:33 - 2015-10-30 22:33 - 15725552 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticaldd64.dll
    2015-10-30 22:33 - 2015-10-30 22:33 - 14310896 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticaldd.dll
    2015-10-30 22:33 - 2015-10-30 22:33 - 09355016 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdxc64.dll
    2015-10-30 22:33 - 2015-10-30 22:33 - 08009360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdva.dll
    2015-10-30 22:33 - 2015-10-30 22:33 - 07683096 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll
    2015-10-30 22:33 - 2015-10-30 22:33 - 07482552 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdag.dll
    2015-10-30 22:33 - 2015-10-30 22:33 - 06686192 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmantle64.dll
    2015-10-30 22:33 - 2015-10-30 22:33 - 05216240 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmantle32.dll
    2015-10-30 22:33 - 2015-10-30 22:33 - 03471376 _____ C:\WINDOWS\SysWOW64\atiumdva.cap
    2015-10-30 22:33 - 2015-10-30 22:33 - 03437632 _____ C:\WINDOWS\system32\atiumd6a.cap
    2015-10-30 22:33 - 2015-10-30 22:33 - 01196032 _____ C:\WINDOWS\system32\amdocl_as64.exe
    2015-10-30 22:33 - 2015-10-30 22:33 - 01070592 _____ C:\WINDOWS\system32\amdocl_ld64.exe
    2015-10-30 22:33 - 2015-10-30 22:33 - 01004032 _____ C:\WINDOWS\SysWOW64\amdocl_as32.exe
    2015-10-30 22:33 - 2015-10-30 22:33 - 00935408 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll
    2015-10-30 22:33 - 2015-10-30 22:33 - 00935408 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll
    2015-10-30 22:33 - 2015-10-30 22:33 - 00833800 _____ C:\WINDOWS\system32\amdicdxx.dat
    2015-10-30 22:33 - 2015-10-30 22:33 - 00807424 _____ C:\WINDOWS\SysWOW64\amdocl_ld32.exe
    2015-10-30 22:33 - 2015-10-30 22:33 - 00662392 _____ C:\WINDOWS\SysWOW64\atiapfxx.blb
    2015-10-30 22:33 - 2015-10-30 22:33 - 00662392 _____ C:\WINDOWS\system32\atiapfxx.blb
    2015-10-30 22:33 - 2015-10-30 22:33 - 00631280 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll
    2015-10-30 22:33 - 2015-10-30 22:33 - 00524272 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll
    2015-10-30 22:33 - 2015-10-30 22:33 - 00471312 _____ C:\WINDOWS\system32\amdmiracast.dll
    2015-10-30 22:33 - 2015-10-30 22:33 - 00375792 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe
    2015-10-30 22:33 - 2015-10-30 22:33 - 00341488 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODE.exe
    2015-10-30 22:33 - 2015-10-30 22:33 - 00243696 _____ C:\WINDOWS\system32\clinfo.exe
    2015-10-30 22:33 - 2015-10-30 22:33 - 00213488 _____ C:\WINDOWS\system32\amdgfxinfo64.dll
    2015-10-30 22:33 - 2015-10-30 22:33 - 00199664 _____ (AMD) C:\WINDOWS\system32\atitmm64.dll
    2015-10-30 22:33 - 2015-10-30 22:33 - 00198640 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll
    2015-10-30 22:33 - 2015-10-30 22:33 - 00177344 _____ C:\WINDOWS\system32\ativce03.dat
    2015-10-30 22:33 - 2015-10-30 22:33 - 00175648 _____ C:\WINDOWS\system32\amde31a.dat
    2015-10-30 22:33 - 2015-10-30 22:33 - 00168944 _____ C:\WINDOWS\system32\atieah64.exe
    2015-10-30 22:33 - 2015-10-30 22:33 - 00165360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll
    2015-10-30 22:33 - 2015-10-30 22:33 - 00152560 _____ C:\WINDOWS\SysWOW64\atieah32.exe
    2015-10-30 22:33 - 2015-10-30 22:33 - 00150512 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll
    2015-10-30 22:33 - 2015-10-30 22:33 - 00143344 _____ C:\WINDOWS\system32\amdhdl64.dll
    2015-10-30 22:33 - 2015-10-30 22:33 - 00136176 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll
    2015-10-30 22:33 - 2015-10-30 22:33 - 00132080 _____ C:\WINDOWS\SysWOW64\amdhdl32.dll
    2015-10-30 22:33 - 2015-10-30 22:33 - 00122352 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll
    2015-10-30 22:33 - 2015-10-30 22:33 - 00112360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiu9pag.dll
    2015-10-30 22:33 - 2015-10-30 22:33 - 00111600 _____ C:\WINDOWS\system32\hsa-thunk64.dll
    2015-10-30 22:33 - 2015-10-30 22:33 - 00111088 _____ C:\WINDOWS\SysWOW64\hsa-thunk.dll
    2015-10-30 22:33 - 2015-10-30 22:33 - 00103408 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll
    2015-10-30 22:33 - 2015-10-30 22:33 - 00100816 _____ C:\WINDOWS\system32\ativce02.dat
    2015-10-30 22:33 - 2015-10-30 22:33 - 00096752 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll
    2015-10-30 22:33 - 2015-10-30 22:33 - 00088000 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll
    2015-10-30 22:33 - 2015-10-30 22:33 - 00087992 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll
    2015-10-30 22:33 - 2015-10-30 22:33 - 00083952 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6pxx.dll
    2015-10-30 22:33 - 2015-10-30 22:33 - 00081168 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll
    2015-10-30 22:33 - 2015-10-30 22:33 - 00081160 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll
    2015-10-30 22:33 - 2015-10-30 22:33 - 00078320 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiglpxx.dll
    2015-10-30 22:33 - 2015-10-30 22:33 - 00078320 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiglpxx.dll
    2015-10-30 22:33 - 2015-10-30 22:33 - 00073712 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
    2015-10-30 22:33 - 2015-10-30 22:33 - 00071152 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalrt64.dll
    2015-10-30 22:33 - 2015-10-30 22:33 - 00068080 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
    2015-10-30 22:33 - 2015-10-30 22:33 - 00064496 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalcl64.dll
    2015-10-30 22:33 - 2015-10-30 22:33 - 00060912 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalrt.dll
    2015-10-30 22:33 - 2015-10-30 22:33 - 00059888 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODCLI.exe
    2015-10-30 22:33 - 2015-10-30 22:33 - 00059376 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmmcl6.dll
    2015-10-30 22:33 - 2015-10-30 22:33 - 00057840 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalcl.dll
    2015-10-30 22:33 - 2015-10-30 22:33 - 00052208 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\ati2erec.dll
    2015-10-30 22:33 - 2015-10-30 22:33 - 00048112 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmmcl.dll
    2015-10-30 22:33 - 2015-10-30 22:33 - 00038384 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll
    2015-10-30 22:33 - 2015-10-30 22:33 - 00012784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll
    2015-10-30 22:33 - 2015-10-30 22:33 - 00012784 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll
    2015-10-30 22:16 - 2015-10-27 23:16 - 18801664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2015-10-30 22:16 - 2015-10-21 12:39 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2015-10-30 22:16 - 2015-10-21 12:00 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
    2015-10-30 22:16 - 2015-10-21 11:46 - 02179584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2015-10-30 22:16 - 2015-10-21 05:49 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2015-10-30 22:16 - 2015-10-21 05:13 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2015-10-30 22:16 - 2015-10-21 05:11 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
    2015-10-30 22:16 - 2015-09-25 03:09 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2015-10-30 22:16 - 2015-09-25 03:00 - 01382400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2015-10-30 22:16 - 2015-09-25 02:36 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2015-10-30 22:15 - 2015-10-27 23:38 - 21871616 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2015-10-30 22:15 - 2015-10-21 12:45 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
    2015-10-30 22:15 - 2015-10-21 12:44 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
    2015-10-30 22:15 - 2015-10-21 12:43 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
    2015-10-30 22:15 - 2015-10-21 12:00 - 24595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2015-10-30 22:15 - 2015-10-21 11:59 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
    2015-10-30 22:15 - 2015-10-21 11:57 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
    2015-10-30 22:15 - 2015-10-21 11:52 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
    2015-10-30 22:15 - 2015-10-21 11:50 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
    2015-10-30 22:15 - 2015-10-21 11:48 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2015-10-30 22:15 - 2015-10-21 11:47 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
    2015-10-30 22:15 - 2015-10-21 11:46 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2015-10-30 22:15 - 2015-10-21 11:44 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
    2015-10-30 22:15 - 2015-10-21 11:44 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
    2015-10-30 22:15 - 2015-10-21 11:43 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
    2015-10-30 22:15 - 2015-10-21 11:42 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
    2015-10-30 22:15 - 2015-10-21 11:41 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
    2015-10-30 22:15 - 2015-10-21 11:40 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
    2015-10-30 22:15 - 2015-10-21 11:38 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
    2015-10-30 22:15 - 2015-10-21 05:53 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
    2015-10-30 22:15 - 2015-10-21 05:08 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
    2015-10-30 22:15 - 2015-10-21 05:05 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
    2015-10-30 22:15 - 2015-10-21 05:03 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2015-10-30 22:15 - 2015-10-21 05:03 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
    2015-10-30 22:15 - 2015-10-21 04:58 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
    2015-10-30 22:15 - 2015-10-21 04:58 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
    2015-10-30 22:15 - 2015-10-21 04:55 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
    2015-10-30 22:15 - 2015-10-10 07:12 - 00078528 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
    2015-10-30 22:15 - 2015-10-06 03:03 - 16708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2015-10-30 22:15 - 2015-10-06 02:46 - 13027840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2015-10-30 22:15 - 2015-10-01 04:01 - 01294352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2015-10-30 22:15 - 2015-10-01 04:01 - 01123400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2015-10-30 22:15 - 2015-10-01 04:01 - 01018568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2015-10-30 22:15 - 2015-10-01 04:01 - 00858408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
    2015-10-30 22:15 - 2015-10-01 04:00 - 08020320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2015-10-30 22:15 - 2015-10-01 03:03 - 00757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
    2015-10-30 22:15 - 2015-09-25 04:01 - 02573768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
    2015-10-30 22:15 - 2015-09-25 04:01 - 00498016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
    2015-10-30 22:15 - 2015-09-25 03:56 - 22322624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2015-10-30 22:15 - 2015-09-25 03:52 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
    2015-10-30 22:15 - 2015-09-25 03:33 - 01997336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
    2015-10-30 22:15 - 2015-09-25 03:26 - 20858360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2015-10-30 22:15 - 2015-09-25 03:11 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
    2015-10-30 22:15 - 2015-09-25 03:11 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
    2015-10-30 22:15 - 2015-09-25 03:07 - 01276416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
    2015-10-30 22:15 - 2015-09-25 03:04 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2015-10-30 22:15 - 2015-09-25 03:04 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2015-10-30 22:15 - 2015-09-25 03:03 - 00796160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
    2015-10-30 22:15 - 2015-09-25 03:03 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2015-10-30 22:15 - 2015-09-25 03:02 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2015-10-30 22:15 - 2015-09-25 03:02 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
    2015-10-30 22:15 - 2015-09-25 03:02 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
    2015-10-30 22:15 - 2015-09-25 03:01 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2015-10-30 22:15 - 2015-09-25 03:01 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2015-10-30 22:15 - 2015-09-25 03:00 - 01423872 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
    2015-10-30 22:15 - 2015-09-25 03:00 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
    2015-10-30 22:15 - 2015-09-25 03:00 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
    2015-10-30 22:15 - 2015-09-25 02:59 - 01205248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
    2015-10-30 22:15 - 2015-09-25 02:59 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
    2015-10-30 22:15 - 2015-09-25 02:59 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
    2015-10-30 22:15 - 2015-09-25 02:59 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
    2015-10-30 22:15 - 2015-09-25 02:59 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
    2015-10-30 22:15 - 2015-09-25 02:59 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
    2015-10-30 22:15 - 2015-09-25 02:58 - 01871360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
    2015-10-30 22:15 - 2015-09-25 02:47 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
    2015-10-30 22:15 - 2015-09-25 02:47 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
    2015-10-30 22:15 - 2015-09-25 02:38 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2015-10-30 22:15 - 2015-09-25 02:38 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2015-10-30 22:15 - 2015-09-25 02:38 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
    2015-10-30 22:15 - 2015-09-25 02:38 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2015-10-30 22:15 - 2015-09-25 02:37 - 00766976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
    2015-10-30 22:15 - 2015-09-25 02:37 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
    2015-10-30 22:15 - 2015-09-25 02:37 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
    2015-10-30 22:15 - 2015-09-25 02:36 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2015-10-30 22:15 - 2015-09-25 02:34 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
    2015-10-30 22:15 - 2015-09-25 02:34 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
    2015-10-30 22:15 - 2015-09-25 02:34 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
    2015-10-30 22:15 - 2015-09-25 02:34 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
    2015-10-30 22:15 - 2015-09-25 02:34 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
    2015-10-30 22:15 - 2015-09-25 02:33 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
    2015-10-30 22:15 - 2015-09-25 02:32 - 01594368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
    2015-10-30 22:15 - 2015-09-25 02:32 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
    2015-10-30 22:15 - 2015-09-19 05:14 - 00102304 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
    2015-10-30 22:15 - 2015-09-17 06:50 - 02464216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2015-10-30 22:15 - 2015-09-17 06:50 - 01563392 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
    2015-10-30 22:15 - 2015-09-17 06:50 - 00099664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
    2015-10-30 22:15 - 2015-09-17 06:50 - 00088384 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
    2015-10-30 22:15 - 2015-09-17 06:49 - 06487248 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
    2015-10-30 22:15 - 2015-09-17 06:49 - 01563472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
    2015-10-30 22:15 - 2015-09-17 06:49 - 00894256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Wdf01000.sys
    2015-10-30 22:15 - 2015-09-17 06:49 - 00553808 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
    2015-10-30 22:15 - 2015-09-17 06:49 - 00501008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
    2015-10-30 22:15 - 2015-09-17 06:48 - 02824248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
    2015-10-30 22:15 - 2015-09-17 06:48 - 02494712 _____ C:\WINDOWS\system32\CoreUIComponents.dll
    2015-10-30 22:15 - 2015-09-17 06:48 - 02432336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
    2015-10-30 22:15 - 2015-09-17 06:48 - 02156400 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
    2015-10-30 22:15 - 2015-09-17 06:48 - 01983824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2015-10-30 22:15 - 2015-09-17 06:48 - 00809352 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
    2015-10-30 22:15 - 2015-09-17 06:48 - 00784136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
    2015-10-30 22:15 - 2015-09-17 06:48 - 00584656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
    2015-10-30 22:15 - 2015-09-17 06:48 - 00555768 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
    2015-10-30 22:15 - 2015-09-17 06:48 - 00537080 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
    2015-10-30 22:15 - 2015-09-17 06:48 - 00516448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
    2015-10-30 22:15 - 2015-09-17 06:48 - 00505696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
    2015-10-30 22:15 - 2015-09-17 06:48 - 00476760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
    2015-10-30 22:15 - 2015-09-17 06:48 - 00406864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
    2015-10-30 22:15 - 2015-09-17 06:48 - 00395088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
    2015-10-30 22:15 - 2015-09-17 06:48 - 00332624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
    2015-10-30 22:15 - 2015-09-17 06:48 - 00278352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
    2015-10-30 22:15 - 2015-09-17 06:48 - 00243760 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
    2015-10-30 22:15 - 2015-09-17 06:44 - 00781976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
    2015-10-30 22:15 - 2015-09-17 06:43 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
    2015-10-30 22:15 - 2015-09-17 06:37 - 01295712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
    2015-10-30 22:15 - 2015-09-17 06:37 - 01168736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
    2015-10-30 22:15 - 2015-09-17 06:28 - 05120056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
    2015-10-30 22:15 - 2015-09-17 06:28 - 02154808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2015-10-30 22:15 - 2015-09-17 06:28 - 01357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
    2015-10-30 22:15 - 2015-09-17 06:28 - 00441168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
    2015-10-30 22:15 - 2015-09-17 06:28 - 00407608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
    2015-10-30 22:15 - 2015-09-17 06:28 - 00074880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
    2015-10-30 22:15 - 2015-09-17 06:27 - 01766952 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
    2015-10-30 22:15 - 2015-09-17 06:27 - 00454512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
    2015-10-30 22:15 - 2015-09-17 06:26 - 02446648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
    2015-10-30 22:15 - 2015-09-17 06:26 - 01895568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
    2015-10-30 22:15 - 2015-09-17 06:26 - 00646672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
    2015-10-30 22:15 - 2015-09-17 06:26 - 00508248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
    2015-10-30 22:15 - 2015-09-17 06:26 - 00434376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
    2015-10-30 22:15 - 2015-09-17 06:26 - 00428128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
    2015-10-30 22:15 - 2015-09-17 06:21 - 00658528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
    2015-10-30 22:15 - 2015-09-17 06:20 - 00764416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
    2015-10-30 22:15 - 2015-09-17 06:11 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
    2015-10-30 22:15 - 2015-09-17 06:10 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
    2015-10-30 22:15 - 2015-09-17 06:09 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
    2015-10-30 22:15 - 2015-09-17 06:09 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
    2015-10-30 22:15 - 2015-09-17 06:08 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
    2015-10-30 22:15 - 2015-09-17 06:08 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Speech.Pal.dll
    2015-10-30 22:15 - 2015-09-17 06:08 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
    2015-10-30 22:15 - 2015-09-17 06:06 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
    2015-10-30 22:15 - 2015-09-17 06:06 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
    2015-10-30 22:15 - 2015-09-17 06:06 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
    2015-10-30 22:15 - 2015-09-17 06:05 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
    2015-10-30 22:15 - 2015-09-17 06:05 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
    2015-10-30 22:15 - 2015-09-17 06:04 - 07569408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
    2015-10-30 22:15 - 2015-09-17 06:04 - 00910848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
    2015-10-30 22:15 - 2015-09-17 06:04 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
    2015-10-30 22:15 - 2015-09-17 06:03 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
    2015-10-30 22:15 - 2015-09-17 06:03 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
    2015-10-30 22:15 - 2015-09-17 06:03 - 00154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
    2015-10-30 22:15 - 2015-09-17 06:03 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
    2015-10-30 22:15 - 2015-09-17 06:03 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
    2015-10-30 22:15 - 2015-09-17 06:02 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
    2015-10-30 22:15 - 2015-09-17 06:02 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
    2015-10-30 22:15 - 2015-09-17 06:00 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
    2015-10-30 22:15 - 2015-09-17 06:00 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KeywordDetectorMsftSidAdapter.dll
    2015-10-30 22:15 - 2015-09-17 05:58 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
    2015-10-30 22:15 - 2015-09-17 05:57 - 02228736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
    2015-10-30 22:15 - 2015-09-17 05:57 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
    2015-10-30 22:15 - 2015-09-17 05:57 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
    2015-10-30 22:15 - 2015-09-17 05:57 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
    2015-10-30 22:15 - 2015-09-17 05:56 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
    2015-10-30 22:15 - 2015-09-17 05:56 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
    2015-10-30 22:15 - 2015-09-17 05:56 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
    2015-10-30 22:15 - 2015-09-17 05:55 - 02236416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2015-10-30 22:15 - 2015-09-17 05:55 - 01601536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
    2015-10-30 22:15 - 2015-09-17 05:55 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFx02000.dll
    2015-10-30 22:15 - 2015-09-17 05:55 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
    2015-10-30 22:15 - 2015-09-17 05:55 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
    2015-10-30 22:15 - 2015-09-17 05:55 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
    2015-10-30 22:15 - 2015-09-17 05:55 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
    2015-10-30 22:15 - 2015-09-17 05:55 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
    2015-10-30 22:15 - 2015-09-17 05:55 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
    2015-10-30 22:15 - 2015-09-17 05:54 - 03781120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
    2015-10-30 22:15 - 2015-09-17 05:54 - 00780288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
    2015-10-30 22:15 - 2015-09-17 05:54 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
    2015-10-30 22:15 - 2015-09-17 05:53 - 07055872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
    2015-10-30 22:15 - 2015-09-17 05:52 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
    2015-10-30 22:15 - 2015-09-17 05:52 - 01216512 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcenter.dll
    2015-10-30 22:15 - 2015-09-17 05:52 - 01181696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
    2015-10-30 22:15 - 2015-09-17 05:52 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
    2015-10-30 22:15 - 2015-09-17 05:52 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
    2015-10-30 22:15 - 2015-09-17 05:52 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
    2015-10-30 22:15 - 2015-09-17 05:52 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
    2015-10-30 22:15 - 2015-09-17 05:52 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
    2015-10-30 22:15 - 2015-09-17 05:52 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
    2015-10-30 22:15 - 2015-09-17 05:52 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
    2015-10-30 22:15 - 2015-09-17 05:51 - 02660864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
    2015-10-30 22:15 - 2015-09-17 05:51 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
    2015-10-30 22:15 - 2015-09-17 05:51 - 01203712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
    2015-10-30 22:15 - 2015-09-17 05:51 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
    2015-10-30 22:15 - 2015-09-17 05:51 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
    2015-10-30 22:15 - 2015-09-17 05:50 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
    2015-10-30 22:15 - 2015-09-17 05:50 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
    2015-10-30 22:15 - 2015-09-17 05:50 - 00312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
    2015-10-30 22:15 - 2015-09-17 05:50 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeWiFi.dll
    2015-10-30 22:15 - 2015-09-17 05:50 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeCell.dll
    2015-10-30 22:15 - 2015-09-17 05:50 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
    2015-10-30 22:15 - 2015-09-17 05:49 - 02740224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2015-10-30 22:15 - 2015-09-17 05:49 - 01290240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
    2015-10-30 22:15 - 2015-09-17 05:49 - 01010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
    2015-10-30 22:15 - 2015-09-17 05:49 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWebproxy.dll
    2015-10-30 22:15 - 2015-09-17 05:49 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll
    2015-10-30 22:15 - 2015-09-17 05:49 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
    2015-10-30 22:15 - 2015-09-17 05:49 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationCrowdsource.dll
    2015-10-30 22:15 - 2015-09-17 05:49 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeIP.dll
    2015-10-30 22:15 - 2015-09-17 05:49 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWiFiAdapter.dll
    2015-10-30 22:15 - 2015-09-17 05:49 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Speech.Pal.dll
    2015-10-30 22:15 - 2015-09-17 05:48 - 02093056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
    2015-10-30 22:15 - 2015-09-17 05:48 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
    2015-10-30 22:15 - 2015-09-17 05:48 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
    2015-10-30 22:15 - 2015-09-17 05:48 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
    2015-10-30 22:15 - 2015-09-17 05:48 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
    2015-10-30 22:15 - 2015-09-17 05:48 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
    2015-10-30 22:15 - 2015-09-17 05:47 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
    2015-10-30 22:15 - 2015-09-17 05:47 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
    2015-10-30 22:15 - 2015-09-17 05:47 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
    2015-10-30 22:15 - 2015-09-17 05:46 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
    2015-10-30 22:15 - 2015-09-17 05:46 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
    2015-10-30 22:15 - 2015-09-17 05:46 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
    2015-10-30 22:15 - 2015-09-17 05:46 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
    2015-10-30 22:15 - 2015-09-17 05:46 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
    2015-10-30 22:15 - 2015-09-17 05:46 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
    2015-10-30 22:15 - 2015-09-17 05:46 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
    2015-10-30 22:15 - 2015-09-17 05:46 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncmlhook.dll
    2015-10-30 22:15 - 2015-09-17 05:45 - 01331200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
    2015-10-30 22:15 - 2015-09-17 05:45 - 00869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
    2015-10-30 22:15 - 2015-09-17 05:45 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
    2015-10-30 22:15 - 2015-09-17 05:45 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
    2015-10-30 22:15 - 2015-09-17 05:44 - 01844736 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
    2015-10-30 22:15 - 2015-09-17 05:44 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
    2015-10-30 22:15 - 2015-09-17 05:44 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
    2015-10-30 22:15 - 2015-09-17 05:44 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll
    2015-10-30 22:15 - 2015-09-17 05:43 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
    2015-10-30 22:15 - 2015-09-17 05:43 - 00378368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
    2015-10-30 22:15 - 2015-09-17 05:43 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
    2015-10-30 22:15 - 2015-09-17 05:43 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
    2015-10-30 22:15 - 2015-09-17 05:41 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
    2015-10-30 22:15 - 2015-09-17 05:40 - 06101504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
    2015-10-30 22:15 - 2015-09-17 05:40 - 01162240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
    2015-10-30 22:15 - 2015-09-17 05:39 - 00587264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
    2015-10-30 22:15 - 2015-09-17 05:39 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
    2015-10-30 22:15 - 2015-09-17 05:38 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
    2015-10-30 22:15 - 2015-09-17 05:37 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
    2015-10-30 22:15 - 2015-09-17 05:36 - 01171456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcenter.dll
    2015-10-30 22:15 - 2015-09-17 05:35 - 05079552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
    2015-10-30 22:15 - 2015-09-17 05:35 - 02207232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2015-10-30 22:15 - 2015-09-17 05:35 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
    2015-10-30 22:15 - 2015-09-17 05:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
    2015-10-30 22:15 - 2015-09-17 05:34 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
    2015-10-30 22:15 - 2015-09-17 05:32 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
    2015-10-30 22:15 - 2015-09-17 05:32 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
    2015-10-30 22:15 - 2015-09-17 05:32 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
    2015-10-30 22:15 - 2015-09-17 05:31 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
    2015-10-30 22:15 - 2015-09-17 05:30 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
    2015-10-30 22:15 - 2015-09-17 05:29 - 01104384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
    2015-10-30 22:15 - 2015-09-17 05:29 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
    2015-10-30 22:15 - 2015-09-17 05:29 - 00677888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
    2015-10-30 22:15 - 2015-09-17 05:28 - 00473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
    2015-10-30 22:15 - 2015-09-17 05:26 - 00899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
    2015-10-30 22:15 - 2015-09-17 05:16 - 00512000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
    2015-10-30 22:15 - 2015-08-27 06:32 - 00608936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
    2015-10-30 22:15 - 2015-08-27 05:54 - 00541248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
    2015-10-30 22:15 - 2015-08-27 05:54 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
    2015-10-30 22:15 - 2015-08-27 05:51 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
    2015-10-30 22:15 - 2015-08-27 05:51 - 01774592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
    2015-10-30 22:15 - 2015-08-27 05:49 - 01008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
    2015-10-30 22:15 - 2015-08-27 05:42 - 00596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
    2015-10-30 22:15 - 2015-08-27 05:42 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.PicturePassword.dll
    2015-10-30 22:15 - 2015-08-27 05:42 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
    2015-10-30 22:15 - 2015-08-27 05:39 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
    2015-10-30 22:15 - 2015-08-27 05:23 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
    2015-10-30 22:15 - 2015-08-27 05:16 - 02153472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
    2015-10-30 22:15 - 2015-08-27 05:16 - 01612288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
    2015-10-30 22:15 - 2015-08-27 05:11 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
    2015-10-30 22:15 - 2015-08-27 05:11 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
    2015-10-30 22:15 - 2015-08-27 05:08 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
    2015-10-30 21:59 - 2015-11-04 18:55 - 00001487 _____ C:\WINDOWS\setupact.log
    2015-10-30 21:59 - 2015-10-30 21:59 - 00000000 _____ C:\WINDOWS\setuperr.log
    2015-10-30 20:19 - 2015-10-30 20:19 - 00000000 ____D C:\Users\CIVY\AppData\Roaming\SUPERAntiSpyware.com
    2015-10-30 20:18 - 2015-10-30 21:56 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2015-10-30 20:18 - 2015-10-30 20:18 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
    2015-10-30 20:14 - 2015-10-30 20:14 - 00000000 ___HD C:\$SysReset
    2015-10-30 20:07 - 2015-11-04 18:43 - 00024628 _____ C:\WINDOWS\PFRO.log
    2015-10-30 20:04 - 2015-11-05 21:23 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
    2015-10-30 20:00 - 2015-10-30 20:00 - 00000000 ____D C:\ProgramData\AVAST Software
    2015-10-30 19:44 - 2015-10-30 21:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2015-10-30 19:44 - 2015-10-30 21:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2015-10-30 19:44 - 2015-10-30 19:44 - 00000000 ____D C:\Users\CIVY\AppData\Roaming\Mozilla
    2015-10-30 19:44 - 2015-10-30 19:44 - 00000000 ____D C:\Users\CIVY\AppData\Local\Mozilla
    2015-10-29 22:13 - 2015-10-29 22:13 - 23754948 _____ C:\Users\CIVY\Desktop\fasdf.psd
    2015-10-29 22:02 - 2015-10-29 22:02 - 114959204 _____ C:\Users\CIVY\Desktop\fasd.psd
    2015-10-29 21:48 - 2015-10-29 22:36 - 12392109 _____ C:\Users\CIVY\Desktop\thumnaill 1.psd
    2015-10-29 21:41 - 2015-10-29 21:46 - 00000000 ____D C:\Users\CIVY\Desktop\thumbnail 1
    2015-10-29 19:27 - 2015-10-29 19:27 - 00000000 ____D C:\Users\CIVY\AppData\LocalLow\Adobe
    2015-10-29 18:28 - 2015-10-29 19:03 - 624096874 _____ C:\Users\CIVY\Documents\park video 1.mp4
    2015-10-29 16:24 - 2015-10-29 16:24 - 00000000 ____D C:\Users\CIVY\Documents\OFX Presets
    2015-10-29 15:41 - 2015-10-29 15:44 - 00152560 _____ C:\Users\CIVY\Downloads\Toys.mp3.sfk
    2015-10-29 14:59 - 2015-10-29 21:42 - 00000000 ____D C:\Users\CIVY\Desktop\PARK VIDEO
    2015-10-29 14:58 - 2015-10-29 14:58 - 00000000 ____D C:\Users\CIVY\Desktop\VIDEO PARK
    2015-10-29 14:57 - 2015-10-29 14:57 - 00000000 ____D C:\Users\CIVY\AppData\Local\AMD
    2015-10-28 18:21 - 2015-07-10 11:00 - 00000001 ___SH C:\BOOTNXT
    2015-10-28 14:57 - 2015-10-28 14:57 - 00061917 _____ C:\WINDOWS\SysWOW64\CCCInstall_201510281457585507.log
    2015-10-28 14:57 - 2015-10-28 14:57 - 00061037 _____ C:\WINDOWS\SysWOW64\CCCInstall_201510281457131881.log
    2015-10-27 17:55 - 2015-10-27 17:55 - 00000076 _____ C:\Users\CIVY\Documents\Untitled.mxf.sfl
    2015-10-27 17:44 - 2015-10-27 17:55 - 1051256228 _____ C:\Users\CIVY\Documents\Untitled.mxf
    2015-10-27 17:43 - 2015-10-27 18:01 - 00133568 _____ C:\Users\CIVY\Downloads\Toys On the Run.mp3.sfk
    2015-10-27 00:54 - 2015-10-27 00:54 - 00000074 _____ C:\Users\CIVY\Documents\video 3.mxf.sfl
    2015-10-27 00:40 - 2015-10-27 00:54 - 1998191012 _____ C:\Users\CIVY\Documents\video 3.mxf
    2015-10-27 00:38 - 2015-10-27 00:38 - 00103960 _____ C:\Users\CIVY\Downloads\Mr Jelly Rolls.mp3.sfk
    2015-10-27 00:27 - 2015-10-27 00:55 - 00029208 _____ C:\Users\CIVY\Desktop\video 3.veg
    2015-10-27 00:27 - 2015-10-27 00:27 - 00020672 _____ C:\Users\CIVY\Desktop\video 3.veg.bak
    2015-10-26 13:49 - 2015-10-26 13:49 - 00000035 _____ C:\Users\CIVY\Desktop\harrow councill tax.txt
    2015-10-26 11:39 - 2015-10-26 11:42 - 00000000 ____D C:\Users\CIVY\Desktop\100D3300
    2015-10-26 01:52 - 2015-10-26 01:52 - 00000000 ____D C:\Users\CIVY\Downloads\The Ultimate Fighter S22E06 HDTV x264-daview -={SPARROW}=-
    2015-10-25 22:22 - 2015-10-25 22:26 - 00000000 ____D C:\Users\CIVY\Downloads\Adobe After Effects CC 2014 (64 bit) (Crack VR) [ChingLiu]
    2015-10-25 22:15 - 2015-10-25 22:26 - 00000000 ____D C:\Users\CIVY\Downloads\Adobe Photoshop CC 2015 (20150529.r.88) (32+64Bit) + Crack
    2015-10-25 13:28 - 2015-10-25 13:28 - 00000078 _____ C:\Users\CIVY\Documents\new video 2.mxf.sfl
    2015-10-25 13:12 - 2015-10-25 13:28 - 3633475344 _____ C:\Users\CIVY\Documents\new video 2.mxf
    2015-10-25 13:10 - 2015-10-25 13:10 - 00018768 _____ C:\Users\CIVY\Desktop\new video 2.veg.bak
    2015-10-25 13:10 - 2015-10-25 13:10 - 00018768 _____ C:\Users\CIVY\Desktop\new video 2.veg
    2015-10-25 13:08 - 2015-10-25 13:08 - 00149792 _____ C:\Users\CIVY\Downloads\Riding High.mp3.sfk
    2015-10-25 12:55 - 2015-10-25 12:59 - 01581144 _____ C:\Users\CIVY\Desktop\DSC_0038.MOV.sfk
    2015-10-25 12:52 - 2015-10-25 12:44 - 1611040508 _____ C:\Users\CIVY\Desktop\DSC_0038.MOV
    2015-10-24 23:53 - 2015-10-24 23:57 - 00000000 ____D C:\Users\CIVY\Desktop\youtube
    2015-10-24 23:49 - 2015-03-02 15:19 - 01660981 _____ C:\Users\CIVY\Desktop\Channel Art Template (Photoshop).psd
    2015-10-24 23:48 - 2015-10-24 23:48 - 00326669 _____ C:\Users\CIVY\Downloads\Channel Art Templates.zip
    2015-10-24 23:28 - 2015-10-24 23:52 - 362630764 _____ C:\Users\CIVY\Documents\video youtube 1.mxf
    2015-10-24 23:24 - 2015-10-24 23:52 - 00000082 _____ C:\Users\CIVY\Documents\video youtube 1.mxf.sfl
    2015-10-24 23:23 - 2015-10-24 23:24 - 360535220 _____ C:\Users\CIVY\Desktop\video youtube 1.mxf
    2015-10-24 23:06 - 2015-10-24 23:06 - 00126640 _____ C:\Users\CIVY\Downloads\Hopscotch.mp3.sfk
    2015-10-24 22:57 - 2015-10-25 00:05 - 00033144 _____ C:\Users\CIVY\Desktop\video youtube 1.veg
    2015-10-24 22:57 - 2015-10-24 22:57 - 00012248 _____ C:\Users\CIVY\Desktop\video youtube 1.veg.bak
    2015-10-24 22:42 - 2015-10-24 22:53 - 02159976 _____ C:\Users\CIVY\Desktop\DSC_0138.MOV.sfk
    2015-10-24 22:41 - 2015-10-24 22:41 - 00001628 _____ C:\Users\CIVY\Desktop\vegas130 - Shortcut.lnk
    2015-10-24 22:37 - 2015-10-24 22:37 - 00006058 _____ C:\WINDOWS\system32\--traceoff
    2015-10-24 22:37 - 2015-10-24 22:37 - 00000000 ____D C:\Program Files\Sony
    2015-10-24 22:37 - 2015-10-24 22:37 - 00000000 _____ C:\WINDOWS\system32\--debugoff
    2015-10-24 22:31 - 2015-10-24 22:32 - 00000000 ____D C:\Users\CIVY\Downloads\Sony Vegas Pro 13.0 build 310 (64 bit) (patch KHG) [ChingLiu]
    2015-10-24 22:24 - 2015-10-24 22:24 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CC 2015.lnk
    2015-10-24 22:16 - 2015-10-24 22:29 - 00000000 ____D C:\Program Files\Adobe
    2015-10-24 22:15 - 2015-10-24 22:29 - 00000000 ____D C:\Program Files\Common Files\Adobe
    2015-10-24 11:41 - 2015-10-27 20:12 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
    2015-10-24 11:41 - 2015-10-24 11:41 - 00001129 _____ C:\Users\CIVY\Desktop\Adobe Premiere Pro CS6.lnk
    2015-10-24 11:38 - 2015-10-24 11:38 - 00001070 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
    2015-10-24 11:38 - 2015-10-24 11:38 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
    2015-10-24 11:38 - 2015-10-24 11:38 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
    2015-10-24 11:25 - 2015-10-24 11:26 - 00000000 ____D C:\Users\CIVY\Downloads\Adobe Premiere Pro CS6 6.0.0 LS7 Multilanguage [ChingLiu]
    2015-10-24 11:06 - 2015-10-27 20:03 - 00000000 ____D C:\Users\CIVY\Documents\Adobe
    2015-10-24 10:54 - 2015-10-30 21:54 - 00000000 ___RD C:\Users\CIVY\Creative Cloud Files
    2015-10-24 10:50 - 2015-11-05 10:24 - 00000000 ____D C:\ProgramData\boost_interprocess
    2015-10-24 10:49 - 2015-10-24 10:49 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
    2015-10-24 10:48 - 2015-10-24 10:48 - 00001298 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
    2015-10-24 10:48 - 2015-10-24 10:48 - 00001286 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
    2015-10-24 10:46 - 2015-10-24 22:03 - 00000000 ____D C:\Program Files (x86)\Adobe
    2015-10-24 10:44 - 2015-10-24 10:45 - 00000044 _____ C:\Users\CIVY\Desktop\adobe premier.txt
    2015-10-24 10:43 - 2015-10-24 10:43 - 00686768 _____ (Adobe Systems Incorporated) C:\Users\CIVY\Downloads\CreativeCloudSet-Up.exe
    2015-10-24 10:41 - 2015-10-24 10:42 - 2209503960 _____ C:\Users\CIVY\Downloads\DSC_0138.MOV
    2015-10-24 10:33 - 2015-10-30 21:40 - 00000000 ____D C:\ProgramData\Adobe
    2015-10-24 10:23 - 2015-10-24 09:45 - 2209503960 _____ C:\Users\CIVY\Desktop\DSC_0138.MOV
    2015-10-23 19:46 - 2015-10-23 20:02 - 00000000 ____D C:\Users\CIVY\Downloads\Inside Out (2015) [1080p]
    2015-10-22 21:51 - 2015-10-22 21:58 - 00000000 ____D C:\Users\CIVY\Downloads\Adobe Premiere Pro CC 2014 v8.0.1 (x64-Patch) [ChingLiu]
    2015-10-22 20:30 - 2015-11-04 19:17 - 05932266 _____ C:\Users\CIVY\Desktop\nice chords.flp
    2015-10-22 18:42 - 2015-10-22 18:41 - 07416476 _____ C:\Users\CIVY\Desktop\Outlook.com (1).zip
    2015-10-22 18:41 - 2015-10-22 18:41 - 07416476 _____ C:\Users\CIVY\Downloads\Outlook.com (1).zip
    2015-10-21 16:00 - 2015-10-21 19:50 - 00000091 _____ C:\Users\CIVY\Desktop\noodle.txt
    2015-10-19 18:13 - 2015-10-19 18:15 - 00000000 ____D C:\Users\TEMP
    2015-10-19 18:13 - 2015-10-19 18:13 - 00000000 ____D C:\Users\TEMP\AppData\Local\TileDataLayer
    2015-10-18 20:53 - 2015-10-18 20:56 - 00000000 ____D C:\Users\CIVY\Downloads\Man On Wire [2008][720p][x264][Ac3]
    2015-10-16 22:09 - 2015-10-22 22:37 - 00000233 _____ C:\Users\CIVY\Desktop\YOUTUBE CHANNEL REVIEW.txt
    2015-10-16 19:11 - 2015-10-18 21:14 - 00000737 _____ C:\Users\CIVY\Desktop\super druuug.txt
    2015-10-16 16:58 - 2015-10-16 16:59 - 00000051 _____ C:\Users\CIVY\Desktop\superdrug password.txt
    2015-10-15 10:31 - 2015-10-15 10:31 - 00000000 ____D C:\Users\CIVY\Downloads\Limitless.S01E04.HDTV.x264-LOL[ettv]
    2015-10-15 10:31 - 2015-10-15 10:31 - 00000000 ____D C:\Users\CIVY\Downloads\Limitless.S01E03.HDTV.x264-LOL[ettv]
    2015-10-15 10:30 - 2015-10-30 21:54 - 00000000 ____D C:\Users\CIVY\Downloads\Limitless.S01E02.HDTV.x264-LOL[ettv]
    2015-10-14 21:16 - 2015-10-14 21:16 - 00277504 _____ (Diaa Sami) C:\Users\CIVY\Desktop\CookTimer-0.9.3.exe
    2015-10-14 21:15 - 2015-10-14 21:16 - 00277504 _____ (Diaa Sami) C:\Users\CIVY\Downloads\CookTimer-0.9.3.exe
    2015-10-13 18:46 - 2015-10-13 18:46 - 00000000 ____D C:\Users\CIVY\Downloads\The Ultimate Fighter S22 E05 HDTV x264-jkkk -={SPARROW}=-
    2015-10-07 20:44 - 2015-10-07 22:32 - 01764906 _____ C:\Users\CIVY\Desktop\happy chords.flp

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-11-05 21:22 - 2015-08-02 00:06 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2015-11-05 20:31 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\system32\sru
    2015-11-05 17:52 - 2015-10-02 16:50 - 14805182 _____ C:\Users\CIVY\Desktop\fun track.flp
    2015-11-05 17:23 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\AppReadiness
    2015-11-05 17:12 - 2015-08-02 00:00 - 00004144 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D3F38F5A-5F68-4511-B55B-5BAA65F2382A}
    2015-11-05 10:28 - 2015-08-27 02:28 - 00000000 ____D C:\ProgramData\MFAData
    2015-11-05 10:27 - 2015-08-12 01:12 - 00876942 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2015-11-05 10:24 - 2015-08-02 01:26 - 00000000 ____D C:\Program Files (x86)\Steam
    2015-11-05 10:23 - 2015-09-07 15:02 - 00000000 ____D C:\Users\CIVY\AppData\Local\Adobe
    2015-11-05 10:23 - 2015-08-12 01:01 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    2015-11-05 10:23 - 2015-08-02 00:06 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2015-11-05 10:23 - 2015-07-10 12:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2015-11-05 00:29 - 2015-07-10 09:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
    2015-11-03 17:25 - 2015-08-02 21:50 - 00000000 ____D C:\Users\CIVY\AppData\Roaming\vlc
    2015-11-03 17:21 - 2015-09-24 19:35 - 00000000 ____D C:\Users\CIVY\AppData\Local\Sony
    2015-11-03 00:14 - 2015-08-12 01:04 - 00000000 ____D C:\Users\CIVY
    2015-11-02 16:03 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\rescache
    2015-10-31 10:33 - 2015-07-10 12:20 - 04894928 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2015-10-31 01:02 - 2015-07-10 11:04 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
    2015-10-31 01:02 - 2015-07-10 11:04 - 00000000 ___SD C:\WINDOWS\system32\F12
    2015-10-31 01:02 - 2015-07-10 11:04 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
    2015-10-31 01:02 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2015-10-31 01:02 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
    2015-10-31 01:02 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
    2015-10-31 01:01 - 2015-07-10 13:14 - 00000000 ____D C:\Program Files\Windows Journal
    2015-10-31 01:01 - 2015-07-10 11:04 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
    2015-10-31 01:01 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\Provisioning
    2015-10-31 01:01 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\L2Schemas
    2015-10-30 22:37 - 2015-08-12 01:02 - 00000000 ____D C:\ProgramData\Package Cache
    2015-10-30 22:37 - 2015-08-12 01:02 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
    2015-10-30 22:36 - 2015-08-02 00:02 - 00000000 ____D C:\AMD
    2015-10-30 22:36 - 2015-07-10 10:55 - 00000000 ____D C:\WINDOWS\CbsTemp
    2015-10-30 22:33 - 2015-08-22 13:50 - 10211008 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atidxx32.dll
    2015-10-30 22:33 - 2015-08-22 13:50 - 00143048 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiuxpag.dll
    2015-10-30 22:33 - 2015-07-16 01:12 - 00162232 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiuxp64.dll
    2015-10-30 22:33 - 2015-07-16 01:11 - 12088000 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atidxx64.dll
    2015-10-30 22:33 - 2015-07-16 01:11 - 08982440 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd6a.dll
    2015-10-30 22:33 - 2015-07-16 01:11 - 08864920 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd64.dll
    2015-10-30 22:33 - 2015-07-16 01:11 - 01479808 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll
    2015-10-30 22:33 - 2015-07-16 01:11 - 01223552 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll
    2015-10-30 22:33 - 2015-07-16 01:11 - 00130072 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiu9p64.dll
    2015-10-30 22:33 - 2015-07-16 01:06 - 21648880 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmdag.sys
    2015-10-30 22:33 - 2015-07-16 00:17 - 00683504 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe
    2015-10-30 22:33 - 2015-07-16 00:17 - 00451056 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll
    2015-10-30 22:33 - 2015-07-16 00:17 - 00255472 _____ (AMD) C:\WINDOWS\system32\atiesrxx.exe
    2015-10-30 22:33 - 2015-07-16 00:13 - 01256432 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll
    2015-10-30 22:33 - 2015-07-16 00:13 - 00674288 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmpag.sys
    2015-10-30 22:33 - 2015-07-16 00:12 - 00874480 _____ (AMD) C:\WINDOWS\system32\coinst_15.20.dll
    2015-10-30 22:32 - 2015-08-03 20:03 - 00000000 ____D C:\WINDOWS\system32\MRT
    2015-10-30 21:56 - 2015-07-10 11:04 - 00000000 ____D C:\Program Files\Windows Defender
    2015-10-30 21:54 - 2015-09-24 17:20 - 00000000 ____D C:\Users\CIVY\Downloads\Sony Vegas Pro 11
    2015-10-30 21:54 - 2015-09-06 17:55 - 00000000 ____D C:\Users\CIVY\AppData\Local\{9050A60C-B4F8-CAB4-D960-EF5CFD0813C4}
    2015-10-30 21:54 - 2015-08-31 23:55 - 00000000 ____D C:\Users\CIVY\AppData\Local\Splice
    2015-10-30 21:54 - 2015-08-02 01:16 - 00000000 ____D C:\Users\CIVY\AppData\Roaming\BitTorrent
    2015-10-30 21:54 - 2015-08-02 00:06 - 00000000 ____D C:\Users\CIVY\AppData\Local\Google
    2015-10-30 21:54 - 2015-08-02 00:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2015-10-30 21:54 - 2015-07-10 13:14 - 00000000 ____D C:\WINDOWS\ShellNew
    2015-10-30 21:54 - 2015-07-10 11:04 - 00000000 __RSD C:\WINDOWS\Media
    2015-10-30 21:54 - 2015-07-10 11:04 - 00000000 ___SD C:\WINDOWS\system32\Nui
    2015-10-30 21:54 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
    2015-10-30 21:54 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\SystemResources
    2015-10-30 21:54 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\system32\WinMetadata
    2015-10-30 21:54 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\system32\oobe
    2015-10-30 21:54 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
    2015-10-30 21:54 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\system\Speech
    2015-10-30 21:54 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\IME
    2015-10-30 21:54 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\Globalization
    2015-10-30 21:54 - 2015-07-10 09:05 - 00000000 ____D C:\WINDOWS\system32\Sysprep
    2015-10-30 21:54 - 2015-07-10 09:05 - 00000000 ____D C:\WINDOWS\servicing
    2015-10-30 21:53 - 2015-08-12 01:02 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
    2015-10-30 21:53 - 2015-08-12 01:01 - 00000000 ____D C:\Program Files\AMD
    2015-10-30 21:53 - 2015-08-02 00:06 - 00000000 ____D C:\Program Files (x86)\Google
    2015-10-30 21:49 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\registration
    2015-10-30 21:44 - 2015-08-01 23:55 - 00000000 ____D C:\Users\CIVY\AppData\Roaming\Adobe
    2015-10-30 21:44 - 2015-08-01 23:55 - 00000000 ____D C:\Users\CIVY\AppData\Local\Packages
    2015-10-29 12:46 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\LiveKernelReports
    2015-10-28 19:22 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\system32\NDF
    2015-10-28 18:24 - 2015-08-31 23:54 - 00000000 ____D C:\Users\CIVY\AppData\Local\Deployment
    2015-10-27 21:13 - 2015-08-12 01:27 - 00000000 ___RD C:\Users\CIVY\OneDrive
    2015-10-26 21:24 - 2015-10-05 14:28 - 17454906 _____ C:\Users\CIVY\Desktop\CHORD 1.flp
    2015-10-26 16:58 - 2015-09-14 17:53 - 00000000 ____D C:\Program Files\112dB
    2015-10-25 22:07 - 2015-08-02 00:06 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2015-10-24 22:37 - 2015-09-24 19:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
    2015-10-24 22:36 - 2015-09-24 19:34 - 00000000 ____D C:\Users\CIVY\AppData\Roaming\Sony
    2015-10-22 19:03 - 2015-08-27 02:30 - 00001038 _____ C:\Users\Public\Desktop\AVG 2015.lnk
    2015-10-22 19:03 - 2015-08-27 02:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Standalone LinkScanner
    2015-10-17 19:05 - 2015-08-02 01:27 - 00000000 ____D C:\Users\CIVY\AppData\Local\Steam
    2015-10-16 16:21 - 2015-09-17 17:22 - 00000000 ____D C:\Users\CIVY\AppData\Local\Avg
    2015-10-16 03:10 - 2015-07-10 11:06 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2015-10-16 03:10 - 2015-07-10 11:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2015-10-13 20:16 - 2015-08-02 01:31 - 00000000 ____D C:\Users\CIVY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
    2015-10-13 18:46 - 2015-09-02 07:19 - 00000000 ____D C:\Users\CIVY\AppData\LocalLow\Company
    2015-10-11 12:12 - 2015-10-02 20:51 - 03400244 _____ C:\Users\CIVY\Desktop\WEIRD STEP.flp

    ==================== Files in the root of some directories =======

    2015-03-17 15:00 - 2015-03-17 15:00 - 0402055 _____ () C:\Program Files\factory.sbf
    2015-03-17 15:00 - 2015-03-17 15:00 - 0400519 _____ () C:\Program Files\factory2.sbf
    2015-03-17 15:00 - 2015-03-17 15:00 - 0400519 _____ () C:\Program Files\factory3.sbf
    2015-03-17 15:00 - 2015-03-17 15:00 - 0400519 _____ () C:\Program Files\factory4.sbf
    2015-03-17 15:00 - 2015-03-17 15:00 - 0402055 _____ () C:\Program Files\factory5.sbf
    2015-03-17 15:00 - 2015-03-17 15:00 - 0400519 _____ () C:\Program Files\init.sbf
    2015-03-17 15:00 - 2015-03-17 15:00 - 21863424 _____ () C:\Program Files\Spire x64.dll
    2015-08-02 06:47 - 2015-08-02 06:47 - 0330740 _____ () C:\Program Files\uninstall.exe
    2015-08-12 01:00 - 2015-08-12 01:00 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

    Some files in TEMP:
    ====================
    C:\Users\CIVY\AppData\Local\Temp\R2RXEFKG.dll
    C:\Users\CIVY\AppData\Local\Temp\Setup_13A1E11A.exe
    C:\Users\CIVY\AppData\Local\Temp\SpOrder.dll
    C:\Users\CIVY\AppData\Local\Temp\Uninstall.exe
    C:\Users\CIVY\AppData\Local\Temp\UninstallModule.exe


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll
    [2015-07-10 11:00] - [2015-09-02 07:19] - 0680256 ____A (Microsoft Corporation) D72F00D038CAF288009C8A7FC3BA2B11

    C:\WINDOWS\SysWOW64\dnsapi.dll IS MISSING <==== ATTENTION
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-11-04 17:37

    ==================== End of FRST.txt ============================

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-11-2015
    Ran by CIVY (2015-11-05 21:29:01)
    Running from C:\Users\CIVY\Desktop
    Windows 10 Pro (X64) (2015-08-12 01:24:18)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-196304569-3554425786-1367066649-500 - Administrator - Disabled)
    CIVY (S-1-5-21-196304569-3554425786-1367066649-1001 - Administrator - Enabled) => C:\Users\CIVY
    DefaultAccount (S-1-5-21-196304569-3554425786-1367066649-503 - Limited - Disabled)
    Guest (S-1-5-21-196304569-3554425786-1367066649-501 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
    Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.3.0.151 - Adobe Systems Incorporated)
    Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
    Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
    Adobe Media Encoder CC 2015 (HKLM-x32\...\{0FAC7130-BEC5-47A5-8813-1D339B8326ED}) (Version: 9.0.2 - Adobe Systems Incorporated)
    AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
    ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
    AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6173 - AVG Technologies)
    AVG 2015 (Version: 15.0.6173 - AVG Technologies) Hidden
    BitTorrent (HKU\S-1-5-21-196304569-3554425786-1367066649-1001\...\BitTorrent) (Version: 7.9.5.41203 - BitTorrent Inc.)
    Blender (HKLM\...\{87E4F4E2-99A4-44C6-9175-9FF2773E46CF}) (Version: 2.76.0 - Blender Foundation)
    CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
    Chromium (HKU\S-1-5-21-196304569-3554425786-1367066649-1001\...\Chromium) (Version: 46.0.2480.0 - Chromium)
    Evernote v. 5.8.13 (HKLM-x32\...\{A229420E-204B-11E5-B844-0050569584E9}) (Version: 5.8.13.8152 - Evernote Corp.)
    FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version: - Image-Line)
    FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version: - Image-Line)
    FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version: - )
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.21.115 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
    IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)
    IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version: - Image-Line)
    Intel Processor Diagnostic Tool 64bit (HKLM\...\{F24BC99D-3FC1-4503-BEFA-5DDD16C6265A}) (Version: 2.20.0.0 - Intel Corporation)
    Intel(R) Chipset Device Software (x32 Version: 10.0.20 - Intel(R) Corporation) Hidden
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4170 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.3.1001 - Intel Corporation)
    Lexicon Alpha Driver (HKLM-x32\...\Lexicon Alpha Driver) (Version: 2.7 - Lexicon)
    Lexicon Alpha Driver (Version: 2.7 - Lexicon) Hidden
    M-Audio Oxygen Driver 1.3.0 (x64) (HKLM\...\{B52D5EDB-1945-4889-8F25-DEA1F9CD876A}) (Version: 1.3.0 - M-Audio)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Native Instruments FM8 (HKLM-x32\...\Native Instruments FM8) (Version: - Native Instruments)
    Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.5.0.409 - Native Instruments)
    Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: - Native Instruments)
    PowerISO (HKLM-x32\...\PowerISO) (Version: 6.3 - Power Software Ltd)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.34.617.2014 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
    reFX Nexus VSTi RTAS v2.2.0 (HKLM-x32\...\reFX Nexus_is1) (Version: - )
    Sigil (HKLM-x32\...\A24B23EB-0632-4D92-B087-011CAE348023) (Version: 0.3.2 - Strahinja Marković)
    Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
    Splice for Windows (HKU\S-1-5-21-196304569-3554425786-1367066649-1001\...\6dc0c1241910b832) (Version: 0.0.1.66 - Splice)
    Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
    Sylenth1 v2.21 (HKLM\...\Sylenth1_is1) (Version: - )
    The Official DVSA Theory Test for Car Drivers (HKLM-x32\...\{E9DF3ECB-00F3-4992-955D-ABC9AAD23BFA}) (Version: 1.00.0000 - TSO)
    Vegas Pro 11.0 (HKLM-x32\...\{6AEFCA01-8DF1-11E1-A17B-F04DA23A5C58}) (Version: 11.0.682 - Sony)
    Vegas Pro 13.0 (64-bit) (HKLM\...\{D0360940-CCC6-11E3-B9C6-F04DA23A5C58}) (Version: 13.0.310 - Sony)
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
    Voxengo SPAN (HKLM\...\Voxengo SPAN_is1) (Version: 2.9 - Voxengo)
    WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-196304569-3554425786-1367066649-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-2E546C5985C7}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
    CustomCLSID: HKU\S-1-5-21-196304569-3554425786-1367066649-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

    ==================== Restore Points =========================

    01-11-2015 19:57:26 Scheduled Checkpoint
    03-11-2015 00:13:12 Installed Blender
    04-11-2015 18:54:23 Installed Microsoft Visual C++ 2005 Redistributable

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 13:25 - 2013-08-22 13:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {08897F7B-1766-44AD-97C3-DC26C5275946} - \PhraseProfessor Auto Updater 1.10.0.21 Pending Update -> No File <==== ATTENTION
    Task: {2D9340B2-E443-47AD-823C-334DE4B0B85E} - \cfr3011 -> No File <==== ATTENTION
    Task: {321FD8B6-EAAD-4BC7-8A03-BFE4DCAA8028} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {414799F7-C6DB-4E0E-98C0-01382695B37C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {468164DA-EB6B-4544-A553-93680D16D38C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-10-02] (Microsoft Corporation)
    Task: {58668993-88C4-4DF6-939C-F5BE9F995B33} - \PhraseProfessor Auto Updater 1.10.0.21 Core -> No File <==== ATTENTION
    Task: {5E5AFC04-6423-40DC-81F0-40941122F97B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
    Task: {6577CB0E-99A4-466C-94C5-65C356B1ADF8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {65C71641-8B5E-4717-880C-4D25CE589844} - System32\Tasks\{DF216AC6-422A-4124-A1FF-E13C283FD6AA} => pcalua.exe -a "C:\Program Files (x86)\Malwarebytes Anti-Malware\unins001.exe"
    Task: {698F6A02-F441-45D5-8EF8-CD39CA9148EA} - System32\Tasks\{DC116100-5B84-4055-9529-257FC6D43E92} => pcalua.exe -a "C:\Program Files (x86)\Smwyyntm1ndi1zdz\uninstall.exe"
    Task: {6FBBE24F-BD87-44AD-83B4-1C8A552EA9C1} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {786B3913-3D80-4F6B-978E-5F5DC04C1A7F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {85AC6CB3-F23A-430A-A59F-24B5EA12956F} - System32\Tasks\GlobalUpdate-zgy4yzdxngtibtr => C:\Users\CIVY\AppData\Roaming\zgy4yzdxngtibtr\zgy4yzdxngtibtr.exe <==== ATTENTION
    Task: {948E57F7-8F01-4808-9281-1F9FBF209C2E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
    Task: {A2747CB6-3284-4449-9599-8BD6DE98059C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {B2B84A7F-35F7-4A36-B260-5A7AF751EBD6} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {B4CAF807-1F83-4CF4-8B89-296A68CECA03} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {CBBB03D1-2A11-4CD1-A38E-EE17E3D78F06} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {D1D42A83-EF28-4DBD-937B-C2E65CB0A372} - System32\Tasks\{47C5BB81-73C4-47F5-A4AF-0D8959EE1D97} => pcalua.exe -a C:\Users\CIVY\AppData\Local\BrowserAir\Application\Uninstall.exe
    Task: {D2BA680D-0EAA-4553-B59C-5C30CBB7669D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {D6A95522-AB51-4513-AAF5-DE4A4B40B70A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd)
    Task: {F061AE91-A657-4B89-9194-6C760C539D30} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0f0732ccf505a.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2015-08-12 09:57 - 2015-08-12 09:57 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
    2015-08-19 14:04 - 2015-08-11 09:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
    2015-10-30 22:15 - 2015-09-17 06:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2015-10-30 22:15 - 2015-09-17 06:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
    2015-09-11 18:02 - 2015-09-11 18:02 - 00803488 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
    2015-10-30 22:15 - 2015-09-17 05:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
    2015-10-30 22:15 - 2015-09-17 05:44 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2015-10-30 22:15 - 2015-09-17 05:42 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2015-10-30 22:15 - 2015-09-17 05:42 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2015-10-30 22:15 - 2015-09-17 05:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2015-07-10 11:00 - 2015-07-10 13:14 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
    2015-09-11 18:01 - 2015-09-11 18:01 - 31958688 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
    2015-10-30 22:24 - 2015-10-30 22:24 - 00012800 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1026.13580.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    2015-10-30 22:24 - 2015-10-30 22:24 - 10958848 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1026.13580.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
    2015-10-30 22:22 - 2015-10-30 22:22 - 00245760 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1026.13580.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
    2015-10-30 22:20 - 2015-10-30 22:21 - 03498496 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1510.13020.0_x64__8wekyb3d8bbwe\Calculator.exe
    2015-01-17 09:27 - 2015-01-17 09:27 - 34734712 _____ () C:\Program Files (x86)\Image-Line\Shared\dsp_ipp_x64.dll
    2015-03-18 16:18 - 2015-03-18 16:18 - 00872056 _____ () C:\Program Files (x86)\Image-Line\Shared\QuickFontCache_x64.dll
    2014-12-02 19:32 - 2014-12-02 19:32 - 00607352 _____ () C:\Program Files (x86)\Image-Line\Shared\freetype_x64.dll
    2015-07-01 16:35 - 2015-07-01 16:35 - 00439304 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
    2015-07-01 16:35 - 2015-07-01 16:35 - 00321032 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
    2015-09-15 07:08 - 2015-09-15 07:08 - 40523440 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
    2015-09-15 07:08 - 2015-09-15 07:08 - 01365680 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libglesv2.dll
    2015-09-15 07:08 - 2015-09-15 07:08 - 00219312 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libegl.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\acengine => ""="service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\acwfp => ""="Driver"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-196304569-3554425786-1367066649-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\CIVY\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{4bacddd1-01a4-4a37-b46d-fbad286613d2}.jpg
    DNS Servers: 192.168.0.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{20C4BA0C-48B5-450C-8390-0FFB381DA536}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{34E985C4-DDE7-42D3-8FE4-5B1ADC89A031}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{D7CB6F43-2B19-4160-BC8B-DEE34B0942A8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{CDD9321C-95F6-4F54-B537-6F1ABE0C27F1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{32A9BCDF-E8DC-4DD4-87FF-887CEC58B28F}] => (Allow) C:\Users\CIVY\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{0E3E969E-BC20-43A1-B6B7-F91563D95CEC}] => (Allow) C:\Users\CIVY\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{0B47E4F5-A782-4C35-90BE-72DDD4DE56D0}] => (Allow) C:\Users\CIVY\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{79E5C9C5-7769-4352-8F26-DE163F4BC8F8}] => (Allow) C:\Users\CIVY\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{D2299115-6BA4-45F6-AD64-7FA638AA95A8}] => (Allow) C:\Users\CIVY\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{58CCBB12-5FDB-4AEA-AB7D-F3C216895706}] => (Allow) C:\Users\CIVY\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{AD88EE2D-D3B3-4311-87A9-7D19730104AD}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
    FirewallRules: [{D6D95E1A-332B-4BDB-92F8-0246A96E3C78}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
    FirewallRules: [{ED4DF012-CA11-4E47-9477-CB3B7AA33FDE}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
    FirewallRules: [{EFD62505-FEBF-4CCE-B4ED-A1837229A075}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
    FirewallRules: [{179E6C93-60B6-47F2-B726-BBEFBC9741C6}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
    FirewallRules: [{25822AEF-0A40-4095-B54C-D7583266AA5A}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
    FirewallRules: [{8D247DE6-459F-40F4-AF05-E476E3DB67EE}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
    FirewallRules: [{6767C21D-CFE1-4442-9D8D-F60D59379893}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
    FirewallRules: [{1F2D77A2-725B-4FE2-9794-030D05829DAD}] => (Allow) C:\Program Files (x86)\Max Driver Updater\maxdu.exe
    FirewallRules: [{90289AE0-93D4-4553-871E-505C9A912769}] => (Allow) C:\Users\CIVY\AppData\Local\Chromium\Application\chrome.exe
    FirewallRules: [{21F1CEC9-6DA5-4606-B2F9-6AA9E5C19ABF}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
    FirewallRules: [{0562063F-BF54-4863-82B8-B5E0BDD6E2FF}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
    FirewallRules: [{C8001966-F58C-48CC-8A1E-19711CB31BCC}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
    FirewallRules: [{8D78296E-5A52-41B6-86FB-862702CB9B7E}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
    FirewallRules: [{65F0A314-2E37-42BA-A3A4-C9A9A272C5DF}] => (Allow) C:\Program Files\Sony\Vegas Pro 13.0\vegas130.exe
    FirewallRules: [{44EE24AE-0C52-4C05-878B-4ACD1C38018B}] => (Allow) C:\Program Files\Sony\Vegas Pro 13.0\vegas130.exe
    FirewallRules: [{25B8B8C1-4874-4987-91AA-720AC3DA401D}] => (Allow) C:\Program Files\Sony\Vegas Pro 13.0\vegas130.exe
    FirewallRules: [{283A001C-B27F-47F7-B55F-A93A10B7E75B}] => (Allow) C:\Program Files\Sony\Vegas Pro 13.0\vegas130.exe
    FirewallRules: [{2F66231F-46C1-41AC-B1BB-23E944AAE387}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [TCP Query User{17C69581-23DA-4C4F-9761-5BC988A16C2C}C:\program files (x86)\image-line\fl studio 11\fl.exe] => (Allow) C:\program files (x86)\image-line\fl studio 11\fl.exe
    FirewallRules: [UDP Query User{425271CB-1AFE-4A52-BAD8-8C4DA983579D}C:\program files (x86)\image-line\fl studio 11\fl.exe] => (Allow) C:\program files (x86)\image-line\fl studio 11\fl.exe

    ==================== Faulty Device Manager Devices =============

    Name: HP x22LED Series Wide LCD Monitor
    Description: HP x22LED Series Wide LCD Monitor
    Class Guid: {4d36e96e-e325-11ce-bfc1-08002be10318}
    Manufacturer: HP
    Service: monitor
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (11/05/2015 12:30:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program MicrosoftEdge.exe version 11.0.10240.16566 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

    Process ID: 1c64

    Start Time: 01d117c4a1093ff1

    Termination Time: 4294967295

    Application Path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

    Report Id: f77e2ef2-83b8-11e5-82d7-fcaa145f5655

    Faulting package full name: Microsoft.MicrosoftEdge_20.10240.16384.0_neutral__8wekyb3d8bbwe

    Faulting package-relative application ID: MicrosoftEdge

    Error: (11/05/2015 12:30:16 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: HAMED)
    Description: Package Microsoft.MicrosoftEdge_20.10240.16384.0_neutral__8wekyb3d8bbwe+MicrosoftEdge was terminated because it took too long to suspend.

    Error: (11/05/2015 12:29:36 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HAMED)
    Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (11/04/2015 06:55:20 PM) (Source: LegacyUninstaller) (EventID: 0) (User: )
    Description: Legacy uninstall did not succeed.

    Error: (11/04/2015 06:54:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .

    Error: (11/04/2015 06:43:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HAMED)
    Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (11/04/2015 12:44:42 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HAMED)
    Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (11/04/2015 12:44:42 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HAMED)
    Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (11/03/2015 05:45:38 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: chrome.exe, version: 46.0.2490.80, time stamp: 0x56262c73
    Faulting module name: chrome.dll, version: 46.0.2490.80, time stamp: 0x56262781
    Exception code: 0x80000003
    Fault offset: 0x000170a6
    Faulting process id: 0x1b00
    Faulting application start time: 0xchrome.exe0
    Faulting application path: chrome.exe1
    Faulting module path: chrome.exe2
    Report Id: chrome.exe3
    Faulting package full name: chrome.exe4
    Faulting package-relative application ID: chrome.exe5

    Error: (11/03/2015 01:24:51 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HAMED)
    Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.


    System errors:
    =============
    Error: (11/05/2015 10:23:17 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (11/05/2015 12:29:36 AM) (Source: DCOM) (EventID: 10010) (User: HAMED)
    Description: CortanaUI.AppXd4tad4d57t4wtdbnnmb8v2xtzym8c1n8.mca

    Error: (11/05/2015 12:29:33 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Sync Host_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (11/04/2015 06:43:50 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (11/04/2015 06:43:46 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (11/04/2015 06:43:00 PM) (Source: DCOM) (EventID: 10010) (User: HAMED)
    Description: CortanaUI

    Error: (11/04/2015 06:42:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Sync Host_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (11/04/2015 05:09:19 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

    Error: (11/04/2015 05:09:19 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

    Error: (11/04/2015 05:09:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable


    CodeIntegrity:
    ===================================
    Date: 2015-11-05 21:28:21.287
    Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\dnsapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-11-05 21:28:21.278
    Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\dnsapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-11-05 21:27:18.393
    Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\dnsapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-10-30 22:40:34.958
    Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\dnsapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-10-30 22:40:25.815
    Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\dnsapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-10-30 22:40:25.806
    Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\dnsapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-10-30 22:40:25.797
    Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\dnsapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-10-30 22:40:25.462
    Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\dnsapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-10-30 22:19:40.545
    Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\dnsapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-10-30 22:19:40.498
    Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\dnsapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz
    Percentage of memory in use: 51%
    Total physical RAM: 8053.24 MB
    Available physical RAM: 3867.27 MB
    Total Virtual: 9461.24 MB
    Available Virtual: 4545.16 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:931.17 GB) (Free:697.82 GB) NTFS ==>[drive with boot components (obtained from BCD)]
    Drive d: (DVSA_TT_CAR_V2_2) (CDROM) (Total:1.39 GB) (Free:0 GB) CDFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 59917E68)
    Partition 1: (Active) - (Size=931.2 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
     

    Attached Files:

    Last edited by a moderator: Nov 6, 2015
  16. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Many thanks for that.
    Let's deal with the main issue first..........
    • Please re-run FRST again, but this time type the following in the edit box after Search: dnsapi.dll
    • Click the Search File(s) button


      11389d7968f2200ddb43752463fbbf89.png

    • It will make a log (Search.txt)- please post this report in your next post.

    Thanks
     
  17. Hamlap

    Hamlap Registered Members

    Joined:
    Oct 30, 2015
    Messages:
    15
    Operating System:
    Windows 10
    Hi starbuck
    thanks for the reply again
    here is the search file

    Farbar Recovery Scan Tool (x64) Version:05-11-2015
    Ran by CIVY (2015-11-06 14:46:11)
    Running from C:\Users\CIVY\Desktop
    Boot Mode: Normal

    ================== Search Files: "dnsapi.dll" =============

    C:\Windows\WinSxS\wow64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_10.0.10240.16384_none_a7e0cfc0f233a685\dnsapi.dll
    [2015-07-10 11:00][2015-07-10 11:00] 0534064 ____A (Microsoft Corporation) BB5BBD0E4D04047585E4ED0F07AA51E7 [File is digitally signed]

    C:\Windows\WinSxS\amd64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_10.0.10240.16384_none_9d8c256ebdd2e48a\dnsapi.dll
    [2015-07-10 11:00][2015-07-10 11:00] 0680256 ____A (Microsoft Corporation) C287D0E32771E3222A444DC527A29477 [File is digitally signed]

    C:\Windows\System32\dnsapi.dll
    [2015-07-10 11:00][2015-09-02 07:19] 0680256 ____A (Microsoft Corporation) D72F00D038CAF288009C8A7FC3BA2B11 [File not signed]

    ====== End of Search ======
     

    Attached Files:

    Last edited by a moderator: Nov 6, 2015
  18. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Hamlap

    With all due respect, the system is a bit of a mess.
    This next warning is more than likely the possible cause:

    P2P Warning
    Please note that as long as you're using any form of Peer-to-Peer networking ( Frostwire, Bearshare, BitTorrent etc.) and downloading files from non-documented sources, you can expect infestations of malware and system problems to occur.
    P2P programs form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P program is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program.

    Many of the programs come bundled with other unwanted programs, but even the ones free of any bundled software are not safe to use.
    When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

    You may decide to continue P2P sharing, but keep in mind that this practice may be the source of future malware infestation.
    If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programs, we may refuse to help you.

    If you do decide (unwisely) to keep these programs, please refrain from using them until we have finished cleaning your system.

    ---------
    We'll try and undo the damage caused.
    We'll also try and replace the missing system file..... this missing file explains a lot of your problems.

    Step 1
    AVG is doing nothing at all.
    It's showing as being installed and also running at startup... but it's not showing in security center.

    Please uninstall AVG.
    After running the uninstaller, download the AVG removal tool

    Once downloaded to your system.... run the removal tool. (this clears any registry entries left over )
    Even if AVG won't uninstall.... still run the removal tool.
    Windows Defender will kick in and will act as your AV and AS.


    Step 2
    Please download the attached fixlist.txt file (bottom of this post) and save it to the Desktop.
    NOTE.
    It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine.
    Running this on another machine may cause damage to your operating system


    Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.

    2cf1672fdd2151dad6f349c704143429.png

    The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply.


    Step 3
    Please reset all browsers:

    To Reset Firefox
    • At the top of the Firefox window, click the Help menu and select Troubleshooting Information
    • Click the Reset Firefox… button in the upper-right corner of the Troubleshooting Information page.
    • To continue, click Reset Firefox in the confirmation window that opens.
    • Firefox will close and be reset. When it's done, a window will list the information that was imported.
    • Click Finish and Firefox will open.
    Note:
    After the reset is finished, your old Firefox profile information will be placed on your desktop in a folder named "Old Firefox Data." If the reset didn't fix your problem you can restore some of the information not saved by copying files to the new profile that was created.
    If you don't need this folder any longer, you should delete it as it contains sensitive information.

    The reset feature works by creating a new profile folder for you while saving your most important data.

    Firefox will try to keep the following data:



      • Bookmarks
      • Browsing history
      • Passwords
      • Cookies
      • Web form auto-fill information
      • Personal dictionary

    --------------------

    Reset IE back to the defaults.
    • Close any Internet Explorer or Windows Explorer windows that are currently open.
    • Open Internet Explorer by clicking the Start button, and then clicking Internet Explorer.
    • Click the Tools button, and then click Internet Options.
    • Click the Advanced tab, and then click Reset.
    • Select the Delete personal settings check box if you would like to remove browsing history, search providers, Accelerators, home pages, and InPrivate Filtering data.
    • In the Reset Internet Explorer Settings dialog box, click Reset.
    • When Internet Explorer finishes applying default settings, click Close, and then click OK.
    • Close Internet Explorer.
    • Your changes will take effect the next time you open Internet Explorer.

    -----------------

    To reset Google Chrome
    • Click the Menu option button at the top right of the Google Chrome screen
    • Select Settings.
    • Click Show advanced settings and find the "Reset browser settings” section.
    • Click Reset browser settings.
    • In the dialogue that appears, click Reset. Note: When the "Help make Google Chrome better by reporting the current settings" tick box is selected you are anonymously sending Google your Chrome settings. Reporting these settings allows us to analyse trends and work to prevent future unwanted settings changes.

    Resetting your browser settings will impact the settings below:

    Default search engine and saved search engines will be reset and to their original defaults.
    Homepage button will be hidden and the URL that you previously set will be removed.
    Default startup tabs will be cleared. The browser will show a new tab when you startup or continue where you left off if you're on a Chromebook.
    New Tab page will be empty unless you have a version of Chrome with an extension that controls it. In that case your page may be preserved.
    Pinned tabs will be unpinned.
    Content settings will be cleared and reset to their installation defaults.
    Cookies and site data will be cleared.
    Extensions and themes will be disabled.



    Step 4
    I'd like you to do an ESET OnlineScan

    64Bit users, please see note at the bottom.

    You may find it beneficial to close your resident AV program before running the scan.

    It's been found that on some systems the Eset's Online Scan fails during the database download ( around 20% )
    To prevent this happening:
    When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):

    Enable Anti-Stealth technology

    9be2a7734ccc4d2fa4b41730731e62da.png

    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    • Click the 46f7f10744e13506f4483b26b7c0b744.png button.
    • If asked, allow the activex control to install
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      • Click on [​IMG] to download the ESET Smart Installer.
        Save it to your desktop.
      • Double click on the [​IMG] icon on your desktop.
    • Check [​IMG]
    • Click the [​IMG] button.
    • Accept any security warnings from your browser.
    • Check [​IMG]
    • Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
    • Click the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push [​IMG]
    • Click [​IMG], and save the file to your desktop using a unique name, such as ESETScan.
      Include the contents of this report in your next reply.
    • Click the 6a81e531e97f5ac40491a9cf9d075881.png button.
    • Click [​IMG]
    A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

    Note:
    As you are running a 64bit system:
    The ESET Online Scanner is a 32-bit application, which means it must be run through in the 32-bit version of Internet Explorer, and as an Administrator. To do so, right-click on the Internet Explorer (32-bit) icon in the App Menu (under Windows Accessories) and select "Run as administrator" from the context menu.
    Or use either Firefox or Chrome which almost certainly will be 32bit versions.


    In your next reply, please submit:
    Fixlog.txt from FRST
    Eset scan report

    Also give me an update as to how the system is running now.


    Thanks.
     

    Attached Files:

    Last edited: Nov 6, 2015
  19. Hamlap

    Hamlap Registered Members

    Joined:
    Oct 30, 2015
    Messages:
    15
    Operating System:
    Windows 10
    Hi starbuck computer is running much faster than before what would u say was is the main problem
    I also have this thing when ever I turn off my pc it straight away restarts again a pretty annoying problem
    will the removal also fix that ?

    C:\FRST\Quarantine\C\Users\CIVY\AppData\Local\Temp\Setup_13A1E11A.exe.xBAD a variant of Win32/FusionCore.C potentially unwanted application deleted - quarantined
    C:\Users\CIVY\AppData\Local\{9050A60C-B4F8-CAB4-D960-EF5CFD0813C4}\uninstall.exe a variant of Win32/DealPly.BB potentially unwanted application cleaned by deleting - quarantined
    C:\Users\CIVY\AppData\Roaming\BitTorrent\updates\7.9.3_40761.exe a variant of Win32/OpenCandy.A potentially unsafe application cleaned by deleting - quarantined
    C:\Users\CIVY\Downloads\BitTorrent.exe a variant of Win32/OpenCandy.A potentially unsafe application cleaned by deleting - quarantined
    C:\Users\CIVY\Downloads\spsetup128 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
    C:\Users\CIVY\Downloads\spsetup128.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
    C:\Users\CIVY\Downloads\FL Studio Producer Edition 11.0.4+Plugins Bundle R2R [ChingLiu]\flstudio_11.0.4.exe Win32/OpenCandy potentially unsafe application deleted - quarantined
    C:\Users\CIVY\Downloads\Image-Line.FL.Studio.Producer.Edition.v12.0.2.Incl.Keygen-R2R\r2r-3401.rar a variant of Win32/OpenCandy.A potentially unsafe application deleted - quarantined
    C:\Users\CIVY\Downloads\Image-Line.FL.Studio.Producer.Edition.v12.0.2.Incl.Keygen-R2R\r2r-3401\flstudio_12.0.2.exe a variant of Win32/OpenCandy.A potentially unsafe application deleted - quarantined
    C:\Users\CIVY\Downloads\Native Instruments Kontakt 5 v5.5.0 UNLOCKED - Tracer [deepstatus]\Native.Instruments.Kontakt.5.v5.5.0.UNLOCKED-Tracer.rar a variant of Win32/HackTool.Patcher.AD potentially unsafe application deleted - quarantined
    C:\Users\CIVY\Downloads\Native Instruments Kontakt 5 v5.5.0 UNLOCKED - Tracer [deepstatus]\RegPatch (SEE NFO)\kontakt.sno.regpatch.32Bit\kontakt.sno.regpatch.x86.exe a variant of Win32/HackTool.Patcher.AD potentially unsafe application cleaned by deleting - quarantined
    C:\Users\CIVY\Downloads\Native Instruments Kontakt 5 v5.5.0 UNLOCKED - Tracer [deepstatus]\RegPatch (SEE NFO)\kontakt.sno.regpatch.64Bit\kontakt.sno.regpatch.x64.exe a variant of Win32/HackTool.Patcher.AD potentially unsafe application cleaned by deleting - quarantined
    C:\Users\CIVY\Downloads\Sony Vegas Pro 11\Keygen.exe a variant of Win32/Keygen.HU potentially unsafe application cleaned by deleting - quarantined
    C:\Users\CIVY\Downloads\Sony Vegas Pro 13.0 build 310 (64 bit) (patch KHG) [ChingLiu]\Patch KHG\vegas.pro.13.0.(64-bit)-patch.exe a variant of Win32/HackTool.Patcher.AD potentially unsafe application cleaned by deleting - quarantined

    ---------------

    Fix result of Farbar Recovery Scan Tool (x64) Version:05-11-2015
    Ran by CIVY (2015-11-06 19:24:11) Run:1
    Running from C:\Users\CIVY\Desktop\frts
    Loaded Profiles: CIVY (Available Profiles: CIVY)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    Replace: C:\Windows\WinSxS\wow64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_10.0.10240.16384_none_a7e0cfc0f233a685\dnsapi.dll C:\Windows\SysWOW64\dnsapi.dll
    Replace: C:\Windows\WinSxS\amd64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_10.0.10240.16384_none_9d8c256ebdd2e48a\dnsapi.dll C:\Windows\System32\dnsapi.dll
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-196304569-3554425786-1367066649-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-196304569-3554425786-1367066649-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
    S1 bsdriver; \??\C:\WINDOWS\system32\drivers\bsdriver.sys [X]
    S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
    C:\Users\CIVY\AppData\Local\Temp\R2RXEFKG.dll
    C:\Users\CIVY\AppData\Local\Temp\Setup_13A1E11A.exe
    C:\Users\CIVY\AppData\Local\Temp\SpOrder.dll
    C:\Users\CIVY\AppData\Local\Temp\Uninstall.exe
    C:\Users\CIVY\AppData\Local\Temp\UninstallModule.exe
    CustomCLSID: HKU\S-1-5-21-196304569-3554425786-1367066649-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-2E546C5985C7}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
    Task: {08897F7B-1766-44AD-97C3-DC26C5275946} - \PhraseProfessor Auto Updater 1.10.0.21 Pending Update -> No File <==== ATTENTION
    Task: {2D9340B2-E443-47AD-823C-334DE4B0B85E} - \cfr3011 -> No File <==== ATTENTION
    Task: {321FD8B6-EAAD-4BC7-8A03-BFE4DCAA8028} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {414799F7-C6DB-4E0E-98C0-01382695B37C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {58668993-88C4-4DF6-939C-F5BE9F995B33} - \PhraseProfessor Auto Updater 1.10.0.21 Core -> No File <==== ATTENTION
    Task: {6577CB0E-99A4-466C-94C5-65C356B1ADF8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {65C71641-8B5E-4717-880C-4D25CE589844} - System32\Tasks\{DF216AC6-422A-4124-A1FF-E13C283FD6AA} => pcalua.exe -a "C:\Program Files (x86)\Malwarebytes Anti-Malware\unins001.exe"
    Task: {698F6A02-F441-45D5-8EF8-CD39CA9148EA} - System32\Tasks\{DC116100-5B84-4055-9529-257FC6D43E92} => pcalua.exe -a "C:\Program Files (x86)\Smwyyntm1ndi1zdz\uninstall.exe"
    Task: {6FBBE24F-BD87-44AD-83B4-1C8A552EA9C1} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {786B3913-3D80-4F6B-978E-5F5DC04C1A7F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {85AC6CB3-F23A-430A-A59F-24B5EA12956F} - System32\Tasks\GlobalUpdate-zgy4yzdxngtibtr => C:\Users\CIVY\AppData\Roaming\zgy4yzdxngtibtr\zgy4yzdxngtibtr.exe <==== ATTENTION
    Task: {A2747CB6-3284-4449-9599-8BD6DE98059C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {B2B84A7F-35F7-4A36-B260-5A7AF751EBD6} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {B4CAF807-1F83-4CF4-8B89-296A68CECA03} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {CBBB03D1-2A11-4CD1-A38E-EE17E3D78F06} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {D1D42A83-EF28-4DBD-937B-C2E65CB0A372} - System32\Tasks\{47C5BB81-73C4-47F5-A4AF-0D8959EE1D97} => pcalua.exe -a C:\Users\CIVY\AppData\Local\BrowserAir\Application\Uninstall.exe
    Task: {D2BA680D-0EAA-4553-B59C-5C30CBB7669D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {F061AE91-A657-4B89-9194-6C760C539D30} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    FirewallRules: [{AD88EE2D-D3B3-4311-87A9-7D19730104AD}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
    FirewallRules: [{D6D95E1A-332B-4BDB-92F8-0246A96E3C78}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
    FirewallRules: [{ED4DF012-CA11-4E47-9477-CB3B7AA33FDE}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
    FirewallRules: [{EFD62505-FEBF-4CCE-B4ED-A1837229A075}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
    FirewallRules: [{179E6C93-60B6-47F2-B726-BBEFBC9741C6}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
    FirewallRules: [{25822AEF-0A40-4095-B54C-D7583266AA5A}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
    C:\Users\CIVY\AppData\Roaming\zgy4yzdxngtibtr
    C:\Program Files (x86)\Smwyyntm1ndi1zdz
    CMD: ipconfig /flushdns
    Hosts:
    EmptyTemp:
    *****************

    "C:\Windows\SysWOW64\dnsapi.dll" => not found
    C:\Windows\WinSxS\wow64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_10.0.10240.16384_none_a7e0cfc0f233a685\dnsapi.dll copied successfully to C:\Windows\SysWOW64\dnsapi.dll
    C:\Windows\System32\dnsapi.dll => moved successfully
    C:\Windows\WinSxS\amd64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_10.0.10240.16384_none_9d8c256ebdd2e48a\dnsapi.dll copied successfully to C:\Windows\System32\dnsapi.dll
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
    HKU\S-1-5-21-196304569-3554425786-1367066649-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
    "HKU\S-1-5-21-196304569-3554425786-1367066649-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}" => key removed successfully
    HKCR\CLSID\{2f23ab71-4ac6-41f2-a955-ea576e553146} => key not found.
    bsdriver => service removed successfully
    wfpcapture => service removed successfully
    C:\Users\CIVY\AppData\Local\Temp\R2RXEFKG.dll => moved successfully
    C:\Users\CIVY\AppData\Local\Temp\Setup_13A1E11A.exe => moved successfully
    C:\Users\CIVY\AppData\Local\Temp\SpOrder.dll => moved successfully
    C:\Users\CIVY\AppData\Local\Temp\Uninstall.exe => moved successfully
    C:\Users\CIVY\AppData\Local\Temp\UninstallModule.exe => moved successfully
    "HKU\S-1-5-21-196304569-3554425786-1367066649-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-2E546C5985C7}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{08897F7B-1766-44AD-97C3-DC26C5275946}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08897F7B-1766-44AD-97C3-DC26C5275946}" => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PhraseProfessor Auto Updater 1.10.0.21 Pending Update => key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2D9340B2-E443-47AD-823C-334DE4B0B85E}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D9340B2-E443-47AD-823C-334DE4B0B85E}" => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\cfr3011 => key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{321FD8B6-EAAD-4BC7-8A03-BFE4DCAA8028}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{321FD8B6-EAAD-4BC7-8A03-BFE4DCAA8028}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{414799F7-C6DB-4E0E-98C0-01382695B37C}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{414799F7-C6DB-4E0E-98C0-01382695B37C}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{58668993-88C4-4DF6-939C-F5BE9F995B33}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{58668993-88C4-4DF6-939C-F5BE9F995B33}" => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PhraseProfessor Auto Updater 1.10.0.21 Core => key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6577CB0E-99A4-466C-94C5-65C356B1ADF8}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6577CB0E-99A4-466C-94C5-65C356B1ADF8}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{65C71641-8B5E-4717-880C-4D25CE589844}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65C71641-8B5E-4717-880C-4D25CE589844}" => key removed successfully
    C:\WINDOWS\System32\Tasks\{DF216AC6-422A-4124-A1FF-E13C283FD6AA} => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DF216AC6-422A-4124-A1FF-E13C283FD6AA}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{698F6A02-F441-45D5-8EF8-CD39CA9148EA}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{698F6A02-F441-45D5-8EF8-CD39CA9148EA}" => key removed successfully
    C:\WINDOWS\System32\Tasks\{DC116100-5B84-4055-9529-257FC6D43E92} => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DC116100-5B84-4055-9529-257FC6D43E92}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6FBBE24F-BD87-44AD-83B4-1C8A552EA9C1}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6FBBE24F-BD87-44AD-83B4-1C8A552EA9C1}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{786B3913-3D80-4F6B-978E-5F5DC04C1A7F}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{786B3913-3D80-4F6B-978E-5F5DC04C1A7F}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{85AC6CB3-F23A-430A-A59F-24B5EA12956F}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{85AC6CB3-F23A-430A-A59F-24B5EA12956F}" => key removed successfully
    C:\WINDOWS\System32\Tasks\GlobalUpdate-zgy4yzdxngtibtr => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GlobalUpdate-zgy4yzdxngtibtr" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A2747CB6-3284-4449-9599-8BD6DE98059C}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2747CB6-3284-4449-9599-8BD6DE98059C}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B2B84A7F-35F7-4A36-B260-5A7AF751EBD6}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2B84A7F-35F7-4A36-B260-5A7AF751EBD6}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B4CAF807-1F83-4CF4-8B89-296A68CECA03}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B4CAF807-1F83-4CF4-8B89-296A68CECA03}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CBBB03D1-2A11-4CD1-A38E-EE17E3D78F06}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CBBB03D1-2A11-4CD1-A38E-EE17E3D78F06}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D1D42A83-EF28-4DBD-937B-C2E65CB0A372}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1D42A83-EF28-4DBD-937B-C2E65CB0A372}" => key removed successfully
    C:\WINDOWS\System32\Tasks\{47C5BB81-73C4-47F5-A4AF-0D8959EE1D97} => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{47C5BB81-73C4-47F5-A4AF-0D8959EE1D97}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D2BA680D-0EAA-4553-B59C-5C30CBB7669D}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D2BA680D-0EAA-4553-B59C-5C30CBB7669D}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F061AE91-A657-4B89-9194-6C760C539D30}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F061AE91-A657-4B89-9194-6C760C539D30}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AD88EE2D-D3B3-4311-87A9-7D19730104AD} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D6D95E1A-332B-4BDB-92F8-0246A96E3C78} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{ED4DF012-CA11-4E47-9477-CB3B7AA33FDE} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EFD62505-FEBF-4CCE-B4ED-A1837229A075} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{179E6C93-60B6-47F2-B726-BBEFBC9741C6} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{25822AEF-0A40-4095-B54C-D7583266AA5A} => value removed successfully
    C:\Users\CIVY\AppData\Roaming\zgy4yzdxngtibtr => moved successfully
    "C:\Program Files (x86)\Smwyyntm1ndi1zdz" => not found.

    ========= ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========

    C:\Windows\System32\Drivers\etc\hosts => moved successfully
    Hosts restored successfully.
    EmptyTemp: => 8.4 GB temporary data Removed.


    The system needed a reboot.

    thanks
     

    Attached Files:

    Last edited by a moderator: Nov 6, 2015
  20. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Hamlap,

    Obviously your system was infected with malware.
    The malware has also made changes to settings and may well be responsible for the missing system file.
    By removing that file, the malware had more control over your system.

    Eset has also removed some keygens.... I don't need to tell you that these are illegal versions of software.
    You may think that these downloads are made available out of the goodness of someones heart..... in reality they give you these downloads so that they can take advantage of your need and infect your system.
    If you're given something for nothing.... there's bound to be a catch.

    This is something that I haven't come across before, but I'll look into the possible cause and fix.
    What are you referring to when you say....Will the removal also fix that.

    That's a sizable chunk .... the system must be breathing easier now. :)

    The FRST fixlog states that the missing file has been replaced.... but i'd like to double check this.
    I'd like you to run the search again...... we can then compare the results with the previous report.

    • Please re-run FRST again, but this time type the following in the edit box after Search: dnsapi.dll
    • Click the Search File(s) button

      11389d7968f2200ddb43752463fbbf89.png
    • It will make a log (Search.txt)- please post this report in your next post.
     

Share This Page