Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected: multiple windows pop up when clicking links or typing web addresses


  • Please log in to reply
36 replies to this topic

#1 Cenfath

Cenfath

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Oklahoma
  • Local time:03:52 AM

Posted 24 August 2015 - 07:10 PM

I wanted to post a log but it looks like the program that was suggested is not for Windows 10.  This is my mom's laptop and she recently upgraded to Windows 10.  She says when she upgraded that her computer started running extremely slow.  I noticed that she had a lot of "programs" on her desktop that I have always associated with malware so I tried to remove them.  It looks like they're gone at first glance but I'm sure they're still there.  When I open her web browser multiple windows and tabs will pop up. Clicking on links or pressing enter upon typing a web address also open up new windows or tabs.  What should I use to post a log?  Thank you!



BC AdBot (Login to Remove)

 


m

#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:52 AM

Posted 24 August 2015 - 09:35 PM

Hi and welcome to the Virus/Trojan/Spyware/Malware Removal forum,

I am thcbytes and I am here to help you!

I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Please perform all steps in the order received and do not proceed if you need clarification.

Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.

In the upper right hand corner of the topic you will see a button called Watch this topic. Click on this then choose Immediate E-Mail notification and then Proceed and you will be advised when I respond to your topic by email.

Please try to reply within 24 hours. If you find yourself delayed simply post a quick reply here and let me know!! After 5 days if your topic is not replied I will assume it has been abandoned and I will close it.

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

<<<<<<<<<<

Lastly if you have not already done so you should consider backing up your important data - pictures, documents, etc... Worse case scenario is need for a wipe and reinstall your operating system to its factory settings. Therefore your precious data will be salvaged. There are both free and paid applications available.

Cobian Backup
DriveImage XML
CrashPlan

<<<<<<<<<<

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and your internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Choose Options and select all except Activate Debug Mode and then click Scan
  • Once the scan has completed you will see Pending. Please check elements you don't want to remove above the progress bar
  • Click on Cleaning
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
Copy and paste the contents in your reply

<<<<<<<<<<

Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
Copy and paste the contents in your reply

<<<<<<<<<<

FRST will run on Windows 10 just fine....

Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop ---> Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
<<<<<<<<<<

With your next post please provide:
  • AdwCleaner.txt
  • JRT log
  • FRST.txt
  • Addition.txt
  • An update about the problems that persist
Kind regards,
thcbytes
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:52 AM

Posted 26 August 2015 - 08:38 AM

Do you still desire help? I will only keep this topic open for a short time longer.
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#4 Cenfath

Cenfath
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Oklahoma
  • Local time:03:52 AM

Posted 27 August 2015 - 08:35 PM

Yes, I still need help.  I don't live with my parents so sometimes it takes me a couple of days to get to their computers. I will try to be sure to be more available and attentive to my emails.  I will start working on the post you first made now and post the logs as soon as I have them done.



#5 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:52 AM

Posted 27 August 2015 - 08:37 PM

Ok. Sounds good.
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#6 Cenfath

Cenfath
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Oklahoma
  • Local time:03:52 AM

Posted 27 August 2015 - 09:32 PM

# AdwCleaner v5.003 - Logfile created 27/08/2015 at 20:45:10
# Updated 20/08/2015 by Xplode
# Database : 2015-08-25.1 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : Pam Honeysuckle - OFFICE
# Running from : C:\Users\Pam Honeysuckle\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]

***** [ Web browsers ] *****


*************************

:: Proxy settings cleared
:: Winsock settings cleared
:: TCP/IP settings cleared
:: Firewall settings cleared
:: IPSec settings cleared
:: BITS queue cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C4].txt - [1108 bytes] ##########
 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.9 (08.27.2015:1)
OS: Windows 10 Home x64
Ran by Pam Honeysuckle on Thu 08/27/2015 at 21:11:07.91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\WINDOWS\system32\tasks\SlimCleaner Plus (Scheduled Scan - Pam Honeysuckle)
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\updateTask
Successfully deleted: [Task] C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - Pam Honeysuckle).job



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\wbsvc



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\Program Files (x86)\lavasoft\web companion
Successfully deleted: [Folder] C:\Program Files (x86)\osdownloader
Successfully deleted: [Folder] C:\ProgramData\lavasoft\web companion
Successfully deleted: [Folder] C:\Users\Pam Honeysuckle\Appdata\Local\crashrpt
Successfully deleted: [Folder] C:\Users\Pam Honeysuckle\Appdata\Local\installer
Successfully deleted: [Folder] C:\Users\Pam Honeysuckle\Appdata\LocalLow\company
Successfully deleted: [Folder] C:\users\Public\Documents\downloaded installers
Successfully deleted: [Folder] C:\ProgramData\28341ff220e0446c9fff27c4493d622e



~~~ Chrome


[C:\Users\Pam Honeysuckle\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Pam Honeysuckle\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Pam Honeysuckle\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Pam Honeysuckle\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 08/27/2015 at 21:14:41.15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-08-2015
Ran by Pam Honeysuckle (administrator) on OFFICE (27-08-2015 21:26:14)
Running from C:\Users\Pam Honeysuckle\Desktop
Loaded Profiles: Pam Honeysuckle (Available Profiles: Pam Honeysuckle & Administrator)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2015-03-07] (IDT, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-07-17] (Synaptics Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-19\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe [7805120 2015-07-10] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe [7805120 2015-07-10] (Microsoft Corporation)
HKU\S-1-5-21-468200526-3709930035-1514773469-1001\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1711680 2013-01-27] (CyberLink Corp.)
HKU\S-1-5-21-468200526-3709930035-1514773469-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-468200526-3709930035-1514773469-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-468200526-3709930035-1514773469-1001\...\Run: [OneDrive] => C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\OneDrive\OneDrive.exe [404064 2015-08-22] (Microsoft Corporation)
HKU\S-1-5-21-468200526-3709930035-1514773469-1001\...\RunOnce: [Uninstall C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-468200526-3709930035-1514773469-1001\...\RunOnce: [Uninstall C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\OneDrive\17.3.5892.0626] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\OneDrive\17.3.5892.0626"
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130848141534295145&GUID=DDB8CD2E-71C5-4E33-BDF7-0483F209DFA2
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-21-468200526-3709930035-1514773469-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130848141534326974&GUID=DDB8CD2E-71C5-4E33-BDF7-0483F209DFA2
HKU\S-1-5-21-468200526-3709930035-1514773469-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-468200526-3709930035-1514773469-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/HPNOT13/1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-468200526-3709930035-1514773469-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-468200526-3709930035-1514773469-1001 -> {6EAC0C65-B856-44CC-9601-E6AAB5A9715B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-468200526-3709930035-1514773469-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4a0aa90c-50a5-4726-ba47-5a16e48ed6fd}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5f1cc87a-ffca-4f54-b2ac-d497d52b9361}: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-23] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-23] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll [2012-04-26] (Adobe Systems, Inc.)
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll [2012-08-10] ( HP)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-21] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-11] ()

Chrome:
=======
CHR Profile: C:\Users\Pam Honeysuckle\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Pam Honeysuckle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-21]
CHR Extension: (Google Docs) - C:\Users\Pam Honeysuckle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-21]
CHR Extension: (Google Drive) - C:\Users\Pam Honeysuckle\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-21]
CHR Extension: (YouTube) - C:\Users\Pam Honeysuckle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-21]
CHR Extension: (Google Search) - C:\Users\Pam Honeysuckle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-21]
CHR Extension: (Website Logon) - C:\Users\Pam Honeysuckle\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo [2015-08-21]
CHR Extension: (Google Sheets) - C:\Users\Pam Honeysuckle\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-21]
CHR Extension: (No Name) - C:\Users\Pam Honeysuckle\AppData\Local\Google\Chrome\User Data\Default\Extensions\fijhlnmmmgflacagjecncpmpnhjieggk [2015-08-23]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Pam Honeysuckle\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-21]
CHR Extension: (No Name) - C:\Users\Pam Honeysuckle\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [2015-08-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Pam Honeysuckle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-21]
CHR Extension: (Gmail) - C:\Users\Pam Honeysuckle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-21]
CHR HKU\S-1-5-21-468200526-3709930035-1514773469-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlcgehabolcakkjhgmgpkagpolbjlhfa] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fegekclkdhbnfdcmomlpegkkndgnmfmo] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-07-12]
StartMenuInternet: Google Chrome - chrome.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [326144 2015-07-10] (Microsoft Corporation)
S3 CDPSvc; C:\Windows\System32\CDPSvc.dll [134144 2015-07-10] (Microsoft Corporation)
R2 CoreMessagingRegistrar; C:\Windows\system32\coremessaging.dll [808856 2015-08-22] (Microsoft Corporation)
R2 CoreMessagingRegistrar; C:\Windows\SysWOW64\coremessaging.dll [510976 2015-08-22] (Microsoft Corporation)
S3 diagnosticshub.standardcollector.service; C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [27136 2015-07-10] (Microsoft Corporation)
S3 DmEnrollmentSvc; C:\Windows\system32\Windows.Internal.Management.dll [267776 2015-07-10] (Microsoft Corporation)
S3 DmEnrollmentSvc; C:\Windows\SysWOW64\Windows.Internal.Management.dll [193024 2015-07-10] (Microsoft Corporation)
S3 embeddedmode; C:\Windows\System32\embeddedmodesvc.dll [87040 2015-07-10] (Microsoft Corporation)
S3 EntAppSvc; C:\Windows\system32\EnterpriseAppMgmtSvc.dll [275456 2015-07-10] (Microsoft Corporation)
S2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641320 2012-08-10] (HP)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
S3 icssvc; C:\Windows\System32\tetheringservice.dll [148992 2015-08-11] (Microsoft Corporation)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328608 2015-07-30] (Intel Corporation)
S2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R3 lfsvc; C:\Windows\SysWOW64\lfsvc.dll [22528 2015-07-10] (Microsoft Corporation)
R3 LicenseManager; C:\Windows\system32\LicenseManagerSvc.dll [21504 2015-07-10] (Microsoft Corporation)
S2 MapsBroker; C:\Windows\System32\moshost.dll [62464 2015-07-10] (Microsoft Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S2 Neat Startup Service; C:\Program Files (x86)\Neat\exec\NeatStartupService.exe [25600 2015-01-16] (The Neat Company) [File not signed]
S2 OneSyncSvc; C:\Windows\System32\APHostService.dll [296960 2015-07-10] (Microsoft Corporation)
R2 OneSyncSvc_Session1; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
R2 OneSyncSvc_Session1; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
S3 PimIndexMaintenanceSvc; C:\Windows\System32\PimIndexMaintenance.dll [289280 2015-07-10] (Microsoft Corporation)
R3 PimIndexMaintenanceSvc_Session1; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
R3 PimIndexMaintenanceSvc_Session1; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
S3 RetailDemo; C:\Windows\system32\RDXService.dll [996352 2015-08-11] (Microsoft Corporation)
S3 SensorDataService; C:\Windows\System32\SensorDataService.exe [1031680 2015-08-22] (Microsoft Corporation)
R3 StateRepository; C:\Windows\system32\windows.staterepository.dll [2674176 2015-07-10] (Microsoft Corporation)
R3 StateRepository; C:\Windows\SysWOW64\windows.staterepository.dll [2049024 2015-07-10] (Microsoft Corporation)
S2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-07-17] (Synaptics Incorporated)
S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401256 2012-07-16] (AuthenTec, Inc.)
S3 UnistoreSvc; C:\Windows\System32\unistore.dll [1203200 2015-08-22] (Microsoft Corporation)
S3 UnistoreSvc; C:\Windows\SysWOW64\unistore.dll [925696 2015-08-22] (Microsoft Corporation)
R3 UnistoreSvc_Session1; C:\WINDOWS\System32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
R3 UnistoreSvc_Session1; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
S3 UserDataSvc; C:\Windows\System32\userdataservice.dll [1420288 2015-07-29] (Microsoft Corporation)
R3 UserDataSvc_Session1; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
R3 UserDataSvc_Session1; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
S2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-09-06] () [File not signed]
S3 vmicvmsession; C:\Windows\System32\ICSvc.dll [506880 2015-07-10] (Microsoft Corporation)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [84480 2015-08-22] (Microsoft Corporation)
S3 WalletService; C:\Windows\system32\WalletService.dll [504320 2015-07-10] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
S3 XblAuthManager; C:\Windows\System32\XblAuthManager.dll [918016 2015-07-10] (Microsoft Corporation)
S3 XblGameSave; C:\Windows\System32\XblGameSave.dll [1149440 2015-07-10] (Microsoft Corporation)
S3 XboxNetApiSvc; C:\Windows\system32\XboxNetApiSvc.dll [1019392 2015-07-10] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 CompositeBus; C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_98334ba6e76853ba\CompositeBus.sys [39936 2015-07-10] (Microsoft Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3436896 2015-07-10] (QLogic Corporation)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2015-03-04] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2015-03-04] (Symantec Corporation)
R1 FileCrypt; C:\Windows\System32\drivers\filecrypt.sys [83968 2015-07-10] (Microsoft Corporation)
S3 genericusbfn; C:\Windows\System32\drivers\genericusbfn.sys [20992 2015-07-10] (Microsoft Corporation)
R1 GpuEnergyDrv; C:\Windows\System32\drivers\gpuenergydrv.sys [8192 2015-07-10] (Microsoft Corporation)
S3 ibbus; C:\Windows\System32\drivers\ibbus.sys [424800 2015-07-10] (Mellanox)
S3 IoQos; C:\Windows\System32\drivers\ioqos.sys [26624 2015-07-10] (Microsoft Corporation)
S0 LSI_SAS3i; C:\Windows\System32\drivers\lsi_sas3i.sys [99168 2015-07-10] (Avago Technologies)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
S3 mlx4_bus; C:\Windows\System32\drivers\mlx4_bus.sys [705376 2015-07-10] (Mellanox)
S3 ndfltr; C:\Windows\System32\drivers\ndfltr.sys [76128 2015-07-10] (Mellanox)
R3 netr28x; C:\Windows\system32\DRIVERS\netr28x.sys [2554528 2015-06-12] (MediaTek Inc.)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek                                            )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-07-17] (Synaptics Incorporated)
R2 storqosflt; C:\Windows\System32\drivers\storqosflt.sys [61952 2015-07-10] (Microsoft Corporation)
R3 swenum; C:\Windows\System32\DriverStore\FileRepository\swenum.inf_amd64_2a699e44676b7781\swenum.sys [17760 2015-07-10] (Microsoft Corporation)
S3 UcmCx0101; C:\Windows\System32\Drivers\UcmCx.sys [61952 2015-07-10] (Microsoft Corporation)
S3 UcmUcsi; C:\Windows\System32\drivers\UcmUcsi.sys [46080 2015-08-22] (Microsoft Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
R0 WindowsTrustedRT; C:\Windows\System32\drivers\WindowsTrustedRT.sys [106520 2015-07-10] (Microsoft Corporation)
R0 WindowsTrustedRTProxy; C:\Windows\System32\drivers\WindowsTrustedRTProxy.sys [17944 2015-07-10] (Microsoft Corporation)
S3 WinMad; C:\Windows\System32\drivers\winmad.sys [26976 2015-07-10] (Mellanox)
S3 WinVerbs; C:\Windows\System32\drivers\winverbs.sys [59232 2015-07-10] (Mellanox)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-06-27] (Hewlett-Packard Development Company, L.P.)
S3 xboxgip; C:\Windows\System32\drivers\xboxgip.sys [222720 2015-07-10] (Microsoft Corporation)
S3 xinputhid; C:\Windows\System32\drivers\xinputhid.sys [25600 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-27 21:26 - 2015-08-27 21:27 - 00022312 _____ C:\Users\Pam Honeysuckle\Desktop\FRST.txt
2015-08-27 21:26 - 2015-08-27 21:07 - 02186752 _____ (Farbar) C:\Users\Pam Honeysuckle\Desktop\FRST64.exe
2015-08-27 21:17 - 2015-08-27 21:26 - 00000000 ____D C:\FRST
2015-08-27 21:14 - 2015-08-27 21:14 - 00002658 _____ C:\Users\Pam Honeysuckle\Desktop\JRT.txt
2015-08-27 21:10 - 2015-08-27 21:07 - 01798560 _____ (Malwarebytes Corporation) C:\Users\Pam Honeysuckle\Desktop\JRT.exe
2015-08-27 21:05 - 2015-08-27 21:05 - 00016148 _____ C:\WINDOWS\system32\OFFICE_Pam Honeysuckle_HistoryPrediction.bin
2015-08-27 20:59 - 2015-08-27 20:59 - 00001191 _____ C:\Users\Pam Honeysuckle\Desktop\AdwCleaner[C4].txt
2015-08-27 20:43 - 2015-08-23 18:21 - 01605632 _____ C:\Users\Pam Honeysuckle\Desktop\AdwCleaner.exe
2015-08-27 19:41 - 2015-08-18 23:50 - 00609592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-08-24 16:07 - 2015-08-24 16:08 - 00286112 _____ C:\WINDOWS\Minidump\082415-26812-01.dmp
2015-08-23 19:58 - 2015-08-23 19:58 - 00000000 ____D C:\Avenger
2015-08-23 19:46 - 2015-08-23 19:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-23 19:45 - 2015-08-23 19:45 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-23 19:45 - 2015-08-23 19:45 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-23 19:08 - 2015-08-27 20:49 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-08-23 19:07 - 2015-08-23 19:07 - 00001171 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-23 19:07 - 2015-08-23 19:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-23 19:06 - 2015-08-23 19:07 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-23 19:06 - 2015-08-23 19:06 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-23 19:06 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-08-23 19:06 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-08-23 19:06 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-08-23 19:03 - 2015-08-23 19:06 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Pam Honeysuckle\Downloads\mbam-setup-2.1.8.1057.exe
2015-08-23 19:02 - 2015-08-27 21:12 - 00000000 ____D C:\ProgramData\Lavasoft
2015-08-23 19:02 - 2015-08-23 19:02 - 00000000 ____D C:\Users\Pam Honeysuckle\AppData\Local\Lavasoft
2015-08-23 19:01 - 2015-08-23 19:01 - 00000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-08-23 18:52 - 2015-08-23 18:52 - 00065536 _____ C:\WINDOWS\system32\edbtmp.log
2015-08-23 18:52 - 2015-08-23 18:52 - 00065536 _____ C:\WINDOWS\system32\edbres00002.jrs
2015-08-23 18:52 - 2015-08-23 18:52 - 00065536 _____ C:\WINDOWS\system32\edbres00001.jrs
2015-08-23 18:52 - 2015-08-23 18:52 - 00065536 _____ C:\WINDOWS\system32\edb.log
2015-08-23 18:52 - 2015-08-23 18:52 - 00008192 _____ C:\WINDOWS\system32\edb.chk
2015-08-23 18:24 - 2015-08-27 20:45 - 00000000 ____D C:\AdwCleaner
2015-08-23 18:07 - 2015-08-23 18:07 - 00000000 ____D C:\WINDOWS\pss
2015-08-23 16:10 - 2015-08-23 16:10 - 00000046 _____ C:\Users\Pam Honeysuckle\AppData\Roaming\WB.CFG
2015-08-23 15:58 - 2015-08-27 20:49 - 00001042 _____ C:\WINDOWS\Tasks\JQhZtLJo.job
2015-08-23 15:58 - 2015-08-23 15:58 - 00004162 _____ C:\WINDOWS\System32\Tasks\JQhZtLJo
2015-08-23 15:57 - 2015-08-23 19:56 - 00000000 ____D C:\Program Files (x86)\72d2f0ca-2e70-4b9d-83ae-f2d9d08db768
2015-08-23 15:19 - 2015-08-23 19:56 - 00000000 ____D C:\Program Files (x86)\302f7984-a26e-48c7-8d16-76d412736404
2015-08-23 15:17 - 2015-08-23 19:56 - 00000000 ____D C:\Program Files (x86)\ServiceUpdater
2015-08-23 15:15 - 2015-08-23 15:17 - 00003340 _____ C:\WINDOWS\System32\Tasks\runTask
2015-08-23 15:15 - 2015-08-23 15:17 - 00000584 _____ C:\task.vbs
2015-08-23 09:40 - 2015-08-24 16:07 - 00000000 ____D C:\WINDOWS\Minidump
2015-08-23 09:40 - 2015-08-23 09:40 - 00286168 _____ C:\WINDOWS\Minidump\082315-71125-01.dmp
2015-08-23 09:36 - 2015-08-27 21:09 - 00001046 _____ C:\WINDOWS\Tasks\ifswhv3x22.job
2015-08-23 09:36 - 2015-08-23 09:36 - 00004172 _____ C:\WINDOWS\System32\Tasks\ifswhv3x22
2015-08-23 09:28 - 2015-08-23 09:28 - 00004172 _____ C:\WINDOWS\System32\Tasks\4a752bbc-e718-4ff5-8948-5413ae8b7094
2015-08-23 09:28 - 2015-08-23 09:28 - 00003924 _____ C:\WINDOWS\System32\Tasks\Notify Helper
2015-08-23 09:28 - 2015-08-23 09:28 - 00003650 _____ C:\WINDOWS\System32\Tasks\System Cleaner Pro Auto Start
2015-08-23 09:28 - 2015-08-23 09:28 - 00000000 ____D C:\Users\Pam Honeysuckle\AppData\Roaming\System Cleaner Pro
2015-08-23 09:28 - 2015-08-23 09:28 - 00000000 ____D C:\Users\Pam Honeysuckle\AppData\Local\System_Cleaner_Pro
2015-08-23 09:27 - 2015-08-23 09:27 - 00000000 ____D C:\Users\Pam Honeysuckle\AppData\Roaming\JV Update
2015-08-23 09:27 - 2015-08-23 09:27 - 00000000 ____D C:\Users\Pam Honeysuckle\AppData\Local\SecureWebUpdate
2015-08-23 09:27 - 2015-08-23 09:27 - 00000000 ____D C:\Users\Pam Honeysuckle\AppData\Local\PopupID1
2015-08-23 09:26 - 2015-08-23 09:26 - 00000045 _____ C:\user.js
2015-08-23 09:26 - 2015-08-23 09:26 - 00000000 ____D C:\WINDOWS\system32\avy
2015-08-23 09:24 - 2015-08-27 20:49 - 00001064 _____ C:\WINDOWS\Tasks\6sO8hwCO2NyYTnQPypt.job
2015-08-23 09:24 - 2015-08-23 09:24 - 00004206 _____ C:\WINDOWS\System32\Tasks\6sO8hwCO2NyYTnQPypt
2015-08-23 09:23 - 2015-08-23 19:56 - 00000000 ____D C:\Program Files (x86)\c5f439a3-8461-4d50-9e0d-01d5afbe2916
2015-08-23 09:22 - 2015-08-23 18:37 - 00000004 _____ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-08-23 09:12 - 2015-08-27 21:21 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-08-23 09:12 - 2015-08-23 09:12 - 00003806 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-08-23 09:11 - 2013-08-22 08:25 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2015-08-23 09:10 - 2015-08-23 09:11 - 00000000 ____D C:\Program Files (x86)\PCAPDownloader
2015-08-23 09:09 - 2015-08-23 16:10 - 00000000 ____D C:\Users\Pam Honeysuckle\AppData\Local\{79224F7E-5D8A-23C6-3012-062E147AFAB6}
2015-08-23 09:09 - 2015-08-23 09:09 - 00000000 ____D C:\Program Files (x86)\TestXp
2015-08-23 09:08 - 2015-08-23 09:08 - 00608088 _____ C:\Users\Pam Honeysuckle\Downloads\OpenSoftwareUpdates.exe
2015-08-23 09:08 - 2015-08-23 09:08 - 00000003 _____ C:\Users\Pam Honeysuckle\Downloads\2.txt
2015-08-23 09:08 - 2015-08-23 09:08 - 00000003 _____ C:\Users\Pam Honeysuckle\Downloads\1.txt
2015-08-23 08:14 - 2015-08-23 08:14 - 00002972 _____ C:\Users\Pam Honeysuckle\AppData\Roaming\EdgeReg.txt
2015-08-23 08:14 - 2015-08-23 08:14 - 00002050 _____ C:\Users\Public\Desktop\Google  Chrome.lnk
2015-08-22 18:38 - 2015-08-22 18:38 - 00000516 _____ C:\Users\Pam Honeysuckle\Downloads\document (7)
2015-08-22 16:34 - 2015-08-22 16:34 - 00000000 ____D C:\WINDOWS\PCHEALTH
2015-08-22 13:09 - 2015-08-22 13:09 - 00000000 ____D C:\Users\Pam Honeysuckle\AppData\Local\NetworkTiles
2015-08-22 12:11 - 2015-08-22 12:11 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2015-08-22 11:42 - 2015-08-12 23:33 - 24593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-08-22 11:42 - 2015-08-12 23:23 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-08-22 11:42 - 2015-08-12 23:22 - 02093056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2015-08-22 11:42 - 2015-08-12 23:17 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-08-22 11:42 - 2015-08-12 23:07 - 19323392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-08-22 11:42 - 2015-08-11 05:04 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-08-22 11:42 - 2015-08-11 05:04 - 02462648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-08-22 11:42 - 2015-08-11 05:04 - 01087296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-08-22 11:42 - 2015-08-11 05:03 - 08021840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-08-22 11:42 - 2015-08-11 05:02 - 00554744 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2015-08-22 11:42 - 2015-08-11 05:02 - 00292856 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2015-08-22 11:42 - 2015-08-11 04:57 - 03622256 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-08-22 11:42 - 2015-08-11 04:52 - 00993104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2015-08-22 11:42 - 2015-08-11 04:50 - 01643872 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-08-22 11:42 - 2015-08-11 04:40 - 04048808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-08-22 11:42 - 2015-08-11 04:40 - 02151208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-08-22 11:42 - 2015-08-11 04:40 - 00918320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-08-22 11:42 - 2015-08-11 04:38 - 00454000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2015-08-22 11:42 - 2015-08-11 04:37 - 00243800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2015-08-22 11:42 - 2015-08-11 04:31 - 02880032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-08-22 11:42 - 2015-08-11 04:23 - 16706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-08-22 11:42 - 2015-08-11 04:22 - 21875200 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-08-22 11:42 - 2015-08-11 04:20 - 02224640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-08-22 11:42 - 2015-08-11 04:19 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2015-08-22 11:42 - 2015-08-11 04:16 - 02416640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-08-22 11:42 - 2015-08-11 04:14 - 00404480 _____ C:\WINDOWS\system32\diagtrack_wininternal.dll
2015-08-22 11:42 - 2015-08-11 04:13 - 00413184 _____ C:\WINDOWS\system32\diagtrack_win.dll
2015-08-22 11:42 - 2015-08-11 04:11 - 02446336 _____ C:\WINDOWS\system32\InputService.dll
2015-08-22 11:42 - 2015-08-11 04:10 - 00778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-08-22 11:42 - 2015-08-11 04:10 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-22 11:42 - 2015-08-11 04:10 - 00293376 _____ C:\WINDOWS\system32\TextInputFramework.dll
2015-08-22 11:42 - 2015-08-11 04:08 - 00893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2015-08-22 11:42 - 2015-08-11 04:08 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-08-22 11:42 - 2015-08-11 04:07 - 01178112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-08-22 11:42 - 2015-08-11 04:07 - 00593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-08-22 11:42 - 2015-08-11 04:06 - 07523328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-08-22 11:42 - 2015-08-11 04:06 - 02662400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2015-08-22 11:42 - 2015-08-11 04:05 - 03527168 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-08-22 11:42 - 2015-08-11 04:05 - 00996352 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-08-22 11:42 - 2015-08-11 04:05 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPermissions.dll
2015-08-22 11:42 - 2015-08-11 04:03 - 02558976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-08-22 11:42 - 2015-08-11 04:02 - 03588096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-08-22 11:42 - 2015-08-11 04:02 - 01890304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-08-22 11:42 - 2015-08-11 04:01 - 01334784 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-08-22 11:42 - 2015-08-11 03:59 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-08-22 11:42 - 2015-08-11 03:57 - 13024768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-08-22 11:42 - 2015-08-11 03:51 - 01916928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-08-22 11:42 - 2015-08-11 03:51 - 01823232 _____ C:\WINDOWS\SysWOW64\InputService.dll
2015-08-22 11:42 - 2015-08-11 03:49 - 00586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2015-08-22 11:42 - 2015-08-11 03:49 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-22 11:42 - 2015-08-11 03:47 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-08-22 11:42 - 2015-08-11 03:45 - 18805760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-08-22 11:42 - 2015-08-11 03:45 - 01820672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2015-08-22 11:42 - 2015-08-11 03:43 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-08-22 11:42 - 2015-08-11 03:42 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-08-22 11:42 - 2015-08-11 03:40 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-08-22 11:42 - 2015-08-11 03:40 - 01593856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-08-22 11:42 - 2015-08-11 03:40 - 01112064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-08-22 11:42 - 2015-08-08 02:19 - 00608936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-08-22 11:42 - 2015-08-08 01:48 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-08-22 11:42 - 2015-08-08 01:40 - 00365056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-08-22 11:42 - 2015-08-08 01:24 - 02415104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-08-22 11:42 - 2015-08-08 01:24 - 01679360 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-08-22 11:42 - 2015-08-08 01:15 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-08-22 11:42 - 2015-08-08 01:00 - 01985024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-08-22 11:42 - 2015-08-05 22:17 - 00237392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdyboost.sys
2015-08-22 11:42 - 2015-08-05 22:17 - 00200528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2015-08-22 11:42 - 2015-08-05 21:22 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2015-08-22 11:42 - 2015-08-04 23:49 - 00783112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2015-08-22 11:42 - 2015-08-04 23:29 - 00644128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2015-08-22 11:42 - 2015-08-04 23:00 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2015-08-22 11:42 - 2015-08-04 22:54 - 01274880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-08-22 11:42 - 2015-08-04 22:47 - 01383424 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-08-22 11:42 - 2015-08-04 22:39 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenter.dll
2015-08-22 11:42 - 2015-08-03 23:07 - 00102752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2015-08-22 11:42 - 2015-08-03 23:06 - 00583128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-08-22 11:42 - 2015-08-03 22:23 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2015-08-22 11:42 - 2015-08-03 21:59 - 01212416 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2015-08-22 11:42 - 2015-08-03 21:47 - 00898560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2015-08-22 11:42 - 2015-08-02 21:32 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2015-08-22 11:42 - 2015-08-02 21:28 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2015-08-22 11:42 - 2015-08-02 21:19 - 00505696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2015-08-22 11:42 - 2015-08-02 21:19 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2015-08-22 11:42 - 2015-08-02 21:18 - 08613200 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2015-08-22 11:42 - 2015-08-02 21:18 - 01983840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2015-08-22 11:42 - 2015-08-02 21:17 - 00516960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-08-22 11:42 - 2015-08-02 21:13 - 22322624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-08-22 11:42 - 2015-08-02 21:12 - 00801632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2015-08-22 11:42 - 2015-08-02 20:56 - 06878256 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2015-08-22 11:42 - 2015-08-02 20:50 - 20857848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-08-22 11:42 - 2015-08-02 20:49 - 00700256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2015-08-22 11:42 - 2015-08-02 20:30 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_UserAccount.dll
2015-08-22 11:42 - 2015-08-02 20:24 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2015-08-22 11:42 - 2015-08-02 20:24 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2015-08-22 11:42 - 2015-08-02 20:23 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2015-08-22 11:42 - 2015-08-02 20:22 - 01601536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2015-08-22 11:42 - 2015-08-02 20:22 - 01008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-08-22 11:42 - 2015-08-02 20:22 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2015-08-22 11:42 - 2015-08-02 20:18 - 12503552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-08-22 11:42 - 2015-08-02 20:18 - 03780096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-08-22 11:42 - 2015-08-02 20:18 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2015-08-22 11:42 - 2015-08-02 20:18 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkStatus.dll
2015-08-22 11:42 - 2015-08-02 20:15 - 00595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2015-08-22 11:42 - 2015-08-02 20:15 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Desktop.dll
2015-08-22 11:42 - 2015-08-02 20:15 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2015-08-22 11:42 - 2015-08-02 20:14 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2015-08-22 11:42 - 2015-08-02 20:14 - 00247808 _____ C:\WINDOWS\system32\facecredentialprovider.dll
2015-08-22 11:42 - 2015-08-02 20:12 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2015-08-22 11:42 - 2015-08-02 20:12 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2015-08-22 11:42 - 2015-08-02 20:11 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfuimanager.dll
2015-08-22 11:42 - 2015-08-02 20:10 - 01162240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2015-08-22 11:42 - 2015-08-02 20:03 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2015-08-22 11:42 - 2015-08-02 20:02 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2015-08-22 11:42 - 2015-08-02 20:01 - 11262464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-08-22 11:42 - 2015-08-02 19:59 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfuimanager.dll
2015-08-22 11:42 - 2015-07-30 01:24 - 01561872 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2015-08-22 11:42 - 2015-07-30 01:23 - 00527952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-08-22 11:42 - 2015-07-30 01:21 - 00816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2015-08-22 11:42 - 2015-07-30 01:17 - 01200400 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-08-22 11:42 - 2015-07-30 01:17 - 01025840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2015-08-22 11:42 - 2015-07-30 01:16 - 02147080 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2015-08-22 11:42 - 2015-07-30 01:15 - 00632168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2015-08-22 11:42 - 2015-07-30 01:14 - 00333168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2015-08-22 11:42 - 2015-07-30 01:09 - 01562968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2015-08-22 11:42 - 2015-07-30 01:06 - 01043872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-08-22 11:42 - 2015-07-30 01:05 - 02498808 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-22 11:42 - 2015-07-30 01:05 - 00501008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-08-22 11:42 - 2015-07-30 01:04 - 01396064 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-08-22 11:42 - 2015-07-30 01:03 - 02116448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-08-22 11:42 - 2015-07-30 00:24 - 00252768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2015-08-22 11:42 - 2015-07-29 23:29 - 00705520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-08-22 11:42 - 2015-07-29 23:26 - 01867160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2015-08-22 11:42 - 2015-07-29 23:26 - 00877016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-08-22 11:42 - 2015-07-29 23:25 - 01356368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2015-08-22 11:42 - 2015-07-29 23:25 - 00713312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2015-08-22 11:42 - 2015-07-29 23:24 - 01769056 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-08-22 11:42 - 2015-07-29 23:24 - 00445240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-08-22 11:42 - 2015-07-29 23:24 - 00407616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-08-22 11:42 - 2015-07-29 23:24 - 00285632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2015-08-22 11:42 - 2015-07-29 23:22 - 00507696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2015-08-22 11:42 - 2015-07-29 23:21 - 00962400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-08-22 11:42 - 2015-07-29 23:12 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2015-08-22 11:42 - 2015-07-29 23:12 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-08-22 11:42 - 2015-07-29 23:08 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-08-22 11:42 - 2015-07-29 23:08 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-08-22 11:42 - 2015-07-29 23:08 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2015-08-22 11:42 - 2015-07-29 22:59 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-08-22 11:42 - 2015-07-29 22:52 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-08-22 11:42 - 2015-07-29 22:52 - 00521216 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2015-08-22 11:42 - 2015-07-29 22:52 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2015-08-22 11:42 - 2015-07-29 22:49 - 11557888 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2015-08-22 11:42 - 2015-07-29 22:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2015-08-22 11:42 - 2015-07-29 22:46 - 00487424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2015-08-22 11:42 - 2015-07-29 22:46 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-08-22 11:42 - 2015-07-29 22:44 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-08-22 11:42 - 2015-07-29 22:44 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2015-08-22 11:42 - 2015-07-29 22:42 - 00518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2015-08-22 11:42 - 2015-07-29 22:41 - 00407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2015-08-22 11:42 - 2015-07-29 22:41 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2015-08-22 11:42 - 2015-07-29 22:40 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2015-08-22 11:42 - 2015-07-29 22:38 - 01420288 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2015-08-22 11:42 - 2015-07-29 22:34 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2015-08-22 11:42 - 2015-07-29 22:29 - 00654848 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2015-08-22 11:42 - 2015-07-29 22:15 - 09889792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2015-08-22 11:42 - 2015-07-29 22:06 - 00373248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2015-08-22 11:42 - 2015-07-29 22:04 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2015-08-22 11:42 - 2015-07-29 22:04 - 00335360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2015-08-22 11:42 - 2015-07-29 21:59 - 00473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2015-08-22 11:42 - 2015-07-29 21:58 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2015-08-22 11:41 - 2015-08-12 23:20 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2015-08-22 11:41 - 2015-08-12 22:53 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2015-08-22 11:41 - 2015-08-11 05:03 - 00442208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2015-08-22 11:41 - 2015-08-11 05:02 - 00080720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2015-08-22 11:41 - 2015-08-11 04:26 - 00845664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2015-08-22 11:41 - 2015-08-11 04:21 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-08-22 11:41 - 2015-08-11 04:21 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2015-08-22 11:41 - 2015-08-11 04:20 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2015-08-22 11:41 - 2015-08-11 04:18 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2015-08-22 11:41 - 2015-08-11 04:11 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2015-08-22 11:41 - 2015-08-11 04:09 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2015-08-22 11:41 - 2015-08-11 04:07 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeParserTask.exe
2015-08-22 11:41 - 2015-08-11 04:05 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll
2015-08-22 11:41 - 2015-08-11 04:05 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2015-08-22 11:41 - 2015-08-11 04:05 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2015-08-22 11:41 - 2015-08-11 04:02 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-08-22 11:41 - 2015-08-11 04:02 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2015-08-22 11:41 - 2015-08-11 04:00 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-08-22 11:41 - 2015-08-11 04:00 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll
2015-08-22 11:41 - 2015-08-11 03:59 - 00642560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2015-08-22 11:41 - 2015-08-11 03:59 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2015-08-22 11:41 - 2015-08-11 03:59 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tetheringclient.dll
2015-08-22 11:41 - 2015-08-11 03:58 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2015-08-22 11:41 - 2015-08-11 03:57 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2015-08-22 11:41 - 2015-08-11 03:50 - 00420352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2015-08-22 11:41 - 2015-08-11 03:50 - 00200704 _____ C:\WINDOWS\SysWOW64\TextInputFramework.dll
2015-08-22 11:41 - 2015-08-11 03:50 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2015-08-22 11:41 - 2015-08-11 03:48 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2015-08-22 11:41 - 2015-08-11 03:39 - 00280576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-08-22 11:41 - 2015-08-11 03:38 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReInfo.dll
2015-08-22 11:41 - 2015-08-08 02:29 - 01822280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-08-22 11:41 - 2015-08-08 02:01 - 01533496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-08-22 11:41 - 2015-08-03 23:06 - 00243248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-08-22 11:41 - 2015-08-02 21:18 - 00594472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2015-08-22 11:41 - 2015-08-02 21:18 - 00046432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpiowin32.sys
2015-08-22 11:41 - 2015-08-02 21:17 - 00052264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wpcfltr.sys
2015-08-22 11:41 - 2015-08-02 20:31 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2015-08-22 11:41 - 2015-08-02 20:24 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModelShim.dll
2015-08-22 11:41 - 2015-08-02 20:21 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
2015-08-22 11:41 - 2015-08-02 20:19 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2015-08-22 11:41 - 2015-08-02 20:19 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2015-08-22 11:41 - 2015-08-02 20:15 - 01290752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2015-08-22 11:41 - 2015-08-02 20:15 - 00384000 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2015-08-22 11:41 - 2015-08-02 20:06 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2015-08-22 11:41 - 2015-08-02 20:02 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2015-08-22 11:41 - 2015-07-29 23:22 - 00896144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2015-08-22 11:41 - 2015-07-29 23:09 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2015-08-22 11:41 - 2015-07-29 22:45 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2015-08-22 11:41 - 2015-07-29 22:45 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tunnel.sys
2015-08-22 11:41 - 2015-07-29 22:44 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2015-08-22 11:41 - 2015-07-29 22:44 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-08-22 11:41 - 2015-07-29 22:44 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\VoiceActivationManager.dll
2015-08-22 11:41 - 2015-07-29 22:38 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2015-08-22 11:41 - 2015-07-29 22:07 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2015-08-22 11:41 - 2015-07-29 22:06 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2015-08-22 11:41 - 2015-07-29 22:06 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VoiceActivationManager.dll
2015-08-22 10:08 - 2015-08-22 11:18 - 00000000 ____D C:\Users\Pam Honeysuckle\AppData\Local\MicrosoftEdge
2015-08-22 09:48 - 2015-08-22 09:48 - 00000000 ____D C:\Users\Pam Honeysuckle\AppData\Local\Publishers
2015-08-22 09:32 - 2015-08-22 09:32 - 00002364 _____ C:\Users\Pam Honeysuckle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-08-22 09:31 - 2015-08-22 09:31 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2015-08-22 09:27 - 2015-08-22 09:29 - 00000000 ____D C:\Users\Pam Honeysuckle\AppData\Local\Comms
2015-08-22 09:26 - 2015-08-22 09:26 - 00000020 ___SH C:\Users\Pam Honeysuckle\ntuser.ini
2015-08-22 09:26 - 2015-08-22 09:26 - 00000000 ____D C:\Users\Pam Honeysuckle\AppData\Local\TileDataLayer
2015-08-22 06:31 - 2015-08-22 09:26 - 00000000 ___DC C:\WINDOWS\Panther
2015-08-22 06:31 - 2015-08-22 03:38 - 00000000 __SHD C:\Recovery
2015-08-22 06:23 - 2015-08-22 06:23 - 00000000 ____D C:\Windows.old
2015-08-22 06:21 - 2015-08-22 06:21 - 14241792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 12589056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 07569408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 07051264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 06488312 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 06305792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 06101504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 05118024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 05076480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 04791296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 04760576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 04611584 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 04398080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 04350464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 04169728 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 03687936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 03579904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 03443200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 03362816 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 03248640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 02741760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 02646528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 02606080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 02235904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 02207744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 02112512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 01773056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 01611264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 01591856 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 01521664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 01418240 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2015-08-22 06:21 - 2015-08-22 06:21 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 01411072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 01365072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 01294352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-08-22 06:21 - 2015-08-22 06:21 - 01203200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 01203200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 01201664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 01169408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 01168736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-08-22 06:21 - 2015-08-22 06:21 - 01135312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2015-08-22 06:21 - 2015-08-22 06:21 - 01123400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-08-22 06:21 - 2015-08-22 06:21 - 01101792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 01067520 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 01061888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 01043968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 01031680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorDataService.exe
2015-08-22 06:21 - 2015-08-22 06:21 - 01018568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-08-22 06:21 - 2015-08-22 06:21 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2015-08-22 06:21 - 2015-08-22 06:21 - 00966424 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00934752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2015-08-22 06:21 - 2015-08-22 06:21 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00902656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-08-22 06:21 - 2015-08-22 06:21 - 00872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00858408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-08-22 06:21 - 2015-08-22 06:21 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Import.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00823336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00808856 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpccpl.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00783872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00762896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00750592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-08-22 06:21 - 2015-08-22 06:21 - 00695136 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00680448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00679424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00677888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00658568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00630160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00601344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-08-22 06:21 - 2015-08-22 06:21 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00589824 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efscore.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00578048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-08-22 06:21 - 2015-08-22 06:21 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Import.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00569344 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00565088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2015-08-22 06:21 - 2015-08-22 06:21 - 00542720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00521568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2015-08-22 06:21 - 2015-08-22 06:21 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00505344 _____ C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00498016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-08-22 06:21 - 2015-08-22 06:21 - 00485888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00430592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcomapi.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00425824 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2015-08-22 06:21 - 2015-08-22 06:21 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00343040 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2015-08-22 06:21 - 2015-08-22 06:21 - 00335248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00325984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2015-08-22 06:21 - 2015-08-22 06:21 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00303616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemcpl.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00290312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2015-08-22 06:21 - 2015-08-22 06:21 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\systemcpl.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2015-08-22 06:21 - 2015-08-22 06:21 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00265480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00263168 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00251392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicesFlowBroker.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00208736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumsvc.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\OmaDmAgent.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00191488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReInfo.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00181088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SignInOptions.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00179200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumsvc.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2015-08-22 06:21 - 2015-08-22 06:21 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Privacy.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabSvc.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2015-08-22 06:21 - 2015-08-22 06:21 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2015-08-22 06:21 - 2015-08-22 06:21 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00097128 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcd.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\spbcd.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00082616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcd.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spbcd.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.ProxyStub.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2015-08-22 06:21 - 2015-08-22 06:21 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2015-08-22 06:21 - 2015-08-22 06:21 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\unenrollhook.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00061280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2015-08-22 06:21 - 2015-08-22 06:21 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.OneCore.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2015-08-22 06:21 - 2015-08-22 06:21 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.PAL.Desktop.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmprc.exe
2015-08-22 06:21 - 2015-08-22 06:21 - 00046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2015-08-22 06:21 - 2015-08-22 06:21 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00032768 _____ C:\WINDOWS\system32\LicenseManagerApi.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe
2015-08-22 06:21 - 2015-08-22 06:21 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe
2015-08-22 06:18 - 2015-08-22 06:18 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2015-08-22 06:16 - 2015-08-22 06:16 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-08-22 06:16 - 2015-08-22 06:16 - 00000000 ____D C:\Program Files\MSBuild
2015-08-22 06:16 - 2015-08-22 06:16 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2015-08-22 06:16 - 2015-08-22 06:16 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-08-22 06:16 - 2015-08-22 06:16 - 00000000 ____D C:\inetpub
2015-08-22 06:15 - 2015-06-17 21:10 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-08-22 06:15 - 2015-06-17 21:10 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-22 06:15 - 2015-06-17 21:10 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-08-22 06:15 - 2015-05-30 00:07 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-08-22 06:15 - 2015-05-30 00:07 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-22 06:15 - 2015-05-30 00:07 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-08-22 03:55 - 2015-07-10 05:59 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2015-08-22 03:48 - 2015-08-22 03:48 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-08-22 03:48 - 2015-08-22 03:48 - 00000000 ____D C:\Users\Default\Documents\hp.system.package.metadata
2015-08-22 03:48 - 2015-08-22 03:48 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2015-08-22 03:48 - 2015-08-22 03:48 - 00000000 ____D C:\Users\Default User\Documents\hp.system.package.metadata
2015-08-22 03:48 - 2015-08-22 03:48 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2015-08-22 03:42 - 2015-08-22 03:42 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2015-08-22 03:40 - 2015-08-23 15:23 - 00000000 ____D C:\Users\Pam Honeysuckle
2015-08-22 03:40 - 2015-08-23 15:12 - 00000000 ___RD C:\Users\Pam Honeysuckle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-22 03:40 - 2015-08-22 03:59 - 00000000 ____D C:\Users\Administrator
2015-08-22 03:40 - 2015-08-22 03:41 - 00000000 ___RD C:\Users\Pam Honeysuckle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-22 03:40 - 2015-08-22 03:41 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-22 03:40 - 2015-07-10 06:04 - 00000000 __RSD C:\Users\Pam Honeysuckle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-08-22 03:40 - 2015-07-10 06:04 - 00000000 __RSD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-08-22 03:40 - 2015-07-10 06:04 - 00000000 ___RD C:\Users\Pam Honeysuckle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-08-22 03:40 - 2015-07-10 06:04 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-22 03:40 - 2015-07-10 06:04 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-08-22 03:40 - 2015-07-10 06:04 - 00000000 ____D C:\Users\Pam Honeysuckle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-08-22 03:40 - 2015-07-10 06:04 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-08-22 03:39 - 2015-08-23 19:07 - 00968010 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-22 03:39 - 2015-08-22 03:39 - 00925184 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2015-08-22 03:38 - 2015-08-22 03:42 - 00011587 _____ C:\WINDOWS\iis.log
2015-08-22 03:37 - 2015-08-22 03:37 - 00000000 ____D C:\ProgramData\Validity
2015-08-22 03:36 - 2015-08-22 03:51 - 00000000 ____D C:\Program Files\IDT
2015-08-22 03:36 - 2015-08-22 03:36 - 00001707 _____ C:\WINDOWS\system32\RaCoInst.log
2015-08-22 03:36 - 2015-08-22 03:36 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2015-08-22 03:36 - 2015-08-22 03:36 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2015-08-22 03:36 - 2015-03-07 10:54 - 07986176 _____ (IDT, Inc.) C:\WINDOWS\system32\IDTNGUI.exe
2015-08-22 03:36 - 2015-03-07 10:54 - 07712768 _____ (IDT, Inc.) C:\WINDOWS\system32\IDTNHP.dll
2015-08-22 03:36 - 2015-03-07 10:54 - 06085632 _____ (IDT, Inc.) C:\WINDOWS\system32\stlang64.dll
2015-08-22 03:36 - 2015-03-07 10:54 - 02213376 _____ (IDT, Inc.) C:\WINDOWS\system32\IDTNX.dll
2015-08-22 03:36 - 2015-03-07 10:54 - 01821184 _____ (IDT, Inc.) C:\WINDOWS\system32\IDTNC64.cpl
2015-08-22 03:36 - 2015-03-07 10:54 - 01664000 _____ (IDT, Inc.) C:\WINDOWS\sttray64.exe
2015-08-22 03:36 - 2015-03-07 10:54 - 00464384 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\slapoi64.dll
2015-08-22 03:36 - 2015-03-07 10:54 - 00253952 _____ (IDT, Inc.) C:\WINDOWS\system32\IDTNJ.exe
2015-08-22 03:36 - 2015-03-07 10:54 - 00224256 _____ (IDT, Inc.) C:\WINDOWS\system32\HPToneCtrls64.dll
2015-08-22 03:36 - 2015-03-07 10:54 - 00042482 _____ C:\WINDOWS\system32\Balen&Yeats_dv7.xml
2015-08-22 03:35 - 2015-08-22 03:42 - 00000000 ____D C:\Program Files\Intel
2015-08-22 03:35 - 2015-08-22 03:35 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2015-08-22 03:35 - 2015-08-22 03:35 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2015-08-22 03:35 - 2015-08-22 03:35 - 00000000 ____D C:\Program Files\Synaptics
2015-08-22 03:35 - 2015-07-30 22:45 - 00072688 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2015-08-22 03:35 - 2015-07-30 22:45 - 00069104 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2015-08-22 03:33 - 2015-08-22 03:34 - 00033056 _____ C:\WINDOWS\system32\NetSetupMig.log
2015-08-22 03:32 - 2015-08-23 20:01 - 00178562 _____ C:\WINDOWS\PFRO.log
2015-08-21 18:40 - 2015-08-23 19:05 - 00003536 _____ C:\WINDOWS\System32\Tasks\Rogaoosuvomao
2015-08-21 18:33 - 2015-08-23 19:01 - 00000226 _____ C:\prefs.js
2015-08-21 18:31 - 2015-08-23 18:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-08-21 18:31 - 2015-08-23 08:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-21 18:31 - 2015-08-23 03:34 - 00002920 _____ C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini
2015-08-21 18:31 - 2015-08-23 03:34 - 00002920 _____ C:\WINDOWS\system32\LavasoftTcpServiceOff.ini
2015-08-21 18:30 - 2015-08-27 21:12 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2015-08-21 18:30 - 2015-08-27 20:49 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-21 18:30 - 2015-08-27 20:41 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-21 18:30 - 2015-08-22 04:03 - 00004002 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-21 18:30 - 2015-08-22 04:03 - 00003766 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-21 18:30 - 2015-08-21 18:31 - 00000000 ____D C:\Users\Pam Honeysuckle\AppData\Local\Google
2015-08-21 18:30 - 2015-08-21 18:31 - 00000000 ____D C:\Program Files (x86)\Google
2015-08-21 18:30 - 2015-08-21 18:30 - 00422400 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService64.dll
2015-08-21 18:30 - 2015-08-21 18:30 - 00342016 _____ (Lavasoft Limited) C:\WINDOWS\SysWOW64\LavasoftTcpService.dll
2015-08-13 20:42 - 2015-08-22 03:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoxBox
2015-08-13 20:42 - 2015-08-22 03:41 - 00000000 ____D C:\Users\Pam Honeysuckle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RoxBox
2015-08-13 20:42 - 2015-08-22 01:05 - 00000000 ____D C:\Users\Pam Honeysuckle\AppData\Roaming\RoxBox
2015-08-13 20:42 - 2015-08-13 20:42 - 00002215 _____ C:\Users\Pam Honeysuckle\Desktop\KJSongBook.lnk
2015-08-13 20:42 - 2015-08-13 20:42 - 00002215 _____ C:\Users\Administrator\Desktop\KJSongBook.lnk
2015-08-13 20:42 - 2015-08-13 20:42 - 00002138 _____ C:\Users\Pam Honeysuckle\Desktop\RoxBox Karaoke Player.lnk
2015-08-13 20:42 - 2015-08-13 20:42 - 00002138 _____ C:\Users\Administrator\Desktop\RoxBox Karaoke Player.lnk
2015-08-13 20:41 - 2015-08-13 20:41 - 00000000 ____D C:\Program Files (x86)\RoxBox
2015-08-13 19:08 - 2015-08-13 19:08 - 00060596 _____ C:\Users\Pam Honeysuckle\Desktop\Copy of 2015 Total Chargeables for OCAS.xlsx
2015-08-05 22:12 - 2015-08-05 22:12 - 00000000 ____D C:\Users\Pam Honeysuckle\AppData\Roaming\WildTangent
2015-07-30 22:46 - 2015-07-30 22:46 - 12334064 _____ (Intel Corporation) C:\WINDOWS\system32\igd10iumd64.dll
2015-07-30 22:46 - 2015-07-30 22:46 - 11905424 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igd10iumd32.dll
2015-07-30 22:46 - 2015-07-30 22:46 - 11053040 _____ (Intel Corporation) C:\WINDOWS\system32\igdumdim64.dll
2015-07-30 22:46 - 2015-07-30 22:46 - 10574976 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdumdim32.dll
2015-07-30 22:46 - 2015-07-30 22:46 - 04636608 _____ (Intel Corporation) C:\WINDOWS\system32\igdusc64.dll
2015-07-30 22:46 - 2015-07-30 22:46 - 03668768 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdusc32.dll
2015-07-30 22:46 - 2015-07-30 22:46 - 01155984 _____ (Intel Corporation) C:\WINDOWS\system32\iglhsip64.dll
2015-07-30 22:46 - 2015-07-30 22:46 - 01151832 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iglhsip32.dll
2015-07-30 22:46 - 2015-07-30 22:46 - 00467688 _____ (Intel Corporation) C:\WINDOWS\system32\igdmd64.dll
2015-07-30 22:46 - 2015-07-30 22:46 - 00378816 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdmd32.dll
2015-07-30 22:46 - 2015-07-30 22:46 - 00229648 _____ (Intel Corporation) C:\WINDOWS\system32\iglhcp64.dll
2015-07-30 22:46 - 2015-07-30 22:46 - 00199080 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmrt64.dll
2015-07-30 22:46 - 2015-07-30 22:46 - 00194352 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iglhcp32.dll
2015-07-30 22:46 - 2015-07-30 22:46 - 00169352 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmrt32.dll
2015-07-30 22:46 - 2015-07-30 22:46 - 00040704 _____ (Intel Corporation) C:\WINDOWS\system32\igfxexps.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 22914032 _____ (Intel Corporation) C:\WINDOWS\system32\igdfcl64.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 17846768 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdfcl32.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 08528880 _____ (Intel Corporation) C:\WINDOWS\system32\ig7icd64.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 06512112 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\ig7icd32.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 04371872 _____ (Intel Corporation) C:\WINDOWS\system32\Gfxv4_0.exe
2015-07-30 22:45 - 2015-07-30 22:45 - 04368288 _____ (Intel Corporation) C:\WINDOWS\system32\Gfxv2_0.exe
2015-07-30 22:45 - 2015-07-30 22:45 - 04024368 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiAAC64.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 03797960 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\igdkmd64.sys
2015-07-30 22:45 - 2015-07-30 22:45 - 02508272 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiVAD64.exe
2015-07-30 22:45 - 2015-07-30 22:45 - 02035696 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmjit64.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 01994224 _____ (Intel Corporation) C:\WINDOWS\system32\igdrcl64.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 01793008 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdrcl32.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 01766896 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmjit32.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 01468976 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiSecureSourceFilter64.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00969120 _____ (Intel Corporation) C:\WINDOWS\system32\GfxUIEx.exe
2015-07-30 22:45 - 2015-07-30 22:45 - 00865328 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiWinNextAgent64.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00678896 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDH.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00659504 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiAudioFilter64.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00632816 _____ (Intel Corporation) C:\WINDOWS\system32\MetroIntelGenericUIFramework.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00616496 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiMux64.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00555424 _____ (Intel Corporation) C:\WINDOWS\system32\DPTopologyApp.exe
2015-07-30 22:45 - 2015-07-30 22:45 - 00554912 _____ (Intel Corporation) C:\WINDOWS\system32\DPTopologyAppv2_0.exe
2015-07-30 22:45 - 2015-07-30 22:45 - 00540064 _____ (Intel Corporation) C:\WINDOWS\system32\igfxEM.exe
2015-07-30 22:45 - 2015-07-30 22:45 - 00443296 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiUMS64.exe
2015-07-30 22:45 - 2015-07-30 22:45 - 00409504 _____ (Intel Corporation) C:\WINDOWS\system32\CustomModeApp.exe
2015-07-30 22:45 - 2015-07-30 22:45 - 00408992 _____ (Intel Corporation) C:\WINDOWS\system32\CustomModeAppv2_0.exe
2015-07-30 22:45 - 2015-07-30 22:45 - 00393632 _____ (Intel Corporation) C:\WINDOWS\system32\igfxTray.exe
2015-07-30 22:45 - 2015-07-30 22:45 - 00392688 _____ (Intel Corporation) C:\WINDOWS\system32\igfxOSP.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00385520 _____ (Intel Corporation) C:\WINDOWS\system32\IntelOpenCL64.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00374256 _____ (Intel Corporation) C:\WINDOWS\system32\igdbcl64.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00357936 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiSilenceFilter64.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00329200 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdbcl32.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00328608 _____ (Intel Corporation) C:\WINDOWS\system32\igfxCUIService.exe
2015-07-30 22:45 - 2015-07-30 22:45 - 00295408 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\IntelOpenCL32.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00290208 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe
2015-07-30 22:45 - 2015-07-30 22:45 - 00285168 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDI.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00264176 _____ C:\WINDOWS\system32\igfxCPL.cpl
2015-07-30 22:45 - 2015-07-30 22:45 - 00261104 _____ (Intel Corporation) C:\WINDOWS\system32\igfxLHM.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00256928 _____ (Intel Corporation) C:\WINDOWS\system32\igfxHK.exe
2015-07-30 22:45 - 2015-07-30 22:45 - 00232944 _____ C:\WINDOWS\system32\igdde64.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00228848 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDTCM.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00223792 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiUtils64.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00204192 _____ (Intel Corporation) C:\WINDOWS\system32\igfxext.exe
2015-07-30 22:45 - 2015-07-30 22:45 - 00194544 _____ C:\WINDOWS\SysWOW64\igdde32.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00193520 _____ (Intel Corporation) C:\WINDOWS\system32\igfx11cmrt64.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00191984 _____ (Intel Corporation) C:\WINDOWS\system32\igfxCoIn_v4252.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00191024 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiDDEAgent64.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00170992 _____ C:\WINDOWS\system32\igdail64.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00164256 _____ (Intel Corporation) C:\WINDOWS\system32\difx64.exe
2015-07-30 22:45 - 2015-07-30 22:45 - 00163824 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfx11cmrt32.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00152560 _____ C:\WINDOWS\SysWOW64\igdail32.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00141872 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiMCUMD64.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00107568 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiLogServer64.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00102896 _____ C:\WINDOWS\system32\IccLibDll_x64.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00095216 _____ C:\WINDOWS\system32\igfxCUIServicePS.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00078320 _____ ( ) C:\WINDOWS\system32\igfxDHLibv2_0.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00072688 _____ (Khronos Group) C:\WINDOWS\system32\Intel_OpenCL_ICD64.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00069104 _____ (Khronos Group) C:\WINDOWS\SysWOW64\Intel_OpenCL_ICD32.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00068080 _____ ( ) C:\WINDOWS\system32\igfxDHLib.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00039408 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxexps32.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00019440 _____ ( ) C:\WINDOWS\system32\igfxDILib.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00018928 _____ ( ) C:\WINDOWS\system32\igfxEMLibv2_0.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00018928 _____ ( ) C:\WINDOWS\system32\igfxEMLib.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00018928 _____ ( ) C:\WINDOWS\system32\igfxDILibv2_0.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00013808 _____ ( ) C:\WINDOWS\system32\igfxLHMLibv2_0.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00013808 _____ ( ) C:\WINDOWS\system32\igfxLHMLib.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-27 21:05 - 2015-07-10 05:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-08-27 20:58 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-08-27 20:55 - 2015-05-28 04:35 - 00000000 ____D C:\Users\Pam Honeysuckle\OneDrive
2015-08-27 20:48 - 2015-07-10 07:22 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-27 20:47 - 2015-07-10 07:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-27 20:46 - 2015-07-10 04:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-08-27 20:06 - 2015-03-04 22:32 - 00004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4B33C795-E3BF-4D23-814A-AB0BAA2B9316}
2015-08-27 16:40 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-08-24 16:07 - 2015-05-31 20:26 - 2031694841 _____ C:\WINDOWS\MEMORY.DMP
2015-08-23 19:58 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\ADFS
2015-08-23 19:56 - 2012-10-30 03:50 - 00000000 ____D C:\Program Files (x86)\Autonomy
2015-08-23 18:30 - 2015-07-10 06:04 - 00000000 ____D C:\Program Files\Common Files\System
2015-08-23 17:48 - 2015-07-10 07:20 - 00017777 _____ C:\WINDOWS\setupact.log
2015-08-23 09:40 - 2015-07-10 07:20 - 00376488 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-23 09:27 - 2015-07-10 06:00 - 00680256 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2015-08-23 09:27 - 2015-07-10 06:00 - 00534064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2015-08-23 09:10 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2015-08-23 09:10 - 2013-08-22 10:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2015-08-23 03:37 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\appcompat
2015-08-23 03:30 - 2015-07-10 06:04 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-23 03:30 - 2015-07-10 06:04 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-23 03:30 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-08-23 03:30 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-08-23 03:30 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-08-23 03:30 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\Provisioning
2015-08-22 16:34 - 2015-03-07 19:46 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-22 11:45 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\restore
2015-08-22 10:01 - 2015-03-04 22:30 - 00000000 ____D C:\Users\Pam Honeysuckle\AppData\Local\Packages
2015-08-22 09:28 - 2015-07-10 06:04 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-08-22 09:28 - 2015-07-10 06:04 - 00000000 ___RD C:\WINDOWS\PrintDialog
2015-08-22 09:28 - 2015-07-10 06:04 - 00000000 ___RD C:\WINDOWS\MiracastView
2015-08-22 09:27 - 2015-07-10 06:04 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-08-22 09:26 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2015-08-22 09:26 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\rescache
2015-08-22 09:26 - 2015-05-31 15:49 - 00000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-08-22 06:31 - 2015-07-10 06:04 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2015-08-22 06:22 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2015-08-22 06:22 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-08-22 06:22 - 2015-07-10 04:05 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2015-08-22 06:22 - 2015-07-10 04:05 - 00000000 ____D C:\WINDOWS\system32\Dism
2015-08-22 06:16 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2015-08-22 06:16 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2015-08-22 06:16 - 2015-07-10 06:01 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2015-08-22 06:16 - 2015-07-10 06:01 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2015-08-22 06:16 - 2015-07-10 06:01 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2015-08-22 06:16 - 2015-07-10 06:01 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2015-08-22 06:16 - 2015-07-10 06:01 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2015-08-22 06:16 - 2015-07-10 06:01 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2015-08-22 06:16 - 2015-07-10 06:00 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2015-08-22 06:16 - 2015-07-10 06:00 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2015-08-22 06:16 - 2015-07-10 06:00 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2015-08-22 06:16 - 2015-07-10 06:00 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2015-08-22 06:16 - 2015-07-10 06:00 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2015-08-22 06:16 - 2015-07-10 06:00 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2015-08-22 04:05 - 2015-05-27 21:47 - 00049533 _____ C:\WINDOWS\diagwrn.xml
2015-08-22 04:05 - 2015-05-27 21:47 - 00049533 _____ C:\WINDOWS\diagerr.xml
2015-08-22 04:04 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\Registration
2015-08-22 04:04 - 2015-03-09 00:10 - 00026297 _____ C:\WINDOWS\comsetup.log
2015-08-22 04:03 - 2015-07-22 09:12 - 00003330 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForPam Honeysuckle
2015-08-22 04:03 - 2015-05-27 22:09 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2015-08-22 04:03 - 2015-05-23 22:52 - 00003756 _____ C:\WINDOWS\System32\Tasks\HPCustParticipation HP Officejet Pro 8600
2015-08-22 04:03 - 2015-03-28 13:05 - 00000386 _____ C:\WINDOWS\Tasks\HPCeeScheduleForPam Honeysuckle.job
2015-08-22 04:03 - 2015-03-14 02:39 - 00003270 _____ C:\WINDOWS\System32\Tasks\CLVDLauncher
2015-08-22 04:03 - 2015-03-14 02:39 - 00003270 _____ C:\WINDOWS\System32\Tasks\CLMLSvc_P2G8
2015-08-22 04:03 - 2015-03-04 22:38 - 00003708 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-468200526-3709930035-1514773469-1001
2015-08-22 04:03 - 2015-03-04 22:13 - 00002458 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-468200526-3709930035-1514773469-500
2015-08-22 04:03 - 2012-10-30 04:07 - 00003434 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2015-08-22 04:03 - 2012-10-30 03:55 - 00003258 _____ C:\WINDOWS\System32\Tasks\MirageAgent
2015-08-22 04:03 - 2012-10-30 03:34 - 00003092 _____ C:\WINDOWS\System32\Tasks\Synaptics TouchPad Enhancements
2015-08-22 04:00 - 2015-07-10 06:04 - 00000000 __RHD C:\Users\Public\Libraries
2015-08-22 03:53 - 2013-08-22 08:36 - 00000000 ____D C:\Users\Default.migrated
2015-08-22 03:51 - 2015-07-10 08:14 - 00000000 ____D C:\WINDOWS\ShellNew
2015-08-22 03:51 - 2015-07-10 04:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-08-22 03:51 - 2015-03-07 19:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-08-22 03:51 - 2015-03-04 22:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2013
2015-08-22 03:51 - 2012-10-30 03:55 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2015-08-22 03:51 - 2012-10-30 03:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-08-22 03:51 - 2012-10-30 03:49 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2015-08-22 03:51 - 2012-10-30 03:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-08-22 03:51 - 2012-09-24 20:33 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-08-22 03:51 - 2012-09-24 20:30 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-08-22 03:51 - 2012-09-24 20:26 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-08-22 03:51 - 2012-09-24 20:26 - 00000000 ____D C:\WINDOWS\en
2015-08-22 03:48 - 2015-07-10 06:05 - 00004362 _____ C:\WINDOWS\DtcInstall.log
2015-08-22 03:48 - 2015-07-10 04:05 - 00000000 __RHD C:\Users\Default
2015-08-22 03:45 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\zh-HK
2015-08-22 03:45 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\uk-UA
2015-08-22 03:45 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\tr-TR
2015-08-22 03:45 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\th-TH
2015-08-22 03:45 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\sr-Latn-RS
2015-08-22 03:45 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\sl-SI
2015-08-22 03:45 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\sk-SK
2015-08-22 03:45 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\ro-RO
2015-08-22 03:45 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2015-08-22 03:45 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2015-08-22 03:45 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2015-08-22 03:45 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2015-08-22 03:45 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\hr-HR
2015-08-22 03:45 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\he-IL
2015-08-22 03:45 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\et-EE
2015-08-22 03:45 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2015-08-22 03:45 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\bg-BG
2015-08-22 03:45 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\ar-SA
2015-08-22 03:45 - 2012-09-24 20:23 - 00000000 ____D C:\WINDOWS\SysWOW64\Adobe
2015-08-22 03:44 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\zh-HK
2015-08-22 03:44 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\uk-UA
2015-08-22 03:44 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\tr-TR
2015-08-22 03:44 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\th-TH
2015-08-22 03:44 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-RS
2015-08-22 03:44 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\spool
2015-08-22 03:44 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\sl-SI
2015-08-22 03:44 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\sk-SK
2015-08-22 03:44 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\ro-RO
2015-08-22 03:44 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-08-22 03:44 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2015-08-22 03:44 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2015-08-22 03:44 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2015-08-22 03:44 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\IME
2015-08-22 03:44 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\hr-HR
2015-08-22 03:44 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\he-IL
2015-08-22 03:44 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\et-EE
2015-08-22 03:44 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\en-GB
2015-08-22 03:44 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2015-08-22 03:44 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2015-08-22 03:43 - 2015-07-10 06:04 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-08-22 03:43 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\bg-BG
2015-08-22 03:43 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\ar-SA
2015-08-22 03:43 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-08-22 03:43 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\InputMethod
2015-08-22 03:43 - 2015-05-31 14:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neat
2015-08-22 03:43 - 2015-03-04 22:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
2015-08-22 03:43 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\MediaViewer
2015-08-22 03:43 - 2012-10-30 04:07 - 00000000 ____D C:\ProgramData\Norton
2015-08-22 03:43 - 2012-09-24 20:21 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2015-08-22 03:43 - 2012-08-03 17:29 - 00000000 ____D C:\ProgramData\PRICache
2015-08-22 03:42 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\Recovery
2015-08-22 03:42 - 2015-07-10 06:04 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-08-22 03:42 - 2012-09-24 20:15 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2015-08-22 03:41 - 2012-08-03 17:28 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages
2015-08-22 03:38 - 2015-07-10 04:05 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-08-22 03:05 - 2015-05-27 22:09 - 01660903 _____ C:\WINDOWS\WindowsUpdate (1).log
2015-08-22 03:00 - 2015-07-10 08:39 - 00000000 ___HD C:\$Windows.~BT
2015-08-21 21:00 - 2015-03-07 10:48 - 00000052 _____ C:\WINDOWS\SysWOW64\DOErrors.log
2015-08-13 20:42 - 2015-03-04 22:30 - 00000000 ____D C:\Users\Pam Honeysuckle\AppData\Local\VirtualStore
2015-08-11 18:36 - 2015-03-06 00:39 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-08-11 18:34 - 2015-03-06 00:39 - 132483416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-11 18:30 - 2012-07-26 00:26 - 00000167 _____ C:\WINDOWS\win.ini
2015-08-08 10:38 - 2015-07-10 06:06 - 00794088 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-08-08 10:38 - 2015-07-10 06:06 - 00179688 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-05 22:12 - 2012-09-24 20:33 - 00000000 ____D C:\ProgramData\WildTangent
2015-07-31 19:15 - 2013-08-22 10:36 - 00000000 ___RD C:\WINDOWS\ToastData

==================== Files in the root of some directories =======

2015-04-19 07:20 - 2015-04-19 07:20 - 0005872 _____ () C:\Users\Pam Honeysuckle\AppData\Roaming\6sO8hwCO2NyYTnQPypt
2015-08-23 08:14 - 2015-08-23 08:14 - 0032038 _____ () C:\Users\Pam Honeysuckle\AppData\Roaming\Edge.ico
2015-08-23 08:14 - 2015-08-23 08:14 - 0002972 _____ () C:\Users\Pam Honeysuckle\AppData\Roaming\EdgeReg.txt
2015-04-19 07:20 - 2015-04-19 07:20 - 0005872 _____ () C:\Users\Pam Honeysuckle\AppData\Roaming\ifswhv3x22
2015-04-19 07:20 - 2015-04-19 07:20 - 0005872 _____ () C:\Users\Pam Honeysuckle\AppData\Roaming\JQhZtLJo
2015-08-23 16:10 - 2015-08-23 16:10 - 0000046 _____ () C:\Users\Pam Honeysuckle\AppData\Roaming\WB.CFG
2015-05-23 22:51 - 2015-05-23 22:51 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\Pam Honeysuckle\AppData\Local\Temp\cw.exe
C:\Users\Pam Honeysuckle\AppData\Local\Temp\scp5B74.tmp.exe
C:\Users\Pam Honeysuckle\AppData\Local\Temp\SpOrder.dll
C:\Users\Pam Honeysuckle\AppData\Local\Temp\sqlite3.dll
C:\Users\Pam Honeysuckle\AppData\Local\Temp\Uninstall.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll
[2015-07-10 06:00] - [2015-08-23 09:27] - 0680256 ____A (Microsoft Corporation) 86A1925118EE14104049A61D62261E01

C:\WINDOWS\SysWOW64\dnsapi.dll
[2015-07-10 06:00] - [2015-08-23 09:27] - 0534064 ____A (Microsoft Corporation) 9AF390F33B2DA967F498FB7EB059DFE6

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-22 03:32

==================== End of FRST.txt ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-08-2015
Ran by Pam Honeysuckle (2015-08-27 21:28:00)
Running from C:\Users\Pam Honeysuckle\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-468200526-3709930035-1514773469-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-468200526-3709930035-1514773469-503 - Limited - Disabled)
Guest (S-1-5-21-468200526-3709930035-1514773469-501 - Limited - Disabled)
Pam Honeysuckle (S-1-5-21-468200526-3709930035-1514773469-1001 - Administrator - Enabled) => C:\Users\Pam Honeysuckle

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
Advanced-System Protector (HKLM-x32\...\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~9338DF9D_is1) (Version: 2.2.1000.15792 - Advanced System Protector) <==== ATTENTION
AuthenTec TrueAPI 64-bit (Version: 1.6.0.86 - AuthenTec, Inc.) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3.6326 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.2.2114 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.2.3317 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2527 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DriverUpdate (HKLM-x32\...\{B6F57EFA-7F52-4349-B7C9-2E6AB01353B7}) (Version: 2.4.2 - SlimWare Utilities, Inc.)
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
FindingDiscount (HKLM-x32\...\FindingDiscount) (Version:  - )
FlatOut 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Connected Backup (HKLM-x32\...\{6BA5F6E7-6CC1-4117-816D-A549A06CE44E}) (Version: 8.7.0.0 - Autonomy)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{16B7BDA1-B967-4D2D-8B27-E12727C28350}) (Version: 2.10.3 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{7DE5085A-3665-40BC-9595-A1A209699137}) (Version: 1.1.0.0 - Hewlett-Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\{34C821CA-6B55-44A0-8A9B-2EF471D6019E}) (Version: 6.0.100.244 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Neat Core Files (x32 Version: 5.6.1.374 - The Neat Company) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Quicken 2013 (HKLM-x32\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.1.21 - Intuit)
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.2.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.29025 - Realtek Semiconductor Corp.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
ServiceUpdater (HKLM-x32\...\ServiceUpdater) (Version:  - )
SpaceSoundPro Service (HKLM-x32\...\zz.1636.ssp) (Version: 1.0.0 - CSDI)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.95 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 2.2.0.98 - WildTangent) Hidden
Validity WBF DDK (HKLM\...\{1F91C200-8F0F-4009-A75E-DB6CE151BD4E}) (Version: 4.4.234.0 - Validity Sensors, Inc.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.6 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-468200526-3709930035-1514773469-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-468200526-3709930035-1514773469-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-468200526-3709930035-1514773469-1001_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-468200526-3709930035-1514773469-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-468200526-3709930035-1514773469-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-468200526-3709930035-1514773469-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-468200526-3709930035-1514773469-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-468200526-3709930035-1514773469-1001_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-468200526-3709930035-1514773469-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-468200526-3709930035-1514773469-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-468200526-3709930035-1514773469-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-468200526-3709930035-1514773469-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

22-08-2015 11:45:14 Windows Update
22-08-2015 11:45:57 Windows Update
23-08-2015 18:53:07 Removed SlimCleaner Plus
27-08-2015 19:49:59 Windows Update
27-08-2015 19:51:11 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00C042E0-CFFC-4AEE-8EEA-6F5B3AAA157B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {00EEBA9C-F9EF-4272-B793-C830FBADD359} - System32\Tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup => C:\Windows\system32\dstokenclean.exe [2015-07-10] (Microsoft Corporation)
Task: {07E26BC1-F357-4D4C-BF9F-52D85C3C72ED} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {09D93E9A-A3CD-4790-A089-440593526309} - System32\Tasks\System Cleaner Pro Auto Start => C:\Program Files (x86)\System Cleaner Pro\SystemCleanerPro.exe
Task: {0A5FE876-9BFD-4F08-B390-68C78CB1DD97} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {0B35C66B-FD1B-431E-82A4-E51C583A9AA5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {0CCA7916-2916-4F12-BD32-1E3BE31E1269} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join => C:\Windows\System32\dsregcmd.exe [2015-07-10] (Microsoft Corporation)
Task: {0CF8039A-367B-48F2-9BB5-B501273E0F0E} - System32\Tasks\HPCeeScheduleForPam Honeysuckle => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {104CC150-9EDE-43C0-A562-5C4A6A6CC4A6} - System32\Tasks\JQhZtLJo => C:\Users\Pam Honeysuckle\AppData\Roaming\JQhZtLJo.exe <==== ATTENTION
Task: {112B17A8-2C24-4D8A-A6FF-B01F80E9EA63} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe
Task: {19865544-CE08-40BE-8B8C-87C47681433D} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sihboot => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation)
Task: {20141053-0335-4311-BC8F-DD872DC037CC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-21] (Google Inc.)
Task: {37B193A2-3993-42EA-9EB9-92961CF36A4D} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {3BF4CF95-681B-4420-8DEB-A37B7A247CCB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-07-31] (Hewlett-Packard)
Task: {3F6E048D-6404-433B-8F5F-CFF4D89BF89E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Rundll32.exe generaltel.dll,RunTelemetryW
Task: {41160EA0-208B-4C3E-B4DB-805BBABC6B93} - System32\Tasks\Microsoft\Windows\Feedback\Siuf\DmClient => C:\Windows\system32\dmclient.exe [2015-07-10] (Microsoft Corporation)
Task: {49E1E5E2-ED2B-40A0-ADE5-282DA2716900} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe
Task: {59D06C19-05BA-4F92-A5BE-050E89C7EED9} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {5A6D1C07-8C4A-4AE1-A53E-E1E81CE312CB} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {68F47208-413E-4204-9148-A04C8D9F05D1} - \Cassiopesa mile -> No File <==== ATTENTION
Task: {73551810-E5F4-433E-9494-0D00B55C855E} - System32\Tasks\Microsoft\Windows\Maps\MapsToastTask
Task: {76808A93-E5F9-4458-8CC4-EC6B2D58A380} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN33DBXH3H05KC => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-07-31] (Hewlett-Packard)
Task: {780FC30A-F5B5-4B66-A82E-D418167D4CFD} - System32\Tasks\ifswhv3x22 => C:\Users\Pam Honeysuckle\AppData\Roaming\ifswhv3x22.exe <==== ATTENTION
Task: {784ACF97-1307-4783-BE70-6F18A746E625} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {78B77FA3-9D97-441D-97B6-68CEA40B4F74} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe generaltel.dll,RunTelemetry -maintenance
Task: {8492449D-2CD7-4FDA-9F41-0EF5E3996727} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-21] (Google Inc.)
Task: {87255786-8653-4B3C-8942-7AF776C16EB0} - System32\Tasks\4a752bbc-e718-4ff5-8948-5413ae8b7094 => C:\Users\Pam Honeysuckle\AppData\Roaming\JV Update\SecureWebUpdate.exe [2015-07-24] () <==== ATTENTION
Task: {8C9BBA10-6CE2-46F4-94EF-1DD7F404B427} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {8DF84CB3-D8E0-4307-A35B-CA74E21786DB} - System32\Tasks\Microsoft\Windows\Clip\License Validation => C:\Windows\system32\ClipUp.exe [2015-08-22] (Microsoft Corporation)
Task: {96A35786-F09D-4097-8F60-378C09D78C3D} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-07-17] (Synaptics Incorporated)
Task: {9B273C71-8226-4D49-B0F9-87A50EEF46BF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {9C7EE94B-CE99-4508-AE0F-0E4B786BF310} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {A0259DF1-076D-4017-98DB-04AAD998EDB3} - \bvxvbxvd -> No File <==== ATTENTION
Task: {A5B6CD85-1B57-49B9-BA80-5D5D65F02826} - System32\Tasks\Microsoft\Windows\AppID\EDP Policy Manager
Task: {A78432CB-2AF8-4626-A19E-5A61AFCB1C00} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {A8423C40-37A1-4C3E-93AE-07C9749191BA} - System32\Tasks\Microsoft\Windows\RetailDemo\CleanupOfflineContent
Task: {ADFFB72F-8AD6-4EBF-A5F6-0529D228CF5A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-11] (Microsoft Corporation)
Task: {B3508733-BE83-4A42-AB7A-DFED295B5782} - System32\Tasks\Microsoft\Windows\SetupSQMTask => C:\WINDOWS\SYSTEM32\OOBE\SETUPSQM.EXE [2015-07-10] (Microsoft Corporation)
Task: {B5625959-59C2-4901-829A-210AD75813B8} - System32\Tasks\Notify Helper => C:\Program Files (x86)\System Cleaner Pro\\NotifyHelper.exe
Task: {C01FCC6F-D2F6-4B07-B7AE-5DBBF1580719} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {C02427A4-7905-4089-876D-FDEA05F45747} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {C56AFFD3-06B8-4A16-AF7E-F7A6EB3FAE9E} - System32\Tasks\Microsoft\Windows\TPM\Tpm-HASCertRetr
Task: {C5EE2EA2-5312-4D1F-B9D0-41B18DF31B78} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sih => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation)
Task: {C73B97E2-5710-4193-B76C-D82FAB5A88D6} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-23] (Adobe Systems Incorporated)
Task: {C7A236B2-12E1-46DC-9501-3B1B0209CC09} - System32\Tasks\Microsoft\Windows\Location\WindowsActionDialog => C:\Windows\System32\WindowsActionDialog.exe [2015-07-10] (Microsoft Corporation)
Task: {D27D3A16-7908-482C-850D-3B1B883A80D8} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe
Task: {D69E7446-18F2-4610-B7F9-FDDE602D9F59} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {DF4F7DE1-750C-4439-A5B2-3DCB102F4B0E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {E3DABF78-216B-4742-9AD7-695506AD70AB} - System32\Tasks\Rogaoosuvomao => C:\ProgramData\Rogaoosuvomao\1.0.4.1\fsoosohe.exe
Task: {F8192A0F-E534-41DF-BA91-342B71FF63C9} - System32\Tasks\6sO8hwCO2NyYTnQPypt => C:\Users\Pam Honeysuckle\AppData\Roaming\6sO8hwCO2NyYTnQPypt.exe <==== ATTENTION
Task: {F9FD3995-C7E1-458B-871E-77B08F20376B} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {FA2BA014-E653-424C-B89D-6369676C0582} - System32\Tasks\runTask => %TEMP%/Updater.exe
Task: {FD5F9755-8860-47A4-AA30-9287F07F8301} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\6sO8hwCO2NyYTnQPypt.job => C:\Users\Pam Honeysuckle\AppData\Roaming\6sO8hwCO2NyYTnQPypt.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForPam Honeysuckle.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\ifswhv3x22.job => C:\Users\Pam Honeysuckle\AppData\Roaming\ifswhv3x22.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\JQhZtLJo.job => C:\Users\Pam Honeysuckle\AppData\Roaming\JQhZtLJo.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (Whitelisted) ==============

2015-08-22 06:21 - 2015-08-22 06:21 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-08-22 11:42 - 2015-08-11 04:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-08-22 11:42 - 2015-07-30 01:05 - 02498808 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-22 11:42 - 2015-07-30 01:05 - 02498808 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2012-06-27 02:42 - 2012-06-27 02:42 - 00607744 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\JobCapsA.dll
2015-07-10 05:59 - 2015-07-10 05:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-08-22 11:42 - 2015-08-02 20:11 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-07-10 06:00 - 2015-07-10 08:14 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-08-22 11:42 - 2015-08-11 03:58 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-08-22 11:42 - 2015-08-02 20:09 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 06:00 - 2015-07-10 06:00 - 00215352 _____ () c:\windows\system32\WerEtw.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Pam Honeysuckle\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Pam Honeysuckle\SkyDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-468200526-3709930035-1514773469-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-468200526-3709930035-1514773469-1001\...\webcompanion.com -> hxxp://webcompanion.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-468200526-3709930035-1514773469-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\marvin.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKU\S-1-5-21-468200526-3709930035-1514773469-1001\...\StartupApproved\Run: => "Power2GoExpress8"
HKU\S-1-5-21-468200526-3709930035-1514773469-1001\...\StartupApproved\Run: => "HP Officejet Pro 8600 (NET)"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/27/2015 09:27:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MsMpEng.exe, version: 4.8.10240.16384, time stamp: 0x559f39a0
Faulting module name: msvcrt.dll, version: 7.0.10240.16384, time stamp: 0x559f3b84
Exception code: 0xc0000005
Fault offset: 0x0000000000073cc0
Faulting process id: 0xad8
Faulting application start time: 0xMsMpEng.exe0
Faulting application path: MsMpEng.exe1
Faulting module path: MsMpEng.exe2
Report Id: MsMpEng.exe3
Faulting package full name: MsMpEng.exe4
Faulting package-relative application ID: MsMpEng.exe5

Error: (08/27/2015 09:25:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 27.8.2015.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: f44

Start Time: 01d0e138530c3eb1

Termination Time: 8

Application Path: F:\FRST64.exe

Report Id: 1a047671-4d2c-11e5-be97-a0b3cc489979

Faulting package full name:

Faulting package-relative application ID:

Error: (08/27/2015 09:21:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 27.8.2015.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 181c

Start Time: 01d0e1379f40ee79

Termination Time: 10

Application Path: F:\FRST64.exe

Report Id: 830c85f0-4d2b-11e5-be97-a0b3cc489979

Faulting package full name:

Faulting package-relative application ID:

Error: (08/27/2015 09:01:53 PM) (Source: ESENT) (EventID: 454) (User: )
Description: SettingSyncHost (5696) Database recovery/restore failed with unexpected error -1032.

Error: (08/27/2015 09:01:53 PM) (Source: ESENT) (EventID: 490) (User: )
Description: SettingSyncHost (5696) An attempt to open the file "C:\WINDOWS\system32\edb.log" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (08/27/2015 09:01:43 PM) (Source: ESENT) (EventID: 439) (User: )
Description: SettingSyncHost (5696) Unable to write a shadowed header for file C:\WINDOWS\system32\edb.chk. Error -1032.

Error: (08/27/2015 09:01:43 PM) (Source: ESENT) (EventID: 490) (User: )
Description: SettingSyncHost (5696) An attempt to open the file "C:\WINDOWS\system32\edb.chk" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (08/27/2015 09:01:33 PM) (Source: ESENT) (EventID: 490) (User: )
Description: SettingSyncHost (5696) An attempt to open the file "C:\WINDOWS\system32\edb.chk" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (08/27/2015 09:01:23 PM) (Source: ESENT) (EventID: 490) (User: )
Description: SettingSyncHost (5696) An attempt to open the file "C:\WINDOWS\system32\edb.chk" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (08/27/2015 09:01:13 PM) (Source: ESENT) (EventID: 490) (User: )
Description: SettingSyncHost (5696) An attempt to open the file "C:\WINDOWS\system32\edb.chk" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).


System errors:
=============
Error: (08/27/2015 09:27:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Defender Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Run the configured recovery program.

Error: (08/27/2015 09:11:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Office Software Protection Platform service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/27/2015 09:11:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Management and Security Application User Notification Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/27/2015 09:11:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® ME Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/27/2015 09:11:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Support Assistant Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (08/27/2015 09:11:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TrueAPI Service component service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/27/2015 09:11:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (08/27/2015 09:11:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Validity WBF Policy Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/27/2015 09:11:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SynTPEnh Caller Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/27/2015 09:11:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel® Capability Licensing Service Interface service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.


Microsoft Office:
=========================
Error: (08/27/2015 09:27:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: MsMpEng.exe4.8.10240.16384559f39a0msvcrt.dll7.0.10240.16384559f3b84c00000050000000000073cc0ad801d0e133813ccd80C:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\system32\msvcrt.dll172c100d-c4c9-44ef-80e5-12c703da399b

Error: (08/27/2015 09:25:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe27.8.2015.0f4401d0e138530c3eb18F:\FRST64.exe1a047671-4d2c-11e5-be97-a0b3cc489979

Error: (08/27/2015 09:21:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe27.8.2015.0181c01d0e1379f40ee7910F:\FRST64.exe830c85f0-4d2b-11e5-be97-a0b3cc489979

Error: (08/27/2015 09:01:53 PM) (Source: ESENT) (EventID: 454) (User: )
Description: SettingSyncHost5696-1032

Error: (08/27/2015 09:01:53 PM) (Source: ESENT) (EventID: 490) (User: )
Description: SettingSyncHost5696C:\WINDOWS\system32\edb.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.

Error: (08/27/2015 09:01:43 PM) (Source: ESENT) (EventID: 439) (User: )
Description: SettingSyncHost5696C:\WINDOWS\system32\edb.chk-1032

Error: (08/27/2015 09:01:43 PM) (Source: ESENT) (EventID: 490) (User: )
Description: SettingSyncHost5696C:\WINDOWS\system32\edb.chk-1032 (0xfffffbf8)5 (0x00000005)Access is denied.

Error: (08/27/2015 09:01:33 PM) (Source: ESENT) (EventID: 490) (User: )
Description: SettingSyncHost5696C:\WINDOWS\system32\edb.chk-1032 (0xfffffbf8)5 (0x00000005)Access is denied.

Error: (08/27/2015 09:01:23 PM) (Source: ESENT) (EventID: 490) (User: )
Description: SettingSyncHost5696C:\WINDOWS\system32\edb.chk-1032 (0xfffffbf8)5 (0x00000005)Access is denied.

Error: (08/27/2015 09:01:13 PM) (Source: ESENT) (EventID: 490) (User: )
Description: SettingSyncHost5696C:\WINDOWS\system32\edb.chk-1032 (0xfffffbf8)5 (0x00000005)Access is denied.


CodeIntegrity:
===================================
  Date: 2015-08-27 18:44:50.269
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-27 18:44:50.244
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-26 17:36:36.880
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-26 17:36:36.850
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-25 11:18:09.938
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-25 11:07:35.331
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-25 11:07:35.309
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-24 11:56:31.642
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-24 11:56:31.629
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-24 11:56:31.477
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 22%
Total physical RAM: 6033.27 MB
Available physical RAM: 4674.91 MB
Total Virtual: 12433.27 MB
Available Virtual: 11166.2 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:669.08 GB) (Free:542.37 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:27.18 GB) (Free:3.16 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive e: (NeatConnect) (CDROM) (Total:0.59 GB) (Free:0 GB) CDFS
Drive f: (USB DISK) (Removable) (Total:14.93 GB) (Free:14.92 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: A50E1C7D)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 14.9 GB) (Disk ID: 34D4FC54)
Partition 1: (Not Active) - (Size=14.9 GB) - (Type=0C)

==================== End of Addition.txt ============================



#7 Cenfath

Cenfath
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Oklahoma
  • Local time:03:52 AM

Posted 27 August 2015 - 09:46 PM

I tried to open up Microsoft Edge and it will open but a pop up comes up immediately talking about malware and trojans and I'm unable to close the that or the window. I have to manually shut down Edge using the task manager.



#8 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:52 AM

Posted 28 August 2015 - 07:51 AM

Ok. Let's continue.

This computer is a mess!! Please be patient as it might take a while to get it clean.

Please do this next...

Please download the Suspicious File Packer.
C:\WINDOWS\system32\dnsapi.dll
C:\WINDOWS\SysWOW64\dnsapi.dll
  • Unzip it to the desktop and run it.
  • Copy and paste the contents of the codebox into the Suspicious File Packer window:
  • Allow SFP to pack the files. This will generate a CAB archive on your desktop.
Please go to here.

Where it asks for the "Link to topic where this file was requested" copy and paste the contents of the codebox.
 
http://www.bleepingcomputer.com/forums/t/587922/infected-multiple-windows-pop-up-when-clicking-links-or-typing-web-addresses/#entry3802912
  • Where it says "Browse to the file you want to submit", browse to the CAB archive that was created on your desktop.
  • The cab file will be called requested-files*.cab (the * stands for the date and hour).
Press the Send File button.


<<<<<<<<<<

We need to remove programs using "Programs and Features"

Click the Start orb on the taskbar, and then click Control Panel.
  • If you use Category mode, click on Uninstall a Program.
  • If you use Icons mode, click on Program and Features.
A list of programs installed will be "populated" (this may take a bit of time).
If they exist, uninstall the following by clicking on the below entries and selecting "Remove":

ServiceUpdater
Advanced-System Protector


Additional instructions can be found here if needed.

<<<<<<<<<<

This next please...

FRST fix:
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the ENTIRE script below in the notepad document:
start
CloseProcesses:
Folder: C:\WINDOWS\system32\avy
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => No File
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130848141534295145&GUID=DDB8CD2E-71C5-4E33-BDF7-0483F209DFA2
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-21-468200526-3709930035-1514773469-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130848141534326974&GUID=DDB8CD2E-71C5-4E33-BDF7-0483F209DFA2
HKU\S-1-5-21-468200526-3709930035-1514773469-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-468200526-3709930035-1514773469-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/HPNOT13/1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-468200526-3709930035-1514773469-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-468200526-3709930035-1514773469-1001 -> {6EAC0C65-B856-44CC-9601-E6AAB5A9715B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-468200526-3709930035-1514773469-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
CHR Extension: (No Name) - C:\Users\Pam Honeysuckle\AppData\Local\Google\Chrome\User Data\Default\Extensions\fijhlnmmmgflacagjecncpmpnhjieggk [2015-08-23]
CHR Extension: (No Name) - C:\Users\Pam Honeysuckle\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [2015-08-23]
CHR HKU\S-1-5-21-468200526-3709930035-1514773469-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlcgehabolcakkjhgmgpkagpolbjlhfa] - https://clients2.google.com/service/update2/crx
2015-08-23 15:58 - 2015-08-27 20:49 - 00001042 _____ C:\WINDOWS\Tasks\JQhZtLJo.job
2015-08-23 15:58 - 2015-08-23 15:58 - 00004162 _____ C:\WINDOWS\System32\Tasks\JQhZtLJo
2015-08-23 15:57 - 2015-08-23 19:56 - 00000000 ____D C:\Program Files (x86)\72d2f0ca-2e70-4b9d-83ae-f2d9d08db768
2015-08-23 15:19 - 2015-08-23 19:56 - 00000000 ____D C:\Program Files (x86)\302f7984-a26e-48c7-8d16-76d412736404
2015-08-23 15:17 - 2015-08-23 19:56 - 00000000 ____D C:\Program Files (x86)\ServiceUpdater
2015-08-23 15:15 - 2015-08-23 15:17 - 00003340 _____ C:\WINDOWS\System32\Tasks\runTask
2015-08-23 15:15 - 2015-08-23 15:17 - 00000584 _____ C:\task.vbs
2015-08-23 09:40 - 2015-08-24 16:07 - 00000000 ____D C:\WINDOWS\Minidump
2015-08-23 09:40 - 2015-08-23 09:40 - 00286168 _____ C:\WINDOWS\Minidump\082315-71125-01.dmp
2015-08-23 09:36 - 2015-08-27 21:09 - 00001046 _____ C:\WINDOWS\Tasks\ifswhv3x22.job
2015-08-23 09:36 - 2015-08-23 09:36 - 00004172 _____ C:\WINDOWS\System32\Tasks\ifswhv3x22
2015-08-23 09:28 - 2015-08-23 09:28 - 00004172 _____ C:\WINDOWS\System32\Tasks\4a752bbc-e718-4ff5-8948-5413ae8b7094
2015-08-23 09:28 - 2015-08-23 09:28 - 00003924 _____ C:\WINDOWS\System32\Tasks\Notify Helper
2015-08-23 09:28 - 2015-08-23 09:28 - 00003650 _____ C:\WINDOWS\System32\Tasks\System Cleaner Pro Auto Start
2015-08-23 09:28 - 2015-08-23 09:28 - 00000000 ____D C:\Users\Pam Honeysuckle\AppData\Roaming\System Cleaner Pro
2015-08-23 09:28 - 2015-08-23 09:28 - 00000000 ____D C:\Users\Pam Honeysuckle\AppData\Local\System_Cleaner_Pro
2015-08-23 09:27 - 2015-08-23 09:27 - 00000000 ____D C:\Users\Pam Honeysuckle\AppData\Roaming\JV Update
2015-08-23 09:27 - 2015-08-23 09:27 - 00000000 ____D C:\Users\Pam Honeysuckle\AppData\Local\SecureWebUpdate
2015-08-23 09:27 - 2015-08-23 09:27 - 00000000 ____D C:\Users\Pam Honeysuckle\AppData\Local\PopupID1
2015-08-23 09:26 - 2015-08-23 09:26 - 00000045 _____ C:\user.js
2015-08-23 09:26 - 2015-08-23 09:26 - 00000000 ____D C:\WINDOWS\system32\avy
2015-08-23 09:24 - 2015-08-27 20:49 - 00001064 _____ C:\WINDOWS\Tasks\6sO8hwCO2NyYTnQPypt.job
2015-08-23 09:24 - 2015-08-23 09:24 - 00004206 _____ C:\WINDOWS\System32\Tasks\6sO8hwCO2NyYTnQPypt
2015-08-23 09:23 - 2015-08-23 19:56 - 00000000 ____D C:\Program Files (x86)\c5f439a3-8461-4d50-9e0d-01d5afbe2916
2015-08-23 09:22 - 2015-08-23 18:37 - 00000004 _____ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-08-23 09:10 - 2015-08-23 09:11 - 00000000 ____D C:\Program Files (x86)\PCAPDownloader
2015-08-23 09:09 - 2015-08-23 16:10 - 00000000 ____D C:\Users\Pam Honeysuckle\AppData\Local\{79224F7E-5D8A-23C6-3012-062E147AFAB6}
2015-08-23 09:09 - 2015-08-23 09:09 - 00000000 ____D C:\Program Files (x86)\TestXp
2015-08-23 09:08 - 2015-08-23 09:08 - 00608088 _____ C:\Users\Pam Honeysuckle\Downloads\OpenSoftwareUpdates.exe
2015-04-19 07:20 - 2015-04-19 07:20 - 0005872 _____ () C:\Users\Pam Honeysuckle\AppData\Roaming\6sO8hwCO2NyYTnQPypt
2015-08-23 08:14 - 2015-08-23 08:14 - 0032038 _____ () C:\Users\Pam Honeysuckle\AppData\Roaming\Edge.ico
2015-08-23 08:14 - 2015-08-23 08:14 - 0002972 _____ () C:\Users\Pam Honeysuckle\AppData\Roaming\EdgeReg.txt
2015-04-19 07:20 - 2015-04-19 07:20 - 0005872 _____ () C:\Users\Pam Honeysuckle\AppData\Roaming\ifswhv3x22
2015-04-19 07:20 - 2015-04-19 07:20 - 0005872 _____ () C:\Users\Pam Honeysuckle\AppData\Roaming\JQhZtLJo
2015-08-23 16:10 - 2015-08-23 16:10 - 0000046 _____ () C:\Users\Pam Honeysuckle\AppData\Roaming\WB.CFG
Task: {09D93E9A-A3CD-4790-A089-440593526309} - System32\Tasks\System Cleaner Pro Auto Start => C:\Program Files (x86)\System Cleaner Pro\SystemCleanerPro.exe
Task: {0A5FE876-9BFD-4F08-B390-68C78CB1DD97} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {0B35C66B-FD1B-431E-82A4-E51C583A9AA5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
C:\Program Files (x86)\System Cleaner Pro
Task: {104CC150-9EDE-43C0-A562-5C4A6A6CC4A6} - System32\Tasks\JQhZtLJo => C:\Users\Pam Honeysuckle\AppData\Roaming\JQhZtLJo.exe <==== ATTENTION
Task: {37B193A2-3993-42EA-9EB9-92961CF36A4D} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {59D06C19-05BA-4F92-A5BE-050E89C7EED9} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {68F47208-413E-4204-9148-A04C8D9F05D1} - \Cassiopesa mile -> No File <==== ATTENTION
Task: {780FC30A-F5B5-4B66-A82E-D418167D4CFD} - System32\Tasks\ifswhv3x22 => C:\Users\Pam Honeysuckle\AppData\Roaming\ifswhv3x22.exe <==== ATTENTION
Task: {87255786-8653-4B3C-8942-7AF776C16EB0} - System32\Tasks\4a752bbc-e718-4ff5-8948-5413ae8b7094 => C:\Users\Pam Honeysuckle\AppData\Roaming\JV Update\SecureWebUpdate.exe [2015-07-24] () <==== ATTENTION
Task: {8C9BBA10-6CE2-46F4-94EF-1DD7F404B427} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {9B273C71-8226-4D49-B0F9-87A50EEF46BF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {9C7EE94B-CE99-4508-AE0F-0E4B786BF310} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {A0259DF1-076D-4017-98DB-04AAD998EDB3} - \bvxvbxvd -> No File <==== ATTENTION
Task: {B5625959-59C2-4901-829A-210AD75813B8} - System32\Tasks\Notify Helper => C:\Program Files (x86)\System Cleaner Pro\\NotifyHelper.exe
Task: {C01FCC6F-D2F6-4B07-B7AE-5DBBF1580719} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
C:\Program Files (x86)\System Cleaner Pro
ask: {D69E7446-18F2-4610-B7F9-FDDE602D9F59} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {DF4F7DE1-750C-4439-A5B2-3DCB102F4B0E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {E3DABF78-216B-4742-9AD7-695506AD70AB} - System32\Tasks\Rogaoosuvomao => C:\ProgramData\Rogaoosuvomao\1.0.4.1\fsoosohe.exe
Task: {F8192A0F-E534-41DF-BA91-342B71FF63C9} - System32\Tasks\6sO8hwCO2NyYTnQPypt => C:\Users\Pam Honeysuckle\AppData\Roaming\6sO8hwCO2NyYTnQPypt.exe <==== ATTENTION
C:\ProgramData\Rogaoosuvomao
C:\Users\Pam Honeysuckle\AppData\Roaming\6sO8hwCO2NyYTnQPypt.exe
Task: C:\WINDOWS\Tasks\6sO8hwCO2NyYTnQPypt.job => C:\Users\Pam Honeysuckle\AppData\Roaming\6sO8hwCO2NyYTnQPypt.exe <==== ATTENTION
C:\Users\Pam Honeysuckle\AppData\Roaming\6sO8hwCO2NyYTnQPypt.exe
ask: C:\WINDOWS\Tasks\ifswhv3x22.job => C:\Users\Pam Honeysuckle\AppData\Roaming\ifswhv3x22.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\JQhZtLJo.job => C:\Users\Pam Honeysuckle\AppData\Roaming\JQhZtLJo.exe <==== ATTENTION
CMD: ipconfig /flushdns
CMD: sfc /scanfile=C:\Windows\system32\dnsapi.dll
CMD: sfc /scanfile=C:\Windows\SysWOW64\dnsapi.dll
CMD: type C:\Avenger.txt
EmptyTemp:
RemoveProxy:
end
  • Save the file to your desktop and name it as fixlist.txt
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run: NOTE - only run this fix once!!!!!!
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.
Please copy and paste the log in your next reply.

<<<<<<<<<<

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here
  • When the download appears, save to the Desktop.
  • On the Desktop, right-click the Zoek.exe file and select: Run as Administrator (Give it a few seconds to appear.)
  • Next, copy/paste the entire script inside the code box below to the input field of Zoek:
autoclean;
  • Now...
  • Close any open Browsers.
  • Click the Run script button, and wait. It takes a few minutes to run all the script.
  • When the tool finishes, the zoek-results.log is opened in Notepad.
  • The log is also found on the systemdrive, normally C:\
  • If a reboot is needed, the log is opened after the reboot.
Please attach the zoek-results.log in your reply.

<<<<<<<<<<

This next...

In the next steps we will remove and re-install Chrome, therefore I advise you to save your bookmarks, since you will lose them during the process. The information for doing this can be found here.


Remove Google Chrome
  • Open the Start menu and click Control Panel.
  • Double-click Add or Remove Programs.
  • Select the following program:

    Google Chrome

  • Click Remove.
  • When asked if you want to uninstall, place a checkmark next to Also delete your browsing data and select Uninstall.
  • Reboot your computer.
Re-install Google Chrome, please do the following..
  • Click on the following link: Google Chrome.
  • Read the Terms of Service and select Accept and Install.
  • Save ChromeSetup.exe to your desktop.
  • Go to your desktop and double-click on ChromeSetup.exe.
  • Google Chrome will then install itself.
  • When the process is over, Chrome will open.
<<<<<<<<<<

Re-run FRST, check the Addition.txt box, press SCAN and copy/paste the 2 logs in your next reply.

<<<<<<<<<<

With your next post please provide:
  • Successful upload?
  • Successful uninstall?
  • Fixlog text
  • Zoek log
  • FRST log
  • Addition log
  • An update about the problems that persist
Kind regards,
thcbytes
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#9 Cenfath

Cenfath
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Oklahoma
  • Local time:03:52 AM

Posted 29 August 2015 - 09:42 AM

Fix result of Farbar Recovery Scan Tool (x64) Version:27-08-2015

Ran by Pam Honeysuckle (2015-08-29 08:20:07) Run:1
Running from C:\Users\Pam Honeysuckle\Desktop
Loaded Profiles: Pam Honeysuckle (Available Profiles: Pam Honeysuckle & Administrator)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
CloseProcesses:
Folder: C:\WINDOWS\system32\avy
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => No File
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130848141534295145&GUID=DDB8CD2E-71C5-4E33-BDF7-0483F209DFA2
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-21-468200526-3709930035-1514773469-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130848141534326974&GUID=DDB8CD2E-71C5-4E33-BDF7-0483F209DFA2
HKU\S-1-5-21-468200526-3709930035-1514773469-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-468200526-3709930035-1514773469-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/HPNOT13/1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-468200526-3709930035-1514773469-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-468200526-3709930035-1514773469-1001 -> {6EAC0C65-B856-44CC-9601-E6AAB5A9715B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-468200526-3709930035-1514773469-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
CHR Extension: (No Name) - C:\Users\Pam Honeysuckle\AppData\Local\Google\Chrome\User Data\Default\Extensions\fijhlnmmmgflacagjecncpmpnhjieggk [2015-08-23]
CHR Extension: (No Name) - C:\Users\Pam Honeysuckle\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [2015-08-23]
CHR HKU\S-1-5-21-468200526-3709930035-1514773469-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlcgehabolcakkjhgmgpkagpolbjlhfa] - https://clients2.google.com/service/update2/crx
2015-08-23 15:58 - 2015-08-27 20:49 - 00001042 _____ C:\WINDOWS\Tasks\JQhZtLJo.job
2015-08-23 15:58 - 2015-08-23 15:58 - 00004162 _____ C:\WINDOWS\System32\Tasks\JQhZtLJo
2015-08-23 15:57 - 2015-08-23 19:56 - 00000000 ____D C:\Program Files (x86)\72d2f0ca-2e70-4b9d-83ae-f2d9d08db768
2015-08-23 15:19 - 2015-08-23 19:56 - 00000000 ____D C:\Program Files (x86)\302f7984-a26e-48c7-8d16-76d412736404
2015-08-23 15:17 - 2015-08-23 19:56 - 00000000 ____D C:\Program Files (x86)\ServiceUpdater
2015-08-23 15:15 - 2015-08-23 15:17 - 00003340 _____ C:\WINDOWS\System32\Tasks\runTask
2015-08-23 15:15 - 2015-08-23 15:17 - 00000584 _____ C:\task.vbs
2015-08-23 09:40 - 2015-08-24 16:07 - 00000000 ____D C:\WINDOWS\Minidump
2015-08-23 09:40 - 2015-08-23 09:40 - 00286168 _____ C:\WINDOWS\Minidump\082315-71125-01.dmp
2015-08-23 09:36 - 2015-08-27 21:09 - 00001046 _____ C:\WINDOWS\Tasks\ifswhv3x22.job
2015-08-23 09:36 - 2015-08-23 09:36 - 00004172 _____ C:\WINDOWS\System32\Tasks\ifswhv3x22
2015-08-23 09:28 - 2015-08-23 09:28 - 00004172 _____ C:\WINDOWS\System32\Tasks\4a752bbc-e718-4ff5-8948-5413ae8b7094
2015-08-23 09:28 - 2015-08-23 09:28 - 00003924 _____ C:\WINDOWS\System32\Tasks\Notify Helper
2015-08-23 09:28 - 2015-08-23 09:28 - 00003650 _____ C:\WINDOWS\System32\Tasks\System Cleaner Pro Auto Start
2015-08-23 09:28 - 2015-08-23 09:28 - 00000000 ____D C:\Users\Pam Honeysuckle\AppData\Roaming\System Cleaner Pro
2015-08-23 09:28 - 2015-08-23 09:28 - 00000000 ____D C:\Users\Pam Honeysuckle\AppData\Local\System_Cleaner_Pro
2015-08-23 09:27 - 2015-08-23 09:27 - 00000000 ____D C:\Users\Pam Honeysuckle\AppData\Roaming\JV Update
2015-08-23 09:27 - 2015-08-23 09:27 - 00000000 ____D C:\Users\Pam Honeysuckle\AppData\Local\SecureWebUpdate
2015-08-23 09:27 - 2015-08-23 09:27 - 00000000 ____D C:\Users\Pam Honeysuckle\AppData\Local\PopupID1
2015-08-23 09:26 - 2015-08-23 09:26 - 00000045 _____ C:\user.js
2015-08-23 09:26 - 2015-08-23 09:26 - 00000000 ____D C:\WINDOWS\system32\avy
2015-08-23 09:24 - 2015-08-27 20:49 - 00001064 _____ C:\WINDOWS\Tasks\6sO8hwCO2NyYTnQPypt.job
2015-08-23 09:24 - 2015-08-23 09:24 - 00004206 _____ C:\WINDOWS\System32\Tasks\6sO8hwCO2NyYTnQPypt
2015-08-23 09:23 - 2015-08-23 19:56 - 00000000 ____D C:\Program Files (x86)\c5f439a3-8461-4d50-9e0d-01d5afbe2916
2015-08-23 09:22 - 2015-08-23 18:37 - 00000004 _____ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-08-23 09:10 - 2015-08-23 09:11 - 00000000 ____D C:\Program Files (x86)\PCAPDownloader
2015-08-23 09:09 - 2015-08-23 16:10 - 00000000 ____D C:\Users\Pam Honeysuckle\AppData\Local\{79224F7E-5D8A-23C6-3012-062E147AFAB6}
2015-08-23 09:09 - 2015-08-23 09:09 - 00000000 ____D C:\Program Files (x86)\TestXp
2015-08-23 09:08 - 2015-08-23 09:08 - 00608088 _____ C:\Users\Pam Honeysuckle\Downloads\OpenSoftwareUpdates.exe
2015-04-19 07:20 - 2015-04-19 07:20 - 0005872 _____ () C:\Users\Pam Honeysuckle\AppData\Roaming\6sO8hwCO2NyYTnQPypt
2015-08-23 08:14 - 2015-08-23 08:14 - 0032038 _____ () C:\Users\Pam Honeysuckle\AppData\Roaming\Edge.ico
2015-08-23 08:14 - 2015-08-23 08:14 - 0002972 _____ () C:\Users\Pam Honeysuckle\AppData\Roaming\EdgeReg.txt
2015-04-19 07:20 - 2015-04-19 07:20 - 0005872 _____ () C:\Users\Pam Honeysuckle\AppData\Roaming\ifswhv3x22
2015-04-19 07:20 - 2015-04-19 07:20 - 0005872 _____ () C:\Users\Pam Honeysuckle\AppData\Roaming\JQhZtLJo
2015-08-23 16:10 - 2015-08-23 16:10 - 0000046 _____ () C:\Users\Pam Honeysuckle\AppData\Roaming\WB.CFG
Task: {09D93E9A-A3CD-4790-A089-440593526309} - System32\Tasks\System Cleaner Pro Auto Start => C:\Program Files (x86)\System Cleaner Pro\SystemCleanerPro.exe
Task: {0A5FE876-9BFD-4F08-B390-68C78CB1DD97} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {0B35C66B-FD1B-431E-82A4-E51C583A9AA5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
C:\Program Files (x86)\System Cleaner Pro
Task: {104CC150-9EDE-43C0-A562-5C4A6A6CC4A6} - System32\Tasks\JQhZtLJo => C:\Users\Pam Honeysuckle\AppData\Roaming\JQhZtLJo.exe <==== ATTENTION
Task: {37B193A2-3993-42EA-9EB9-92961CF36A4D} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {59D06C19-05BA-4F92-A5BE-050E89C7EED9} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {68F47208-413E-4204-9148-A04C8D9F05D1} - \Cassiopesa mile -> No File <==== ATTENTION
Task: {780FC30A-F5B5-4B66-A82E-D418167D4CFD} - System32\Tasks\ifswhv3x22 => C:\Users\Pam Honeysuckle\AppData\Roaming\ifswhv3x22.exe <==== ATTENTION
Task: {87255786-8653-4B3C-8942-7AF776C16EB0} - System32\Tasks\4a752bbc-e718-4ff5-8948-5413ae8b7094 => C:\Users\Pam Honeysuckle\AppData\Roaming\JV Update\SecureWebUpdate.exe [2015-07-24] () <==== ATTENTION
Task: {8C9BBA10-6CE2-46F4-94EF-1DD7F404B427} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {9B273C71-8226-4D49-B0F9-87A50EEF46BF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {9C7EE94B-CE99-4508-AE0F-0E4B786BF310} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {A0259DF1-076D-4017-98DB-04AAD998EDB3} - \bvxvbxvd -> No File <==== ATTENTION
Task: {B5625959-59C2-4901-829A-210AD75813B8} - System32\Tasks\Notify Helper => C:\Program Files (x86)\System Cleaner Pro\\NotifyHelper.exe
Task: {C01FCC6F-D2F6-4B07-B7AE-5DBBF1580719} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
C:\Program Files (x86)\System Cleaner Pro
ask: {D69E7446-18F2-4610-B7F9-FDDE602D9F59} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {DF4F7DE1-750C-4439-A5B2-3DCB102F4B0E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {E3DABF78-216B-4742-9AD7-695506AD70AB} - System32\Tasks\Rogaoosuvomao => C:\ProgramData\Rogaoosuvomao\1.0.4.1\fsoosohe.exe
Task: {F8192A0F-E534-41DF-BA91-342B71FF63C9} - System32\Tasks\6sO8hwCO2NyYTnQPypt => C:\Users\Pam Honeysuckle\AppData\Roaming\6sO8hwCO2NyYTnQPypt.exe <==== ATTENTION
C:\ProgramData\Rogaoosuvomao
C:\Users\Pam Honeysuckle\AppData\Roaming\6sO8hwCO2NyYTnQPypt.exe
Task: C:\WINDOWS\Tasks\6sO8hwCO2NyYTnQPypt.job => C:\Users\Pam Honeysuckle\AppData\Roaming\6sO8hwCO2NyYTnQPypt.exe <==== ATTENTION
C:\Users\Pam Honeysuckle\AppData\Roaming\6sO8hwCO2NyYTnQPypt.exe
ask: C:\WINDOWS\Tasks\ifswhv3x22.job => C:\Users\Pam Honeysuckle\AppData\Roaming\ifswhv3x22.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\JQhZtLJo.job => C:\Users\Pam Honeysuckle\AppData\Roaming\JQhZtLJo.exe <==== ATTENTION
CMD: ipconfig /flushdns
CMD: sfc /scanfile=C:\Windows\system32\dnsapi.dll
CMD: sfc /scanfile=C:\Windows\SysWOW64\dnsapi.dll
CMD: type C:\Avenger.txt
EmptyTemp:
RemoveProxy:
end
*****************
 
Processes closed successfully.
 
========================= Folder: C:\WINDOWS\system32\avy ========================
 
2015-08-23 09:26 - 2015-08-23 19:56 - 0000000 ____D () C:\WINDOWS\system32\avy\hucq
 
====== End of Folder: ======
 
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll" => Value data removed successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Local Page => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Local Page => value removed successfully
HKU\S-1-5-21-468200526-3709930035-1514773469-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-468200526-3709930035-1514773469-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKU\S-1-5-21-468200526-3709930035-1514773469-1001\Software\Microsoft\Internet Explorer\Main\\First Home Page => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully
HKCR\Wow6432Node\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found. 
HKU\S-1-5-21-468200526-3709930035-1514773469-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-468200526-3709930035-1514773469-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6EAC0C65-B856-44CC-9601-E6AAB5A9715B}" => key removed successfully
HKCR\CLSID\{6EAC0C65-B856-44CC-9601-E6AAB5A9715B} => key not found. 
"HKU\S-1-5-21-468200526-3709930035-1514773469-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found. 
C:\Users\Pam Honeysuckle\AppData\Local\Google\Chrome\User Data\Default\Extensions\fijhlnmmmgflacagjecncpmpnhjieggk => moved successfully
C:\Users\Pam Honeysuckle\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi => moved successfully
"HKU\S-1-5-21-468200526-3709930035-1514773469-1001\SOFTWARE\Google\Chrome\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa" => key removed successfully
C:\WINDOWS\Tasks\JQhZtLJo.job => moved successfully
C:\WINDOWS\System32\Tasks\JQhZtLJo => moved successfully
C:\Program Files (x86)\72d2f0ca-2e70-4b9d-83ae-f2d9d08db768 => moved successfully
C:\Program Files (x86)\302f7984-a26e-48c7-8d16-76d412736404 => moved successfully
C:\Program Files (x86)\ServiceUpdater => moved successfully
C:\WINDOWS\System32\Tasks\runTask => moved successfully
C:\task.vbs => moved successfully
C:\WINDOWS\Minidump => moved successfully
"C:\WINDOWS\Minidump\082315-71125-01.dmp" => File/Folder not found.
C:\WINDOWS\Tasks\ifswhv3x22.job => moved successfully
C:\WINDOWS\System32\Tasks\ifswhv3x22 => moved successfully
C:\WINDOWS\System32\Tasks\4a752bbc-e718-4ff5-8948-5413ae8b7094 => moved successfully
C:\WINDOWS\System32\Tasks\Notify Helper => moved successfully
C:\WINDOWS\System32\Tasks\System Cleaner Pro Auto Start => moved successfully
C:\Users\Pam Honeysuckle\AppData\Roaming\System Cleaner Pro => moved successfully
C:\Users\Pam Honeysuckle\AppData\Local\System_Cleaner_Pro => moved successfully
C:\Users\Pam Honeysuckle\AppData\Roaming\JV Update => moved successfully
C:\Users\Pam Honeysuckle\AppData\Local\SecureWebUpdate => moved successfully
C:\Users\Pam Honeysuckle\AppData\Local\PopupID1 => moved successfully
C:\user.js => moved successfully
C:\WINDOWS\system32\avy => moved successfully
C:\WINDOWS\Tasks\6sO8hwCO2NyYTnQPypt.job => moved successfully
C:\WINDOWS\System32\Tasks\6sO8hwCO2NyYTnQPypt => moved successfully
C:\Program Files (x86)\c5f439a3-8461-4d50-9e0d-01d5afbe2916 => moved successfully
C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 => moved successfully
C:\Program Files (x86)\PCAPDownloader => moved successfully
C:\Users\Pam Honeysuckle\AppData\Local\{79224F7E-5D8A-23C6-3012-062E147AFAB6} => moved successfully
C:\Program Files (x86)\TestXp => moved successfully
C:\Users\Pam Honeysuckle\Downloads\OpenSoftwareUpdates.exe => moved successfully
C:\Users\Pam Honeysuckle\AppData\Roaming\6sO8hwCO2NyYTnQPypt => moved successfully
C:\Users\Pam Honeysuckle\AppData\Roaming\Edge.ico => moved successfully
C:\Users\Pam Honeysuckle\AppData\Roaming\EdgeReg.txt => moved successfully
C:\Users\Pam Honeysuckle\AppData\Roaming\ifswhv3x22 => moved successfully
C:\Users\Pam Honeysuckle\AppData\Roaming\JQhZtLJo => moved successfully
C:\Users\Pam Honeysuckle\AppData\Roaming\WB.CFG => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{09D93E9A-A3CD-4790-A089-440593526309}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09D93E9A-A3CD-4790-A089-440593526309}" => key removed successfully
C:\WINDOWS\System32\Tasks\System Cleaner Pro Auto Start => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System Cleaner Pro Auto Start" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0A5FE876-9BFD-4F08-B390-68C78CB1DD97}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A5FE876-9BFD-4F08-B390-68C78CB1DD97}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0B35C66B-FD1B-431E-82A4-E51C583A9AA5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B35C66B-FD1B-431E-82A4-E51C583A9AA5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"C:\Program Files (x86)\System Cleaner Pro" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{104CC150-9EDE-43C0-A562-5C4A6A6CC4A6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{104CC150-9EDE-43C0-A562-5C4A6A6CC4A6}" => key removed successfully
C:\WINDOWS\System32\Tasks\JQhZtLJo => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\JQhZtLJo" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{37B193A2-3993-42EA-9EB9-92961CF36A4D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{37B193A2-3993-42EA-9EB9-92961CF36A4D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{59D06C19-05BA-4F92-A5BE-050E89C7EED9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59D06C19-05BA-4F92-A5BE-050E89C7EED9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{68F47208-413E-4204-9148-A04C8D9F05D1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68F47208-413E-4204-9148-A04C8D9F05D1}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Cassiopesa mile => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{780FC30A-F5B5-4B66-A82E-D418167D4CFD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{780FC30A-F5B5-4B66-A82E-D418167D4CFD}" => key removed successfully
C:\WINDOWS\System32\Tasks\ifswhv3x22 => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ifswhv3x22" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{87255786-8653-4B3C-8942-7AF776C16EB0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{87255786-8653-4B3C-8942-7AF776C16EB0}" => key removed successfully
C:\WINDOWS\System32\Tasks\4a752bbc-e718-4ff5-8948-5413ae8b7094 => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4a752bbc-e718-4ff5-8948-5413ae8b7094" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8C9BBA10-6CE2-46F4-94EF-1DD7F404B427}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C9BBA10-6CE2-46F4-94EF-1DD7F404B427}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9B273C71-8226-4D49-B0F9-87A50EEF46BF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B273C71-8226-4D49-B0F9-87A50EEF46BF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9C7EE94B-CE99-4508-AE0F-0E4B786BF310}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C7EE94B-CE99-4508-AE0F-0E4B786BF310}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A0259DF1-076D-4017-98DB-04AAD998EDB3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A0259DF1-076D-4017-98DB-04AAD998EDB3}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bvxvbxvd => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B5625959-59C2-4901-829A-210AD75813B8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B5625959-59C2-4901-829A-210AD75813B8}" => key removed successfully
C:\WINDOWS\System32\Tasks\Notify Helper => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Notify Helper" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C01FCC6F-D2F6-4B07-B7AE-5DBBF1580719}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C01FCC6F-D2F6-4B07-B7AE-5DBBF1580719}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"C:\Program Files (x86)\System Cleaner Pro" => File/Folder not found.
ask: {D69E7446-18F2-4610-B7F9-FDDE602D9F59} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DF4F7DE1-750C-4439-A5B2-3DCB102F4B0E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF4F7DE1-750C-4439-A5B2-3DCB102F4B0E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{E3DABF78-216B-4742-9AD7-695506AD70AB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E3DABF78-216B-4742-9AD7-695506AD70AB}" => key removed successfully
C:\WINDOWS\System32\Tasks\Rogaoosuvomao => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Rogaoosuvomao" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F8192A0F-E534-41DF-BA91-342B71FF63C9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8192A0F-E534-41DF-BA91-342B71FF63C9}" => key removed successfully
C:\WINDOWS\System32\Tasks\6sO8hwCO2NyYTnQPypt => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\6sO8hwCO2NyYTnQPypt" => key removed successfully
"C:\ProgramData\Rogaoosuvomao" => File/Folder not found.
"C:\Users\Pam Honeysuckle\AppData\Roaming\6sO8hwCO2NyYTnQPypt.exe" => File/Folder not found.
C:\WINDOWS\Tasks\6sO8hwCO2NyYTnQPypt.job => not found.
"C:\Users\Pam Honeysuckle\AppData\Roaming\6sO8hwCO2NyYTnQPypt.exe" => File/Folder not found.
ask: C:\WINDOWS\Tasks\ifswhv3x22.job => C:\Users\Pam Honeysuckle\AppData\Roaming\ifswhv3x22.exe <==== ATTENTION => Error: No automatic fix found for this entry.
C:\WINDOWS\Tasks\JQhZtLJo.job => not found.
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  sfc /scanfile=C:\Windows\system32\dnsapi.dll =========
 
 W i n d o w s   R e s o u r c e   P r o t e c t i o n   f o u n d   c o r r u p t   f i l e s   b u t   w a s   u n a b l e   t o   f i x   s o m e   
 
 
 o f   t h e m .   D e t a i l s   a r e   i n c l u d e d   i n   t h e   C B S . L o g   w i n d i r \ L o g s \ C B S \ C B S . l o g .   F o r   
 
 
 e x a m p l e   C : \ W i n d o w s \ L o g s \ C B S \ C B S . l o g .   N o t e   t h a t   l o g g i n g   i s   c u r r e n t l y   n o t   
 
 
 s u p p o r t e d   i n   o f f l i n e   s e r v i c i n g   s c e n a r i o s . 
 
========= End of CMD: =========
 
 
=========  sfc /scanfile=C:\Windows\SysWOW64\dnsapi.dll =========
 
 W i n d o w s   R e s o u r c e   P r o t e c t i o n   f o u n d   c o r r u p t   f i l e s   b u t   w a s   u n a b l e   t o   f i x   s o m e   
 
 
 o f   t h e m .   D e t a i l s   a r e   i n c l u d e d   i n   t h e   C B S . L o g   w i n d i r \ L o g s \ C B S \ C B S . l o g .   F o r   
 
 
 e x a m p l e   C : \ W i n d o w s \ L o g s \ C B S \ C B S . l o g .   N o t e   t h a t   l o g g i n g   i s   c u r r e n t l y   n o t   
 
 
 s u p p o r t e d   i n   o f f l i n e   s e r v i c i n g   s c e n a r i o s . 
 
 
 
========= End of CMD: =========
 
 
=========  type C:\Avenger.txt =========
 
The system cannot find the file specified.
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
HKU\S-1-5-21-468200526-3709930035-1514773469-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-468200526-3709930035-1514773469-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
EmptyTemp: => 2.3 GB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 08:21:10 ====
 
 
Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Pam Honeysuckle on Sat 08/29/2015 at  8:35:03.73.
Microsoft Windows 10 Home 10.0.10240  x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Pam Honeysuckle\Desktop\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
8/29/2015 8:36:33 AM Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\PROGRA~2\Lavasoft deleted successfully
C:\Program Files\Symantec deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\Lavasoft deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\PROGRA~3\Validity deleted successfully
C:\Users\Pam Honeysuckle\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Pam Honeysuckle\AppData\Local\EmieSiteList deleted successfully
C:\Users\Pam Honeysuckle\AppData\Local\EmieUserList deleted successfully
C:\Users\Pam Honeysuckle\AppData\Local\NetworkTiles deleted successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\NetworkTiles deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== Batch Command(s) Run By Tool======================
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~2\Lavasoft not found
C:\prefs.js deleted
C:\Users\Pam Honeysuckle\AppData\Local\Lavasoft\WebCompanion.exe_Url_siq0lwf3tzgxp2khfkllybk3idtbehng deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A} deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\GPT.INI deleted
C:\WINDOWS\Syswow64\GroupPolicy\gpt.ini deleted
C:\WINDOWS\SysWOW64\LavasoftTcpService.dll deleted
C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini deleted
"C:\windows\Installer\e6d1.msi" deleted
"C:\WINDOWS\Installer\136494d.msi" deleted
 
==== Chromium Look ======================
 
Google Chrome Version: 44.0.2403.157
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
fegekclkdhbnfdcmomlpegkkndgnmfmo - C:\Program Files (x86)\HP SimplePass\tschrome.crx[07/12/2012 07:35 AM]
 
Website Logon - Pam Honeysuckle\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo
Chrome Hotword Shared Module - Pam Honeysuckle\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
 
==== Chromium Startpages ======================
 
C:\Users\Pam Honeysuckle\AppData\Local\Google\Chrome\User Data\Default\Preferences
"cards.js","background.js"]},"description":"Integrates Google Now into Chrome.","icons":{"128":"images/icon128.png","16":"images/icon16.png","48":"images/icon48.png"},"key":"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkhqJr32OFD/bMXW4Md7jMfd7LbwHXVc6x5bBQG5U+dloofoxrICDR20yur/40mQ8O//0sS1b8srvbab1CRlSrxoNCr9T80NAkfzx0gHyVS+p1Zow+1FzLMu9PiGwwFyN80HIB7GI/dIa0wC9K/2OrrzcHEhVH96DacTtWQqjfDVtZPjT7Xwv23dgoWcpbkRC86jMJot3dmX9xnn0KzoVc9gDOHSIkBLbkkr6Sp3LGXCCM4L0DJgxdFwaLr5WBzgC3y5x0/wwPIwN4PtIaK3BhH6njlksfnKwwIJ9iRT41V4BqbWu4mszO/7VJ3HJyw2DBpIc2grU9ZRRxrV3fRQG4wIDAQAB","manifest_version":2,"name":"Google Now","oauth2":{"auto_approve":true,"scopes":["https://www.googleapis.com/auth/gcm","https://www.googleapis.com/auth/googlenow"]},"optional_permissions":["background"],"permissions":["alarms","gcm","identity","metricsPrivate","notifications","storage","tabs","webstorePrivate","*://*.google.com/*","*://*.gstatic.com/*","https://*.googleapis.com/chromenow/v1/*","https://*.googleapis.com/gcm/*","https://*.googleusercontent.com/*"],"version":"1.2.0.1"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\44.0.2403.157\\resources\\google_now","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false},"pjkljhegncpnkpknbcohdijeoejaedia":{"ack_external":true,"active_permissions":{"api":["notifications"],"manifest_permissions":[]},"app_launcher_ordinal":"y","commands":{},"content_settings":[],"creation_flags":137,"events":[],"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["notifications"],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13084673498229863","lastpingday":"13084614001263804","location":1,"manifest":{"app":{"launch":{"container":"tab","web_url":"https://mail.google.com/mail/ca"},"urls":["*://mail.google.com/mail/ca"]},"current_locale":"en_US","default_locale":"en","description":"Fast, searchable email with less spam.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB","manifest_version":2,"name":"Gmail","options_page":"https://mail.google.com/mail/ca/#settings","permissions":["notifications"],"update_url":"http://clients2.google.com/service/update2/crx","version":"8.1"},"page_ordinal":"n","path":"pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false}}},"homepage_is_newtabpage":false,"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"9A6417B992690D12E6FE520E76DC0D6C5FF4CDDAC3DF5FA10F3FC82B8AA8BC0A"},"default_search_provider":{"keyword":"FB654BEB5E4D24715E1438CF466BDF3DC772524A24CD4042AF7260A13F20AE1D","name":"711FE600ECC4AA3ECBCB8B395749E252C88DD84A732E2B8D2341238E35895A36","search_url":"723BBDE975F32EB0B65831E3AC1D498100F25622F24B6CAD8A06E5F0F3043C77"},"extensions":{"settings":{"aapocclcgogkmnckokdopfmhonfmgoek":"9A0F96DCBC64659D5C4E325FAA0BACEA4897AE31415A9FB888EAB3665A443DBC","ahfgeienlihckogmohjhadlkjgocpleb":"A4889FD7B598161E7E2573043B88341F83C1009534322BC60B237FE81083325F","aohghmighlieiainnegkcijnfilokake":"8FCBCFFFA6B5142911762681AB99003FDA1D9C0210469691B27D6D0304A8E068","apdfllckaahabafndbhieahigkjlhalf":"7E778CEB3795C299601C78982EE20DD0DD35F634ECE8AF5F06DCC8A07612BC89","bepbmhgboaologfdajaanbcjmnhjmhfn":"6CB7A3E987E72DF05544B541BF85508014786DD8120420CE15C6ABCB1AF29F29","blpcfgokakmgnkcojhhkbfbldkacnbeo":"718DCD700A827054B8A900F27E50EFD4794271066F04F1B2C220CDAE83176684","coobgpohoikkiipiblmjeljniedjpjpf":"B4B10AF28421B58CDF42DEEF7ACAAF3BF4702F06FD16B184A3B66EE063677E02","eemcgdkfndhakfknompkggombfjjjeno":"AD0A1533AD9F4188DE88BB36BF9447E029EB6203114B5FE60604E86B06396F50","ennkphjdgehloodpbhlhldgbnhmacadg":"8161CD2EC1CA8BCDAFD4B4059FFD8A15D0321F6F7688C06AE59E23CDB79CA93C","fegekclkdhbnfdcmomlpegkkndgnmfmo":"8D43655258428D28A3CE1BAA5E1996A6DE342B0BA5215AF06B100B77A2C9C58D","felcaaldnbdncclmgdcncolpebgiejap":"98D452F48B70FC8F7A3E272D076AD6C8486186090F03F6F7999B93DCD968BF94","fijhlnmmmgflacagjecncpmpnhjieggk":"86408E060FD5CADD60F2542C5F37500EA6C9EB807495EC391DF0EDAD19D93B43","gfdkimpbcpahaombhbimeihdjnejgicl":"3CB50EC87FDDCE3F825F1BFF84C3D9F43208412289A8971A4B09B2C65F9CAC59","kmendfapggjehodndflmmgagdbamhnfd":"4F0EED47576B37408C63507EB817F0FE615E9E25E5F3A8F560DD134DFA5B7256","lccekmodgklaepjeofjdjpbminllajkg":"E6386E9053136D928245D1DF6A0EA8090B6D5ED61DDF7B5FE10DF4E120609B88","lkadffjmnaiokkdncgdlecdegajoiemi":"AE504F1407C7198FFE95F05481E4D379C631C6826131AB180C07B76C356F8C5F","mfehgcgbbipciphmccgaenjidiccnmng":"C522F5C6098CA1F74226FC2DCE74559EBF7142AEB5A73DE836E5B13E488D6201","mfffpogegjflfpflabcdkioaeobkgjik":"EA0AEE8A30A7E5DEE5AE0BD3C368705A8E5B028C8618F2FC1D436F5FE1CB8D4F","mgndgikekgjfcpckkfioiadnlibdjbkf":"FD4329136A307C3EC04135E5DDFE9966A84EFE9949614C77342440F5BF627771","mhjfbmdgcfjbbpaeojofohoefgiehjai":"9EC6F7981CC53C6B4BE36D69CC1CE4501052E0F496D1A617A62E49F618B67AE0","nbpagnldghgfoolbancepceaanlmhfmd":"A4E5E459A49350B93FA935B585B04AD09470116D62B9C906303ED356AA323334","neajdppkdcdipfabeoofebfddakdcjhd":"FC101AFABDCA02A2CE4932A7EF8C6ECA1A4CB7BD84FFFFF273CFE0E66275AD72","nkeimhogjdpnpccoofpliimaahmaaome":"6D9E494DA848315AC6B4EC8885839C3FCC89507479F046959549020219836969","nmmhkkegccagdldgiimedpiccmgmieda":"CD50D0FF6789205C7CFF3F214332064B8325731D7725E41F1103950F347DBABA","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"F31FF4EE9CC72F5981D4BEEB4D09140B5015EF47DA1CCFD8D2418DCDADE19B37","pjkljhegncpnkpknbcohdijeoejaedia":"3AE9D92E8E9277E636BB2D2B37D4E84F305B945A4157F1797E35B07ACD14C264"}},"google":{"services":{"account_id":"9A746A9CF6996811B244465C7890DF559D05415D16A7D48D819A75162A08F3DC","last_username":"F27C1E8D961B4902437B3CDDDA33F4A966A9DB6EC3119E02331BDF1298300E5E","username":"0097C28C07BED71C0E45FAA231094EC3A37711CACA93F571FF10626AF8617C75"}},"homepage_is_newtabpage":"9B701C2D52B145F5179993A1A4B95E1BC6D5A99B88E97779D2E8ECDCCEDD6C7F","pinned_tabs":"F295865D7C429D6D6AFC8189A98B1349ADEAF6A98E17E5A750228E98AF16CD7E","prefs":{"preference_reset_time":"49BFB0FA051FC048B63474D18AA70BB4FC7EB1A9532BD03EC627EC4EBB88F9EB"},"profile":{"reset_prompt_memento":"741318FC8F087ECAE6721B7D677619940F84702742B4CA5B0DD7CBDEE57C6173"},"safebrowsing":{"incidents_sent":"F3DEE6DFC9CEE5735DAD35FBB9D581D580FE680CB341C19A830A0376D95C777C"},"search_provider_overrides":"EFC2DBDA1E28B4A53BD3F63C0B5E4F58E5A497F09568C5107BA4F2E9493F75D2","session":{"restore_on_startup":"AD5A60C6AA4AF1886C5B947A73442B18B3E7292F559F81F4D0295F3311942F08","startup_urls":"64FCEE91E8DCFA28738766507799F5178538D77031B46956911175FBE713F484"},"software_reporter":{"prompt_reason":"BCF0D87D80B39FFE6565B2C8CF8C7752B047AF809246C4523556A3212829BDD9","prompt_seed":"BEF1267CB92353DD24757870F82D86F353F32630167105960568F44E5FDF68DB","prompt_version":"29C55D7FA4BA5215A6B3736BDEDA280F97632C4684EF0CE8CBB50A98BFF407EF"},"sync":{"remaining_rollback_tries":"1A96D691FE135EE194A8FE7A128D95614B268E1ADD08FCE2EE028F13C13976BE"}},"super_mac":"315EAA2B07CFCE31B0689FDC28311F7E29E001133C9297343AC926BB0F6BCD25"},"session":{"restore_on_startup":4,"startup_urls":[]}}
 
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
 
==== Deleting Registry Keys ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1ADB7B61769BD2D4B8721E72722C3805 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{16B7BDA1-B967-4D2D-8B27-E12727C28350} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\1ADB7B61769BD2D4B8721E72722C3805 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E deleted successfully
 
==== Empty IE Cache ======================
 
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
 
==== Empty FireFox Cache ======================
 
No FireFox Profiles found
 
==== Empty Chrome Cache ======================
 
C:\Users\Pam Honeysuckle\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
No Flash Cache Found
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=13 folders=8 2011363 bytes)
 
==== Empty Temp Folders ======================
 
C:\WINDOWS\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\WINDOWS\Temp successfully emptied
C:\Users\PAMHON~1\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== EOF on Sat 08/29/2015 at  8:53:20.97 ======================
 
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-08-2015
Ran by Pam Honeysuckle (administrator) on OFFICE (29-08-2015 09:16:03)
Running from C:\Users\Pam Honeysuckle\Desktop
Loaded Profiles: Pam Honeysuckle (Available Profiles: Pam Honeysuckle & Administrator)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(The Neat Company) C:\Program Files (x86)\Neat\exec\NeatStartupService.exe
() C:\Windows\System32\valWBFPolicyService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
(Microsoft Corporation) C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2015-03-07] (IDT, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-07-17] (Synaptics Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-19\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe [7805120 2015-07-10] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe [7805120 2015-07-10] (Microsoft Corporation)
HKU\S-1-5-21-468200526-3709930035-1514773469-1001\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1711680 2013-01-27] (CyberLink Corp.)
HKU\S-1-5-21-468200526-3709930035-1514773469-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-468200526-3709930035-1514773469-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-468200526-3709930035-1514773469-1001\...\Run: [OneDrive] => C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\OneDrive\OneDrive.exe [404064 2015-08-22] (Microsoft Corporation)
HKU\S-1-5-21-468200526-3709930035-1514773469-1001\...\RunOnce: [Uninstall C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-468200526-3709930035-1514773469-1001\...\RunOnce: [Uninstall C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\OneDrive\17.3.5892.0626] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\OneDrive\17.3.5892.0626"
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-468200526-3709930035-1514773469-1001 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-468200526-3709930035-1514773469-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4a0aa90c-50a5-4726-ba47-5a16e48ed6fd}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5f1cc87a-ffca-4f54-b2ac-d497d52b9361}: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-23] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-23] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll [2012-04-26] (Adobe Systems, Inc.)
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll [2012-08-10] ( HP)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-11] ()
 
Chrome: 
=======
CHR Profile: C:\Users\Pam Honeysuckle\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Pam Honeysuckle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-29]
CHR Extension: (Google Docs) - C:\Users\Pam Honeysuckle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-29]
CHR Extension: (Google Drive) - C:\Users\Pam Honeysuckle\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-29]
CHR Extension: (YouTube) - C:\Users\Pam Honeysuckle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-29]
CHR Extension: (Google Search) - C:\Users\Pam Honeysuckle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-29]
CHR Extension: (Website Logon) - C:\Users\Pam Honeysuckle\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo [2015-08-29]
CHR Extension: (Google Sheets) - C:\Users\Pam Honeysuckle\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-29]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Pam Honeysuckle\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Pam Honeysuckle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-29]
CHR Extension: (Gmail) - C:\Users\Pam Honeysuckle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-29]
CHR HKLM-x32\...\Chrome\Extension: [fegekclkdhbnfdcmomlpegkkndgnmfmo] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-07-12]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [326144 2015-07-10] (Microsoft Corporation)
S3 CDPSvc; C:\Windows\System32\CDPSvc.dll [134144 2015-07-10] (Microsoft Corporation)
R2 CoreMessagingRegistrar; C:\Windows\system32\coremessaging.dll [808856 2015-08-22] (Microsoft Corporation)
R2 CoreMessagingRegistrar; C:\Windows\SysWOW64\coremessaging.dll [510976 2015-08-22] (Microsoft Corporation)
S3 diagnosticshub.standardcollector.service; C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [27136 2015-07-10] (Microsoft Corporation)
S3 DmEnrollmentSvc; C:\Windows\system32\Windows.Internal.Management.dll [267776 2015-07-10] (Microsoft Corporation)
S3 DmEnrollmentSvc; C:\Windows\SysWOW64\Windows.Internal.Management.dll [193024 2015-07-10] (Microsoft Corporation)
S3 embeddedmode; C:\Windows\System32\embeddedmodesvc.dll [87040 2015-07-10] (Microsoft Corporation)
S3 EntAppSvc; C:\Windows\system32\EnterpriseAppMgmtSvc.dll [275456 2015-07-10] (Microsoft Corporation)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641320 2012-08-10] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
S3 icssvc; C:\Windows\System32\tetheringservice.dll [148992 2015-08-11] (Microsoft Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328608 2015-07-30] (Intel Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R3 lfsvc; C:\Windows\SysWOW64\lfsvc.dll [22528 2015-07-10] (Microsoft Corporation)
R3 LicenseManager; C:\Windows\system32\LicenseManagerSvc.dll [21504 2015-07-10] (Microsoft Corporation)
S2 MapsBroker; C:\Windows\System32\moshost.dll [62464 2015-07-10] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Neat Startup Service; C:\Program Files (x86)\Neat\exec\NeatStartupService.exe [25600 2015-01-16] (The Neat Company) [File not signed]
S2 OneSyncSvc; C:\Windows\System32\APHostService.dll [296960 2015-07-10] (Microsoft Corporation)
R2 OneSyncSvc_Session1; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
R2 OneSyncSvc_Session1; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
U2 OneSyncSvc_Session2; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
U2 OneSyncSvc_Session2; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
S3 PimIndexMaintenanceSvc; C:\Windows\System32\PimIndexMaintenance.dll [289280 2015-07-10] (Microsoft Corporation)
R3 PimIndexMaintenanceSvc_Session1; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
R3 PimIndexMaintenanceSvc_Session1; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_Session2; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_Session2; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
S3 RetailDemo; C:\Windows\system32\RDXService.dll [996352 2015-08-11] (Microsoft Corporation)
S3 SensorDataService; C:\Windows\System32\SensorDataService.exe [1031680 2015-08-22] (Microsoft Corporation)
R3 StateRepository; C:\Windows\system32\windows.staterepository.dll [2674176 2015-07-10] (Microsoft Corporation)
R3 StateRepository; C:\Windows\SysWOW64\windows.staterepository.dll [2049024 2015-07-10] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-07-17] (Synaptics Incorporated)
R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401256 2012-07-16] (AuthenTec, Inc.)
S3 UnistoreSvc; C:\Windows\System32\unistore.dll [1203200 2015-08-22] (Microsoft Corporation)
S3 UnistoreSvc; C:\Windows\SysWOW64\unistore.dll [925696 2015-08-22] (Microsoft Corporation)
R3 UnistoreSvc_Session1; C:\WINDOWS\System32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
R3 UnistoreSvc_Session1; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
U3 UnistoreSvc_Session2; C:\WINDOWS\System32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
U3 UnistoreSvc_Session2; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
S3 UserDataSvc; C:\Windows\System32\userdataservice.dll [1420288 2015-07-29] (Microsoft Corporation)
R3 UserDataSvc_Session1; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
R3 UserDataSvc_Session1; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
U3 UserDataSvc_Session2; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
U3 UserDataSvc_Session2; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-09-06] () [File not signed]
S3 vmicvmsession; C:\Windows\System32\ICSvc.dll [506880 2015-07-10] (Microsoft Corporation)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [84480 2015-08-22] (Microsoft Corporation)
S3 WalletService; C:\Windows\system32\WalletService.dll [504320 2015-07-10] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
S3 XblAuthManager; C:\Windows\System32\XblAuthManager.dll [918016 2015-07-10] (Microsoft Corporation)
S3 XblGameSave; C:\Windows\System32\XblGameSave.dll [1149440 2015-07-10] (Microsoft Corporation)
S3 XboxNetApiSvc; C:\Windows\system32\XboxNetApiSvc.dll [1019392 2015-07-10] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 CompositeBus; C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_98334ba6e76853ba\CompositeBus.sys [39936 2015-07-10] (Microsoft Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3436896 2015-07-10] (QLogic Corporation)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2015-03-04] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2015-03-04] (Symantec Corporation)
R1 FileCrypt; C:\Windows\System32\drivers\filecrypt.sys [83968 2015-07-10] (Microsoft Corporation)
S3 genericusbfn; C:\Windows\System32\drivers\genericusbfn.sys [20992 2015-07-10] (Microsoft Corporation)
R1 GpuEnergyDrv; C:\Windows\System32\drivers\gpuenergydrv.sys [8192 2015-07-10] (Microsoft Corporation)
S3 ibbus; C:\Windows\System32\drivers\ibbus.sys [424800 2015-07-10] (Mellanox)
S3 IoQos; C:\Windows\System32\drivers\ioqos.sys [26624 2015-07-10] (Microsoft Corporation)
S0 LSI_SAS3i; C:\Windows\System32\drivers\lsi_sas3i.sys [99168 2015-07-10] (Avago Technologies)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-29] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
S3 mlx4_bus; C:\Windows\System32\drivers\mlx4_bus.sys [705376 2015-07-10] (Mellanox)
S3 ndfltr; C:\Windows\System32\drivers\ndfltr.sys [76128 2015-07-10] (Mellanox)
R3 netr28x; C:\Windows\system32\DRIVERS\netr28x.sys [2554528 2015-06-12] (MediaTek Inc.)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek                                            )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-07-17] (Synaptics Incorporated)
R2 storqosflt; C:\Windows\System32\drivers\storqosflt.sys [61952 2015-07-10] (Microsoft Corporation)
R3 swenum; C:\Windows\System32\DriverStore\FileRepository\swenum.inf_amd64_2a699e44676b7781\swenum.sys [17760 2015-07-10] (Microsoft Corporation)
S3 UcmCx0101; C:\Windows\System32\Drivers\UcmCx.sys [61952 2015-07-10] (Microsoft Corporation)
S3 UcmUcsi; C:\Windows\System32\drivers\UcmUcsi.sys [46080 2015-08-22] (Microsoft Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
R0 WindowsTrustedRT; C:\Windows\System32\drivers\WindowsTrustedRT.sys [106520 2015-07-10] (Microsoft Corporation)
R0 WindowsTrustedRTProxy; C:\Windows\System32\drivers\WindowsTrustedRTProxy.sys [17944 2015-07-10] (Microsoft Corporation)
S3 WinMad; C:\Windows\System32\drivers\winmad.sys [26976 2015-07-10] (Mellanox)
S3 WinVerbs; C:\Windows\System32\drivers\winverbs.sys [59232 2015-07-10] (Mellanox)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-06-27] (Hewlett-Packard Development Company, L.P.)
S3 xboxgip; C:\Windows\System32\drivers\xboxgip.sys [222720 2015-07-10] (Microsoft Corporation)
S3 xinputhid; C:\Windows\System32\drivers\xinputhid.sys [25600 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-29 09:14 - 2015-08-29 09:14 - 00003988 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-29 09:14 - 2015-08-29 09:14 - 00003756 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-29 09:14 - 2015-08-29 09:14 - 00002332 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-29 09:14 - 2015-08-29 09:14 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-29 09:14 - 2015-08-29 09:14 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-29 09:14 - 2015-08-29 09:13 - 00929360 _____ (Google Inc.) C:\Users\Pam Honeysuckle\Desktop\ChromeSetup.exe
2015-08-29 09:03 - 2015-08-29 09:03 - 00016148 _____ C:\WINDOWS\system32\OFFICE_Pam Honeysuckle_HistoryPrediction.bin
2015-08-29 08:57 - 2015-08-29 08:57 - 00000000 ___HD C:\OneDriveTemp
2015-08-29 08:55 - 2015-08-29 08:55 - 00014124 _____ C:\Users\Pam Honeysuckle\Desktop\zoek-results.txt
2015-08-29 08:52 - 2015-08-29 08:52 - 00000008 __RSH C:\ProgramData\ntuser.pol
2015-08-29 08:52 - 2015-08-29 08:52 - 00000000 ____D C:\ProgramData\Validity
2015-08-29 08:46 - 2015-08-29 08:35 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2015-08-29 08:36 - 2015-08-29 08:53 - 00014124 _____ C:\zoek-results.log
2015-08-29 08:35 - 2015-08-29 08:44 - 00000000 ____D C:\zoek_backup
2015-08-29 08:27 - 2015-08-29 08:15 - 01308672 _____ C:\Users\Pam Honeysuckle\Desktop\zoek.exe
2015-08-29 08:07 - 2015-08-29 08:07 - 00531511 _____ C:\Users\Pam Honeysuckle\Desktop\requested-files[2015-08-29_08_07].cab
2015-08-29 08:06 - 2015-08-29 08:06 - 00000000 ____D C:\Users\Pam Honeysuckle\Desktop\sfp
2015-08-29 08:06 - 2015-08-29 07:52 - 00264875 _____ C:\Users\Pam Honeysuckle\Desktop\sfp.zip
2015-08-27 21:28 - 2015-08-27 21:28 - 00043184 _____ C:\Users\Pam Honeysuckle\Desktop\Addition.txt
2015-08-27 21:26 - 2015-08-29 09:16 - 00023056 _____ C:\Users\Pam Honeysuckle\Desktop\FRST.txt
2015-08-27 21:26 - 2015-08-27 21:07 - 02186752 _____ (Farbar) C:\Users\Pam Honeysuckle\Desktop\FRST64.exe
2015-08-27 21:17 - 2015-08-29 09:16 - 00000000 ____D C:\FRST
2015-08-27 21:14 - 2015-08-27 21:14 - 00002658 _____ C:\Users\Pam Honeysuckle\Desktop\JRT.txt
2015-08-27 21:10 - 2015-08-27 21:07 - 01798560 _____ (Malwarebytes Corporation) C:\Users\Pam Honeysuckle\Desktop\JRT.exe
2015-08-27 21:02 - 2015-08-20 01:07 - 08019296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-08-27 21:02 - 2015-08-20 01:06 - 00609592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-08-27 21:02 - 2015-08-20 01:02 - 22324656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-08-27 21:02 - 2015-08-20 00:57 - 00077400 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-08-27 21:02 - 2015-08-20 00:26 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-08-27 21:02 - 2015-08-20 00:21 - 21875200 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-08-27 21:02 - 2015-08-20 00:21 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2015-08-27 21:02 - 2015-08-20 00:16 - 20857848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-08-27 21:02 - 2015-08-20 00:13 - 02235904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-08-27 21:02 - 2015-08-19 23:31 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-08-27 21:02 - 2015-08-18 02:56 - 02498808 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-27 21:02 - 2015-08-18 02:55 - 00373072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-08-27 21:02 - 2015-08-18 02:54 - 01396064 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-08-27 21:02 - 2015-08-18 02:27 - 01771592 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-08-27 21:02 - 2015-08-18 02:24 - 00963920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-08-27 21:02 - 2015-08-18 02:13 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2015-08-27 21:02 - 2015-08-18 02:13 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2015-08-27 21:02 - 2015-08-18 02:12 - 02225664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-08-27 21:02 - 2015-08-18 02:07 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-08-27 21:02 - 2015-08-18 02:04 - 01234944 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2015-08-27 21:02 - 2015-08-18 02:04 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-08-27 21:02 - 2015-08-18 01:59 - 01294336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcnwiz.dll
2015-08-27 21:02 - 2015-08-18 01:59 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2015-08-27 21:02 - 2015-08-18 01:58 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-08-27 21:02 - 2015-08-18 01:58 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWCN.dll
2015-08-27 21:02 - 2015-08-18 01:58 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWCN.dll
2015-08-27 21:02 - 2015-08-18 01:58 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnNetsh.dll
2015-08-27 21:02 - 2015-08-18 01:57 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2015-08-27 21:02 - 2015-08-18 01:56 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2015-08-27 21:02 - 2015-08-18 01:55 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-08-27 21:02 - 2015-08-18 01:54 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2015-08-27 21:02 - 2015-08-18 01:54 - 00247296 _____ C:\WINDOWS\system32\facecredentialprovider.dll
2015-08-27 21:02 - 2015-08-18 01:52 - 01888768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-08-27 21:02 - 2015-08-18 01:50 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-08-27 21:02 - 2015-08-18 01:49 - 01061888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2015-08-27 21:02 - 2015-08-18 01:49 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2015-08-27 21:02 - 2015-08-18 01:49 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2015-08-27 21:02 - 2015-08-18 01:36 - 01226752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcnwiz.dll
2015-08-27 21:02 - 2015-08-18 01:35 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2015-08-27 21:02 - 2015-08-18 01:35 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWCN.dll
2015-08-27 21:02 - 2015-08-18 01:34 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2015-08-27 21:02 - 2015-08-18 01:29 - 01593344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-08-27 21:02 - 2015-08-18 01:26 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2015-08-27 21:02 - 2015-08-17 23:44 - 00008847 _____ C:\WINDOWS\system32\ResPriHMImageList
2015-08-27 20:59 - 2015-08-27 20:59 - 00001191 _____ C:\Users\Pam Honeysuckle\Desktop\AdwCleaner[C4].txt
2015-08-27 20:43 - 2015-08-23 18:21 - 01605632 _____ C:\Users\Pam Honeysuckle\Desktop\AdwCleaner.exe
2015-08-23 19:58 - 2015-08-23 19:58 - 00000000 ____D C:\Avenger
2015-08-23 19:46 - 2015-08-23 19:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-23 19:45 - 2015-08-23 19:45 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-23 19:45 - 2015-08-23 19:45 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-23 19:08 - 2015-08-29 09:03 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-08-23 19:07 - 2015-08-23 19:07 - 00001171 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-23 19:07 - 2015-08-23 19:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-23 19:06 - 2015-08-23 19:07 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-23 19:06 - 2015-08-23 19:06 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-23 19:06 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-08-23 19:06 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-08-23 19:06 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-08-23 19:03 - 2015-08-23 19:06 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Pam Honeysuckle\Downloads\mbam-setup-2.1.8.1057.exe
2015-08-23 19:02 - 2015-08-29 08:44 - 00000000 ____D C:\Users\Pam Honeysuckle\AppData\Local\Lavasoft
2015-08-23 19:01 - 2015-08-23 19:01 - 00000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-08-23 18:52 - 2015-08-23 18:52 - 00065536 _____ C:\WINDOWS\system32\edbtmp.log
2015-08-23 18:52 - 2015-08-23 18:52 - 00065536 _____ C:\WINDOWS\system32\edbres00002.jrs
2015-08-23 18:52 - 2015-08-23 18:52 - 00065536 _____ C:\WINDOWS\system32\edbres00001.jrs
2015-08-23 18:52 - 2015-08-23 18:52 - 00065536 _____ C:\WINDOWS\system32\edb.log
2015-08-23 18:52 - 2015-08-23 18:52 - 00008192 _____ C:\WINDOWS\system32\edb.chk
2015-08-23 18:24 - 2015-08-27 20:45 - 00000000 ____D C:\AdwCleaner
2015-08-23 18:07 - 2015-08-23 18:07 - 00000000 ____D C:\WINDOWS\pss
2015-08-23 09:12 - 2015-08-29 08:21 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-08-23 09:12 - 2015-08-23 09:12 - 00003806 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-08-23 09:11 - 2013-08-22 08:25 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2015-08-23 09:08 - 2015-08-23 09:08 - 00000003 _____ C:\Users\Pam Honeysuckle\Downloads\2.txt
2015-08-23 09:08 - 2015-08-23 09:08 - 00000003 _____ C:\Users\Pam Honeysuckle\Downloads\1.txt
2015-08-23 08:14 - 2015-08-23 08:14 - 00002050 _____ C:\Users\Public\Desktop\Google  Chrome.lnk
2015-08-22 18:38 - 2015-08-22 18:38 - 00000516 _____ C:\Users\Pam Honeysuckle\Downloads\document (7)
2015-08-22 16:34 - 2015-08-22 16:34 - 00000000 ____D C:\WINDOWS\PCHEALTH
2015-08-22 12:11 - 2015-08-22 12:11 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2015-08-22 11:42 - 2015-08-12 23:33 - 24593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-08-22 11:42 - 2015-08-12 23:22 - 02093056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2015-08-22 11:42 - 2015-08-12 23:07 - 19323392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-08-22 11:42 - 2015-08-11 05:04 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-08-22 11:42 - 2015-08-11 05:04 - 02462648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-08-22 11:42 - 2015-08-11 05:04 - 01087296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-08-22 11:42 - 2015-08-11 05:02 - 00554744 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2015-08-22 11:42 - 2015-08-11 05:02 - 00292856 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2015-08-22 11:42 - 2015-08-11 04:57 - 03622256 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-08-22 11:42 - 2015-08-11 04:52 - 00993104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2015-08-22 11:42 - 2015-08-11 04:50 - 01643872 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-08-22 11:42 - 2015-08-11 04:40 - 04048808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-08-22 11:42 - 2015-08-11 04:40 - 02151208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-08-22 11:42 - 2015-08-11 04:40 - 00918320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-08-22 11:42 - 2015-08-11 04:38 - 00454000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2015-08-22 11:42 - 2015-08-11 04:37 - 00243800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2015-08-22 11:42 - 2015-08-11 04:31 - 02880032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-08-22 11:42 - 2015-08-11 04:23 - 16706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-08-22 11:42 - 2015-08-11 04:19 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2015-08-22 11:42 - 2015-08-11 04:16 - 02416640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-08-22 11:42 - 2015-08-11 04:14 - 00404480 _____ C:\WINDOWS\system32\diagtrack_wininternal.dll
2015-08-22 11:42 - 2015-08-11 04:13 - 00413184 _____ C:\WINDOWS\system32\diagtrack_win.dll
2015-08-22 11:42 - 2015-08-11 04:11 - 02446336 _____ C:\WINDOWS\system32\InputService.dll
2015-08-22 11:42 - 2015-08-11 04:10 - 00778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-08-22 11:42 - 2015-08-11 04:10 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-22 11:42 - 2015-08-11 04:10 - 00293376 _____ C:\WINDOWS\system32\TextInputFramework.dll
2015-08-22 11:42 - 2015-08-11 04:08 - 00893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2015-08-22 11:42 - 2015-08-11 04:08 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-08-22 11:42 - 2015-08-11 04:07 - 01178112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-08-22 11:42 - 2015-08-11 04:07 - 00593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-08-22 11:42 - 2015-08-11 04:06 - 07523328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-08-22 11:42 - 2015-08-11 04:06 - 02662400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2015-08-22 11:42 - 2015-08-11 04:05 - 03527168 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-08-22 11:42 - 2015-08-11 04:05 - 00996352 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-08-22 11:42 - 2015-08-11 04:05 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPermissions.dll
2015-08-22 11:42 - 2015-08-11 04:03 - 02558976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-08-22 11:42 - 2015-08-11 04:02 - 03588096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-08-22 11:42 - 2015-08-11 04:01 - 01334784 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-08-22 11:42 - 2015-08-11 03:59 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-08-22 11:42 - 2015-08-11 03:57 - 13024768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-08-22 11:42 - 2015-08-11 03:51 - 01916928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-08-22 11:42 - 2015-08-11 03:51 - 01823232 _____ C:\WINDOWS\SysWOW64\InputService.dll
2015-08-22 11:42 - 2015-08-11 03:49 - 00586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2015-08-22 11:42 - 2015-08-11 03:49 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-22 11:42 - 2015-08-11 03:47 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-08-22 11:42 - 2015-08-11 03:45 - 01820672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2015-08-22 11:42 - 2015-08-11 03:43 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-08-22 11:42 - 2015-08-11 03:42 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-08-22 11:42 - 2015-08-11 03:40 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-08-22 11:42 - 2015-08-11 03:40 - 01112064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-08-22 11:42 - 2015-08-08 02:19 - 00608936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-08-22 11:42 - 2015-08-08 01:48 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-08-22 11:42 - 2015-08-08 01:40 - 00365056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-08-22 11:42 - 2015-08-08 01:24 - 02415104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-08-22 11:42 - 2015-08-08 01:24 - 01679360 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-08-22 11:42 - 2015-08-08 01:15 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-08-22 11:42 - 2015-08-08 01:00 - 01985024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-08-22 11:42 - 2015-08-05 22:17 - 00237392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdyboost.sys
2015-08-22 11:42 - 2015-08-05 22:17 - 00200528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2015-08-22 11:42 - 2015-08-05 21:22 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2015-08-22 11:42 - 2015-08-04 23:49 - 00783112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2015-08-22 11:42 - 2015-08-04 23:29 - 00644128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2015-08-22 11:42 - 2015-08-04 23:00 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2015-08-22 11:42 - 2015-08-04 22:54 - 01274880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-08-22 11:42 - 2015-08-04 22:47 - 01383424 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-08-22 11:42 - 2015-08-04 22:39 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenter.dll
2015-08-22 11:42 - 2015-08-03 23:07 - 00102752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2015-08-22 11:42 - 2015-08-03 23:06 - 00583128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-08-22 11:42 - 2015-08-03 22:23 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2015-08-22 11:42 - 2015-08-03 21:59 - 01212416 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2015-08-22 11:42 - 2015-08-03 21:47 - 00898560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2015-08-22 11:42 - 2015-08-02 21:32 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2015-08-22 11:42 - 2015-08-02 21:28 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2015-08-22 11:42 - 2015-08-02 21:19 - 00505696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2015-08-22 11:42 - 2015-08-02 21:19 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2015-08-22 11:42 - 2015-08-02 21:18 - 08613200 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2015-08-22 11:42 - 2015-08-02 21:18 - 01983840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2015-08-22 11:42 - 2015-08-02 21:17 - 00516960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-08-22 11:42 - 2015-08-02 21:12 - 00801632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2015-08-22 11:42 - 2015-08-02 20:56 - 06878256 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2015-08-22 11:42 - 2015-08-02 20:49 - 00700256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2015-08-22 11:42 - 2015-08-02 20:30 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_UserAccount.dll
2015-08-22 11:42 - 2015-08-02 20:24 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2015-08-22 11:42 - 2015-08-02 20:24 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2015-08-22 11:42 - 2015-08-02 20:23 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2015-08-22 11:42 - 2015-08-02 20:22 - 01601536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2015-08-22 11:42 - 2015-08-02 20:22 - 01008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-08-22 11:42 - 2015-08-02 20:22 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2015-08-22 11:42 - 2015-08-02 20:18 - 12503552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-08-22 11:42 - 2015-08-02 20:18 - 03780096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-08-22 11:42 - 2015-08-02 20:18 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2015-08-22 11:42 - 2015-08-02 20:18 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkStatus.dll
2015-08-22 11:42 - 2015-08-02 20:15 - 00595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2015-08-22 11:42 - 2015-08-02 20:15 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Desktop.dll
2015-08-22 11:42 - 2015-08-02 20:15 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2015-08-22 11:42 - 2015-08-02 20:14 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2015-08-22 11:42 - 2015-08-02 20:12 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2015-08-22 11:42 - 2015-08-02 20:12 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2015-08-22 11:42 - 2015-08-02 20:11 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfuimanager.dll
2015-08-22 11:42 - 2015-08-02 20:10 - 01162240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2015-08-22 11:42 - 2015-08-02 20:03 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2015-08-22 11:42 - 2015-08-02 20:02 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2015-08-22 11:42 - 2015-08-02 20:01 - 11262464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-08-22 11:42 - 2015-08-02 19:59 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfuimanager.dll
2015-08-22 11:42 - 2015-07-30 01:24 - 01561872 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2015-08-22 11:42 - 2015-07-30 01:23 - 00527952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-08-22 11:42 - 2015-07-30 01:21 - 00816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2015-08-22 11:42 - 2015-07-30 01:17 - 01200400 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-08-22 11:42 - 2015-07-30 01:17 - 01025840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2015-08-22 11:42 - 2015-07-30 01:16 - 02147080 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2015-08-22 11:42 - 2015-07-30 01:15 - 00632168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2015-08-22 11:42 - 2015-07-30 01:14 - 00333168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2015-08-22 11:42 - 2015-07-30 01:09 - 01562968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2015-08-22 11:42 - 2015-07-30 01:06 - 01043872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-08-22 11:42 - 2015-07-30 01:05 - 00501008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-08-22 11:42 - 2015-07-30 01:03 - 02116448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-08-22 11:42 - 2015-07-30 00:24 - 00252768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2015-08-22 11:42 - 2015-07-29 23:29 - 00705520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-08-22 11:42 - 2015-07-29 23:26 - 01867160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2015-08-22 11:42 - 2015-07-29 23:26 - 00877016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-08-22 11:42 - 2015-07-29 23:25 - 01356368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2015-08-22 11:42 - 2015-07-29 23:25 - 00713312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2015-08-22 11:42 - 2015-07-29 23:24 - 00445240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-08-22 11:42 - 2015-07-29 23:24 - 00407616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-08-22 11:42 - 2015-07-29 23:24 - 00285632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2015-08-22 11:42 - 2015-07-29 23:22 - 00507696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2015-08-22 11:42 - 2015-07-29 23:12 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2015-08-22 11:42 - 2015-07-29 23:12 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-08-22 11:42 - 2015-07-29 23:08 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-08-22 11:42 - 2015-07-29 23:08 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2015-08-22 11:42 - 2015-07-29 22:59 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-08-22 11:42 - 2015-07-29 22:52 - 00521216 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2015-08-22 11:42 - 2015-07-29 22:52 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2015-08-22 11:42 - 2015-07-29 22:49 - 11557888 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2015-08-22 11:42 - 2015-07-29 22:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2015-08-22 11:42 - 2015-07-29 22:46 - 00487424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2015-08-22 11:42 - 2015-07-29 22:46 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-08-22 11:42 - 2015-07-29 22:44 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-08-22 11:42 - 2015-07-29 22:44 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2015-08-22 11:42 - 2015-07-29 22:42 - 00518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2015-08-22 11:42 - 2015-07-29 22:41 - 00407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2015-08-22 11:42 - 2015-07-29 22:41 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2015-08-22 11:42 - 2015-07-29 22:40 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2015-08-22 11:42 - 2015-07-29 22:38 - 01420288 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2015-08-22 11:42 - 2015-07-29 22:34 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2015-08-22 11:42 - 2015-07-29 22:29 - 00654848 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2015-08-22 11:42 - 2015-07-29 22:15 - 09889792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2015-08-22 11:42 - 2015-07-29 22:06 - 00373248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2015-08-22 11:42 - 2015-07-29 22:04 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2015-08-22 11:42 - 2015-07-29 22:04 - 00335360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2015-08-22 11:42 - 2015-07-29 21:59 - 00473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2015-08-22 11:42 - 2015-07-29 21:58 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2015-08-22 11:41 - 2015-08-12 23:20 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2015-08-22 11:41 - 2015-08-12 22:53 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2015-08-22 11:41 - 2015-08-11 05:03 - 00442208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2015-08-22 11:41 - 2015-08-11 05:02 - 00080720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2015-08-22 11:41 - 2015-08-11 04:26 - 00845664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2015-08-22 11:41 - 2015-08-11 04:21 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-08-22 11:41 - 2015-08-11 04:21 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2015-08-22 11:41 - 2015-08-11 04:20 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2015-08-22 11:41 - 2015-08-11 04:18 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2015-08-22 11:41 - 2015-08-11 04:11 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2015-08-22 11:41 - 2015-08-11 04:09 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2015-08-22 11:41 - 2015-08-11 04:07 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeParserTask.exe
2015-08-22 11:41 - 2015-08-11 04:05 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll
2015-08-22 11:41 - 2015-08-11 04:05 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2015-08-22 11:41 - 2015-08-11 04:05 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2015-08-22 11:41 - 2015-08-11 04:02 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-08-22 11:41 - 2015-08-11 04:02 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2015-08-22 11:41 - 2015-08-11 04:00 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-08-22 11:41 - 2015-08-11 04:00 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll
2015-08-22 11:41 - 2015-08-11 03:59 - 00642560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2015-08-22 11:41 - 2015-08-11 03:59 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2015-08-22 11:41 - 2015-08-11 03:59 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tetheringclient.dll
2015-08-22 11:41 - 2015-08-11 03:58 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2015-08-22 11:41 - 2015-08-11 03:57 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2015-08-22 11:41 - 2015-08-11 03:50 - 00420352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2015-08-22 11:41 - 2015-08-11 03:50 - 00200704 _____ C:\WINDOWS\SysWOW64\TextInputFramework.dll
2015-08-22 11:41 - 2015-08-11 03:50 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2015-08-22 11:41 - 2015-08-11 03:48 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2015-08-22 11:41 - 2015-08-11 03:39 - 00280576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-08-22 11:41 - 2015-08-11 03:38 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReInfo.dll
2015-08-22 11:41 - 2015-08-08 02:29 - 01822280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-08-22 11:41 - 2015-08-08 02:01 - 01533496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-08-22 11:41 - 2015-08-03 23:06 - 00243248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-08-22 11:41 - 2015-08-02 21:18 - 00594472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2015-08-22 11:41 - 2015-08-02 21:18 - 00046432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpiowin32.sys
2015-08-22 11:41 - 2015-08-02 21:17 - 00052264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wpcfltr.sys
2015-08-22 11:41 - 2015-08-02 20:31 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2015-08-22 11:41 - 2015-08-02 20:24 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModelShim.dll
2015-08-22 11:41 - 2015-08-02 20:21 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
2015-08-22 11:41 - 2015-08-02 20:19 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2015-08-22 11:41 - 2015-08-02 20:19 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2015-08-22 11:41 - 2015-08-02 20:15 - 01290752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2015-08-22 11:41 - 2015-08-02 20:15 - 00384000 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2015-08-22 11:41 - 2015-08-02 20:06 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2015-08-22 11:41 - 2015-08-02 20:02 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2015-08-22 11:41 - 2015-07-29 23:22 - 00896144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2015-08-22 11:41 - 2015-07-29 23:09 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2015-08-22 11:41 - 2015-07-29 22:45 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2015-08-22 11:41 - 2015-07-29 22:45 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tunnel.sys
2015-08-22 11:41 - 2015-07-29 22:44 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2015-08-22 11:41 - 2015-07-29 22:44 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-08-22 11:41 - 2015-07-29 22:44 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\VoiceActivationManager.dll
2015-08-22 11:41 - 2015-07-29 22:38 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2015-08-22 11:41 - 2015-07-29 22:07 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2015-08-22 11:41 - 2015-07-29 22:06 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2015-08-22 11:41 - 2015-07-29 22:06 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VoiceActivationManager.dll
2015-08-22 10:08 - 2015-08-22 11:18 - 00000000 ____D C:\Users\Pam Honeysuckle\AppData\Local\MicrosoftEdge
2015-08-22 09:48 - 2015-08-22 09:48 - 00000000 ____D C:\Users\Pam Honeysuckle\AppData\Local\Publishers
2015-08-22 09:32 - 2015-08-22 09:32 - 00002364 _____ C:\Users\Pam Honeysuckle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-08-22 09:31 - 2015-08-22 09:31 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2015-08-22 09:27 - 2015-08-22 09:29 - 00000000 ____D C:\Users\Pam Honeysuckle\AppData\Local\Comms
2015-08-22 09:26 - 2015-08-22 09:26 - 00000020 ___SH C:\Users\Pam Honeysuckle\ntuser.ini
2015-08-22 09:26 - 2015-08-22 09:26 - 00000000 ____D C:\Users\Pam Honeysuckle\AppData\Local\TileDataLayer
2015-08-22 06:31 - 2015-08-22 09:26 - 00000000 ___DC C:\WINDOWS\Panther
2015-08-22 06:31 - 2015-08-22 03:38 - 00000000 __SHD C:\Recovery
2015-08-22 06:23 - 2015-08-22 06:23 - 00000000 ____D C:\Windows.old
2015-08-22 06:21 - 2015-08-22 06:21 - 14241792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 12589056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 07569408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 07051264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 06488312 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 06305792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 06101504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 05118024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 05076480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 04791296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 04760576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 04611584 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 04398080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 04350464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 04169728 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 03687936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 03579904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 03443200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 03362816 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 03248640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 02741760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 02646528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 02606080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 02207744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 02112512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 01773056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 01611264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 01591856 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 01521664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 01418240 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2015-08-22 06:21 - 2015-08-22 06:21 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 01411072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 01365072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 01294352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-08-22 06:21 - 2015-08-22 06:21 - 01203200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 01203200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 01201664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 01169408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 01168736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-08-22 06:21 - 2015-08-22 06:21 - 01135312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2015-08-22 06:21 - 2015-08-22 06:21 - 01123400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-08-22 06:21 - 2015-08-22 06:21 - 01101792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 01067520 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 01043968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 01031680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorDataService.exe
2015-08-22 06:21 - 2015-08-22 06:21 - 01018568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-08-22 06:21 - 2015-08-22 06:21 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2015-08-22 06:21 - 2015-08-22 06:21 - 00966424 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00934752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2015-08-22 06:21 - 2015-08-22 06:21 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00902656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-08-22 06:21 - 2015-08-22 06:21 - 00872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00858408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-08-22 06:21 - 2015-08-22 06:21 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Import.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00823336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00808856 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpccpl.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00783872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00762896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00750592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-08-22 06:21 - 2015-08-22 06:21 - 00695136 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00680448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00679424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00677888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00658568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00630160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00601344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-08-22 06:21 - 2015-08-22 06:21 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00589824 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efscore.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00578048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-08-22 06:21 - 2015-08-22 06:21 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Import.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00569344 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00565088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2015-08-22 06:21 - 2015-08-22 06:21 - 00542720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00521568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2015-08-22 06:21 - 2015-08-22 06:21 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00505344 _____ C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00498016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-08-22 06:21 - 2015-08-22 06:21 - 00485888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00430592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcomapi.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00425824 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2015-08-22 06:21 - 2015-08-22 06:21 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00343040 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2015-08-22 06:21 - 2015-08-22 06:21 - 00335248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00325984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2015-08-22 06:21 - 2015-08-22 06:21 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00303616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemcpl.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00290312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2015-08-22 06:21 - 2015-08-22 06:21 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\systemcpl.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2015-08-22 06:21 - 2015-08-22 06:21 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00265480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00263168 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00251392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicesFlowBroker.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00208736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumsvc.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\OmaDmAgent.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00191488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReInfo.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00181088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SignInOptions.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00179200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumsvc.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2015-08-22 06:21 - 2015-08-22 06:21 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Privacy.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabSvc.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2015-08-22 06:21 - 2015-08-22 06:21 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2015-08-22 06:21 - 2015-08-22 06:21 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00097128 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcd.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\spbcd.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00082616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcd.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spbcd.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.ProxyStub.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2015-08-22 06:21 - 2015-08-22 06:21 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2015-08-22 06:21 - 2015-08-22 06:21 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\unenrollhook.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00061280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2015-08-22 06:21 - 2015-08-22 06:21 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.OneCore.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2015-08-22 06:21 - 2015-08-22 06:21 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.PAL.Desktop.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmprc.exe
2015-08-22 06:21 - 2015-08-22 06:21 - 00046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2015-08-22 06:21 - 2015-08-22 06:21 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00032768 _____ C:\WINDOWS\system32\LicenseManagerApi.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe
2015-08-22 06:21 - 2015-08-22 06:21 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe
2015-08-22 06:18 - 2015-08-22 06:18 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2015-08-22 06:16 - 2015-08-22 06:16 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-08-22 06:16 - 2015-08-22 06:16 - 00000000 ____D C:\Program Files\MSBuild
2015-08-22 06:16 - 2015-08-22 06:16 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2015-08-22 06:16 - 2015-08-22 06:16 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-08-22 06:16 - 2015-08-22 06:16 - 00000000 ____D C:\inetpub
2015-08-22 06:15 - 2015-06-17 21:10 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-08-22 06:15 - 2015-06-17 21:10 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-22 06:15 - 2015-06-17 21:10 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-08-22 06:15 - 2015-05-30 00:07 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-08-22 06:15 - 2015-05-30 00:07 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-22 06:15 - 2015-05-30 00:07 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-08-22 03:55 - 2015-07-10 05:59 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2015-08-22 03:48 - 2015-08-22 03:48 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-08-22 03:48 - 2015-08-22 03:48 - 00000000 ____D C:\Users\Default\Documents\hp.system.package.metadata
2015-08-22 03:48 - 2015-08-22 03:48 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2015-08-22 03:48 - 2015-08-22 03:48 - 00000000 ____D C:\Users\Default User\Documents\hp.system.package.metadata
2015-08-22 03:48 - 2015-08-22 03:48 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2015-08-22 03:42 - 2015-08-22 03:42 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2015-08-22 03:40 - 2015-08-29 07:48 - 00000000 ____D C:\Users\Pam Honeysuckle
2015-08-22 03:40 - 2015-08-23 15:12 - 00000000 ___RD C:\Users\Pam Honeysuckle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-22 03:40 - 2015-08-22 03:59 - 00000000 ____D C:\Users\Administrator
2015-08-22 03:40 - 2015-08-22 03:41 - 00000000 ___RD C:\Users\Pam Honeysuckle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-22 03:40 - 2015-08-22 03:41 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-22 03:40 - 2015-07-10 06:04 - 00000000 __RSD C:\Users\Pam Honeysuckle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-08-22 03:40 - 2015-07-10 06:04 - 00000000 __RSD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-08-22 03:40 - 2015-07-10 06:04 - 00000000 ___RD C:\Users\Pam Honeysuckle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-08-22 03:40 - 2015-07-10 06:04 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-22 03:40 - 2015-07-10 06:04 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-08-22 03:40 - 2015-07-10 06:04 - 00000000 ____D C:\Users\Pam Honeysuckle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-08-22 03:40 - 2015-07-10 06:04 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-08-22 03:39 - 2015-08-29 07:58 - 00968010 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-22 03:39 - 2015-08-22 03:39 - 00925184 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2015-08-22 03:38 - 2015-08-22 03:42 - 00011587 _____ C:\WINDOWS\iis.log
2015-08-22 03:36 - 2015-08-22 03:51 - 00000000 ____D C:\Program Files\IDT
2015-08-22 03:36 - 2015-08-22 03:36 - 00001707 _____ C:\WINDOWS\system32\RaCoInst.log
2015-08-22 03:36 - 2015-08-22 03:36 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2015-08-22 03:36 - 2015-08-22 03:36 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2015-08-22 03:36 - 2015-03-07 10:54 - 07986176 _____ (IDT, Inc.) C:\WINDOWS\system32\IDTNGUI.exe
2015-08-22 03:36 - 2015-03-07 10:54 - 07712768 _____ (IDT, Inc.) C:\WINDOWS\system32\IDTNHP.dll
2015-08-22 03:36 - 2015-03-07 10:54 - 06085632 _____ (IDT, Inc.) C:\WINDOWS\system32\stlang64.dll
2015-08-22 03:36 - 2015-03-07 10:54 - 02213376 _____ (IDT, Inc.) C:\WINDOWS\system32\IDTNX.dll
2015-08-22 03:36 - 2015-03-07 10:54 - 01821184 _____ (IDT, Inc.) C:\WINDOWS\system32\IDTNC64.cpl
2015-08-22 03:36 - 2015-03-07 10:54 - 01664000 _____ (IDT, Inc.) C:\WINDOWS\sttray64.exe
2015-08-22 03:36 - 2015-03-07 10:54 - 00464384 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\slapoi64.dll
2015-08-22 03:36 - 2015-03-07 10:54 - 00253952 _____ (IDT, Inc.) C:\WINDOWS\system32\IDTNJ.exe
2015-08-22 03:36 - 2015-03-07 10:54 - 00224256 _____ (IDT, Inc.) C:\WINDOWS\system32\HPToneCtrls64.dll
2015-08-22 03:36 - 2015-03-07 10:54 - 00042482 _____ C:\WINDOWS\system32\Balen&Yeats_dv7.xml
2015-08-22 03:35 - 2015-08-22 03:42 - 00000000 ____D C:\Program Files\Intel
2015-08-22 03:35 - 2015-08-22 03:35 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2015-08-22 03:35 - 2015-08-22 03:35 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2015-08-22 03:35 - 2015-08-22 03:35 - 00000000 ____D C:\Program Files\Synaptics
2015-08-22 03:35 - 2015-07-30 22:45 - 00072688 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2015-08-22 03:35 - 2015-07-30 22:45 - 00069104 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2015-08-22 03:33 - 2015-08-22 03:34 - 00033056 _____ C:\WINDOWS\system32\NetSetupMig.log
2015-08-22 03:32 - 2015-08-29 08:51 - 00178896 _____ C:\WINDOWS\PFRO.log
2015-08-21 18:31 - 2015-08-29 09:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-21 18:31 - 2015-08-23 18:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-08-21 18:31 - 2015-08-23 03:34 - 00002920 _____ C:\WINDOWS\system32\LavasoftTcpServiceOff.ini
2015-08-21 18:30 - 2015-08-29 09:15 - 00000000 ____D C:\Users\Pam Honeysuckle\AppData\Local\Google
2015-08-21 18:30 - 2015-08-29 09:14 - 00000000 ____D C:\Program Files (x86)\Google
2015-08-21 18:30 - 2015-08-21 18:30 - 00422400 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService64.dll
2015-08-13 20:42 - 2015-08-28 22:00 - 00000000 ____D C:\Users\Pam Honeysuckle\AppData\Roaming\RoxBox
2015-08-13 20:42 - 2015-08-22 03:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoxBox
2015-08-13 20:42 - 2015-08-22 03:41 - 00000000 ____D C:\Users\Pam Honeysuckle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RoxBox
2015-08-13 20:42 - 2015-08-13 20:42 - 00002215 _____ C:\Users\Pam Honeysuckle\Desktop\KJSongBook.lnk
2015-08-13 20:42 - 2015-08-13 20:42 - 00002215 _____ C:\Users\Administrator\Desktop\KJSongBook.lnk
2015-08-13 20:42 - 2015-08-13 20:42 - 00002138 _____ C:\Users\Pam Honeysuckle\Desktop\RoxBox Karaoke Player.lnk
2015-08-13 20:42 - 2015-08-13 20:42 - 00002138 _____ C:\Users\Administrator\Desktop\RoxBox Karaoke Player.lnk
2015-08-13 20:41 - 2015-08-13 20:41 - 00000000 ____D C:\Program Files (x86)\RoxBox
2015-08-13 19:08 - 2015-08-13 19:08 - 00060596 _____ C:\Users\Pam Honeysuckle\Desktop\Copy of 2015 Total Chargeables for OCAS.xlsx
2015-08-05 22:12 - 2015-08-05 22:12 - 00000000 ____D C:\Users\Pam Honeysuckle\AppData\Roaming\WildTangent
2015-07-30 22:46 - 2015-07-30 22:46 - 12334064 _____ (Intel Corporation) C:\WINDOWS\system32\igd10iumd64.dll
2015-07-30 22:46 - 2015-07-30 22:46 - 11905424 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igd10iumd32.dll
2015-07-30 22:46 - 2015-07-30 22:46 - 11053040 _____ (Intel Corporation) C:\WINDOWS\system32\igdumdim64.dll
2015-07-30 22:46 - 2015-07-30 22:46 - 10574976 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdumdim32.dll
2015-07-30 22:46 - 2015-07-30 22:46 - 04636608 _____ (Intel Corporation) C:\WINDOWS\system32\igdusc64.dll
2015-07-30 22:46 - 2015-07-30 22:46 - 03668768 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdusc32.dll
2015-07-30 22:46 - 2015-07-30 22:46 - 01155984 _____ (Intel Corporation) C:\WINDOWS\system32\iglhsip64.dll
2015-07-30 22:46 - 2015-07-30 22:46 - 01151832 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iglhsip32.dll
2015-07-30 22:46 - 2015-07-30 22:46 - 00467688 _____ (Intel Corporation) C:\WINDOWS\system32\igdmd64.dll
2015-07-30 22:46 - 2015-07-30 22:46 - 00378816 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdmd32.dll
2015-07-30 22:46 - 2015-07-30 22:46 - 00229648 _____ (Intel Corporation) C:\WINDOWS\system32\iglhcp64.dll
2015-07-30 22:46 - 2015-07-30 22:46 - 00199080 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmrt64.dll
2015-07-30 22:46 - 2015-07-30 22:46 - 00194352 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iglhcp32.dll
2015-07-30 22:46 - 2015-07-30 22:46 - 00169352 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmrt32.dll
2015-07-30 22:46 - 2015-07-30 22:46 - 00040704 _____ (Intel Corporation) C:\WINDOWS\system32\igfxexps.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 22914032 _____ (Intel Corporation) C:\WINDOWS\system32\igdfcl64.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 17846768 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdfcl32.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 08528880 _____ (Intel Corporation) C:\WINDOWS\system32\ig7icd64.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 06512112 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\ig7icd32.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 04371872 _____ (Intel Corporation) C:\WINDOWS\system32\Gfxv4_0.exe
2015-07-30 22:45 - 2015-07-30 22:45 - 04368288 _____ (Intel Corporation) C:\WINDOWS\system32\Gfxv2_0.exe
2015-07-30 22:45 - 2015-07-30 22:45 - 04024368 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiAAC64.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 03797960 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\igdkmd64.sys
2015-07-30 22:45 - 2015-07-30 22:45 - 02508272 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiVAD64.exe
2015-07-30 22:45 - 2015-07-30 22:45 - 02035696 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmjit64.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 01994224 _____ (Intel Corporation) C:\WINDOWS\system32\igdrcl64.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 01793008 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdrcl32.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 01766896 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmjit32.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 01468976 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiSecureSourceFilter64.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00969120 _____ (Intel Corporation) C:\WINDOWS\system32\GfxUIEx.exe
2015-07-30 22:45 - 2015-07-30 22:45 - 00865328 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiWinNextAgent64.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00678896 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDH.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00659504 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiAudioFilter64.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00632816 _____ (Intel Corporation) C:\WINDOWS\system32\MetroIntelGenericUIFramework.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00616496 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiMux64.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00555424 _____ (Intel Corporation) C:\WINDOWS\system32\DPTopologyApp.exe
2015-07-30 22:45 - 2015-07-30 22:45 - 00554912 _____ (Intel Corporation) C:\WINDOWS\system32\DPTopologyAppv2_0.exe
2015-07-30 22:45 - 2015-07-30 22:45 - 00540064 _____ (Intel Corporation) C:\WINDOWS\system32\igfxEM.exe
2015-07-30 22:45 - 2015-07-30 22:45 - 00443296 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiUMS64.exe
2015-07-30 22:45 - 2015-07-30 22:45 - 00409504 _____ (Intel Corporation) C:\WINDOWS\system32\CustomModeApp.exe
2015-07-30 22:45 - 2015-07-30 22:45 - 00408992 _____ (Intel Corporation) C:\WINDOWS\system32\CustomModeAppv2_0.exe
2015-07-30 22:45 - 2015-07-30 22:45 - 00393632 _____ (Intel Corporation) C:\WINDOWS\system32\igfxTray.exe
2015-07-30 22:45 - 2015-07-30 22:45 - 00392688 _____ (Intel Corporation) C:\WINDOWS\system32\igfxOSP.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00385520 _____ (Intel Corporation) C:\WINDOWS\system32\IntelOpenCL64.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00374256 _____ (Intel Corporation) C:\WINDOWS\system32\igdbcl64.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00357936 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiSilenceFilter64.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00329200 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdbcl32.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00328608 _____ (Intel Corporation) C:\WINDOWS\system32\igfxCUIService.exe
2015-07-30 22:45 - 2015-07-30 22:45 - 00295408 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\IntelOpenCL32.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00290208 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe
2015-07-30 22:45 - 2015-07-30 22:45 - 00285168 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDI.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00264176 _____ C:\WINDOWS\system32\igfxCPL.cpl
2015-07-30 22:45 - 2015-07-30 22:45 - 00261104 _____ (Intel Corporation) C:\WINDOWS\system32\igfxLHM.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00256928 _____ (Intel Corporation) C:\WINDOWS\system32\igfxHK.exe
2015-07-30 22:45 - 2015-07-30 22:45 - 00232944 _____ C:\WINDOWS\system32\igdde64.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00228848 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDTCM.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00223792 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiUtils64.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00204192 _____ (Intel Corporation) C:\WINDOWS\system32\igfxext.exe
2015-07-30 22:45 - 2015-07-30 22:45 - 00194544 _____ C:\WINDOWS\SysWOW64\igdde32.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00193520 _____ (Intel Corporation) C:\WINDOWS\system32\igfx11cmrt64.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00191984 _____ (Intel Corporation) C:\WINDOWS\system32\igfxCoIn_v4252.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00191024 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiDDEAgent64.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00170992 _____ C:\WINDOWS\system32\igdail64.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00164256 _____ (Intel Corporation) C:\WINDOWS\system32\difx64.exe
2015-07-30 22:45 - 2015-07-30 22:45 - 00163824 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfx11cmrt32.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00152560 _____ C:\WINDOWS\SysWOW64\igdail32.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00141872 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiMCUMD64.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00107568 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiLogServer64.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00102896 _____ C:\WINDOWS\system32\IccLibDll_x64.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00095216 _____ C:\WINDOWS\system32\igfxCUIServicePS.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00078320 _____ ( ) C:\WINDOWS\system32\igfxDHLibv2_0.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00072688 _____ (Khronos Group) C:\WINDOWS\system32\Intel_OpenCL_ICD64.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00069104 _____ (Khronos Group) C:\WINDOWS\SysWOW64\Intel_OpenCL_ICD32.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00068080 _____ ( ) C:\WINDOWS\system32\igfxDHLib.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00039408 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxexps32.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00019440 _____ ( ) C:\WINDOWS\system32\igfxDILib.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00018928 _____ ( ) C:\WINDOWS\system32\igfxEMLibv2_0.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00018928 _____ ( ) C:\WINDOWS\system32\igfxEMLib.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00018928 _____ ( ) C:\WINDOWS\system32\igfxDILibv2_0.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00013808 _____ ( ) C:\WINDOWS\system32\igfxLHMLibv2_0.dll
2015-07-30 22:45 - 2015-07-30 22:45 - 00013808 _____ ( ) C:\WINDOWS\system32\igfxLHMLib.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-29 09:11 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-08-29 09:04 - 2015-05-28 04:35 - 00000000 ____D C:\Users\Pam Honeysuckle\OneDrive
2015-08-29 09:02 - 2015-07-10 07:22 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-29 09:01 - 2015-07-10 07:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-29 09:00 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-08-29 09:00 - 2015-07-10 04:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-08-29 08:44 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2015-08-29 08:44 - 2013-08-22 10:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2015-08-29 07:53 - 2015-07-10 05:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-08-28 21:53 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-08-28 21:53 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-08-28 21:32 - 2015-07-10 07:20 - 00018571 _____ C:\WINDOWS\setupact.log
2015-08-27 20:06 - 2015-03-04 22:32 - 00004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4B33C795-E3BF-4D23-814A-AB0BAA2B9316}
2015-08-24 16:07 - 2015-05-31 20:26 - 2031694841 _____ C:\WINDOWS\MEMORY.DMP
2015-08-23 19:58 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\ADFS
2015-08-23 19:56 - 2012-10-30 03:50 - 00000000 ____D C:\Program Files (x86)\Autonomy
2015-08-23 18:30 - 2015-07-10 06:04 - 00000000 ____D C:\Program Files\Common Files\System
2015-08-23 09:40 - 2015-07-10 07:20 - 00376488 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-23 09:27 - 2015-07-10 06:00 - 00680256 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2015-08-23 09:27 - 2015-07-10 06:00 - 00534064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2015-08-23 03:37 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\appcompat
2015-08-23 03:30 - 2015-07-10 06:04 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-23 03:30 - 2015-07-10 06:04 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-23 03:30 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-08-23 03:30 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\Provisioning
2015-08-22 16:34 - 2015-03-07 19:46 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-22 11:45 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\restore
2015-08-22 10:01 - 2015-03-04 22:30 - 00000000 ____D C:\Users\Pam Honeysuckle\AppData\Local\Packages
2015-08-22 09:28 - 2015-07-10 06:04 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-08-22 09:28 - 2015-07-10 06:04 - 00000000 ___RD C:\WINDOWS\PrintDialog
2015-08-22 09:28 - 2015-07-10 06:04 - 00000000 ___RD C:\WINDOWS\MiracastView
2015-08-22 09:27 - 2015-07-10 06:04 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-08-22 09:26 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2015-08-22 09:26 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\rescache
2015-08-22 09:26 - 2015-05-31 15:49 - 00000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-08-22 06:31 - 2015-07-10 06:04 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2015-08-22 06:22 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2015-08-22 06:22 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-08-22 06:22 - 2015-07-10 04:05 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2015-08-22 06:22 - 2015-07-10 04:05 - 00000000 ____D C:\WINDOWS\system32\Dism
2015-08-22 06:16 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2015-08-22 06:16 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2015-08-22 06:16 - 2015-07-10 06:01 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2015-08-22 06:16 - 2015-07-10 06:01 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2015-08-22 06:16 - 2015-07-10 06:01 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2015-08-22 06:16 - 2015-07-10 06:01 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2015-08-22 06:16 - 2015-07-10 06:01 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2015-08-22 06:16 - 2015-07-10 06:01 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2015-08-22 06:16 - 2015-07-10 06:00 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2015-08-22 06:16 - 2015-07-10 06:00 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2015-08-22 06:16 - 2015-07-10 06:00 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2015-08-22 06:16 - 2015-07-10 06:00 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2015-08-22 06:16 - 2015-07-10 06:00 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2015-08-22 06:16 - 2015-07-10 06:00 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2015-08-22 04:05 - 2015-05-27 21:47 - 00049533 _____ C:\WINDOWS\diagwrn.xml
2015-08-22 04:05 - 2015-05-27 21:47 - 00049533 _____ C:\WINDOWS\diagerr.xml
2015-08-22 04:04 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\Registration
2015-08-22 04:04 - 2015-03-09 00:10 - 00026297 _____ C:\WINDOWS\comsetup.log
2015-08-22 04:03 - 2015-07-22 09:12 - 00003330 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForPam Honeysuckle
2015-08-22 04:03 - 2015-05-27 22:09 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2015-08-22 04:03 - 2015-05-23 22:52 - 00003756 _____ C:\WINDOWS\System32\Tasks\HPCustParticipation HP Officejet Pro 8600
2015-08-22 04:03 - 2015-03-28 13:05 - 00000386 _____ C:\WINDOWS\Tasks\HPCeeScheduleForPam Honeysuckle.job
2015-08-22 04:03 - 2015-03-14 02:39 - 00003270 _____ C:\WINDOWS\System32\Tasks\CLVDLauncher
2015-08-22 04:03 - 2015-03-14 02:39 - 00003270 _____ C:\WINDOWS\System32\Tasks\CLMLSvc_P2G8
2015-08-22 04:03 - 2015-03-04 22:38 - 00003708 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-468200526-3709930035-1514773469-1001
2015-08-22 04:03 - 2015-03-04 22:13 - 00002458 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-468200526-3709930035-1514773469-500
2015-08-22 04:03 - 2012-10-30 04:07 - 00003434 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2015-08-22 04:03 - 2012-10-30 03:55 - 00003258 _____ C:\WINDOWS\System32\Tasks\MirageAgent
2015-08-22 04:03 - 2012-10-30 03:34 - 00003092 _____ C:\WINDOWS\System32\Tasks\Synaptics TouchPad Enhancements
2015-08-22 04:00 - 2015-07-10 06:04 - 00000000 __RHD C:\Users\Public\Libraries
2015-08-22 03:53 - 2013-08-22 08:36 - 00000000 ____D C:\Users\Default.migrated
2015-08-22 03:51 - 2015-07-10 08:14 - 00000000 ____D C:\WINDOWS\ShellNew
2015-08-22 03:51 - 2015-07-10 04:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-08-22 03:51 - 2015-03-07 19:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-08-22 03:51 - 2015-03-04 22:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2013
2015-08-22 03:51 - 2012-10-30 03:55 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2015-08-22 03:51 - 2012-10-30 03:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-08-22 03:51 - 2012-10-30 03:49 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2015-08-22 03:51 - 2012-10-30 03:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-08-22 03:51 - 2012-09-24 20:33 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-08-22 03:51 - 2012-09-24 20:30 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-08-22 03:51 - 2012-09-24 20:26 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-08-22 03:51 - 2012-09-24 20:26 - 00000000 ____D C:\WINDOWS\en
2015-08-22 03:48 - 2015-07-10 06:05 - 00004362 _____ C:\WINDOWS\DtcInstall.log
2015-08-22 03:48 - 2015-07-10 04:05 - 00000000 __RHD C:\Users\Default
2015-08-22 03:45 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\zh-HK
2015-08-22 03:45 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\uk-UA
2015-08-22 03:45 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\tr-TR
2015-08-22 03:45 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\th-TH
2015-08-22 03:45 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\sr-Latn-RS
2015-08-22 03:45 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\sl-SI
2015-08-22 03:45 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\sk-SK
2015-08-22 03:45 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\ro-RO
2015-08-22 03:45 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2015-08-22 03:45 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2015-08-22 03:45 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2015-08-22 03:45 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2015-08-22 03:45 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\hr-HR
2015-08-22 03:45 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\he-IL
2015-08-22 03:45 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\et-EE
2015-08-22 03:45 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2015-08-22 03:45 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\bg-BG
2015-08-22 03:45 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\ar-SA
2015-08-22 03:45 - 2012-09-24 20:23 - 00000000 ____D C:\WINDOWS\SysWOW64\Adobe
2015-08-22 03:44 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\zh-HK
2015-08-22 03:44 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\uk-UA
2015-08-22 03:44 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\tr-TR
2015-08-22 03:44 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\th-TH
2015-08-22 03:44 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-RS
2015-08-22 03:44 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\spool
2015-08-22 03:44 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\sl-SI
2015-08-22 03:44 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\sk-SK
2015-08-22 03:44 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\ro-RO
2015-08-22 03:44 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-08-22 03:44 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2015-08-22 03:44 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2015-08-22 03:44 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2015-08-22 03:44 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\IME
2015-08-22 03:44 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\hr-HR
2015-08-22 03:44 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\he-IL
2015-08-22 03:44 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\et-EE
2015-08-22 03:44 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\en-GB
2015-08-22 03:44 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2015-08-22 03:44 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2015-08-22 03:43 - 2015-07-10 06:04 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-08-22 03:43 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\bg-BG
2015-08-22 03:43 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\ar-SA
2015-08-22 03:43 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-08-22 03:43 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\InputMethod
2015-08-22 03:43 - 2015-05-31 14:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neat
2015-08-22 03:43 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\MediaViewer
2015-08-22 03:43 - 2012-10-30 04:07 - 00000000 ____D C:\ProgramData\Norton
2015-08-22 03:43 - 2012-09-24 20:21 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2015-08-22 03:43 - 2012-08-03 17:29 - 00000000 ____D C:\ProgramData\PRICache
2015-08-22 03:42 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\Recovery
2015-08-22 03:42 - 2015-07-10 06:04 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-08-22 03:42 - 2012-09-24 20:15 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2015-08-22 03:41 - 2012-08-03 17:28 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages
2015-08-22 03:38 - 2015-07-10 04:05 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-08-22 03:05 - 2015-05-27 22:09 - 01660903 _____ C:\WINDOWS\WindowsUpdate (1).log
2015-08-22 03:00 - 2015-07-10 08:39 - 00000000 ___HD C:\$Windows.~BT
2015-08-21 21:00 - 2015-03-07 10:48 - 00000052 _____ C:\WINDOWS\SysWOW64\DOErrors.log
2015-08-13 20:42 - 2015-03-04 22:30 - 00000000 ____D C:\Users\Pam Honeysuckle\AppData\Local\VirtualStore
2015-08-11 18:36 - 2015-03-06 00:39 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-08-11 18:34 - 2015-03-06 00:39 - 132483416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-11 18:30 - 2012-07-26 00:26 - 00000167 _____ C:\WINDOWS\win.ini
2015-08-08 10:38 - 2015-07-10 06:06 - 00794088 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-08-08 10:38 - 2015-07-10 06:06 - 00179688 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-05 22:12 - 2012-09-24 20:33 - 00000000 ____D C:\ProgramData\WildTangent
2015-07-31 19:15 - 2013-08-22 10:36 - 00000000 ___RD C:\WINDOWS\ToastData
 
==================== Files in the root of some directories =======
 
2015-05-23 22:51 - 2015-05-23 22:51 - 0000057 _____ () C:\ProgramData\Ament.ini
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll
[2015-07-10 06:00] - [2015-08-23 09:27] - 0680256 ____A (Microsoft Corporation) 86A1925118EE14104049A61D62261E01
 
C:\WINDOWS\SysWOW64\dnsapi.dll
[2015-07-10 06:00] - [2015-08-23 09:27] - 0534064 ____A (Microsoft Corporation) 9AF390F33B2DA967F498FB7EB059DFE6
 
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-22 03:32
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-08-2015
Ran by Pam Honeysuckle (2015-08-29 09:17:04)
Running from C:\Users\Pam Honeysuckle\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-468200526-3709930035-1514773469-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-468200526-3709930035-1514773469-503 - Limited - Disabled)
Guest (S-1-5-21-468200526-3709930035-1514773469-501 - Limited - Disabled)
Pam Honeysuckle (S-1-5-21-468200526-3709930035-1514773469-1001 - Administrator - Enabled) => C:\Users\Pam Honeysuckle
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
AuthenTec TrueAPI 64-bit (Version: 1.6.0.86 - AuthenTec, Inc.) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3.6326 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.2.2114 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.2.3317 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2527 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DriverUpdate (HKLM-x32\...\{B6F57EFA-7F52-4349-B7C9-2E6AB01353B7}) (Version: 2.4.2 - SlimWare Utilities, Inc.)
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
FindingDiscount (HKLM-x32\...\FindingDiscount) (Version:  - )
FlatOut 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Connected Backup (HKLM-x32\...\{6BA5F6E7-6CC1-4117-816D-A549A06CE44E}) (Version: 8.7.0.0 - Autonomy)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Documentation (HKLM-x32\...\{7DE5085A-3665-40BC-9595-A1A209699137}) (Version: 1.1.0.0 - Hewlett-Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\{34C821CA-6B55-44A0-8A9B-2EF471D6019E}) (Version: 6.0.100.244 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Neat Core Files (x32 Version: 5.6.1.374 - The Neat Company) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Quicken 2013 (HKLM-x32\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.1.21 - Intuit)
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.2.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.29025 - Realtek Semiconductor Corp.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SpaceSoundPro Service (HKLM-x32\...\zz.1636.ssp) (Version: 1.0.0 - CSDI)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.95 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 2.2.0.98 - WildTangent) Hidden
Validity WBF DDK (HKLM\...\{1F91C200-8F0F-4009-A75E-DB6CE151BD4E}) (Version: 4.4.234.0 - Validity Sensors, Inc.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.6 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-468200526-3709930035-1514773469-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-468200526-3709930035-1514773469-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-468200526-3709930035-1514773469-1001_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-468200526-3709930035-1514773469-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-468200526-3709930035-1514773469-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-468200526-3709930035-1514773469-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-468200526-3709930035-1514773469-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-468200526-3709930035-1514773469-1001_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-468200526-3709930035-1514773469-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-468200526-3709930035-1514773469-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-468200526-3709930035-1514773469-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-468200526-3709930035-1514773469-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points =========================
 
22-08-2015 11:45:14 Windows Update
22-08-2015 11:45:57 Windows Update
23-08-2015 18:53:07 Removed SlimCleaner Plus
27-08-2015 19:49:59 Windows Update
27-08-2015 19:51:11 Windows Update
29-08-2015 07:52:31 Windows Modules Installer
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {00C042E0-CFFC-4AEE-8EEA-6F5B3AAA157B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {00EEBA9C-F9EF-4272-B793-C830FBADD359} - System32\Tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup => C:\Windows\system32\dstokenclean.exe [2015-07-10] (Microsoft Corporation)
Task: {07E26BC1-F357-4D4C-BF9F-52D85C3C72ED} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {0CCA7916-2916-4F12-BD32-1E3BE31E1269} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join => C:\Windows\System32\dsregcmd.exe [2015-07-10] (Microsoft Corporation)
Task: {0CF8039A-367B-48F2-9BB5-B501273E0F0E} - System32\Tasks\HPCeeScheduleForPam Honeysuckle => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {112B17A8-2C24-4D8A-A6FF-B01F80E9EA63} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe
Task: {185D1E67-75A7-40D0-9F3A-EDF5D2178628} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {19865544-CE08-40BE-8B8C-87C47681433D} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sihboot => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation)
Task: {3BF4CF95-681B-4420-8DEB-A37B7A247CCB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-07-31] (Hewlett-Packard)
Task: {3F6E048D-6404-433B-8F5F-CFF4D89BF89E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Rundll32.exe generaltel.dll,RunTelemetryW
Task: {41160EA0-208B-4C3E-B4DB-805BBABC6B93} - System32\Tasks\Microsoft\Windows\Feedback\Siuf\DmClient => C:\Windows\system32\dmclient.exe [2015-07-10] (Microsoft Corporation)
Task: {49E1E5E2-ED2B-40A0-ADE5-282DA2716900} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe
Task: {5A6D1C07-8C4A-4AE1-A53E-E1E81CE312CB} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {73551810-E5F4-433E-9494-0D00B55C855E} - System32\Tasks\Microsoft\Windows\Maps\MapsToastTask
Task: {76808A93-E5F9-4458-8CC4-EC6B2D58A380} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN33DBXH3H05KC => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-07-31] (Hewlett-Packard)
Task: {784ACF97-1307-4783-BE70-6F18A746E625} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {78B77FA3-9D97-441D-97B6-68CEA40B4F74} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe generaltel.dll,RunTelemetry -maintenance
Task: {8DF84CB3-D8E0-4307-A35B-CA74E21786DB} - System32\Tasks\Microsoft\Windows\Clip\License Validation => C:\Windows\system32\ClipUp.exe [2015-08-22] (Microsoft Corporation)
Task: {96A35786-F09D-4097-8F60-378C09D78C3D} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-07-17] (Synaptics Incorporated)
Task: {A5B6CD85-1B57-49B9-BA80-5D5D65F02826} - System32\Tasks\Microsoft\Windows\AppID\EDP Policy Manager
Task: {A78432CB-2AF8-4626-A19E-5A61AFCB1C00} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {ADFFB72F-8AD6-4EBF-A5F6-0529D228CF5A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-11] (Microsoft Corporation)
Task: {B99A57DA-DFC6-42EC-BEC9-82F97ED8F3F6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {C02427A4-7905-4089-876D-FDEA05F45747} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {C56AFFD3-06B8-4A16-AF7E-F7A6EB3FAE9E} - System32\Tasks\Microsoft\Windows\TPM\Tpm-HASCertRetr
Task: {C5EE2EA2-5312-4D1F-B9D0-41B18DF31B78} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sih => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation)
Task: {C73B97E2-5710-4193-B76C-D82FAB5A88D6} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-23] (Adobe Systems Incorporated)
Task: {C7A236B2-12E1-46DC-9501-3B1B0209CC09} - System32\Tasks\Microsoft\Windows\Location\WindowsActionDialog => C:\Windows\System32\WindowsActionDialog.exe [2015-07-10] (Microsoft Corporation)
Task: {D27D3A16-7908-482C-850D-3B1B883A80D8} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe
Task: {D69E7446-18F2-4610-B7F9-FDDE602D9F59} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {F9FD3995-C7E1-458B-871E-77B08F20376B} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {FA2BA014-E653-424C-B89D-6369676C0582} - \runTask -> No File <==== ATTENTION
Task: {FD5F9755-8860-47A4-AA30-9287F07F8301} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForPam Honeysuckle.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-08-22 06:21 - 2015-08-22 06:21 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-08-22 11:42 - 2015-08-11 04:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2012-09-06 03:47 - 2012-09-06 03:47 - 00028160 _____ () C:\Windows\system32\valWBFPolicyService.exe
2015-08-27 21:02 - 2015-08-18 02:56 - 02498808 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-27 21:02 - 2015-08-18 02:56 - 02498808 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2012-08-10 03:36 - 2012-08-10 03:36 - 04073320 _____ () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
2015-07-10 05:59 - 2015-07-10 05:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-10 05:59 - 2015-07-10 05:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2015-08-22 11:42 - 2015-08-02 20:11 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-07-10 06:00 - 2015-07-10 08:14 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-08-22 11:42 - 2015-08-11 03:58 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-08-22 11:42 - 2015-08-02 20:09 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 06:00 - 2015-07-10 08:14 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-03-14 02:39 - 2012-06-07 22:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 13:34 - 2012-06-08 13:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2012-10-30 03:30 - 2012-06-25 13:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Pam Honeysuckle\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Pam Honeysuckle\SkyDrive:ms-properties
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-468200526-3709930035-1514773469-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-468200526-3709930035-1514773469-1001\...\webcompanion.com -> hxxp://webcompanion.com
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-468200526-3709930035-1514773469-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\marvin.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKU\S-1-5-21-468200526-3709930035-1514773469-1001\...\StartupApproved\Run: => "Power2GoExpress8"
HKU\S-1-5-21-468200526-3709930035-1514773469-1001\...\StartupApproved\Run: => "HP Officejet Pro 8600 (NET)"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{946BA8D6-87A7-4685-AD8C-0AA8E5C1D11D}C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe] => (Block) C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe
FirewallRules: [UDP Query User{CDAB4630-742D-425A-9541-0212A125330E}C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe] => (Block) C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe
FirewallRules: [{DB5651E4-00D1-4722-9A29-DBDE4CF593B0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/29/2015 09:15:45 AM) (Source: ESENT) (EventID: 454) (User: )
Description: SettingSyncHost (6356) Database recovery/restore failed with unexpected error -1032.
 
Error: (08/29/2015 09:15:45 AM) (Source: ESENT) (EventID: 490) (User: )
Description: SettingSyncHost (6356) An attempt to open the file "C:\WINDOWS\system32\edb.log" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (08/29/2015 09:15:35 AM) (Source: ESENT) (EventID: 439) (User: )
Description: SettingSyncHost (6356) Unable to write a shadowed header for file C:\WINDOWS\system32\edb.chk. Error -1032.
 
Error: (08/29/2015 09:15:35 AM) (Source: ESENT) (EventID: 490) (User: )
Description: SettingSyncHost (6356) An attempt to open the file "C:\WINDOWS\system32\edb.chk" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (08/29/2015 09:15:25 AM) (Source: ESENT) (EventID: 490) (User: )
Description: SettingSyncHost (6356) An attempt to open the file "C:\WINDOWS\system32\edb.chk" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (08/29/2015 09:15:15 AM) (Source: ESENT) (EventID: 490) (User: )
Description: SettingSyncHost (6356) An attempt to open the file "C:\WINDOWS\system32\edb.chk" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (08/29/2015 09:15:05 AM) (Source: ESENT) (EventID: 490) (User: )
Description: SettingSyncHost (6356) An attempt to open the file "C:\WINDOWS\system32\edb.chk" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (08/29/2015 09:14:54 AM) (Source: ESENT) (EventID: 454) (User: )
Description: SettingSyncHost (6356) Database recovery/restore failed with unexpected error -1032.
 
Error: (08/29/2015 09:14:54 AM) (Source: ESENT) (EventID: 490) (User: )
Description: SettingSyncHost (6356) An attempt to open the file "C:\WINDOWS\system32\edb.log" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (08/29/2015 09:14:44 AM) (Source: ESENT) (EventID: 439) (User: )
Description: SettingSyncHost (6356) Unable to write a shadowed header for file C:\WINDOWS\system32\edb.chk. Error -1032.
 
 
System errors:
=============
Error: (08/29/2015 09:12:36 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.147.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.
 
Error: (08/29/2015 09:07:26 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.147.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.
 
Error: (08/29/2015 09:06:15 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}
 
Error: (08/29/2015 09:02:27 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (08/29/2015 09:02:16 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.147.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.
 
Error: (08/29/2015 09:02:00 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (08/29/2015 09:01:45 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (08/29/2015 08:57:59 AM) (Source: DCOM) (EventID: 10010) (User: OFFICE)
Description: {D63B10C5-BB46-4990-A94F-E40B9D520160}
 
Error: (08/29/2015 08:57:59 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (08/29/2015 08:57:59 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
 
Microsoft Office:
=========================
Error: (08/29/2015 09:15:45 AM) (Source: ESENT) (EventID: 454) (User: )
Description: SettingSyncHost6356-1032
 
Error: (08/29/2015 09:15:45 AM) (Source: ESENT) (EventID: 490) (User: )
Description: SettingSyncHost6356C:\WINDOWS\system32\edb.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.
 
Error: (08/29/2015 09:15:35 AM) (Source: ESENT) (EventID: 439) (User: )
Description: SettingSyncHost6356C:\WINDOWS\system32\edb.chk-1032
 
Error: (08/29/2015 09:15:35 AM) (Source: ESENT) (EventID: 490) (User: )
Description: SettingSyncHost6356C:\WINDOWS\system32\edb.chk-1032 (0xfffffbf8)5 (0x00000005)Access is denied.
 
Error: (08/29/2015 09:15:25 AM) (Source: ESENT) (EventID: 490) (User: )
Description: SettingSyncHost6356C:\WINDOWS\system32\edb.chk-1032 (0xfffffbf8)5 (0x00000005)Access is denied.
 
Error: (08/29/2015 09:15:15 AM) (Source: ESENT) (EventID: 490) (User: )
Description: SettingSyncHost6356C:\WINDOWS\system32\edb.chk-1032 (0xfffffbf8)5 (0x00000005)Access is denied.
 
Error: (08/29/2015 09:15:05 AM) (Source: ESENT) (EventID: 490) (User: )
Description: SettingSyncHost6356C:\WINDOWS\system32\edb.chk-1032 (0xfffffbf8)5 (0x00000005)Access is denied.
 
Error: (08/29/2015 09:14:54 AM) (Source: ESENT) (EventID: 454) (User: )
Description: SettingSyncHost6356-1032
 
Error: (08/29/2015 09:14:54 AM) (Source: ESENT) (EventID: 490) (User: )
Description: SettingSyncHost6356C:\WINDOWS\system32\edb.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.
 
Error: (08/29/2015 09:14:44 AM) (Source: ESENT) (EventID: 439) (User: )
Description: SettingSyncHost6356C:\WINDOWS\system32\edb.chk-1032
 
 
CodeIntegrity:
===================================
  Date: 2015-08-29 08:02:52.220
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-27 18:44:50.269
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-27 18:44:50.244
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-26 17:36:36.880
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-26 17:36:36.850
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-25 11:18:09.938
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-25 11:07:35.331
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-25 11:07:35.309
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-24 11:56:31.642
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-24 11:56:31.629
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 31%
Total physical RAM: 6033.27 MB
Available physical RAM: 4114.63 MB
Total Virtual: 12433.27 MB
Available Virtual: 10585.12 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:669.08 GB) (Free:553.16 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:27.18 GB) (Free:3.16 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive e: (NeatConnect) (CDROM) (Total:0.59 GB) (Free:0 GB) CDFS
Drive f: (USB DISK) (Removable) (Total:14.93 GB) (Free:14.92 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: A50E1C7D)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 14.9 GB) (Disk ID: 34D4FC54)
Partition 1: (Not Active) - (Size=14.9 GB) - (Type=0C)
 
==================== End of Addition.txt ============================
  1.  


#10 Cenfath

Cenfath
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Oklahoma
  • Local time:03:52 AM

Posted 29 August 2015 - 09:55 AM

I was able to upload and install everything you recommended.  I can now connect through Chrome now.  My mother uses Edge. I'm unable to post an image of the pop up that keeps showing up though.  I typed what showed up in web address box and as much of the what showed up in the pop up as possible.

 

kernel.svchost32.net/zz/mmerror.html?isp=Cox+Communications&browser=Chrome&os=Nt&osv=10.0&ip=Chrome&tid=x1v&sxid=727k6qthz0ja
 
Warning: Chrome Internet Securtiy Damaged !!!
 
A suspicious Connection Was Trying To Access Your Logins, Banking Details & Tracking Your Internet Activity.
 
Your TcP Connection Was Blocked by Your Firewall. Your Accounts May be Suspended Until You Take an Action.
 
You Personal Information May Have Leaked. IMMEDIATE RESPONSE REQUIRED
 
Your Hard Disk May Have Trojan Virus! Please Do Not Try to Fix Manually, It May Crash Your Data.
 
Consequently, we are performing additional security checks to verify system security.
 
Please Visit Your Nearest Windows Service Center OR Call Help Desk


#11 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:52 AM

Posted 30 August 2015 - 09:40 AM

Okay. Well done so far. I appreciate the feedback. Those warnings can be ignored for now.

You have important system files that are infected and need to be replaced. Follow the instructions carefully please. If you have run into any trouble STOP and ask me. Do NOT re-run any of these steps if you have encountered troubles.

Please do this next..

Download the attached files to your desktop <-- IMPORTANT

Next...

Right click and EXTRACT ALL for each of the zipped files you downloaded. It will create...
 
C:\Users\Pam Honeysuckle\Desktop\dnsapi_sysWOW64\dnsapi.dll 
C:\Users\Pam Honeysuckle\Desktop\dnsapi_system32\dnsapi.dll
Please confirm this for yourself before proceeding.


Next do this...
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below in the notepad document:
start

Move: C:\Users\Pam Honeysuckle\Desktop\dnsapi_sysWOW64\dnsapi.dll C:\WINDOWS\SysWOW64\dnsapi.dll
Move: C:\Users\Pam Honeysuckle\Desktop\dnsapi_system32\dnsapi.dll C:\WINDOWS\system32\dnsapi.dll

end
  • Save the file to your desktop and name it as fixlist.txt
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.
Please copy and paste the log in your next reply.

Lastly..

Re-run FRST, check the Addition.txt box, press SCAN and copy/paste the 2 logs in your next reply.

Also let me know your computer is running. Same problems?

Thanks,
thcbytes

Attached Files


Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#12 Cenfath

Cenfath
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Oklahoma
  • Local time:03:52 AM

Posted 30 August 2015 - 06:25 PM

Fix result of Farbar Recovery Scan Tool (x64) Version:27-08-2015
Ran by Pam Honeysuckle (2015-08-30 18:14:40) Run:2
Running from C:\Users\Pam Honeysuckle\Desktop
Loaded Profiles: Pam Honeysuckle &  (Available Profiles: Pam Honeysuckle & Administrator)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
Move: C:\Users\Pam Honeysuckle\Desktop\dnsapi_sysWOW64\dnsapi.dll C:\WINDOWS\SysWOW64\dnsapi.dll
Move: C:\Users\Pam Honeysuckle\Desktop\dnsapi_system32\dnsapi.dll C:\WINDOWS\system32\dnsapi.dll
 
end
*****************
 
C:\WINDOWS\SysWOW64\dnsapi.dll => moved successfully
"C:\Users\Pam Honeysuckle\Desktop\dnsapi_sysWOW64\dnsapi.dll" moved successfully to C:\WINDOWS\SysWOW64\dnsapi.dll
C:\WINDOWS\system32\dnsapi.dll => moved successfully
"C:\Users\Pam Honeysuckle\Desktop\dnsapi_system32\dnsapi.dll" moved successfully to C:\WINDOWS\system32\dnsapi.dll
 
==== End of Fixlog 18:14:40 ====
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-08-2015
Ran by Pam Honeysuckle (administrator) on OFFICE (30-08-2015 18:18:40)
Running from C:\Users\Pam Honeysuckle\Desktop
Loaded Profiles: Pam Honeysuckle &  (Available Profiles: Pam Honeysuckle & Administrator)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(The Neat Company) C:\Program Files (x86)\Neat\exec\NeatStartupService.exe
() C:\Windows\System32\valWBFPolicyService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
(Microsoft Corporation) C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2015-03-07] (IDT, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-07-17] (Synaptics Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-19\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe [7805120 2015-07-10] (Microsoft Corporation)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe [7805120 2015-07-10] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe [7805120 2015-07-10] (Microsoft Corporation)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe [7805120 2015-07-10] (Microsoft Corporation)
HKU\S-1-5-21-468200526-3709930035-1514773469-1001\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1711680 2013-01-27] (CyberLink Corp.)
HKU\S-1-5-21-468200526-3709930035-1514773469-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-468200526-3709930035-1514773469-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-468200526-3709930035-1514773469-1001\...\Run: [OneDrive] => C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\OneDrive\OneDrive.exe [404064 2015-08-22] (Microsoft Corporation)
HKU\S-1-5-21-468200526-3709930035-1514773469-1001\...\RunOnce: [Uninstall C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-468200526-3709930035-1514773469-1001\...\RunOnce: [Uninstall C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\OneDrive\17.3.5892.0626] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\OneDrive\17.3.5892.0626"
HKU\S-1-5-21-468200526-3709930035-1514773469-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1711680 2013-01-27] (CyberLink Corp.)
HKU\S-1-5-21-468200526-3709930035-1514773469-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-468200526-3709930035-1514773469-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-468200526-3709930035-1514773469-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [OneDrive] => C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\OneDrive\OneDrive.exe [404064 2015-08-22] (Microsoft Corporation)
HKU\S-1-5-21-468200526-3709930035-1514773469-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Uninstall C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-468200526-3709930035-1514773469-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Uninstall C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\OneDrive\17.3.5892.0626] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\OneDrive\17.3.5892.0626"
HKU\S-1-5-21-468200526-3709930035-1514773469-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe [7805120 2015-07-10] (Microsoft Corporation)
HKU\S-1-5-21-468200526-3709930035-1514773469-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1711680 2013-01-27] (CyberLink Corp.)
HKU\S-1-5-21-468200526-3709930035-1514773469-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-07-10] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-468200526-3709930035-1514773469-1001 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-468200526-3709930035-1514773469-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-468200526-3709930035-1514773469-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-468200526-3709930035-1514773469-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4a0aa90c-50a5-4726-ba47-5a16e48ed6fd}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5f1cc87a-ffca-4f54-b2ac-d497d52b9361}: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-23] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-23] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll [2012-04-26] (Adobe Systems, Inc.)
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll [2012-08-10] ( HP)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-11] ()
 
Chrome: 
=======
CHR Profile: C:\Users\Pam Honeysuckle\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Pam Honeysuckle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-29]
CHR Extension: (Google Docs) - C:\Users\Pam Honeysuckle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-29]
CHR Extension: (Google Drive) - C:\Users\Pam Honeysuckle\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-29]
CHR Extension: (YouTube) - C:\Users\Pam Honeysuckle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-29]
CHR Extension: (Google Search) - C:\Users\Pam Honeysuckle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-29]
CHR Extension: (Website Logon) - C:\Users\Pam Honeysuckle\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo [2015-08-29]
CHR Extension: (Google Sheets) - C:\Users\Pam Honeysuckle\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-29]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Pam Honeysuckle\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Pam Honeysuckle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-29]
CHR Extension: (Gmail) - C:\Users\Pam Honeysuckle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-29]
CHR HKLM-x32\...\Chrome\Extension: [fegekclkdhbnfdcmomlpegkkndgnmfmo] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-07-12]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [326144 2015-07-10] (Microsoft Corporation)
S3 CDPSvc; C:\Windows\System32\CDPSvc.dll [134144 2015-07-10] (Microsoft Corporation)
R2 CoreMessagingRegistrar; C:\Windows\system32\coremessaging.dll [808856 2015-08-22] (Microsoft Corporation)
R2 CoreMessagingRegistrar; C:\Windows\SysWOW64\coremessaging.dll [510976 2015-08-22] (Microsoft Corporation)
S3 diagnosticshub.standardcollector.service; C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [27136 2015-07-10] (Microsoft Corporation)
S3 DmEnrollmentSvc; C:\Windows\system32\Windows.Internal.Management.dll [267776 2015-07-10] (Microsoft Corporation)
S3 DmEnrollmentSvc; C:\Windows\SysWOW64\Windows.Internal.Management.dll [193024 2015-07-10] (Microsoft Corporation)
S3 embeddedmode; C:\Windows\System32\embeddedmodesvc.dll [87040 2015-07-10] (Microsoft Corporation)
S3 EntAppSvc; C:\Windows\system32\EnterpriseAppMgmtSvc.dll [275456 2015-07-10] (Microsoft Corporation)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641320 2012-08-10] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
S3 icssvc; C:\Windows\System32\tetheringservice.dll [148992 2015-08-11] (Microsoft Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328608 2015-07-30] (Intel Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R3 lfsvc; C:\Windows\SysWOW64\lfsvc.dll [22528 2015-07-10] (Microsoft Corporation)
R3 LicenseManager; C:\Windows\system32\LicenseManagerSvc.dll [21504 2015-07-10] (Microsoft Corporation)
S2 MapsBroker; C:\Windows\System32\moshost.dll [62464 2015-07-10] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Neat Startup Service; C:\Program Files (x86)\Neat\exec\NeatStartupService.exe [25600 2015-01-16] (The Neat Company) [File not signed]
S2 OneSyncSvc; C:\Windows\System32\APHostService.dll [296960 2015-07-10] (Microsoft Corporation)
R2 OneSyncSvc_Session1; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
R2 OneSyncSvc_Session1; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
U2 OneSyncSvc_Session2; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
U2 OneSyncSvc_Session2; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
S3 PimIndexMaintenanceSvc; C:\Windows\System32\PimIndexMaintenance.dll [289280 2015-07-10] (Microsoft Corporation)
R3 PimIndexMaintenanceSvc_Session1; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
R3 PimIndexMaintenanceSvc_Session1; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_Session2; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_Session2; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
S3 RetailDemo; C:\Windows\system32\RDXService.dll [996352 2015-08-11] (Microsoft Corporation)
S3 SensorDataService; C:\Windows\System32\SensorDataService.exe [1031680 2015-08-22] (Microsoft Corporation)
R3 StateRepository; C:\Windows\system32\windows.staterepository.dll [2674176 2015-07-10] (Microsoft Corporation)
R3 StateRepository; C:\Windows\SysWOW64\windows.staterepository.dll [2049024 2015-07-10] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-07-17] (Synaptics Incorporated)
R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401256 2012-07-16] (AuthenTec, Inc.)
S3 UnistoreSvc; C:\Windows\System32\unistore.dll [1203200 2015-08-22] (Microsoft Corporation)
S3 UnistoreSvc; C:\Windows\SysWOW64\unistore.dll [925696 2015-08-22] (Microsoft Corporation)
R3 UnistoreSvc_Session1; C:\WINDOWS\System32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
R3 UnistoreSvc_Session1; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
U3 UnistoreSvc_Session2; C:\WINDOWS\System32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
U3 UnistoreSvc_Session2; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
S3 UserDataSvc; C:\Windows\System32\userdataservice.dll [1420288 2015-07-29] (Microsoft Corporation)
R3 UserDataSvc_Session1; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
R3 UserDataSvc_Session1; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
U3 UserDataSvc_Session2; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
U3 UserDataSvc_Session2; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-09-06] () [File not signed]
S3 vmicvmsession; C:\Windows\System32\ICSvc.dll [506880 2015-07-10] (Microsoft Corporation)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [84480 2015-08-22] (Microsoft Corporation)
S3 WalletService; C:\Windows\system32\WalletService.dll [504320 2015-07-10] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
S3 XblAuthManager; C:\Windows\System32\XblAuthManager.dll [918016 2015-07-10] (Microsoft Corporation)
S3 XblGameSave; C:\Windows\System32\XblGameSave.dll [1149440 2015-07-10] (Microsoft Corporation)
S3 XboxNetApiSvc; C:\Windows\system32\XboxNetApiSvc.dll [1019392 2015-07-10] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 CompositeBus; C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_98334ba6e76853ba\CompositeBus.sys [39936 2015-07-10] (Microsoft Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3436896 2015-07-10] (QLogic Corporation)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2015-03-04] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2015-03-04] (Symantec Corporation)
R1 FileCrypt; C:\Windows\System32\drivers\filecrypt.sys [83968 2015-07-10] (Microsoft Corporation)
S3 genericusbfn; C:\Windows\System32\drivers\genericusbfn.sys [20992 2015-07-10] (Microsoft Corporation)
R1 GpuEnergyDrv; C:\Windows\System32\drivers\gpuenergydrv.sys [8192 2015-07-10] (Microsoft Corporation)
S3 ibbus; C:\Windows\System32\drivers\ibbus.sys [424800 2015-07-10] (Mellanox)
S3 IoQos; C:\Windows\System32\drivers\ioqos.sys [26624 2015-07-10] (Microsoft Corporation)
S0 LSI_SAS3i; C:\Windows\System32\drivers\lsi_sas3i.sys [99168 2015-07-10] (Avago Technologies)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-30] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
S3 mlx4_bus; C:\Windows\System32\drivers\mlx4_bus.sys [705376 2015-07-10] (Mellanox)
S3 ndfltr; C:\Windows\System32\drivers\ndfltr.sys [76128 2015-07-10] (Mellanox)
R3 netr28x; C:\Windows\system32\DRIVERS\netr28x.sys [2554528 2015-06-12] (MediaTek Inc.)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek                                            )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-07-17] (Synaptics Incorporated)
R2 storqosflt; C:\Windows\System32\drivers\storqosflt.sys [61952 2015-07-10] (Microsoft Corporation)
R3 swenum; C:\Windows\System32\DriverStore\FileRepository\swenum.inf_amd64_2a699e44676b7781\swenum.sys [17760 2015-07-10] (Microsoft Corporation)
S3 UcmCx0101; C:\Windows\System32\Drivers\UcmCx.sys [61952 2015-07-10] (Microsoft Corporation)
S3 UcmUcsi; C:\Windows\System32\drivers\UcmUcsi.sys [46080 2015-08-22] (Microsoft Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
R0 WindowsTrustedRT; C:\Windows\System32\drivers\WindowsTrustedRT.sys [106520 2015-07-10] (Microsoft Corporation)
R0 WindowsTrustedRTProxy; C:\Windows\System32\drivers\WindowsTrustedRTProxy.sys [17944 2015-07-10] (Microsoft Corporation)
S3 WinMad; C:\Windows\System32\drivers\winmad.sys [26976 2015-07-10] (Mellanox)
S3 WinVerbs; C:\Windows\System32\drivers\winverbs.sys [59232 2015-07-10] (Mellanox)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-06-27] (Hewlett-Packard Development Company, L.P.)
S3 xboxgip; C:\Windows\System32\drivers\xboxgip.sys [222720 2015-07-10] (Microsoft Corporation)
S3 xinputhid; C:\Windows\System32\drivers\xinputhid.sys [25600 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-30 18:08 - 2015-08-30 18:08 - 00258972 _____ C:\Users\Pam Honeysuckle\Desktop\dnsapi_sysWOW64.zip
2015-08-30 18:07 - 2015-08-30 18:08 - 00325450 _____ C:\Users\Pam Honeysuckle\Desktop\dnsapi_system32.zip
2015-08-30 18:04 - 2015-08-30 18:04 - 00016148 _____ C:\WINDOWS\system32\OFFICE_Pam Honeysuckle_HistoryPrediction.bin
2015-08-29 09:14 - 2015-08-30 18:19 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-29 09:14 - 2015-08-29 09:19 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-29 09:14 - 2015-08-29 09:14 - 00003988 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-29 09:14 - 2015-08-29 09:14 - 00003756 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-29 09:14 - 2015-08-29 09:14 - 00002332 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-29 09:14 - 2015-08-29 09:13 - 00929360 _____ (Google Inc.) C:\Users\Pam Honeysuckle\Desktop\ChromeSetup.exe
2015-08-29 08:57 - 2015-08-29 08:57 - 00000000 ___HD C:\OneDriveTemp
2015-08-29 08:55 - 2015-08-29 08:55 - 00014124 _____ C:\Users\Pam Honeysuckle\Desktop\zoek-results.txt
2015-08-29 08:52 - 2015-08-29 08:52 - 00000008 __RSH C:\ProgramData\ntuser.pol
2015-08-29 08:52 - 2015-08-29 08:52 - 00000000 ____D C:\ProgramData\Validity
2015-08-29 08:46 - 2015-08-29 08:35 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2015-08-29 08:36 - 2015-08-29 08:53 - 00014124 _____ C:\zoek-results.log
2015-08-29 08:35 - 2015-08-29 08:44 - 00000000 ____D C:\zoek_backup
2015-08-29 08:27 - 2015-08-29 08:15 - 01308672 _____ C:\Users\Pam Honeysuckle\Desktop\zoek.exe
2015-08-29 08:07 - 2015-08-29 08:07 - 00531511 _____ C:\Users\Pam Honeysuckle\Desktop\requested-files[2015-08-29_08_07].cab
2015-08-29 08:06 - 2015-08-29 08:06 - 00000000 ____D C:\Users\Pam Honeysuckle\Desktop\sfp
2015-08-29 08:06 - 2015-08-29 07:52 - 00264875 _____ C:\Users\Pam Honeysuckle\Desktop\sfp.zip
2015-08-27 21:28 - 2015-08-29 09:17 - 00039552 _____ C:\Users\Pam Honeysuckle\Desktop\Addition.txt
2015-08-27 21:26 - 2015-08-30 18:18 - 00026292 _____ C:\Users\Pam Honeysuckle\Desktop\FRST.txt
2015-08-27 21:26 - 2015-08-27 21:07 - 02186752 _____ (Farbar) C:\Users\Pam Honeysuckle\Desktop\FRST64.exe
2015-08-27 21:17 - 2015-08-30 18:18 - 00000000 ____D C:\FRST
2015-08-27 21:14 - 2015-08-27 21:14 - 00002658 _____ C:\Users\Pam Honeysuckle\Desktop\JRT.txt
2015-08-27 21:10 - 2015-08-27 21:07 - 01798560 _____ (Malwarebytes Corporation) C:\Users\Pam Honeysuckle\Desktop\JRT.exe
2015-08-27 21:02 - 2015-08-20 01:07 - 08019296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-08-27 21:02 - 2015-08-20 01:06 - 00609592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-08-27 21:02 - 2015-08-20 01:02 - 22324656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-08-27 21:02 - 2015-08-20 00:57 - 00077400 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-08-27 21:02 - 2015-08-20 00:26 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-08-27 21:02 - 2015-08-20 00:21 - 21875200 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-08-27 21:02 - 2015-08-20 00:21 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2015-08-27 21:02 - 2015-08-20 00:16 - 20857848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-08-27 21:02 - 2015-08-20 00:13 - 02235904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-08-27 21:02 - 2015-08-19 23:31 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-08-27 21:02 - 2015-08-18 02:56 - 02498808 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-27 21:02 - 2015-08-18 02:55 - 00373072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-08-27 21:02 - 2015-08-18 02:54 - 01396064 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-08-27 21:02 - 2015-08-18 02:27 - 01771592 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-08-27 21:02 - 2015-08-18 02:24 - 00963920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-08-27 21:02 - 2015-08-18 02:13 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2015-08-27 21:02 - 2015-08-18 02:13 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2015-08-27 21:02 - 2015-08-18 02:12 - 02225664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-08-27 21:02 - 2015-08-18 02:07 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-08-27 21:02 - 2015-08-18 02:04 - 01234944 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2015-08-27 21:02 - 2015-08-18 02:04 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-08-27 21:02 - 2015-08-18 01:59 - 01294336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcnwiz.dll
2015-08-27 21:02 - 2015-08-18 01:59 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2015-08-27 21:02 - 2015-08-18 01:58 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-08-27 21:02 - 2015-08-18 01:58 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWCN.dll
2015-08-27 21:02 - 2015-08-18 01:58 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWCN.dll
2015-08-27 21:02 - 2015-08-18 01:58 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnNetsh.dll
2015-08-27 21:02 - 2015-08-18 01:57 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2015-08-27 21:02 - 2015-08-18 01:56 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2015-08-27 21:02 - 2015-08-18 01:55 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-08-27 21:02 - 2015-08-18 01:54 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2015-08-27 21:02 - 2015-08-18 01:54 - 00247296 _____ C:\WINDOWS\system32\facecredentialprovider.dll
2015-08-27 21:02 - 2015-08-18 01:52 - 01888768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-08-27 21:02 - 2015-08-18 01:50 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-08-27 21:02 - 2015-08-18 01:49 - 01061888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2015-08-27 21:02 - 2015-08-18 01:49 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2015-08-27 21:02 - 2015-08-18 01:49 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2015-08-27 21:02 - 2015-08-18 01:36 - 01226752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcnwiz.dll
2015-08-27 21:02 - 2015-08-18 01:35 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2015-08-27 21:02 - 2015-08-18 01:35 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWCN.dll
2015-08-27 21:02 - 2015-08-18 01:34 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2015-08-27 21:02 - 2015-08-18 01:29 - 01593344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-08-27 21:02 - 2015-08-18 01:26 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2015-08-27 21:02 - 2015-08-17 23:44 - 00008847 _____ C:\WINDOWS\system32\ResPriHMImageList
2015-08-27 20:59 - 2015-08-27 20:59 - 00001191 _____ C:\Users\Pam Honeysuckle\Desktop\AdwCleaner[C4].txt
2015-08-27 20:43 - 2015-08-23 18:21 - 01605632 _____ C:\Users\Pam Honeysuckle\Desktop\AdwCleaner.exe
2015-08-23 19:58 - 2015-08-23 19:58 - 00000000 ____D C:\Avenger
2015-08-23 19:46 - 2015-08-23 19:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-23 19:45 - 2015-08-23 19:45 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-23 19:45 - 2015-08-23 19:45 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-23 19:08 - 2015-08-30 18:05 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-08-23 19:07 - 2015-08-23 19:07 - 00001171 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-23 19:07 - 2015-08-23 19:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-23 19:06 - 2015-08-23 19:07 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-23 19:06 - 2015-08-23 19:06 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-23 19:06 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-08-23 19:06 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-08-23 19:06 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-08-23 19:03 - 2015-08-23 19:06 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Pam Honeysuckle\Downloads\mbam-setup-2.1.8.1057.exe
2015-08-23 19:02 - 2015-08-29 08:44 - 00000000 ____D C:\Users\Pam Honeysuckle\AppData\Local\Lavasoft
2015-08-23 19:01 - 2015-08-23 19:01 - 00000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-08-23 18:52 - 2015-08-23 18:52 - 00065536 _____ C:\WINDOWS\system32\edbtmp.log
2015-08-23 18:52 - 2015-08-23 18:52 - 00065536 _____ C:\WINDOWS\system32\edbres00002.jrs
2015-08-23 18:52 - 2015-08-23 18:52 - 00065536 _____ C:\WINDOWS\system32\edbres00001.jrs
2015-08-23 18:52 - 2015-08-23 18:52 - 00065536 _____ C:\WINDOWS\system32\edb.log
2015-08-23 18:52 - 2015-08-23 18:52 - 00008192 _____ C:\WINDOWS\system32\edb.chk
2015-08-23 18:24 - 2015-08-27 20:45 - 00000000 ____D C:\AdwCleaner
2015-08-23 18:07 - 2015-08-23 18:07 - 00000000 ____D C:\WINDOWS\pss
2015-08-23 09:12 - 2015-08-29 09:21 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-08-23 09:12 - 2015-08-23 09:12 - 00003806 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-08-23 09:11 - 2013-08-22 08:25 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2015-08-23 09:08 - 2015-08-23 09:08 - 00000003 _____ C:\Users\Pam Honeysuckle\Downloads\2.txt
2015-08-23 09:08 - 2015-08-23 09:08 - 00000003 _____ C:\Users\Pam Honeysuckle\Downloads\1.txt
2015-08-22 18:38 - 2015-08-22 18:38 - 00000516 _____ C:\Users\Pam Honeysuckle\Downloads\document (7)
2015-08-22 16:34 - 2015-08-22 16:34 - 00000000 ____D C:\WINDOWS\PCHEALTH
2015-08-22 12:11 - 2015-08-22 12:11 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2015-08-22 11:42 - 2015-08-12 23:33 - 24593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-08-22 11:42 - 2015-08-12 23:22 - 02093056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2015-08-22 11:42 - 2015-08-12 23:07 - 19323392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-08-22 11:42 - 2015-08-11 05:04 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-08-22 11:42 - 2015-08-11 05:04 - 02462648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-08-22 11:42 - 2015-08-11 05:04 - 01087296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-08-22 11:42 - 2015-08-11 05:02 - 00554744 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2015-08-22 11:42 - 2015-08-11 05:02 - 00292856 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2015-08-22 11:42 - 2015-08-11 04:57 - 03622256 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-08-22 11:42 - 2015-08-11 04:52 - 00993104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2015-08-22 11:42 - 2015-08-11 04:50 - 01643872 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-08-22 11:42 - 2015-08-11 04:40 - 04048808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-08-22 11:42 - 2015-08-11 04:40 - 02151208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-08-22 11:42 - 2015-08-11 04:40 - 00918320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-08-22 11:42 - 2015-08-11 04:38 - 00454000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2015-08-22 11:42 - 2015-08-11 04:37 - 00243800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2015-08-22 11:42 - 2015-08-11 04:31 - 02880032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-08-22 11:42 - 2015-08-11 04:23 - 16706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-08-22 11:42 - 2015-08-11 04:19 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2015-08-22 11:42 - 2015-08-11 04:16 - 02416640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-08-22 11:42 - 2015-08-11 04:14 - 00404480 _____ C:\WINDOWS\system32\diagtrack_wininternal.dll
2015-08-22 11:42 - 2015-08-11 04:13 - 00413184 _____ C:\WINDOWS\system32\diagtrack_win.dll
2015-08-22 11:42 - 2015-08-11 04:11 - 02446336 _____ C:\WINDOWS\system32\InputService.dll
2015-08-22 11:42 - 2015-08-11 04:10 - 00778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-08-22 11:42 - 2015-08-11 04:10 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-22 11:42 - 2015-08-11 04:10 - 00293376 _____ C:\WINDOWS\system32\TextInputFramework.dll
2015-08-22 11:42 - 2015-08-11 04:08 - 00893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2015-08-22 11:42 - 2015-08-11 04:08 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-08-22 11:42 - 2015-08-11 04:07 - 01178112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-08-22 11:42 - 2015-08-11 04:07 - 00593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-08-22 11:42 - 2015-08-11 04:06 - 07523328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-08-22 11:42 - 2015-08-11 04:06 - 02662400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2015-08-22 11:42 - 2015-08-11 04:05 - 03527168 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-08-22 11:42 - 2015-08-11 04:05 - 00996352 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-08-22 11:42 - 2015-08-11 04:05 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPermissions.dll
2015-08-22 11:42 - 2015-08-11 04:03 - 02558976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-08-22 11:42 - 2015-08-11 04:02 - 03588096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-08-22 11:42 - 2015-08-11 04:01 - 01334784 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-08-22 11:42 - 2015-08-11 03:59 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-08-22 11:42 - 2015-08-11 03:57 - 13024768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-08-22 11:42 - 2015-08-11 03:51 - 01916928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-08-22 11:42 - 2015-08-11 03:51 - 01823232 _____ C:\WINDOWS\SysWOW64\InputService.dll
2015-08-22 11:42 - 2015-08-11 03:49 - 00586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2015-08-22 11:42 - 2015-08-11 03:49 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-22 11:42 - 2015-08-11 03:47 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-08-22 11:42 - 2015-08-11 03:45 - 01820672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2015-08-22 11:42 - 2015-08-11 03:43 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-08-22 11:42 - 2015-08-11 03:42 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-08-22 11:42 - 2015-08-11 03:40 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-08-22 11:42 - 2015-08-11 03:40 - 01112064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-08-22 11:42 - 2015-08-08 02:19 - 00608936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-08-22 11:42 - 2015-08-08 01:48 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-08-22 11:42 - 2015-08-08 01:40 - 00365056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-08-22 11:42 - 2015-08-08 01:24 - 02415104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-08-22 11:42 - 2015-08-08 01:24 - 01679360 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-08-22 11:42 - 2015-08-08 01:15 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-08-22 11:42 - 2015-08-08 01:00 - 01985024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-08-22 11:42 - 2015-08-05 22:17 - 00237392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdyboost.sys
2015-08-22 11:42 - 2015-08-05 22:17 - 00200528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2015-08-22 11:42 - 2015-08-05 21:22 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2015-08-22 11:42 - 2015-08-04 23:49 - 00783112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2015-08-22 11:42 - 2015-08-04 23:29 - 00644128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2015-08-22 11:42 - 2015-08-04 23:00 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2015-08-22 11:42 - 2015-08-04 22:54 - 01274880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-08-22 11:42 - 2015-08-04 22:47 - 01383424 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-08-22 11:42 - 2015-08-04 22:39 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenter.dll
2015-08-22 11:42 - 2015-08-03 23:07 - 00102752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2015-08-22 11:42 - 2015-08-03 23:06 - 00583128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-08-22 11:42 - 2015-08-03 22:23 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2015-08-22 11:42 - 2015-08-03 21:59 - 01212416 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2015-08-22 11:42 - 2015-08-03 21:47 - 00898560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2015-08-22 11:42 - 2015-08-02 21:32 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2015-08-22 11:42 - 2015-08-02 21:28 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2015-08-22 11:42 - 2015-08-02 21:19 - 00505696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2015-08-22 11:42 - 2015-08-02 21:19 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2015-08-22 11:42 - 2015-08-02 21:18 - 08613200 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2015-08-22 11:42 - 2015-08-02 21:18 - 01983840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2015-08-22 11:42 - 2015-08-02 21:17 - 00516960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-08-22 11:42 - 2015-08-02 21:12 - 00801632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2015-08-22 11:42 - 2015-08-02 20:56 - 06878256 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2015-08-22 11:42 - 2015-08-02 20:49 - 00700256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2015-08-22 11:42 - 2015-08-02 20:30 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_UserAccount.dll
2015-08-22 11:42 - 2015-08-02 20:24 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2015-08-22 11:42 - 2015-08-02 20:24 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2015-08-22 11:42 - 2015-08-02 20:23 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2015-08-22 11:42 - 2015-08-02 20:22 - 01601536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2015-08-22 11:42 - 2015-08-02 20:22 - 01008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-08-22 11:42 - 2015-08-02 20:22 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2015-08-22 11:42 - 2015-08-02 20:18 - 12503552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-08-22 11:42 - 2015-08-02 20:18 - 03780096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-08-22 11:42 - 2015-08-02 20:18 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2015-08-22 11:42 - 2015-08-02 20:18 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkStatus.dll
2015-08-22 11:42 - 2015-08-02 20:15 - 00595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2015-08-22 11:42 - 2015-08-02 20:15 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Desktop.dll
2015-08-22 11:42 - 2015-08-02 20:15 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2015-08-22 11:42 - 2015-08-02 20:14 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2015-08-22 11:42 - 2015-08-02 20:12 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2015-08-22 11:42 - 2015-08-02 20:12 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2015-08-22 11:42 - 2015-08-02 20:11 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfuimanager.dll
2015-08-22 11:42 - 2015-08-02 20:10 - 01162240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2015-08-22 11:42 - 2015-08-02 20:03 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2015-08-22 11:42 - 2015-08-02 20:02 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2015-08-22 11:42 - 2015-08-02 20:01 - 11262464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-08-22 11:42 - 2015-08-02 19:59 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfuimanager.dll
2015-08-22 11:42 - 2015-07-30 01:24 - 01561872 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2015-08-22 11:42 - 2015-07-30 01:23 - 00527952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-08-22 11:42 - 2015-07-30 01:21 - 00816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2015-08-22 11:42 - 2015-07-30 01:17 - 01200400 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-08-22 11:42 - 2015-07-30 01:17 - 01025840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2015-08-22 11:42 - 2015-07-30 01:16 - 02147080 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2015-08-22 11:42 - 2015-07-30 01:15 - 00632168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2015-08-22 11:42 - 2015-07-30 01:14 - 00333168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2015-08-22 11:42 - 2015-07-30 01:09 - 01562968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2015-08-22 11:42 - 2015-07-30 01:06 - 01043872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-08-22 11:42 - 2015-07-30 01:05 - 00501008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-08-22 11:42 - 2015-07-30 01:03 - 02116448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-08-22 11:42 - 2015-07-30 00:24 - 00252768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2015-08-22 11:42 - 2015-07-29 23:29 - 00705520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-08-22 11:42 - 2015-07-29 23:26 - 01867160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2015-08-22 11:42 - 2015-07-29 23:26 - 00877016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-08-22 11:42 - 2015-07-29 23:25 - 01356368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2015-08-22 11:42 - 2015-07-29 23:25 - 00713312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2015-08-22 11:42 - 2015-07-29 23:24 - 00445240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-08-22 11:42 - 2015-07-29 23:24 - 00407616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-08-22 11:42 - 2015-07-29 23:24 - 00285632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2015-08-22 11:42 - 2015-07-29 23:22 - 00507696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2015-08-22 11:42 - 2015-07-29 23:12 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2015-08-22 11:42 - 2015-07-29 23:12 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-08-22 11:42 - 2015-07-29 23:08 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-08-22 11:42 - 2015-07-29 23:08 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2015-08-22 11:42 - 2015-07-29 22:59 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-08-22 11:42 - 2015-07-29 22:52 - 00521216 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2015-08-22 11:42 - 2015-07-29 22:52 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2015-08-22 11:42 - 2015-07-29 22:49 - 11557888 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2015-08-22 11:42 - 2015-07-29 22:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2015-08-22 11:42 - 2015-07-29 22:46 - 00487424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2015-08-22 11:42 - 2015-07-29 22:46 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-08-22 11:42 - 2015-07-29 22:44 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-08-22 11:42 - 2015-07-29 22:44 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2015-08-22 11:42 - 2015-07-29 22:42 - 00518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2015-08-22 11:42 - 2015-07-29 22:41 - 00407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2015-08-22 11:42 - 2015-07-29 22:41 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2015-08-22 11:42 - 2015-07-29 22:40 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2015-08-22 11:42 - 2015-07-29 22:38 - 01420288 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2015-08-22 11:42 - 2015-07-29 22:34 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2015-08-22 11:42 - 2015-07-29 22:29 - 00654848 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2015-08-22 11:42 - 2015-07-29 22:15 - 09889792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2015-08-22 11:42 - 2015-07-29 22:06 - 00373248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2015-08-22 11:42 - 2015-07-29 22:04 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2015-08-22 11:42 - 2015-07-29 22:04 - 00335360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2015-08-22 11:42 - 2015-07-29 21:59 - 00473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2015-08-22 11:42 - 2015-07-29 21:58 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2015-08-22 11:41 - 2015-08-12 23:20 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2015-08-22 11:41 - 2015-08-12 22:53 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2015-08-22 11:41 - 2015-08-11 05:03 - 00442208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2015-08-22 11:41 - 2015-08-11 05:02 - 00080720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2015-08-22 11:41 - 2015-08-11 04:26 - 00845664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2015-08-22 11:41 - 2015-08-11 04:21 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-08-22 11:41 - 2015-08-11 04:21 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2015-08-22 11:41 - 2015-08-11 04:20 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2015-08-22 11:41 - 2015-08-11 04:18 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2015-08-22 11:41 - 2015-08-11 04:11 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2015-08-22 11:41 - 2015-08-11 04:09 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2015-08-22 11:41 - 2015-08-11 04:07 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeParserTask.exe
2015-08-22 11:41 - 2015-08-11 04:05 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll
2015-08-22 11:41 - 2015-08-11 04:05 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2015-08-22 11:41 - 2015-08-11 04:05 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2015-08-22 11:41 - 2015-08-11 04:02 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-08-22 11:41 - 2015-08-11 04:02 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2015-08-22 11:41 - 2015-08-11 04:00 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-08-22 11:41 - 2015-08-11 04:00 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll
2015-08-22 11:41 - 2015-08-11 03:59 - 00642560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2015-08-22 11:41 - 2015-08-11 03:59 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2015-08-22 11:41 - 2015-08-11 03:59 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tetheringclient.dll
2015-08-22 11:41 - 2015-08-11 03:58 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2015-08-22 11:41 - 2015-08-11 03:57 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2015-08-22 11:41 - 2015-08-11 03:50 - 00420352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2015-08-22 11:41 - 2015-08-11 03:50 - 00200704 _____ C:\WINDOWS\SysWOW64\TextInputFramework.dll
2015-08-22 11:41 - 2015-08-11 03:50 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2015-08-22 11:41 - 2015-08-11 03:48 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2015-08-22 11:41 - 2015-08-11 03:39 - 00280576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-08-22 11:41 - 2015-08-11 03:38 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReInfo.dll
2015-08-22 11:41 - 2015-08-08 02:29 - 01822280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-08-22 11:41 - 2015-08-08 02:01 - 01533496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-08-22 11:41 - 2015-08-03 23:06 - 00243248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-08-22 11:41 - 2015-08-02 21:18 - 00594472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2015-08-22 11:41 - 2015-08-02 21:18 - 00046432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpiowin32.sys
2015-08-22 11:41 - 2015-08-02 21:17 - 00052264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wpcfltr.sys
2015-08-22 11:41 - 2015-08-02 20:31 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2015-08-22 11:41 - 2015-08-02 20:24 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModelShim.dll
2015-08-22 11:41 - 2015-08-02 20:21 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
2015-08-22 11:41 - 2015-08-02 20:19 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2015-08-22 11:41 - 2015-08-02 20:19 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2015-08-22 11:41 - 2015-08-02 20:15 - 01290752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2015-08-22 11:41 - 2015-08-02 20:15 - 00384000 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2015-08-22 11:41 - 2015-08-02 20:06 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2015-08-22 11:41 - 2015-08-02 20:02 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2015-08-22 11:41 - 2015-07-29 23:22 - 00896144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2015-08-22 11:41 - 2015-07-29 23:09 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2015-08-22 11:41 - 2015-07-29 22:45 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2015-08-22 11:41 - 2015-07-29 22:45 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tunnel.sys
2015-08-22 11:41 - 2015-07-29 22:44 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2015-08-22 11:41 - 2015-07-29 22:44 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-08-22 11:41 - 2015-07-29 22:44 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\VoiceActivationManager.dll
2015-08-22 11:41 - 2015-07-29 22:38 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2015-08-22 11:41 - 2015-07-29 22:07 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2015-08-22 11:41 - 2015-07-29 22:06 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2015-08-22 11:41 - 2015-07-29 22:06 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VoiceActivationManager.dll
2015-08-22 10:08 - 2015-08-22 11:18 - 00000000 ____D C:\Users\Pam Honeysuckle\AppData\Local\MicrosoftEdge
2015-08-22 09:48 - 2015-08-22 09:48 - 00000000 ____D C:\Users\Pam Honeysuckle\AppData\Local\Publishers
2015-08-22 09:32 - 2015-08-22 09:32 - 00002364 _____ C:\Users\Pam Honeysuckle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-08-22 09:31 - 2015-08-22 09:31 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2015-08-22 09:27 - 2015-08-22 09:29 - 00000000 ____D C:\Users\Pam Honeysuckle\AppData\Local\Comms
2015-08-22 09:26 - 2015-08-22 09:26 - 00000020 ___SH C:\Users\Pam Honeysuckle\ntuser.ini
2015-08-22 09:26 - 2015-08-22 09:26 - 00000000 ____D C:\Users\Pam Honeysuckle\AppData\Local\TileDataLayer
2015-08-22 06:31 - 2015-08-22 09:26 - 00000000 ___DC C:\WINDOWS\Panther
2015-08-22 06:31 - 2015-08-22 03:38 - 00000000 __SHD C:\Recovery
2015-08-22 06:23 - 2015-08-22 06:23 - 00000000 ____D C:\Windows.old
2015-08-22 06:21 - 2015-08-22 06:21 - 14241792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 12589056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 07569408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 07051264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 06488312 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 06305792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 06101504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 05118024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 05076480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 04791296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 04760576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 04611584 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 04398080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 04350464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 04169728 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 03687936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 03579904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 03443200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 03362816 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 03248640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 02741760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 02646528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 02606080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 02207744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 02112512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 01773056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 01611264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 01591856 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 01521664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 01418240 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2015-08-22 06:21 - 2015-08-22 06:21 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 01411072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 01365072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 01294352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-08-22 06:21 - 2015-08-22 06:21 - 01203200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 01203200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 01201664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 01169408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 01168736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-08-22 06:21 - 2015-08-22 06:21 - 01135312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2015-08-22 06:21 - 2015-08-22 06:21 - 01123400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-08-22 06:21 - 2015-08-22 06:21 - 01101792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 01067520 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 01043968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 01031680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorDataService.exe
2015-08-22 06:21 - 2015-08-22 06:21 - 01018568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-08-22 06:21 - 2015-08-22 06:21 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2015-08-22 06:21 - 2015-08-22 06:21 - 00966424 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00934752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2015-08-22 06:21 - 2015-08-22 06:21 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00902656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-08-22 06:21 - 2015-08-22 06:21 - 00872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00858408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-08-22 06:21 - 2015-08-22 06:21 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Import.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00823336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00808856 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpccpl.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00783872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00762896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00750592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-08-22 06:21 - 2015-08-22 06:21 - 00695136 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00680448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00679424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00677888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00658568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00630160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00601344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-08-22 06:21 - 2015-08-22 06:21 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00589824 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efscore.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00578048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-08-22 06:21 - 2015-08-22 06:21 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Import.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00569344 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00565088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2015-08-22 06:21 - 2015-08-22 06:21 - 00542720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00521568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2015-08-22 06:21 - 2015-08-22 06:21 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00505344 _____ C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00498016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-08-22 06:21 - 2015-08-22 06:21 - 00485888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00430592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcomapi.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00425824 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2015-08-22 06:21 - 2015-08-22 06:21 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00343040 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2015-08-22 06:21 - 2015-08-22 06:21 - 00335248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00325984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2015-08-22 06:21 - 2015-08-22 06:21 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00303616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemcpl.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00290312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2015-08-22 06:21 - 2015-08-22 06:21 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\systemcpl.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2015-08-22 06:21 - 2015-08-22 06:21 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00265480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00263168 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00251392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicesFlowBroker.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00208736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumsvc.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\OmaDmAgent.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00191488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReInfo.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00181088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SignInOptions.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00179200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumsvc.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2015-08-22 06:21 - 2015-08-22 06:21 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Privacy.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabSvc.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2015-08-22 06:21 - 2015-08-22 06:21 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2015-08-22 06:21 - 2015-08-22 06:21 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00097128 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcd.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\spbcd.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00082616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcd.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spbcd.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.ProxyStub.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2015-08-22 06:21 - 2015-08-22 06:21 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2015-08-22 06:21 - 2015-08-22 06:21 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\unenrollhook.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00061280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2015-08-22 06:21 - 2015-08-22 06:21 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.OneCore.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2015-08-22 06:21 - 2015-08-22 06:21 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.PAL.Desktop.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmprc.exe
2015-08-22 06:21 - 2015-08-22 06:21 - 00046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2015-08-22 06:21 - 2015-08-22 06:21 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00032768 _____ C:\WINDOWS\system32\LicenseManagerApi.dll
2015-08-22 06:21 - 2015-08-22 06:21 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe
2015-08-22 06:21 - 2015-08-22 06:21 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe
2015-08-22 06:18 - 2015-08-22 06:18 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2015-08-22 06:16 - 2015-08-22 06:16 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-08-22 06:16 - 2015-08-22 06:16 - 00000000 ____D C:\Program Files\MSBuild
2015-08-22 06:16 - 2015-08-22 06:16 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2015-08-22 06:16 - 2015-08-22 06:16 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-08-22 06:16 - 2015-08-22 06:16 - 00000000 ____D C:\inetpub
2015-08-22 06:15 - 2015-06-17 21:10 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-08-22 06:15 - 2015-06-17 21:10 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-22 06:15 - 2015-06-17 21:10 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-08-22 06:15 - 2015-05-30 00:07 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-08-22 06:15 - 2015-05-30 00:07 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-22 06:15 - 2015-05-30 00:07 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-08-22 03:55 - 2015-07-10 05:59 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2015-08-22 03:48 - 2015-08-22 03:48 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-08-22 03:48 - 2015-08-22 03:48 - 00000000 ____D C:\Users\Default\Documents\hp.system.package.metadata
2015-08-22 03:48 - 2015-08-22 03:48 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2015-08-22 03:48 - 2015-08-22 03:48 - 00000000 ____D C:\Users\Default User\Documents\hp.system.package.metadata
2015-08-22 03:48 - 2015-08-22 03:48 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2015-08-22 03:42 - 2015-08-22 03:42 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2015-08-22 03:40 - 2015-08-29 07:48 - 00000000 ____D C:\Users\Pam Honeysuckle
2015-08-22 03:40 - 2015-08-23 15:12 - 00000000 ___RD C:\Users\Pam Honeysuckle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-22 03:40 - 2015-08-22 03:59 - 00000000 ____D C:\Users\Administrator
2015-08-22 03:40 - 2015-08-22 03:41 - 00000000 ___RD C:\Users\Pam Honeysuckle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-22 03:40 - 2015-08-22 03:41 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-22 03:40 - 2015-07-10 06:04 - 00000000 __RSD C:\Users\Pam Honeysuckle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-08-22 03:40 - 2015-07-10 06:04 - 00000000 __RSD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-08-22 03:40 - 2015-07-10 06:04 - 00000000 ___RD C:\Users\Pam Honeysuckle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-08-22 03:40 - 2015-07-10 06:04 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-22 03:40 - 2015-07-10 06:04 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-08-22 03:40 - 2015-07-10 06:04 - 00000000 ____D C:\Users\Pam Honeysuckle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-08-22 03:40 - 2015-07-10 06:04 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-08-22 03:39 - 2015-08-29 07:58 - 00968010 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-22 03:39 - 2015-08-22 03:39 - 00925184 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2015-08-22 03:38 - 2015-08-22 03:42 - 00011587 _____ C:\WINDOWS\iis.log
2015-08-22 03:36 - 2015-08-22 03:51 - 00000000 ____D C:\Program Files\IDT
2015-08-22 03:36 - 2015-08-22 03:36 - 00001707 _____ C:\WINDOWS\system32\RaCoInst.log
2015-08-22 03:36 - 2015-08-22 03:36 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2015-08-22 03:36 - 2015-08-22 03:36 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2015-08-22 03:36 - 2015-03-07 10:54 - 07986176 _____ (IDT, Inc.) C:\WINDOWS\system32\IDTNGUI.exe
2015-08-22 03:36 - 2015-03-07 10:54 - 07712768 _____ (IDT, Inc.) C:\WINDOWS\system32\IDTNHP.dll
2015-08-22 03:36 - 2015-03-07 10:54 - 06085632 _____ (IDT, Inc.) C:\WINDOWS\system32\stlang64.dll
2015-08-22 03:36 - 2015-03-07 10:54 - 02213376 _____ (IDT, Inc.) C:\WINDOWS\system32\IDTNX.dll
2015-08-22 03:36 - 2015-03-07 10:54 - 01821184 _____ (IDT, Inc.) C:\WINDOWS\system32\IDTNC64.cpl
2015-08-22 03:36 - 2015-03-07 10:54 - 01664000 _____ (IDT, Inc.) C:\WINDOWS\sttray64.exe
2015-08-22 03:36 - 2015-03-07 10:54 - 00464384 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\slapoi64.dll
2015-08-22 03:36 - 2015-03-07 10:54 - 00253952 _____ (IDT, Inc.) C:\WINDOWS\system32\IDTNJ.exe
2015-08-22 03:36 - 2015-03-07 10:54 - 00224256 _____ (IDT, Inc.) C:\WINDOWS\system32\HPToneCtrls64.dll
2015-08-22 03:36 - 2015-03-07 10:54 - 00042482 _____ C:\WINDOWS\system32\Balen&Yeats_dv7.xml
2015-08-22 03:35 - 2015-08-22 03:42 - 00000000 ____D C:\Program Files\Intel
2015-08-22 03:35 - 2015-08-22 03:35 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2015-08-22 03:35 - 2015-08-22 03:35 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2015-08-22 03:35 - 2015-08-22 03:35 - 00000000 ____D C:\Program Files\Synaptics
2015-08-22 03:35 - 2015-07-30 22:45 - 00072688 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2015-08-22 03:35 - 2015-07-30 22:45 - 00069104 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2015-08-22 03:33 - 2015-08-22 03:34 - 00033056 _____ C:\WINDOWS\system32\NetSetupMig.log
2015-08-22 03:32 - 2015-08-29 08:51 - 00178896 _____ C:\WINDOWS\PFRO.log
2015-08-21 18:31 - 2015-08-29 09:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-21 18:31 - 2015-08-23 18:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-08-21 18:31 - 2015-08-23 03:34 - 00002920 _____ C:\WINDOWS\system32\LavasoftTcpServiceOff.ini
2015-08-21 18:30 - 2015-08-29 09:15 - 00000000 ____D C:\Users\Pam Honeysuckle\AppData\Local\Google
2015-08-21 18:30 - 2015-08-29 09:14 - 00000000 ____D C:\Program Files (x86)\Google
2015-08-21 18:30 - 2015-08-21 18:30 - 00422400 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService64.dll
2015-08-13 20:42 - 2015-08-28 22:00 - 00000000 ____D C:\Users\Pam Honeysuckle\AppData\Roaming\RoxBox
2015-08-13 20:42 - 2015-08-22 03:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoxBox
2015-08-13 20:42 - 2015-08-22 03:41 - 00000000 ____D C:\Users\Pam Honeysuckle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RoxBox
2015-08-13 20:42 - 2015-08-13 20:42 - 00002215 _____ C:\Users\Pam Honeysuckle\Desktop\KJSongBook.lnk
2015-08-13 20:42 - 2015-08-13 20:42 - 00002215 _____ C:\Users\Administrator\Desktop\KJSongBook.lnk
2015-08-13 20:42 - 2015-08-13 20:42 - 00002138 _____ C:\Users\Pam Honeysuckle\Desktop\RoxBox Karaoke Player.lnk
2015-08-13 20:42 - 2015-08-13 20:42 - 00002138 _____ C:\Users\Administrator\Desktop\RoxBox Karaoke Player.lnk
2015-08-13 20:41 - 2015-08-13 20:41 - 00000000 ____D C:\Program Files (x86)\RoxBox
2015-08-13 19:08 - 2015-08-13 19:08 - 00060596 _____ C:\Users\Pam Honeysuckle\Desktop\Copy of 2015 Total Chargeables for OCAS.xlsx
2015-08-05 22:12 - 2015-08-05 22:12 - 00000000 ____D C:\Users\Pam Honeysuckle\AppData\Roaming\WildTangent
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-30 18:12 - 2015-07-10 06:00 - 00534064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2015-08-30 18:11 - 2015-07-10 06:00 - 00680256 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2015-08-30 18:08 - 2015-03-04 22:32 - 00004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4B33C795-E3BF-4D23-814A-AB0BAA2B9316}
2015-08-30 18:07 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-08-30 18:04 - 2015-07-10 07:22 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-30 18:04 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-08-29 09:04 - 2015-05-28 04:35 - 00000000 ____D C:\Users\Pam Honeysuckle\OneDrive
2015-08-29 09:01 - 2015-07-10 07:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-29 09:00 - 2015-07-10 04:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-08-29 08:44 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2015-08-29 08:44 - 2013-08-22 10:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2015-08-29 07:53 - 2015-07-10 05:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-08-28 21:53 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-08-28 21:53 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-08-28 21:32 - 2015-07-10 07:20 - 00018571 _____ C:\WINDOWS\setupact.log
2015-08-24 16:07 - 2015-05-31 20:26 - 2031694841 _____ C:\WINDOWS\MEMORY.DMP
2015-08-23 19:58 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\ADFS
2015-08-23 19:56 - 2012-10-30 03:50 - 00000000 ____D C:\Program Files (x86)\Autonomy
2015-08-23 18:30 - 2015-07-10 06:04 - 00000000 ____D C:\Program Files\Common Files\System
2015-08-23 09:40 - 2015-07-10 07:20 - 00376488 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-23 03:37 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\appcompat
2015-08-23 03:30 - 2015-07-10 06:04 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-23 03:30 - 2015-07-10 06:04 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-23 03:30 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-08-23 03:30 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\Provisioning
2015-08-22 16:34 - 2015-03-07 19:46 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-22 11:45 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\restore
2015-08-22 10:01 - 2015-03-04 22:30 - 00000000 ____D C:\Users\Pam Honeysuckle\AppData\Local\Packages
2015-08-22 09:28 - 2015-07-10 06:04 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-08-22 09:28 - 2015-07-10 06:04 - 00000000 ___RD C:\WINDOWS\PrintDialog
2015-08-22 09:28 - 2015-07-10 06:04 - 00000000 ___RD C:\WINDOWS\MiracastView
2015-08-22 09:27 - 2015-07-10 06:04 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-08-22 09:26 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2015-08-22 09:26 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\rescache
2015-08-22 09:26 - 2015-05-31 15:49 - 00000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-08-22 06:31 - 2015-07-10 06:04 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2015-08-22 06:22 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2015-08-22 06:22 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-08-22 06:22 - 2015-07-10 04:05 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2015-08-22 06:22 - 2015-07-10 04:05 - 00000000 ____D C:\WINDOWS\system32\Dism
2015-08-22 06:16 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2015-08-22 06:16 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2015-08-22 06:16 - 2015-07-10 06:01 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2015-08-22 06:16 - 2015-07-10 06:01 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2015-08-22 06:16 - 2015-07-10 06:01 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2015-08-22 06:16 - 2015-07-10 06:01 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2015-08-22 06:16 - 2015-07-10 06:01 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2015-08-22 06:16 - 2015-07-10 06:01 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2015-08-22 06:16 - 2015-07-10 06:00 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2015-08-22 06:16 - 2015-07-10 06:00 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2015-08-22 06:16 - 2015-07-10 06:00 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2015-08-22 06:16 - 2015-07-10 06:00 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2015-08-22 06:16 - 2015-07-10 06:00 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2015-08-22 06:16 - 2015-07-10 06:00 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2015-08-22 04:05 - 2015-05-27 21:47 - 00049533 _____ C:\WINDOWS\diagwrn.xml
2015-08-22 04:05 - 2015-05-27 21:47 - 00049533 _____ C:\WINDOWS\diagerr.xml
2015-08-22 04:04 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\Registration
2015-08-22 04:04 - 2015-03-09 00:10 - 00026297 _____ C:\WINDOWS\comsetup.log
2015-08-22 04:03 - 2015-07-22 09:12 - 00003330 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForPam Honeysuckle
2015-08-22 04:03 - 2015-05-27 22:09 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2015-08-22 04:03 - 2015-05-23 22:52 - 00003756 _____ C:\WINDOWS\System32\Tasks\HPCustParticipation HP Officejet Pro 8600
2015-08-22 04:03 - 2015-03-28 13:05 - 00000386 _____ C:\WINDOWS\Tasks\HPCeeScheduleForPam Honeysuckle.job
2015-08-22 04:03 - 2015-03-14 02:39 - 00003270 _____ C:\WINDOWS\System32\Tasks\CLVDLauncher
2015-08-22 04:03 - 2015-03-14 02:39 - 00003270 _____ C:\WINDOWS\System32\Tasks\CLMLSvc_P2G8
2015-08-22 04:03 - 2015-03-04 22:38 - 00003708 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-468200526-3709930035-1514773469-1001
2015-08-22 04:03 - 2015-03-04 22:13 - 00002458 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-468200526-3709930035-1514773469-500
2015-08-22 04:03 - 2012-10-30 04:07 - 00003434 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2015-08-22 04:03 - 2012-10-30 03:55 - 00003258 _____ C:\WINDOWS\System32\Tasks\MirageAgent
2015-08-22 04:03 - 2012-10-30 03:34 - 00003092 _____ C:\WINDOWS\System32\Tasks\Synaptics TouchPad Enhancements
2015-08-22 04:00 - 2015-07-10 06:04 - 00000000 __RHD C:\Users\Public\Libraries
2015-08-22 03:53 - 2013-08-22 08:36 - 00000000 ____D C:\Users\Default.migrated
2015-08-22 03:51 - 2015-07-10 08:14 - 00000000 ____D C:\WINDOWS\ShellNew
2015-08-22 03:51 - 2015-07-10 04:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-08-22 03:51 - 2015-03-07 19:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-08-22 03:51 - 2015-03-04 22:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2013
2015-08-22 03:51 - 2012-10-30 03:55 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2015-08-22 03:51 - 2012-10-30 03:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-08-22 03:51 - 2012-10-30 03:49 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2015-08-22 03:51 - 2012-10-30 03:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-08-22 03:51 - 2012-09-24 20:33 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-08-22 03:51 - 2012-09-24 20:30 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-08-22 03:51 - 2012-09-24 20:26 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-08-22 03:51 - 2012-09-24 20:26 - 00000000 ____D C:\WINDOWS\en
2015-08-22 03:48 - 2015-07-10 06:05 - 00004362 _____ C:\WINDOWS\DtcInstall.log
2015-08-22 03:48 - 2015-07-10 04:05 - 00000000 __RHD C:\Users\Default
2015-08-22 03:45 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\zh-HK
2015-08-22 03:45 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\uk-UA
2015-08-22 03:45 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\tr-TR
2015-08-22 03:45 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\th-TH
2015-08-22 03:45 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\sr-Latn-RS
2015-08-22 03:45 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\sl-SI
2015-08-22 03:45 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\sk-SK
2015-08-22 03:45 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\ro-RO
2015-08-22 03:45 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2015-08-22 03:45 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2015-08-22 03:45 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2015-08-22 03:45 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2015-08-22 03:45 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\hr-HR
2015-08-22 03:45 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\he-IL
2015-08-22 03:45 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\et-EE
2015-08-22 03:45 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2015-08-22 03:45 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\bg-BG
2015-08-22 03:45 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\ar-SA
2015-08-22 03:45 - 2012-09-24 20:23 - 00000000 ____D C:\WINDOWS\SysWOW64\Adobe
2015-08-22 03:44 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\zh-HK
2015-08-22 03:44 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\uk-UA
2015-08-22 03:44 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\tr-TR
2015-08-22 03:44 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\th-TH
2015-08-22 03:44 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-RS
2015-08-22 03:44 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\spool
2015-08-22 03:44 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\sl-SI
2015-08-22 03:44 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\sk-SK
2015-08-22 03:44 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\ro-RO
2015-08-22 03:44 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-08-22 03:44 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2015-08-22 03:44 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2015-08-22 03:44 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2015-08-22 03:44 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\IME
2015-08-22 03:44 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\hr-HR
2015-08-22 03:44 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\he-IL
2015-08-22 03:44 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\et-EE
2015-08-22 03:44 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\en-GB
2015-08-22 03:44 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2015-08-22 03:44 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2015-08-22 03:43 - 2015-07-10 06:04 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-08-22 03:43 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\bg-BG
2015-08-22 03:43 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\ar-SA
2015-08-22 03:43 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-08-22 03:43 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\InputMethod
2015-08-22 03:43 - 2015-05-31 14:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neat
2015-08-22 03:43 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\MediaViewer
2015-08-22 03:43 - 2012-10-30 04:07 - 00000000 ____D C:\ProgramData\Norton
2015-08-22 03:43 - 2012-09-24 20:21 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2015-08-22 03:43 - 2012-08-03 17:29 - 00000000 ____D C:\ProgramData\PRICache
2015-08-22 03:42 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\Recovery
2015-08-22 03:42 - 2015-07-10 06:04 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-08-22 03:42 - 2012-09-24 20:15 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2015-08-22 03:41 - 2012-08-03 17:28 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages
2015-08-22 03:38 - 2015-07-10 04:05 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-08-22 03:05 - 2015-05-27 22:09 - 01660903 _____ C:\WINDOWS\WindowsUpdate (1).log
2015-08-22 03:00 - 2015-07-10 08:39 - 00000000 ___HD C:\$Windows.~BT
2015-08-21 21:00 - 2015-03-07 10:48 - 00000052 _____ C:\WINDOWS\SysWOW64\DOErrors.log
2015-08-13 20:42 - 2015-03-04 22:30 - 00000000 ____D C:\Users\Pam Honeysuckle\AppData\Local\VirtualStore
2015-08-11 18:36 - 2015-03-06 00:39 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-08-11 18:34 - 2015-03-06 00:39 - 132483416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-11 18:30 - 2012-07-26 00:26 - 00000167 _____ C:\WINDOWS\win.ini
2015-08-08 10:38 - 2015-07-10 06:06 - 00794088 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-08-08 10:38 - 2015-07-10 06:06 - 00179688 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-05 22:12 - 2012-09-24 20:33 - 00000000 ____D C:\ProgramData\WildTangent
2015-07-31 19:15 - 2013-08-22 10:36 - 00000000 ___RD C:\WINDOWS\ToastData
 
==================== Files in the root of some directories =======
 
2015-05-23 22:51 - 2015-05-23 22:51 - 0000057 _____ () C:\ProgramData\Ament.ini
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-22 03:32
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-08-2015
Ran by Pam Honeysuckle (2015-08-30 18:20:16)
Running from C:\Users\Pam Honeysuckle\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-468200526-3709930035-1514773469-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-468200526-3709930035-1514773469-503 - Limited - Disabled)
Guest (S-1-5-21-468200526-3709930035-1514773469-501 - Limited - Disabled)
Pam Honeysuckle (S-1-5-21-468200526-3709930035-1514773469-1001 - Administrator - Enabled) => C:\Users\Pam Honeysuckle
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
AuthenTec TrueAPI 64-bit (Version: 1.6.0.86 - AuthenTec, Inc.) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3.6326 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.2.2114 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.2.3317 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2527 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DriverUpdate (HKLM-x32\...\{B6F57EFA-7F52-4349-B7C9-2E6AB01353B7}) (Version: 2.4.2 - SlimWare Utilities, Inc.)
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
FindingDiscount (HKLM-x32\...\FindingDiscount) (Version:  - )
FlatOut 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Connected Backup (HKLM-x32\...\{6BA5F6E7-6CC1-4117-816D-A549A06CE44E}) (Version: 8.7.0.0 - Autonomy)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Documentation (HKLM-x32\...\{7DE5085A-3665-40BC-9595-A1A209699137}) (Version: 1.1.0.0 - Hewlett-Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\{34C821CA-6B55-44A0-8A9B-2EF471D6019E}) (Version: 6.0.100.244 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Neat Core Files (x32 Version: 5.6.1.374 - The Neat Company) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Quicken 2013 (HKLM-x32\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.1.21 - Intuit)
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.2.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.29025 - Realtek Semiconductor Corp.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SpaceSoundPro Service (HKLM-x32\...\zz.1636.ssp) (Version: 1.0.0 - CSDI)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.95 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 2.2.0.98 - WildTangent) Hidden
Validity WBF DDK (HKLM\...\{1F91C200-8F0F-4009-A75E-DB6CE151BD4E}) (Version: 4.4.234.0 - Validity Sensors, Inc.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.6 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-468200526-3709930035-1514773469-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-468200526-3709930035-1514773469-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-468200526-3709930035-1514773469-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-468200526-3709930035-1514773469-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-468200526-3709930035-1514773469-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-468200526-3709930035-1514773469-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-468200526-3709930035-1514773469-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-468200526-3709930035-1514773469-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-468200526-3709930035-1514773469-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-468200526-3709930035-1514773469-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-468200526-3709930035-1514773469-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-468200526-3709930035-1514773469-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-468200526-3709930035-1514773469-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-468200526-3709930035-1514773469-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-468200526-3709930035-1514773469-1001_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-468200526-3709930035-1514773469-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-468200526-3709930035-1514773469-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-468200526-3709930035-1514773469-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-468200526-3709930035-1514773469-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-468200526-3709930035-1514773469-1001_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-468200526-3709930035-1514773469-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-468200526-3709930035-1514773469-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-468200526-3709930035-1514773469-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-468200526-3709930035-1514773469-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points =========================
 
22-08-2015 11:45:14 Windows Update
22-08-2015 11:45:57 Windows Update
23-08-2015 18:53:07 Removed SlimCleaner Plus
27-08-2015 19:49:59 Windows Update
27-08-2015 19:51:11 Windows Update
29-08-2015 07:52:31 Windows Modules Installer
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {00C042E0-CFFC-4AEE-8EEA-6F5B3AAA157B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {00EEBA9C-F9EF-4272-B793-C830FBADD359} - System32\Tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup => C:\Windows\system32\dstokenclean.exe [2015-07-10] (Microsoft Corporation)
Task: {07E26BC1-F357-4D4C-BF9F-52D85C3C72ED} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {0CCA7916-2916-4F12-BD32-1E3BE31E1269} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join => C:\Windows\System32\dsregcmd.exe [2015-07-10] (Microsoft Corporation)
Task: {0CF8039A-367B-48F2-9BB5-B501273E0F0E} - System32\Tasks\HPCeeScheduleForPam Honeysuckle => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {112B17A8-2C24-4D8A-A6FF-B01F80E9EA63} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe
Task: {185D1E67-75A7-40D0-9F3A-EDF5D2178628} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {19865544-CE08-40BE-8B8C-87C47681433D} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sihboot => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation)
Task: {3BF4CF95-681B-4420-8DEB-A37B7A247CCB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-07-31] (Hewlett-Packard)
Task: {3F6E048D-6404-433B-8F5F-CFF4D89BF89E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Rundll32.exe generaltel.dll,RunTelemetryW
Task: {41160EA0-208B-4C3E-B4DB-805BBABC6B93} - System32\Tasks\Microsoft\Windows\Feedback\Siuf\DmClient => C:\Windows\system32\dmclient.exe [2015-07-10] (Microsoft Corporation)
Task: {49E1E5E2-ED2B-40A0-ADE5-282DA2716900} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe
Task: {5A6D1C07-8C4A-4AE1-A53E-E1E81CE312CB} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {73551810-E5F4-433E-9494-0D00B55C855E} - System32\Tasks\Microsoft\Windows\Maps\MapsToastTask
Task: {76808A93-E5F9-4458-8CC4-EC6B2D58A380} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN33DBXH3H05KC => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-07-31] (Hewlett-Packard)
Task: {784ACF97-1307-4783-BE70-6F18A746E625} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {78B77FA3-9D97-441D-97B6-68CEA40B4F74} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe generaltel.dll,RunTelemetry -maintenance
Task: {8DF84CB3-D8E0-4307-A35B-CA74E21786DB} - System32\Tasks\Microsoft\Windows\Clip\License Validation => C:\Windows\system32\ClipUp.exe [2015-08-22] (Microsoft Corporation)
Task: {96A35786-F09D-4097-8F60-378C09D78C3D} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-07-17] (Synaptics Incorporated)
Task: {A5B6CD85-1B57-49B9-BA80-5D5D65F02826} - System32\Tasks\Microsoft\Windows\AppID\EDP Policy Manager
Task: {A78432CB-2AF8-4626-A19E-5A61AFCB1C00} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {ADFFB72F-8AD6-4EBF-A5F6-0529D228CF5A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-11] (Microsoft Corporation)
Task: {B99A57DA-DFC6-42EC-BEC9-82F97ED8F3F6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {C02427A4-7905-4089-876D-FDEA05F45747} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {C56AFFD3-06B8-4A16-AF7E-F7A6EB3FAE9E} - System32\Tasks\Microsoft\Windows\TPM\Tpm-HASCertRetr
Task: {C5EE2EA2-5312-4D1F-B9D0-41B18DF31B78} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sih => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation)
Task: {C73B97E2-5710-4193-B76C-D82FAB5A88D6} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-23] (Adobe Systems Incorporated)
Task: {C7A236B2-12E1-46DC-9501-3B1B0209CC09} - System32\Tasks\Microsoft\Windows\Location\WindowsActionDialog => C:\Windows\System32\WindowsActionDialog.exe [2015-07-10] (Microsoft Corporation)
Task: {D27D3A16-7908-482C-850D-3B1B883A80D8} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe
Task: {D69E7446-18F2-4610-B7F9-FDDE602D9F59} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {F9FD3995-C7E1-458B-871E-77B08F20376B} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {FA2BA014-E653-424C-B89D-6369676C0582} - \runTask -> No File <==== ATTENTION
Task: {FD5F9755-8860-47A4-AA30-9287F07F8301} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForPam Honeysuckle.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-08-22 06:21 - 2015-08-22 06:21 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-08-22 11:42 - 2015-08-11 04:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2012-09-06 03:47 - 2012-09-06 03:47 - 00028160 _____ () C:\Windows\system32\valWBFPolicyService.exe
2015-08-27 21:02 - 2015-08-18 02:56 - 02498808 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-27 21:02 - 2015-08-18 02:56 - 02498808 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2012-08-10 03:36 - 2012-08-10 03:36 - 04073320 _____ () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
2015-07-10 05:59 - 2015-07-10 05:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-10 05:59 - 2015-07-10 05:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2015-08-22 11:42 - 2015-08-02 20:11 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-07-10 06:00 - 2015-07-10 08:14 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-08-22 11:42 - 2015-08-11 03:58 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-08-22 11:42 - 2015-08-02 20:09 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 06:00 - 2015-07-10 08:14 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-03-14 02:39 - 2012-06-07 22:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 13:34 - 2012-06-08 13:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2012-10-30 03:30 - 2012-06-25 13:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2015-08-29 09:14 - 2015-08-18 00:23 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libglesv2.dll
2015-08-29 09:14 - 2015-08-18 00:23 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Pam Honeysuckle\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Pam Honeysuckle\SkyDrive:ms-properties
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-468200526-3709930035-1514773469-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-468200526-3709930035-1514773469-1001\...\webcompanion.com -> hxxp://webcompanion.com
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-468200526-3709930035-1514773469-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\marvin.jpg
HKU\S-1-5-21-468200526-3709930035-1514773469-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Pam Honeysuckle\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\marvin.jpg
HKU\S-1-5-21-468200526-3709930035-1514773469-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKU\S-1-5-21-468200526-3709930035-1514773469-1001\...\StartupApproved\Run: => "Power2GoExpress8"
HKU\S-1-5-21-468200526-3709930035-1514773469-1001\...\StartupApproved\Run: => "HP Officejet Pro 8600 (NET)"
HKU\S-1-5-21-468200526-3709930035-1514773469-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Power2GoExpress8"
HKU\S-1-5-21-468200526-3709930035-1514773469-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "HP Officejet Pro 8600 (NET)"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{946BA8D6-87A7-4685-AD8C-0AA8E5C1D11D}C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe] => (Block) C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe
FirewallRules: [UDP Query User{CDAB4630-742D-425A-9541-0212A125330E}C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe] => (Block) C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe
FirewallRules: [{DB5651E4-00D1-4722-9A29-DBDE4CF593B0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/29/2015 09:15:45 AM) (Source: ESENT) (EventID: 454) (User: )
Description: SettingSyncHost (6356) Database recovery/restore failed with unexpected error -1032.
 
Error: (08/29/2015 09:15:45 AM) (Source: ESENT) (EventID: 490) (User: )
Description: SettingSyncHost (6356) An attempt to open the file "C:\WINDOWS\system32\edb.log" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (08/29/2015 09:15:35 AM) (Source: ESENT) (EventID: 439) (User: )
Description: SettingSyncHost (6356) Unable to write a shadowed header for file C:\WINDOWS\system32\edb.chk. Error -1032.
 
Error: (08/29/2015 09:15:35 AM) (Source: ESENT) (EventID: 490) (User: )
Description: SettingSyncHost (6356) An attempt to open the file "C:\WINDOWS\system32\edb.chk" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (08/29/2015 09:15:25 AM) (Source: ESENT) (EventID: 490) (User: )
Description: SettingSyncHost (6356) An attempt to open the file "C:\WINDOWS\system32\edb.chk" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (08/29/2015 09:15:15 AM) (Source: ESENT) (EventID: 490) (User: )
Description: SettingSyncHost (6356) An attempt to open the file "C:\WINDOWS\system32\edb.chk" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (08/29/2015 09:15:05 AM) (Source: ESENT) (EventID: 490) (User: )
Description: SettingSyncHost (6356) An attempt to open the file "C:\WINDOWS\system32\edb.chk" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (08/29/2015 09:14:54 AM) (Source: ESENT) (EventID: 454) (User: )
Description: SettingSyncHost (6356) Database recovery/restore failed with unexpected error -1032.
 
Error: (08/29/2015 09:14:54 AM) (Source: ESENT) (EventID: 490) (User: )
Description: SettingSyncHost (6356) An attempt to open the file "C:\WINDOWS\system32\edb.log" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (08/29/2015 09:14:44 AM) (Source: ESENT) (EventID: 439) (User: )
Description: SettingSyncHost (6356) Unable to write a shadowed header for file C:\WINDOWS\system32\edb.chk. Error -1032.
 
 
System errors:
=============
Error: (08/30/2015 06:05:10 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (08/30/2015 06:05:02 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.147.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.
 
Error: (08/29/2015 09:59:07 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.147.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.
 
Error: (08/29/2015 09:53:57 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.147.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.
 
Error: (08/29/2015 09:48:47 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.147.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.
 
Error: (08/29/2015 09:43:36 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.147.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.
 
Error: (08/29/2015 09:38:26 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.147.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.
 
Error: (08/29/2015 09:33:16 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.147.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.
 
Error: (08/29/2015 09:28:06 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.147.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.
 
Error: (08/29/2015 09:22:56 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.147.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.
 
 
Microsoft Office:
=========================
Error: (08/29/2015 09:15:45 AM) (Source: ESENT) (EventID: 454) (User: )
Description: SettingSyncHost6356-1032
 
Error: (08/29/2015 09:15:45 AM) (Source: ESENT) (EventID: 490) (User: )
Description: SettingSyncHost6356C:\WINDOWS\system32\edb.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.
 
Error: (08/29/2015 09:15:35 AM) (Source: ESENT) (EventID: 439) (User: )
Description: SettingSyncHost6356C:\WINDOWS\system32\edb.chk-1032
 
Error: (08/29/2015 09:15:35 AM) (Source: ESENT) (EventID: 490) (User: )
Description: SettingSyncHost6356C:\WINDOWS\system32\edb.chk-1032 (0xfffffbf8)5 (0x00000005)Access is denied.
 
Error: (08/29/2015 09:15:25 AM) (Source: ESENT) (EventID: 490) (User: )
Description: SettingSyncHost6356C:\WINDOWS\system32\edb.chk-1032 (0xfffffbf8)5 (0x00000005)Access is denied.
 
Error: (08/29/2015 09:15:15 AM) (Source: ESENT) (EventID: 490) (User: )
Description: SettingSyncHost6356C:\WINDOWS\system32\edb.chk-1032 (0xfffffbf8)5 (0x00000005)Access is denied.
 
Error: (08/29/2015 09:15:05 AM) (Source: ESENT) (EventID: 490) (User: )
Description: SettingSyncHost6356C:\WINDOWS\system32\edb.chk-1032 (0xfffffbf8)5 (0x00000005)Access is denied.
 
Error: (08/29/2015 09:14:54 AM) (Source: ESENT) (EventID: 454) (User: )
Description: SettingSyncHost6356-1032
 
Error: (08/29/2015 09:14:54 AM) (Source: ESENT) (EventID: 490) (User: )
Description: SettingSyncHost6356C:\WINDOWS\system32\edb.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.
 
Error: (08/29/2015 09:14:44 AM) (Source: ESENT) (EventID: 439) (User: )
Description: SettingSyncHost6356C:\WINDOWS\system32\edb.chk-1032
 
 
CodeIntegrity:
===================================
  Date: 2015-08-30 18:10:57.273
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-30 18:10:57.259
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-30 18:10:57.233
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-30 18:10:57.221
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-30 18:10:57.168
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-30 18:10:57.158
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-30 18:10:57.102
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-30 18:10:57.048
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-29 08:02:52.220
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-27 18:44:50.269
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 39%
Total physical RAM: 6033.27 MB
Available physical RAM: 3667.96 MB
Total Virtual: 12433.27 MB
Available Virtual: 10046.21 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:669.08 GB) (Free:552.84 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:27.18 GB) (Free:3.16 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive e: (NeatConnect) (CDROM) (Total:0.59 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: A50E1C7D)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#13 Cenfath

Cenfath
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Oklahoma
  • Local time:03:52 AM

Posted 30 August 2015 - 06:36 PM

It appears everything went smoothly.  The computer is still up and running. I'm not noticing any of the issues I noticed before with random tabs and things opening on their own or opening upon pressing the enter key.  It's not taking nearly as long to open things either. Thank the Heavens.



#14 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:52 AM

Posted 30 August 2015 - 07:45 PM

Excellent!! Significant progress.

Let's continue...

Please download Farbar Service Scanner, save it to your desktop then run it.
  • Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other Services

  • Press Scan
  • It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log in your reply.

<<<<<<<<<

Then this...

Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
A Notepad document will open on your desktop. Please copy and paste the contents in your reply

<<<<<<<<<

This next...

Please run Malwarebytes Anti-malware (MBAM).

It appears to already be installed on your computer.
  • Update Malwarebytes' Anti-Malware <--- Important!!
  • Launch Malwarebytes' Anti-Malware
  • MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

<<<<<<<<<<

And lastly..

ESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
    • UNCHECK: Remove found threats (I don't want you to remove anything yet!!)
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.
Copy and paste the logfile in your reply for my review.

Thanks,
thcbytes
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#15 Cenfath

Cenfath
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Oklahoma
  • Local time:03:52 AM

Posted 31 August 2015 - 07:45 PM

Farbar Service Scanner Version: 26-07-2015
Ran by Pam Honeysuckle (administrator) on 31-08-2015 at 18:57:27
Running from "C:\Users\Pam Honeysuckle\Desktop"
Microsoft Windows 10 Home  (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****
 

 Results of screen317's Security Check version 1.008  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 Windows Firewall Disabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Flash Player 18.0.0.232  
 Google Chrome (44.0.2403.157) 
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe 
 Windows Defender MpCmdRun.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 
 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 8/31/2015
Scan Time: 7:16 PM
Logfile: MBAM.txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.08.31.04
Rootkit Database: v2015.08.16.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Pam Honeysuckle
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 405261
Time Elapsed: 22 min, 57 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 3
PUP.Optional.Shopperz.BrwsrFlsh, HKLM\SOFTWARE\CLASSES\APPID\Meieiwb.DLL, Quarantined, [68f86ca38803c3731566195e18ecfd03], 
PUP.Optional.Shopperz.BrwsrFlsh, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\Meieiwb.DLL, Quarantined, [4b159b743952d6609be01c5b50b428d8], 
PUP.Optional.Shopperz.BrwsrFlsh, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\Meieiwb.DLL, Quarantined, [79e7b25d91fa71c5de9daec936ce22de], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users