Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Applications Error...apps will not run


  • This topic is locked This topic is locked
15 replies to this topic

#1 Pcnot

Pcnot

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sarasota FL
  • Local time:09:12 AM

Posted 10 February 2016 - 05:03 PM

Good Afternoon,
For the last two weeks I have been receiving error messages when I try to open or run programs.  Specifically, I get something like this:
 
kpm.exe - Application Error
The application was unable to start correctly (0xc0000005).  Click OK
to close the app.
 
I have run my antivirus (Kaspersky Total Security--always updated) full scan, run CCLeaner (clean only, no registry eval); run Malwarebytes, Rkill, and even backed-up and restored my computer...to no avail.  By the way, I had to run all of these security apps (except Kaspersky) in Safe Mode, otherwise they would not work.  None of these modalities have found any malware, viruses or other bad stuff. Safe Mode is the only way I could run FRST to collect the requested data.  I also completed the steps suggested on your "Preparation" page regarding sluggish systems not related to Malware. 
 
I have also run elevated Command Prompts to chkdsk and sfc /scannow
 
I should let you know that the days preceding the emergence of the error message had been eventful.  On Saturday Jan 30th we had Verizon install WiFi and FIOS services.  That eve I installed a Netgear a6210 adaptor so that I could take advantage of my brand new dual frequency 2.4/5G capable router.  I had some difficulty installing the Netgear software with the disk provided, but I did get it installed.  It was the following day, 1/31, that I started getting the multiple iterations of this error message.
 
I am running Windows 10
version 1511
OS Build 10586.71
Processor:  Intel Core i3-4005U CPU @ 170 GHz
Installed RAM 4.00 GB
64-bit OS, x64-based processor
 
Thanks in advance for your help.  I really am at my wits end!

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016
Ran by John (administrator) on PC-SEALAH (07-02-2016 20:32:01)
Running from C:\Users\John\Downloads
Loaded Profiles: John (Available Profiles: John)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe
() C:\Program Files (x86)\NETGEAR\A6210\NetgearSwitchUSB.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avpui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.201.11370.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation) C:\Windows\syswow64\IntelCpHeciSvc.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Failed to access process -> FRST.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7636696 2015-03-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1396592 2015-03-13] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-10-01] (Synaptics Incorporated)
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [9235928 2016-02-04] (Emsisoft Ltd)
HKU\S-1-5-21-552680241-3840029019-851758634-1001\...\Run: [kpm.exe] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.3\kpm.exe [7473880 2015-07-18] (AO Kaspersky Lab)
HKU\S-1-5-21-552680241-3840029019-851758634-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR A6210 Genie.lnk [2016-02-04]
ShortcutTarget: NETGEAR A6210 Genie.lnk -> C:\Program Files (x86)\NETGEAR\A6210\A6210.EXE (NETGEAR)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2016-02-07]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{45000b2f-b7b1-4092-8b58-9907e9ef6bbf}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{d02b3c31-96ac-4262-9109-b681dec5066d}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2016-02-04] (AO Kaspersky Lab)
BHO: Kaspersky Password Manager -> {F710F7E5-A520-471D-989C-F653AC328FB2} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.3\x64\ie_engine.dll [2015-07-18] (AO Kaspersky Lab)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2016-02-04] (AO Kaspersky Lab)
BHO-x32: Kaspersky Password Manager -> {F710F7E5-A520-471D-989C-F653AC328FB2} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.3\ie_engine.dll [2015-07-18] (AO Kaspersky Lab)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2016-02-04] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2016-02-04] (AO Kaspersky Lab)

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox [2016-02-04]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [10963864 2016-02-04] (Emsisoft Ltd)
R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe [194000 2016-02-04] (Kaspersky Lab ZAO)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [359856 2015-07-25] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NetgearSwitchUSB; C:\Program Files (x86)\NETGEAR\A6210\NetgearSwitchUSB.exe [192232 2015-09-17] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [291032 2015-03-13] (Realtek Semiconductor)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1570520 2016-02-02] (Secunia)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-10-01] (Synaptics Incorporated)
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 A6210; C:\Windows\system32\DRIVERS\A6210.sys [2240688 2016-02-04] (MediaTek Inc.)
R0 cm_km; C:\Windows\System32\drivers\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
R1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [124080 2016-02-04] (Emsisoft Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70512 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [68280 2015-06-06] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [181640 2016-02-04] (AO Kaspersky Lab)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [227512 2016-02-04] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [934272 2016-02-04] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39608 2015-06-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [41656 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2016-02-04] (AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [87944 2016-02-04] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [102584 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [126976 2014-09-03] (Intel Corporation)
R3 netr28x; C:\Windows\system32\DRIVERS\netr28x.sys [2554528 2015-06-12] (MediaTek Inc.)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2016-02-02] (Secunia)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1219200 2015-06-03] (Ralink Technology, Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [42184 2015-10-01] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [42696 2015-10-01] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30544 2015-08-13] (HP)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30544 2015-08-13] (HP)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-07 20:32 - 2016-02-07 20:33 - 00011675 _____ C:\Users\John\Downloads\FRST.txt
2016-02-07 20:30 - 2016-02-07 20:31 - 01721344 _____ (Farbar) C:\Users\John\Downloads\FRST.exe
2016-02-07 20:24 - 2016-02-07 20:31 - 02370560 _____ (Farbar) C:\Users\John\Downloads\FRST64.exe
2016-02-07 17:03 - 2016-02-07 17:03 - 00069662 _____ C:\Users\John\Downloads\PageDefrag.zip
2016-02-07 17:03 - 2016-02-07 17:03 - 00000000 ____D C:\Users\John\Downloads\PageDefrag
2016-02-07 16:15 - 2016-02-07 16:15 - 00000000 ____D C:\Program Files (x86)\Intel
2016-02-07 16:14 - 2016-02-07 16:15 - 00000000 ____D C:\WINDOWS\LastGood
2016-02-07 16:00 - 2016-02-07 16:00 - 00942816 _____ ( ) C:\Users\John\Downloads\Z-ZipSetup.exe
2016-02-07 15:45 - 2016-02-07 15:45 - 24642208 _____ (SUPERAntiSpyware) C:\Users\John\Downloads\SUPERAntiSpyware.exe
2016-02-07 15:45 - 2016-02-07 15:45 - 24642208 _____ (SUPERAntiSpyware) C:\Users\John\Downloads\SUPERAntiSpyware (1).exe
2016-02-07 15:40 - 2016-02-07 17:47 - 00000000 ____D C:\Users\John\Documents\DIAGNOSTICS PC
2016-02-07 13:41 - 2016-02-07 13:41 - 00003442 _____ C:\Users\John\Desktop\Rkill 02-07-2016 1441 hrs.txt
2016-02-07 13:33 - 2016-02-07 13:33 - 00003740 _____ C:\Users\John\Desktop\Rkill 02-07-2016 1333.txt
2016-02-07 13:30 - 2016-02-07 13:30 - 01107912 _____ (Bleeping Computer, LLC) C:\Users\John\Downloads\rkill64-25856.exe
2016-02-07 13:07 - 2016-02-07 13:48 - 00001178 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-02-07 13:07 - 2016-02-07 13:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-07 13:07 - 2016-02-07 13:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-02-07 13:07 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-02-07 13:07 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-02-07 13:03 - 2016-02-07 13:03 - 00001149 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2016-02-07 12:48 - 2016-02-07 12:48 - 00001199 _____ C:\Users\John\Desktop\mbam-setup-bc.1878-2.2.0.1024.exe - Shortcut.lnk
2016-02-07 12:48 - 2016-02-07 12:48 - 00001037 _____ C:\Users\John\Desktop\MiniToolBox.exe - Shortcut.lnk
2016-02-07 12:48 - 2016-02-07 12:48 - 00000979 _____ C:\Users\John\Desktop\rkill.exe - Shortcut.lnk
2016-02-07 12:47 - 2016-02-07 12:47 - 00001091 _____ C:\Users\John\Desktop\Adaware_Installer.exe - Shortcut.lnk
2016-02-07 12:47 - 2016-02-07 12:47 - 00001014 _____ C:\Users\John\Desktop\PSISetup.exe - Shortcut.lnk
2016-02-07 12:47 - 2016-02-07 12:47 - 00001014 _____ C:\Users\John\Desktop\ComboFix.exe - Shortcut.lnk
2016-02-07 12:47 - 2016-02-07 12:47 - 00001014 _____ C:\Users\John\Desktop\autoruns.exe - Shortcut.lnk
2016-02-07 12:46 - 2016-02-07 12:47 - 22908888 _____ (Malwarebytes ) C:\Users\John\Downloads\mbam-setup-bc.1878-2.2.0.1024.exe
2016-02-07 12:46 - 2016-02-07 12:46 - 04002104 _____ (Secunia) C:\Users\John\Downloads\PSISetup (2).exe
2016-02-07 09:51 - 2016-02-07 09:51 - 00000639 _____ C:\Users\John\Downloads\WindowsUpdateDiagnostic.diagcab
2016-02-07 09:46 - 2016-02-07 09:46 - 04002104 _____ (Secunia) C:\Users\John\Downloads\PSISetup (1).exe
2016-02-06 23:31 - 2016-02-07 13:40 - 00003442 _____ C:\Users\John\Desktop\Rkill.txt
2016-02-06 23:31 - 2016-02-06 23:31 - 01107912 _____ (Bleeping Computer, LLC) C:\Users\John\Downloads\rkill64.exe
2016-02-06 23:31 - 2016-02-06 23:31 - 00000000 ____D C:\Program Files (x86)\Secunia
2016-02-06 23:29 - 2016-02-06 23:29 - 00023232 _____ C:\Users\John\Downloads\MTB.txt
2016-02-06 23:28 - 2016-02-06 23:28 - 00000000 ____D C:\ProgramData\Lavasoft
2016-02-06 23:15 - 2016-02-07 13:48 - 00472608 _____ C:\WINDOWS\ntbtlog.txt
2016-02-06 23:07 - 2016-02-06 23:07 - 04002104 _____ (Secunia) C:\Users\John\Downloads\PSISetup.exe
2016-02-06 22:57 - 2016-02-06 22:57 - 01508352 _____ C:\Users\John\Downloads\AdwCleaner.exe
2016-02-06 22:56 - 2016-02-06 23:28 - 05657667 _____ (Swearware) C:\Users\John\Downloads\ComboFix (1).exe
2016-02-06 22:56 - 2016-02-06 22:56 - 05657667 _____ (Swearware) C:\Users\John\Downloads\ComboFix.exe
2016-02-06 22:54 - 2016-02-06 22:54 - 00704672 _____ (Sysinternals - www.sysinternals.com) C:\Users\John\Downloads\autoruns.exe
2016-02-06 16:59 - 2016-02-06 16:59 - 00505896 _____ (F-Secure Corporation) C:\Users\John\Downloads\F-SecureOnlineScanner.exe
2016-02-06 16:29 - 2016-02-06 16:29 - 04633146 _____ C:\Users\John\Downloads\tdsskiller.zip
2016-02-06 16:27 - 2016-02-06 16:27 - 00891904 _____ (Farbar) C:\Users\John\Downloads\MiniToolBox.exe
2016-02-06 16:11 - 2016-02-06 16:11 - 00000000 ____D C:\Users\John\AppData\LocalLow\Temp
2016-02-06 15:50 - 2016-02-06 15:50 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-02-06 13:00 - 2016-02-06 13:00 - 00000000 _____ C:\WINDOWS\system32\chkdsk
2016-02-06 12:51 - 2016-02-07 13:39 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-02-06 09:59 - 2016-02-06 10:00 - 212824440 _____ C:\Users\John\Downloads\EmsisoftEmergencyKit.exe
2016-02-05 16:49 - 2016-02-05 16:51 - 00007597 _____ C:\Users\John\AppData\Local\resmon.resmoncfg
2016-02-04 21:09 - 2016-02-04 21:09 - 00000000 ____D C:\Users\John\Downloads\Autoruns
2016-02-04 21:05 - 2016-02-07 13:06 - 00000000 ____D C:\Users\John\AppData\Local\ElevatedDiagnostics
2016-02-04 18:36 - 2016-02-04 18:36 - 02012464 _____ C:\Users\John\Downloads\Adaware_Installer.exe
2016-02-04 17:37 - 2016-02-06 09:34 - 00000000 ____D C:\ProgramData\Emsisoft
2016-02-04 17:24 - 2016-01-02 20:40 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-02-04 17:24 - 2016-01-02 20:40 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-04 17:01 - 2016-02-04 17:01 - 00000944 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2016-02-04 17:01 - 2016-02-04 17:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2016-02-04 17:00 - 2016-02-07 19:52 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2016-02-04 16:46 - 2016-02-04 16:46 - 00002856 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-02-04 16:46 - 2016-02-04 16:46 - 00000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-02-04 16:46 - 2016-02-04 16:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-02-04 16:46 - 2016-02-04 16:46 - 00000000 ____D C:\Program Files\CCleaner
2016-02-04 16:42 - 2016-02-04 16:43 - 00000000 ____D C:\ProgramData\Ralink
2016-02-04 16:41 - 2016-02-04 16:41 - 00004512 _____ C:\WINDOWS\system32\Drivers\NtgrPwrTable_5.dat
2016-02-04 16:41 - 2016-02-04 16:41 - 00002103 _____ C:\Users\Public\Desktop\NETGEAR A6210 Genie.lnk
2016-02-04 16:41 - 2016-02-04 16:41 - 00000000 ____D C:\ProgramData\NETGEAR
2016-02-04 16:41 - 2016-02-04 16:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR A6210 Genie
2016-02-04 16:41 - 2016-02-04 16:41 - 00000000 ____D C:\Program Files (x86)\NETGEAR
2016-02-04 16:41 - 2016-02-04 16:41 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2016-02-04 16:40 - 2016-02-04 16:40 - 00000000 ____D C:\WINDOWS\Downloaded Installations
2016-02-04 11:58 - 2016-02-07 13:48 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-02-04 11:58 - 2016-02-07 13:07 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-02-04 11:58 - 2016-02-04 13:10 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-02-04 11:57 - 2016-02-04 13:10 - 00000000 ____D C:\Users\John\Desktop\mbar
2016-02-04 11:57 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-02-04 11:41 - 2016-02-04 11:41 - 00001376 _____ C:\Users\Public\Desktop\Kaspersky Password Manager.lnk
2016-02-04 11:41 - 2016-02-04 11:41 - 00000000 ____D C:\Users\John\AppData\Local\Kaspersky Lab
2016-02-04 11:41 - 2016-02-04 11:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Password Manager
2016-02-04 11:19 - 2016-02-04 11:19 - 00002447 _____ C:\Users\John\Desktop\Safe Money.lnk
2016-02-04 11:17 - 2016-02-04 11:17 - 00002191 _____ C:\Users\Public\Desktop\Kaspersky Total Security.lnk
2016-02-04 11:17 - 2016-02-04 11:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security
2016-02-04 11:16 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2016-02-04 11:15 - 2016-02-07 20:09 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-02-04 11:15 - 2016-02-04 11:41 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-02-04 11:14 - 2016-02-04 11:38 - 00934272 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2016-02-04 11:14 - 2016-02-04 11:38 - 00181640 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2016-02-04 11:14 - 2016-02-04 11:37 - 00227512 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
2016-02-04 10:53 - 2016-02-04 10:53 - 01723568 _____ (Kaspersky Lab) C:\Users\John\Downloads\setup.exe
2016-02-04 10:35 - 2016-02-04 10:37 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-04 10:35 - 2016-02-04 10:35 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-04 10:10 - 2016-02-04 10:10 - 00000000 ____D C:\Users\John\AppData\Roaming\Macromedia
2016-02-04 10:05 - 2016-02-04 10:45 - 00000000 ____D C:\Users\John\AppData\Local\MicrosoftEdge
2016-02-04 03:12 - 2016-02-04 03:12 - 00002338 _____ C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-02-04 03:11 - 2016-02-04 03:11 - 00025732 _____ C:\Users\John\Desktop\Removed Apps.html
2016-02-04 03:11 - 2016-02-04 03:11 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-02-04 03:10 - 2016-02-04 03:10 - 00000000 ____D C:\Users\John\AppData\Local\Comms
2016-02-04 03:10 - 2016-02-04 03:10 - 00000000 ____D C:\Users\John\AppData\Local\ActiveSync
2016-02-04 03:09 - 2016-02-04 03:09 - 00000000 ____D C:\Users\John\AppData\Local\Publishers
2016-02-04 03:08 - 2016-02-04 03:08 - 00000000 ____D C:\Users\John\AppData\Local\VirtualStore
2016-02-04 03:07 - 2016-02-06 23:04 - 00000000 ____D C:\Users\John\AppData\Local\Packages
2016-02-04 03:07 - 2016-02-04 03:07 - 00000020 ___SH C:\Users\John\ntuser.ini
2016-02-04 03:07 - 2016-02-04 03:07 - 00000000 ____D C:\Users\John\AppData\Roaming\Synaptics
2016-02-04 03:07 - 2016-02-04 03:07 - 00000000 ____D C:\Users\John\AppData\Roaming\Adobe
2016-02-04 03:07 - 2016-02-04 03:07 - 00000000 ____D C:\Users\John\AppData\Local\TileDataLayer
2016-02-04 03:07 - 2016-02-04 03:07 - 00000000 ____D C:\ProgramData\Synaptics
2016-02-03 23:57 - 2016-02-06 16:39 - 00000000 ___DC C:\WINDOWS\Panther
2016-02-03 23:57 - 2016-02-03 23:57 - 00000000 ____D C:\WINDOWS\InfusedApps
2016-02-03 23:56 - 2016-02-06 15:41 - 00000000 ____D C:\Windows.old
2016-02-03 23:55 - 2016-02-03 23:55 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-02-03 23:55 - 2016-02-03 21:00 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2016-02-03 23:52 - 2016-02-03 23:52 - 00000000 ____D C:\Program Files\Synaptics
2016-02-03 23:50 - 2016-02-03 23:50 - 00000000 ____D C:\WINDOWS\Setup
2016-02-03 23:49 - 2016-02-03 23:49 - 00000000 ____D C:\WINDOWS\OCR
2016-02-03 23:49 - 2016-02-03 23:49 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-02-03 23:49 - 2016-02-03 23:49 - 00000000 ____D C:\Program Files\MSBuild
2016-02-03 23:49 - 2016-02-03 23:49 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-02-03 23:49 - 2016-02-03 23:49 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-02-03 23:48 - 2016-02-03 23:48 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2016-02-03 23:48 - 2016-02-03 23:48 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2016-02-03 23:48 - 2016-02-03 23:48 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2016-02-03 23:48 - 2016-02-03 23:48 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2016-02-03 23:48 - 2016-02-03 23:48 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2016-02-03 23:48 - 2016-02-03 23:48 - 00000000 ____D C:\WINDOWS\SysWOW64\0409
2016-02-03 23:48 - 2016-02-03 23:48 - 00000000 ____D C:\WINDOWS\system32\winrm
2016-02-03 23:48 - 2016-02-03 23:48 - 00000000 ____D C:\WINDOWS\system32\WCN
2016-02-03 23:48 - 2016-02-03 23:48 - 00000000 ____D C:\WINDOWS\system32\slmgr
2016-02-03 23:48 - 2016-02-03 23:48 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2016-02-03 23:48 - 2016-02-03 23:48 - 00000000 ____D C:\WINDOWS\system32\0409
2016-02-03 23:48 - 2016-02-03 23:48 - 00000000 ____D C:\WINDOWS\DigitalLocker
2016-02-03 23:43 - 2016-02-03 23:39 - 00215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2016-02-03 23:43 - 2016-02-03 23:39 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2016-02-03 23:43 - 2016-02-03 23:39 - 00008798 _____ C:\WINDOWS\SysWOW64\icrav03.rat
2016-02-03 23:43 - 2016-02-03 23:39 - 00001988 _____ C:\WINDOWS\SysWOW64\ticrf.rat
2016-02-03 23:43 - 2016-02-03 23:39 - 00000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2016-02-03 23:42 - 2016-02-07 02:04 - 00000000 ____D C:\WINDOWS\rescache
2016-02-03 23:42 - 2016-02-06 23:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-03 23:42 - 2016-02-06 23:00 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-03 23:42 - 2016-02-04 17:16 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-02-03 23:42 - 2016-02-04 17:16 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-02-03 23:42 - 2016-02-04 17:16 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-02-03 23:42 - 2016-02-04 17:16 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-02-03 23:42 - 2016-02-04 17:16 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-02-03 23:42 - 2016-02-04 17:16 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-02-03 23:42 - 2016-02-04 17:16 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-02-03 23:42 - 2016-02-04 17:15 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-02-03 23:42 - 2016-02-04 17:15 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-02-03 23:42 - 2016-02-04 17:15 - 00000000 ____D C:\WINDOWS\Provisioning
2016-02-03 23:42 - 2016-02-04 17:15 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-02-03 23:42 - 2016-02-04 11:16 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-02-03 23:42 - 2016-02-04 10:06 - 00000000 ____D C:\WINDOWS\appcompat
2016-02-03 23:42 - 2016-02-04 10:05 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2016-02-03 23:42 - 2016-02-04 03:08 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-02-03 23:42 - 2016-02-04 03:08 - 00000000 ___RD C:\WINDOWS\MiracastView
2016-02-03 23:42 - 2016-02-03 23:57 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-02-03 23:42 - 2016-02-03 23:48 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2016-02-03 23:42 - 2016-02-03 23:48 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2016-02-03 23:42 - 2016-02-03 23:48 - 00000000 ___SD C:\WINDOWS\system32\dsc
2016-02-03 23:42 - 2016-02-03 23:48 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-02-03 23:42 - 2016-02-03 23:48 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2016-02-03 23:42 - 2016-02-03 23:48 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2016-02-03 23:42 - 2016-02-03 23:48 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2016-02-03 23:42 - 2016-02-03 23:48 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
2016-02-03 23:42 - 2016-02-03 23:48 - 00000000 ____D C:\WINDOWS\system32\setup
2016-02-03 23:42 - 2016-02-03 23:48 - 00000000 ____D C:\WINDOWS\system32\MUI
2016-02-03 23:42 - 2016-02-03 23:48 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-02-03 23:42 - 2016-02-03 23:48 - 00000000 ____D C:\WINDOWS\system32\Com
2016-02-03 23:42 - 2016-02-03 23:48 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-02-03 23:42 - 2016-02-03 23:48 - 00000000 ____D C:\WINDOWS\IME
2016-02-03 23:42 - 2016-02-03 23:48 - 00000000 ____D C:\WINDOWS\Help
2016-02-03 23:42 - 2016-02-03 23:48 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-02-03 23:42 - 2016-02-03 23:48 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-03 23:42 - 2016-02-03 23:48 - 00000000 ____D C:\Program Files\Windows Defender
2016-02-03 23:42 - 2016-02-03 23:48 - 00000000 ____D C:\Program Files\Common Files\System
2016-02-03 23:42 - 2016-02-03 23:48 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-02-03 23:42 - 2016-02-03 23:48 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-02-03 23:42 - 2016-02-03 23:48 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-02-03 23:42 - 2016-02-03 23:43 - 00000000 ___SD C:\WINDOWS\SysWOW64\Nui
2016-02-03 23:42 - 2016-02-03 23:43 - 00000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2016-02-03 23:42 - 2016-02-03 23:43 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2016-02-03 23:42 - 2016-02-03 23:43 - 00000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2016-02-03 23:42 - 2016-02-03 23:43 - 00000000 ____D C:\WINDOWS\SysWOW64\icsxml
2016-02-03 23:42 - 2016-02-03 23:43 - 00000000 ____D C:\WINDOWS\SysWOW64\downlevel
2016-02-03 23:42 - 2016-02-03 23:43 - 00000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2016-02-03 23:42 - 2016-02-03 23:43 - 00000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 __SHD C:\Program Files\Windows Sidebar
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 __RSD C:\WINDOWS\Media
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ___SD C:\WINDOWS\system32\Nui
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ___SD C:\WINDOWS\system32\Configuration
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ___RD C:\WINDOWS\Offline Web Pages
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ___RD C:\WINDOWS\DesktopTileResources
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\WINDOWS\Web
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\WINDOWS\Vss
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\WINDOWS\tracing
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\WINDOWS\TAPI
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\WINDOWS\SysWOW64\ras
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\WINDOWS\SysWOW64\NDF
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\WINDOWS\SysWOW64\MsDtc
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\WINDOWS\SystemResources
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\WINDOWS\SystemApps
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\WINDOWS\system32\WinMetadata
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\WINDOWS\system32\winevt
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\WINDOWS\system32\ras
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\WINDOWS\system32\ProximityToast
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\WINDOWS\system32\PointOfService
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\WINDOWS\system32\MsDtc
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\WINDOWS\system32\Ipmi
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\WINDOWS\system32\IME
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\WINDOWS\system32\icsxml
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\WINDOWS\system32\ias
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\WINDOWS\system32\GroupPolicyUsers
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\WINDOWS\system32\downlevel
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\WINDOWS\system32\config\Journal
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\WINDOWS\system32\Bthprops
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\WINDOWS\system32\AppLocker
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\WINDOWS\System
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\WINDOWS\SKB
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\WINDOWS\ShellNew
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\WINDOWS\security
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\WINDOWS\schemas
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\WINDOWS\SchCache
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\WINDOWS\Resources
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\WINDOWS\Registration
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\WINDOWS\PLA
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\WINDOWS\Performance
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\WINDOWS\ModemLogs
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\WINDOWS\L2Schemas
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\WINDOWS\InputMethod
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\WINDOWS\Globalization
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\WINDOWS\Cursors
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\WINDOWS\Branding
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\WINDOWS\addins
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\ProgramData\Comms
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\Program Files\Windows NT
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\Program Files\Common Files\Services
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\Program Files (x86)\Windows NT
2016-02-03 23:42 - 2016-02-03 23:42 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-02-03 23:42 - 2016-02-03 23:39 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2016-02-03 23:42 - 2016-02-03 23:39 - 00215943 _____ C:\WINDOWS\system32\dssec.dat
2016-02-03 23:42 - 2016-02-03 23:39 - 00017463 _____ C:\WINDOWS\system32\Drivers\etc\services
2016-02-03 23:42 - 2016-02-03 23:39 - 00015462 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-02-03 23:42 - 2016-02-03 23:39 - 00008798 _____ C:\WINDOWS\system32\icrav03.rat
2016-02-03 23:42 - 2016-02-03 23:39 - 00003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2016-02-03 23:42 - 2016-02-03 23:39 - 00001988 _____ C:\WINDOWS\system32\ticrf.rat
2016-02-03 23:42 - 2016-02-03 23:39 - 00001358 _____ C:\WINDOWS\system32\Drivers\etc\protocol
2016-02-03 23:42 - 2016-02-03 23:39 - 00000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2016-02-03 23:42 - 2016-02-03 23:39 - 00000741 _____ C:\WINDOWS\system32\NOISE.DAT
2016-02-03 23:42 - 2016-02-03 23:39 - 00000407 _____ C:\WINDOWS\system32\Drivers\etc\networks
2016-02-03 23:42 - 2016-02-03 23:39 - 00000389 _____ C:\WINDOWS\system32\AutoWorkplace.exe.config
2016-02-03 23:42 - 2016-02-03 23:39 - 00000219 _____ C:\WINDOWS\system.ini
2016-02-03 23:42 - 2016-02-03 23:39 - 00000092 _____ C:\WINDOWS\win.ini
2016-02-03 23:42 - 2016-02-03 21:18 - 00000000 __RHD C:\Users\Public\Libraries
2016-02-03 23:42 - 2016-02-03 21:18 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-02-03 23:42 - 2016-02-03 21:17 - 00000000 ____D C:\WINDOWS\system32\spool
2016-02-03 23:42 - 2016-02-03 21:13 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2016-02-03 23:42 - 2016-02-03 21:12 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-02-03 23:42 - 2016-02-03 21:06 - 00000000 ____D C:\ProgramData\USOPrivate
2016-02-03 23:40 - 2016-02-07 19:53 - 00000000 ____D C:\WINDOWS\INF
2016-02-03 23:32 - 2016-02-04 10:40 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-03 23:23 - 2016-02-07 15:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-02-03 23:23 - 2016-02-04 11:17 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-02-03 23:23 - 2016-02-03 23:48 - 00000000 ____D C:\WINDOWS\servicing
2016-02-03 23:23 - 2016-02-03 23:42 - 00000000 ____D C:\WINDOWS\system32\SMI
2016-02-03 23:23 - 2015-10-30 01:33 - 00000164 _____ C:\WINDOWS\system32\config\FP
2016-02-03 23:22 - 2016-02-04 11:04 - 00000000 ___HD C:\$SysReset
2016-02-03 21:19 - 2016-02-07 19:53 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-03 21:19 - 2016-02-03 21:19 - 00000000 _SHDL C:\Users\Default\My Documents
2016-02-03 21:19 - 2016-02-03 21:19 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2016-02-03 21:19 - 2016-02-03 21:19 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2016-02-03 21:19 - 2016-02-03 21:19 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2016-02-03 21:19 - 2016-02-03 21:19 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2016-02-03 21:19 - 2016-02-03 21:19 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2016-02-03 21:19 - 2016-02-03 21:19 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2016-02-03 21:19 - 2016-02-03 21:19 - 00000000 _SHDL C:\Users\Default User
2016-02-03 21:19 - 2016-02-03 21:19 - 00000000 _SHDL C:\Users\All Users
2016-02-03 21:16 - 2016-02-06 12:48 - 00000000 ____D C:\Users\John
2016-02-03 21:16 - 2016-02-03 21:16 - 00000000 _SHDL C:\Users\John\My Documents
2016-02-03 21:16 - 2016-02-03 21:16 - 00000000 _SHDL C:\Users\John\Documents\My Videos
2016-02-03 21:16 - 2016-02-03 21:16 - 00000000 _SHDL C:\Users\John\Documents\My Pictures
2016-02-03 21:16 - 2016-02-03 21:16 - 00000000 _SHDL C:\Users\John\Documents\My Music
2016-02-03 21:09 - 2016-02-03 21:09 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2016-02-03 21:08 - 2016-02-07 16:15 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2016-02-03 21:08 - 2016-02-07 16:15 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-02-03 21:08 - 2016-02-03 21:08 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2016-02-03 21:08 - 2016-02-03 21:08 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2016-02-03 21:08 - 2016-02-03 21:08 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-02-03 21:08 - 2016-02-03 21:08 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2016-02-03 21:08 - 2016-02-03 21:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2016-02-03 21:08 - 2016-02-03 21:08 - 00000000 ____D C:\Program Files\Realtek
2016-02-03 21:08 - 2015-07-25 13:00 - 00095232 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2016-02-03 21:08 - 2015-07-25 13:00 - 00091136 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2016-02-03 21:07 - 2016-02-03 21:07 - 00000000 ____D C:\Program Files\Intel
2016-02-03 21:06 - 2016-02-03 21:06 - 00000000 ____D C:\ProgramData\USOShared
2016-02-03 21:04 - 2015-10-30 02:17 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2016-02-03 21:01 - 2016-02-07 15:25 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-03 20:59 - 2016-02-04 17:20 - 00189240 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-02-03 19:53 - 2016-02-06 22:55 - 00000684 _____ C:\Users\John\Desktop\SecurityCheck - Shortcut.lnk
2016-02-03 19:52 - 2016-02-03 19:52 - 00852720 _____ C:\Users\John\Downloads\SecurityCheck.exe
2016-02-03 19:47 - 2016-02-03 19:47 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\John\Downloads\rkill.exe
2016-02-03 19:47 - 2016-02-03 19:47 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\John\Downloads\rkill (1).exe
2016-02-02 10:54 - 2016-02-07 20:32 - 00000000 ____D C:\FRST
2016-02-02 07:45 - 2016-02-02 07:45 - 00018456 _____ (Secunia) C:\WINDOWS\system32\Drivers\psi_mf_amd64.sys
2016-02-01 11:01 - 2016-02-03 20:38 - 00000000 ___RD C:\Users\John\3D Objects
2016-02-01 10:15 - 2016-02-03 20:37 - 00000000 ____D C:\Users\John\Documents\netgear A6210 download resource
2016-01-31 22:12 - 2016-01-31 22:12 - 03428864 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 02919320 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 02796032 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 02582016 ____N (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 02544256 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 02180128 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 02061824 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 01750440 ____N (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2016-01-31 22:12 - 2016-01-31 22:12 - 01674240 ____N (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 01542656 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 01299504 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 01155944 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 01131520 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 01118208 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 01105920 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 01092456 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 01070080 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-01-31 22:12 - 2016-01-31 22:12 - 01065080 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 01053696 ____N (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 01020096 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 00983464 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 00925064 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 00898184 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 00890880 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-01-31 22:12 - 2016-01-31 22:12 - 00884256 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 00871936 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2016-01-31 22:12 - 2016-01-31 22:12 - 00870400 ____N (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 00858952 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 00848160 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 00824320 ____N (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 00823264 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 00794888 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 00786696 ____N (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-01-31 22:12 - 2016-01-31 22:12 - 00716928 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 00709688 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 00701384 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 00696160 ____N (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 00695752 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-01-31 22:12 - 2016-01-31 22:12 - 00671472 ____N (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 00670928 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 00572928 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 00569856 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 00536256 ____N (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 00526856 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 00517632 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 00516544 ____N (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 00502112 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 00498448 ____N (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 00497152 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 00477696 ____N (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 00462760 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 00454056 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 00450904 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 00408120 ____N (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 00405568 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 00400896 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2016-01-31 22:12 - 2016-01-31 22:12 - 00387072 ____N (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 00381952 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 00375296 ____N (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2016-01-31 22:12 - 2016-01-31 22:12 - 00369912 ____N (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-01-31 22:12 - 2016-01-31 22:12 - 00366224 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 00340480 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 00334336 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-01-31 22:12 - 2016-01-31 22:12 - 00323072 ____N (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 00305664 ____N (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-01-31 22:12 - 2016-01-31 22:12 - 00275456 ____N (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 00270848 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 00245840 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 00235008 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-01-31 22:12 - 2016-01-31 22:12 - 00234504 ____N (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 00208176 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 00203776 ____N (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 00126464 ____N (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 00119320 ____N (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-01-31 22:12 - 2016-01-31 22:12 - 00118624 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2016-01-31 22:12 - 2016-01-31 22:12 - 00116728 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 00115040 ____N (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 00110032 ____N (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 00100160 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-01-31 22:12 - 2016-01-31 22:12 - 00088392 ____N (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 00084832 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 00076288 ____N (Microsoft Corporation) C:\WINDOWS\system32\RMSRoamingSecurity.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 00073360 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 00070656 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 00027136 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.proxy.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 24602624 ____N (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 22572624 ____N (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 22394368 ____N (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 21125400 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 19338752 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 18678272 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 16986112 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 13382656 ____N (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 13018624 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 12126208 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 11545088 ____N (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 09918976 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 08728920 ____N (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 07979008 ____N (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 07826432 ____N (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 07477600 ____N (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-01-31 22:11 - 2016-01-31 22:11 - 07199232 ____N (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 06971752 ____N (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 06600904 ____N (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 06572032 ____N (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 06297088 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 05660160 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 05503488 ____N (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 05238360 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 05202944 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 04894720 ____N (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 04759040 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 03993600 ____N (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 03671888 ____N (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 03667456 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 03593216 ____N (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-01-31 22:11 - 2016-01-31 22:11 - 03355136 ____N (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 02843136 ____N (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 02772584 ____N (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 02756096 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2016-01-31 22:11 - 2016-01-31 22:11 - 02756096 ____N (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2016-01-31 22:11 - 2016-01-31 22:11 - 02680320 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 02653816 ____N C:\WINDOWS\system32\CoreUIComponents.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 02647552 ____N (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 02624512 ____N (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 02597888 ____N (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 02587696 ____N (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 02444288 ____N (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 02352128 ____N (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 02280448 ____N (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 02185840 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 02155008 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 02152800 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-01-31 22:11 - 2016-01-31 22:11 - 02127360 ____N (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-01-31 22:11 - 2016-01-31 22:11 - 02121216 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 02057216 ____N (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 02050048 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-01-31 22:11 - 2016-01-31 22:11 - 02026736 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 02001408 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 01998168 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-01-31 22:11 - 2016-01-31 22:11 - 01995776 ____N (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 01946624 ____N (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 01944576 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 01860096 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 01859448 ____N C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 01817160 ____N (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 01814528 ____N (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 01804664 ____N (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 01734656 ____N (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 01717248 ____N (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 01713664 ____N (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 01706496 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 01648640 ____N (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 01626624 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 01594408 ____N (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 01582080 ____N (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-01-31 22:11 - 2016-01-31 22:11 - 01540768 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 01505280 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 01500672 ____N (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-01-31 22:11 - 2016-01-31 22:11 - 01467392 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 01443328 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 01415200 ____N (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 01399224 ____N (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 01395200 ____N (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 01393664 ____N (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-01-31 22:11 - 2016-01-31 22:11 - 01387008 ____N (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 01371792 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 01337240 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 01328128 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 01318912 ____N (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 01317640 ____N (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-01-31 22:11 - 2016-01-31 22:11 - 01309376 ____N (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 01281376 ____N (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 01268736 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 01268736 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 01255936 ____N (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-01-31 22:11 - 2016-01-31 22:11 - 01223168 ____N (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 01212928 ____N (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 01174008 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 01173344 ____N (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 01141496 ____N (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-01-31 22:11 - 2016-01-31 22:11 - 01139200 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 01089880 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-01-31 22:11 - 2016-01-31 22:11 - 01056256 ____N (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 01042432 ____N (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 01035776 ____N (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 01009152 ____N (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-01-31 22:11 - 2016-01-31 22:11 - 00988160 ____N (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00973664 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00969728 ____N (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00957440 ____N (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00953856 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-01-31 22:11 - 2016-01-31 22:11 - 00948224 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00948224 ____N (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00938496 ____N (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00931328 ____N (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
2016-01-31 22:11 - 2016-01-31 22:11 - 00912384 ____N (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00911648 ____N (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00900608 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00884736 ____N (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00870400 ____N (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00851456 ____N (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00808800 ____N (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-01-31 22:11 - 2016-01-31 22:11 - 00803840 ____N (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00800768 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00799744 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00796352 ____N (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00794112 ____N (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00793600 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00791552 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00785088 ____N (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00784896 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00784384 ____N (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00764928 ____N (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00764928 ____N (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00749056 ____N (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00733184 ____N (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00726528 ____N (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00713568 ____N (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00711680 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00709120 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00704000 ____N (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00703840 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-01-31 22:11 - 2016-01-31 22:11 - 00698208 ____N (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00697856 ____N (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00687616 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00683008 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00678912 ____N (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00675064 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00674816 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00653312 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00652312 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00647168 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00644096 ____N (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00638464 ____N (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00630632 ____N (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-01-31 22:11 - 2016-01-31 22:11 - 00628736 ____N (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00623616 ____N (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00621568 ____N (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00617984 ____N (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00613888 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00610816 ____N (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00607232 ____N (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00604928 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-01-31 22:11 - 2016-01-31 22:11 - 00604672 ____N (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00590848 ____N (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00589312 ____N (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00586208 ____N (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00586080 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00584704 ____N (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-01-31 22:11 - 2016-01-31 22:11 - 00578912 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2016-01-31 22:11 - 2016-01-31 22:11 - 00576864 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-01-31 22:11 - 2016-01-31 22:11 - 00574976 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00573440 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00558592 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00558080 ____N (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00543232 ____N (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00540752 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-01-31 22:11 - 2016-01-31 22:11 - 00538632 ____N (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00535040 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00523776 ____N (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00523616 ____N (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2016-01-31 22:11 - 2016-01-31 22:11 - 00517632 ____N (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2016-01-31 22:11 - 2016-01-31 22:11 - 00515584 ____N (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00513888 ____N (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00511320 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00510976 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00503296 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00499432 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00498176 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00490496 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00479232 ____N (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00475648 ____N (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00472576 ____N (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00470528 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00465920 ____N (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00459776 ____N (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00458752 ____N (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00457728 ____N (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00450560 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00440320 ____N (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00440152 ____N (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-01-31 22:11 - 2016-01-31 22:11 - 00431240 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00421888 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00416768 ____N (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00415744 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00414720 ____N (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-01-31 22:11 - 2016-01-31 22:11 - 00412512 ____N (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-01-31 22:11 - 2016-01-31 22:11 - 00409088 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00406528 ____N (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00389120 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00383488 ____N (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00365568 ____N (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00350720 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00346112 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00345600 ____N (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00343552 ____N (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00342016 ____N (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00337840 ____N (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00335872 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00334736 ____N (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00320000 ____N (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00315904 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00303104 ____N (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00296488 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00292352 ____N (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00289248 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00286720 ____N (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00286208 ____N (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00275968 ____N (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00274944 ____N (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00273408 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00269824 ____N (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00264544 ____N (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00264192 ____N (Nokia) C:\WINDOWS\system32\NmaDirect.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00260608 ____N C:\WINDOWS\system32\MTFServer.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00248832 ____N (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00245760 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00245760 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthLEEnum.sys
2016-01-31 22:11 - 2016-01-31 22:11 - 00241664 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00235008 ____N C:\WINDOWS\system32\MTF.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00231936 ____N (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00227840 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00223232 ____N (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00221696 ____N (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-01-31 22:11 - 2016-01-31 22:11 - 00210432 ____N (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00210432 ____N (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00208896 ____N (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00205824 ____N (Nokia) C:\WINDOWS\SysWOW64\NmaDirect.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00204800 ____N (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-AppModelExecEvents.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00202472 ____N (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00200704 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00199168 ____N (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-01-31 22:11 - 2016-01-31 22:11 - 00193024 ____N (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00192000 ____N (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00190464 ____N (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00182784 ____N (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00175616 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00168960 ____N (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00167936 ____N (Microsoft Corporation) C:\WINDOWS\system32\ProximityCommon.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00166912 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00166400 ____N (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-01-31 22:11 - 2016-01-31 22:11 - 00165376 ____N (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00163328 ____N (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00162816 ____N C:\WINDOWS\SysWOW64\MTF.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00162816 ____N (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-01-31 22:11 - 2016-01-31 22:11 - 00162304 ____N (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00161632 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-01-31 22:11 - 2016-01-31 22:11 - 00161280 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-01-31 22:11 - 2016-01-31 22:11 - 00160768 ____N (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00160768 ____N (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00157696 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00157184 ____N (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2016-01-31 22:11 - 2016-01-31 22:11 - 00149504 ____N (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00148992 ____N (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2016-01-31 22:11 - 2016-01-31 22:11 - 00147968 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2016-01-31 22:11 - 2016-01-31 22:11 - 00145920 ____N (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-01-31 22:11 - 2016-01-31 22:11 - 00138240 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ETWCoreUIComponentsResources.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00138240 ____N (Microsoft Corporation) C:\WINDOWS\system32\ETWCoreUIComponentsResources.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00134656 ____N (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00133632 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00133120 ____N (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00130560 ____N (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00129024 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00125440 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
2016-01-31 22:11 - 2016-01-31 22:11 - 00123392 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ProximityCommon.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00122368 ____N (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00120320 ____N (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00118272 ____N (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00117248 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys
2016-01-31 22:11 - 2016-01-31 22:11 - 00115200 ____N (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-01-31 22:11 - 2016-01-31 22:11 - 00114688 ____N (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00110592 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MapControls.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00110592 ____N (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00108544 ____N (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00106496 ____N (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00100864 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00097280 ____N (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00095072 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2016-01-31 22:11 - 2016-01-31 22:11 - 00093696 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbio.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00093696 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00092352 ____N (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00092160 ____N (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00092160 ____N (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00089600 ____N (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00089088 ____N (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00087040 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00087040 ____N (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00086528 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00083456 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00080600 ____N (Microsoft Corporation) C:\WINDOWS\system32\wwapi.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00079360 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00078336 ____N (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00077312 ____N (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00075776 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.XboxLive.ProxyStub.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00075264 ____N (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00075264 ____N (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00074240 ____N (Microsoft Corporation) C:\WINDOWS\system32\mssign32.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00073728 ____N (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00073728 ____N (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00072704 ____N (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00070656 ____N (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManagerProxy.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00069632 ____N (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00067072 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-01-31 22:11 - 2016-01-31 22:11 - 00066560 ____N (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00066560 ____N (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00065536 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00064000 ____N (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00064000 ____N (Microsoft Corporation) C:\WINDOWS\system32\ihvrilproxy.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00063528 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wwapi.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00060928 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssign32.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00060928 ____N (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00059904 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00058408 ____N (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00058368 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00058368 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosResource.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00058368 ____N (Microsoft Corporation) C:\WINDOWS\system32\MosResource.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00056320 ____N (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2016-01-31 22:11 - 2016-01-31 22:11 - 00055808 ____N (Microsoft Corporation) C:\WINDOWS\system32\rilproxy.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00055296 ____N (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-01-31 22:11 - 2016-01-31 22:11 - 00052736 ____N (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00052736 ____N (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00052224 ____N (Microsoft Corporation) C:\WINDOWS\system32\Wwanpref.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00052224 ____N (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00051680 ____N (Microsoft Corporation) C:\WINDOWS\system32\SensorsUtilsV2.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00049152 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00049152 ____N (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2016-01-31 22:11 - 2016-01-31 22:11 - 00048640 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00045568 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00045568 ____N (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00044032 ____N (Microsoft Corporation) C:\WINDOWS\system32\wsplib.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00043520 ____N (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00043520 ____N (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.proxy.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00042496 ____N (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00041984 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00041984 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2016-01-31 22:11 - 2016-01-31 22:11 - 00037376 ____N (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-01-31 22:11 - 2016-01-31 22:11 - 00037376 ____N (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00036864 ____N (Microsoft Corporation) C:\WINDOWS\system32\BackgroundTransferHost.exe
2016-01-31 22:11 - 2016-01-31 22:11 - 00036352 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCoreRes.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00036352 ____N (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCoreRes.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00035680 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wimmount.sys
2016-01-31 22:11 - 2016-01-31 22:11 - 00035656 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2016-01-31 22:11 - 2016-01-31 22:11 - 00034816 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00034304 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe
2016-01-31 22:11 - 2016-01-31 22:11 - 00034304 ____N (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00032256 ____N (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00032040 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe
2016-01-31 22:11 - 2016-01-31 22:11 - 00030720 ____N (Microsoft Corporation) C:\WINDOWS\system32\tetheringconfigsp.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00030208 ____N (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00029696 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-01-31 22:11 - 2016-01-31 22:11 - 00028672 ____N (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00028672 ____N (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00028160 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00028160 ____N (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00026408 ____N (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-01-31 22:11 - 2016-01-31 22:11 - 00024064 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00019456 ____N (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
2016-01-31 22:11 - 2016-01-31 22:11 - 00018944 ____N (Microsoft Corporation) C:\WINDOWS\system32\wshrm.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00017408 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe
2016-01-31 22:11 - 2016-01-31 22:11 - 00017408 ____N (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00017408 ____N (Microsoft Corporation) C:\WINDOWS\system32\IcsEntitlementHost.exe
2016-01-31 22:11 - 2016-01-31 22:11 - 00014336 ____N (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00013824 ____N (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00013824 ____N (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00011776 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00011776 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00010240 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosTrace.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00010240 ____N (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00009728 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosHost.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00009728 ____N (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00007680 ____N (Microsoft Corporation) C:\WINDOWS\system32\readingviewresources.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00003072 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlStringsRes.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00003072 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00003072 ____N (Microsoft Corporation) C:\WINDOWS\system32\MapControlStringsRes.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00003072 ____N (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2016-01-31 21:56 - 2015-10-23 20:47 - 00778936 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2016-01-31 21:56 - 2015-10-23 20:47 - 00103120 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-01-31 21:56 - 2015-10-23 20:47 - 00035480 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2016-01-31 21:56 - 2015-10-23 20:46 - 01166520 ____N (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2016-01-31 21:56 - 2015-10-23 20:46 - 00035480 ____N (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2016-01-31 21:56 - 2015-10-23 20:45 - 00124624 ____N (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-01-31 21:55 - 2016-01-31 21:55 - 01087488 ____N (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-01-31 13:48 - 2016-01-31 13:49 - 00987728 _____ (Google Inc.) C:\Users\John\Documents\googledrivesync.exe
2016-01-30 21:53 - 2016-02-03 20:38 - 00000000 ____D C:\Users\John\Downloads\NETGEAR
2016-01-30 07:00 - 2016-01-30 07:00 - 00000000 _____ C:\f0f6bd19274b0b0447
2016-01-27 17:26 - 2016-01-27 17:26 - 34083104 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\SET6407.tmp
2016-01-27 17:26 - 2016-01-27 17:26 - 28612544 _____ (Intel Corporation) C:\WINDOWS\system32\SET2778.tmp
2016-01-27 17:26 - 2016-01-27 17:26 - 13928480 _____ (Intel Corporation) C:\WINDOWS\system32\SET1F09.tmp
2016-01-27 17:26 - 2016-01-27 17:26 - 07858088 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\SET1BCB.tmp
2016-01-27 17:26 - 2016-01-27 17:26 - 06560024 _____ (Intel Corporation) C:\WINDOWS\system32\SET3A9D.tmp
2016-01-27 17:26 - 2016-01-27 17:26 - 02813952 _____ C:\WINDOWS\system32\iglhxa64.cpa
2016-01-27 17:26 - 2016-01-27 17:26 - 02052104 _____ (Intel Corporation) C:\WINDOWS\system32\SET7964.tmp
2016-01-27 17:26 - 2016-01-27 17:26 - 00819449 _____ C:\WINDOWS\system32\DisplayAudiox64.cab
2016-01-27 17:26 - 2016-01-27 17:26 - 00750088 _____ (Intel Corporation) C:\WINDOWS\system32\SET768D.tmp
2016-01-27 17:26 - 2016-01-27 17:26 - 00641530 _____ C:\WINDOWS\system32\FilmModeDetection.wmv
2016-01-27 17:26 - 2016-01-27 17:26 - 00511260 _____ C:\WINDOWS\system32\cp_resources.bin
2016-01-27 17:26 - 2016-01-27 17:26 - 00403671 _____ C:\WINDOWS\system32\ImageStabilization.wmv
2016-01-27 17:26 - 2016-01-27 17:26 - 00402344 _____ C:\WINDOWS\system32\SET859E.tmp
2016-01-27 17:26 - 2016-01-27 17:26 - 00384008 _____ (Intel Corporation) C:\WINDOWS\system32\SET77BA.tmp
2016-01-27 17:26 - 2016-01-27 17:26 - 00375173 _____ C:\WINDOWS\system32\ColorImageEnhancement.wmv
2016-01-27 17:26 - 2016-01-27 17:26 - 00373160 _____ (Intel Corporation) C:\WINDOWS\system32\SET8349.tmp
2016-01-27 17:26 - 2016-01-27 17:26 - 00354216 _____ (Intel Corporation) C:\WINDOWS\system32\SET7C2A.tmp
2016-01-27 17:26 - 2016-01-27 17:26 - 00268704 _____ (Intel Corporation) C:\WINDOWS\system32\SET868B.tmp
2016-01-27 17:26 - 2016-01-27 17:26 - 00206344 _____ (Intel Corporation) C:\WINDOWS\system32\igfxCoIn_v4331.dll
2016-01-27 17:26 - 2016-01-27 17:26 - 00000935 _____ C:\WINDOWS\system32\Gfxv4_0.exe.config
2016-01-27 17:26 - 2016-01-27 17:26 - 00000935 _____ C:\WINDOWS\system32\DPTopologyApp.exe.config
2016-01-27 17:26 - 2016-01-27 17:26 - 00000895 _____ C:\WINDOWS\system32\Gfxv2_0.exe.config
2016-01-27 17:26 - 2016-01-27 17:26 - 00000895 _____ C:\WINDOWS\system32\DPTopologyAppv2_0.exe.config
2016-01-27 17:26 - 2015-07-25 13:02 - 36087152 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdumdim32.dll
2016-01-27 17:26 - 2015-07-25 13:02 - 30669776 _____ (Intel Corporation) C:\WINDOWS\system32\igd11dxva64.dll
2016-01-27 17:26 - 2015-07-25 13:02 - 11383944 _____ (Intel Corporation) C:\WINDOWS\system32\igd10iumd64.dll
2016-01-27 17:26 - 2015-07-25 13:02 - 06308928 _____ (Intel Corporation) C:\WINDOWS\system32\igdusc64.dll
2016-01-27 17:26 - 2015-07-25 13:00 - 06270416 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\igdkmd64.sys
2016-01-27 17:26 - 2015-07-25 13:00 - 02036736 _____ (Intel Corporation) C:\WINDOWS\system32\igfxLHM.dll
2016-01-27 17:26 - 2015-07-25 13:00 - 00732160 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDH.dll
2016-01-27 17:26 - 2015-07-25 13:00 - 00404912 _____ C:\WINDOWS\system32\igfxTray.exe
2016-01-27 17:26 - 2015-07-25 13:00 - 00359936 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDI.dll
2016-01-27 17:26 - 2015-07-25 13:00 - 00359856 _____ (Intel Corporation) C:\WINDOWS\system32\igfxCUIService.exe
2016-01-27 17:26 - 2015-07-25 13:00 - 00336304 _____ (Intel Corporation) C:\WINDOWS\system32\igfxEM.exe
2016-01-27 17:26 - 2015-07-25 13:00 - 00257968 _____ (Intel Corporation) C:\WINDOWS\system32\igfxHK.exe
2016-01-22 13:49 - 2016-01-22 13:49 - 14108096 _____ (Citrix Systems, Inc.) C:\Users\John\Downloads\CitrixOnlinePluginWeb.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-07 16:15 - 2014-09-30 09:05 - 00000000 __SHD C:\Users\John\IntelGraphicsProfiles
2016-02-04 17:26 - 2015-09-10 00:42 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-02-04 16:41 - 2015-05-20 16:49 - 00343728 _____ (Mediatek Inc.) C:\WINDOWS\system32\RaCoInstx.dll
2016-02-04 16:41 - 2015-05-20 05:43 - 02240688 _____ (MediaTek Inc.) C:\WINDOWS\system32\Drivers\A6210.sys
2016-02-04 16:41 - 2014-11-28 18:06 - 00079216 _____ C:\WINDOWS\system32\Drivers\FW_7662.bin
2016-02-04 16:41 - 2014-07-24 11:08 - 00020626 _____ C:\WINDOWS\system32\Drivers\Patch_7662.bin
2016-02-04 11:38 - 2015-06-26 23:58 - 00087944 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klwfp.sys
2016-02-04 11:38 - 2015-06-08 19:43 - 00041352 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klpd.sys
2016-02-04 03:12 - 2015-04-15 11:29 - 00000000 ___RD C:\Users\John\OneDrive
2016-02-03 18:31 - 2015-12-14 14:26 - 00000000 ___RD C:\Users\John\Google Drive
2016-01-30 08:46 - 2015-03-16 12:31 - 00000000 ____D C:\Users\Public\Documents\CyberLink
2016-01-27 03:07 - 2014-09-24 20:11 - 00000000 ____D C:\Users\John\Documents\Youcam

==================== Files in the root of some directories =======

2016-02-05 16:49 - 2016-02-05 16:51 - 0007597 _____ () C:\Users\John\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-03 20:59

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-02-2016
Ran by John (2016-02-07 20:34:00)
Running from C:\Users\John\Downloads
Windows 10 Home (X64) (2016-02-04 02:20:26)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-552680241-3840029019-851758634-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-552680241-3840029019-851758634-503 - Limited - Disabled)
Guest (S-1-5-21-552680241-3840029019-851758634-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-552680241-3840029019-851758634-1003 - Limited - Enabled)
John (S-1-5-21-552680241-3840029019-851758634-1001 - Administrator - Enabled) => C:\Users\John

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Emsisoft Anti-Malware (Enabled - Up to date) {15510D9D-6530-DA29-224F-7BA1BDD1CB58}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Total Security (Enabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AS: Kaspersky Total Security (Enabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {AE30EC79-430A-D5A7-18FF-40D3C65681E5}
FW: Kaspersky Total Security (Enabled) {8C27F4BD-7F99-4CD1-5651-D3EB97674300}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 11.0 - Emsisoft Ltd.)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4248 - Intel Corporation)
Kaspersky Password Manager (HKLM-x32\...\InstallWIX_{C706D102-D77E-4D45-B631-2A43C55F0F01}) (Version: 8.0.3.287 - Kaspersky Lab)
Kaspersky Password Manager (x32 Version: 8.0.3.287 - Kaspersky Lab) Hidden
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
Kaspersky Total Security (x32 Version: 16.0.0.614 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
NETGEAR A6210 Genie (HKLM-x32\...\InstallShield_{200F4AEE-982C-48EA-AC85-EF36FEB662C2}) (Version: 1.0.0.34 - NETGEAR)
NETGEAR A6210 Genie (x32 Version: 1.0.0.34 - NETGEAR) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7335 - Realtek Semiconductor Corp.)
Secunia PSI (3.0.0.11005) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.11005 - Secunia)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.95 - Synaptics Incorporated)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1DC8C373-5D7B-4A37-9C4D-BEDF2B46CB7A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd)
Task: {842E3E5A-3701-4A3D-AC58-EF9D9C319563} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-02-04] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 ____N () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-09-17 17:42 - 2015-09-17 17:42 - 00192232 _____ () C:\Program Files (x86)\NETGEAR\A6210\NetgearSwitchUSB.exe
2016-01-31 22:11 - 2016-01-31 22:11 - 02653816 ____N () C:\WINDOWS\system32\CoreUIComponents.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 02653816 ____N () C:\WINDOWS\System32\CoreUIComponents.dll
2016-02-04 19:07 - 2016-02-04 19:08 - 00015872 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.201.11370.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-02-04 19:07 - 2016-02-04 19:08 - 14869504 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.201.11370.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-02-04 19:04 - 2016-02-04 19:05 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.201.11370.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-01-27 17:26 - 2015-07-25 13:00 - 00404912 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-01-31 22:12 - 2016-01-31 22:12 - 00093696 ____N () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-01-31 22:12 - 2016-01-31 22:12 - 00472064 ____N () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 07992832 ____N () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 00591360 ____N () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 02483200 ____N () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-31 22:11 - 2016-01-31 22:11 - 04089856 ____N () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-10-30 02:18 - 2015-10-30 02:18 - 00218456 ____N () c:\windows\system32\WerEtw.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\John\Desktop\Screenshot 2014-10-02 11.08.30 (2).png:com.dropbox.attributes

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-02-03 23:42 - 2016-02-03 23:39 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-552680241-3840029019-851758634-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\John\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\backgrounddefault.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139

==================== Restore Points =========================

07-02-2016 02:00:56 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/07/2016 08:35:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mod_frst.exe, version: 3.3.12.0, time stamp: 0x564a214d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000a2502
Faulting process id: 0xd2c
Faulting application start time: 0xmod_frst.exe0
Faulting application path: mod_frst.exe1
Faulting module path: mod_frst.exe2
Report Id: mod_frst.exe3
Faulting package full name: mod_frst.exe4
Faulting package-relative application ID: mod_frst.exe5

Error: (02/07/2016 08:31:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ERUNT.exe, version: 0.0.0.0, time stamp: 0x2a425e19
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000a2502
Faulting process id: 0x199c
Faulting application start time: 0xERUNT.exe0
Faulting application path: ERUNT.exe1
Faulting module path: ERUNT.exe2
Report Id: ERUNT.exe3
Faulting package full name: ERUNT.exe4
Faulting package-relative application ID: ERUNT.exe5

Error: (02/07/2016 08:31:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FRST.exe, version: 7.2.2016.0, time stamp: 0x56b77303
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000a2502
Faulting process id: 0x84c
Faulting application start time: 0xFRST.exe0
Faulting application path: FRST.exe1
Faulting module path: FRST.exe2
Report Id: FRST.exe3
Faulting package full name: FRST.exe4
Faulting package-relative application ID: FRST.exe5

Error: (02/07/2016 05:41:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.125.0, time stamp: 0x5612a56b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000a2502
Faulting process id: 0x23a4
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5

Error: (02/07/2016 05:40:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.125.0, time stamp: 0x5612a56b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000a2502
Faulting process id: 0x23a8
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5

Error: (02/07/2016 05:33:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.10586.35, time stamp: 0x566505bc
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.10586.71, time stamp: 0x5699d8e0
Exception code: 0xc000027b
Fault offset: 0x0000000000517aa6
Faulting process id: 0x10c0
Faulting application start time: 0xShellExperienceHost.exe0
Faulting application path: ShellExperienceHost.exe1
Faulting module path: ShellExperienceHost.exe2
Report Id: ShellExperienceHost.exe3
Faulting package full name: ShellExperienceHost.exe4
Faulting package-relative application ID: ShellExperienceHost.exe5

Error: (02/07/2016 05:03:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: pagedfrg.exe, version: 2.32.0.0, time stamp: 0x44e25699
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000a2502
Faulting process id: 0x1dd4
Faulting application start time: 0xpagedfrg.exe0
Faulting application path: pagedfrg.exe1
Faulting module path: pagedfrg.exe2
Report Id: pagedfrg.exe3
Faulting package full name: pagedfrg.exe4
Faulting package-relative application ID: pagedfrg.exe5

Error: (02/07/2016 04:01:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Z-ZipSetup.exe, version: 0.0.0.0, time stamp: 0x2a425e19
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000a2502
Faulting process id: 0x1cec
Faulting application start time: 0xZ-ZipSetup.exe0
Faulting application path: Z-ZipSetup.exe1
Faulting module path: Z-ZipSetup.exe2
Report Id: Z-ZipSetup.exe3
Faulting package full name: Z-ZipSetup.exe4
Faulting package-relative application ID: Z-ZipSetup.exe5

Error: (02/07/2016 04:01:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Z-ZipSetup.exe, version: 0.0.0.0, time stamp: 0x2a425e19
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000a2502
Faulting process id: 0x8e8
Faulting application start time: 0xZ-ZipSetup.exe0
Faulting application path: Z-ZipSetup.exe1
Faulting module path: Z-ZipSetup.exe2
Report Id: Z-ZipSetup.exe3
Faulting package full name: Z-ZipSetup.exe4
Faulting package-relative application ID: Z-ZipSetup.exe5

Error: (02/07/2016 04:00:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Z-ZipSetup.exe, version: 0.0.0.0, time stamp: 0x2a425e19
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000a2502
Faulting process id: 0x1b8c
Faulting application start time: 0xZ-ZipSetup.exe0
Faulting application path: Z-ZipSetup.exe1
Faulting module path: Z-ZipSetup.exe2
Report Id: Z-ZipSetup.exe3
Faulting package full name: Z-ZipSetup.exe4
Faulting package-relative application ID: Z-ZipSetup.exe5


System errors:
=============
Error: (02/07/2016 06:07:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (02/07/2016 06:00:56 PM) (Source: DCOM) (EventID: 10010) (User: PC-SEALAH)
Description: {0002DF01-0000-0000-C000-000000000046}

Error: (02/07/2016 06:00:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (02/07/2016 06:00:26 PM) (Source: DCOM) (EventID: 10010) (User: PC-SEALAH)
Description: {0002DF01-0000-0000-C000-000000000046}

Error: (02/07/2016 03:25:16 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: 1084dpsUnavailable{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}

Error: (02/07/2016 03:25:16 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: 1084dpsUnavailable{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}

Error: (02/07/2016 03:25:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (02/07/2016 03:25:13 PM) (Source: DCOM) (EventID: 10005) (User: PC-SEALAH)
Description: 1084WSearchUnavailable{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (02/07/2016 03:25:08 PM) (Source: DCOM) (EventID: 10005) (User: PC-SEALAH)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (02/07/2016 03:25:08 PM) (Source: DCOM) (EventID: 10005) (User: PC-SEALAH)
Description: 1084WSearchUnavailable{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}


CodeIntegrity:
===================================
Date: 2016-02-07 01:37:56.126
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-02-04 17:24:45.896
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-02-04 17:02:31.351
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements.

Date: 2016-02-04 10:36:56.606
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-02-03 21:04:26.830
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i3-4005U CPU @ 1.70GHz
Percentage of memory in use: 69%
Total physical RAM: 4027.84 MB
Available physical RAM: 1213.63 MB
Total Virtual: 5435.84 MB
Available Virtual: 2111.06 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:441.61 GB) (Free:309.21 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:22.27 GB) (Free:2.18 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 57DF2823)

Partition: GPT.

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 11 February 2016 - 04:37 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:12 AM

Posted 11 February 2016 - 04:54 PM

Greetings Pcnot and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this.

===================================================

Multiple Antivirus Programs

-------------------

I do not recommend that you have more than one anti virus product installed on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please remove all but one of the Antivirus programs currently on your computer, even if only one is running. You can uninstall the program(s) via Add/Remove Programs, or Programs and Features in the Control Panel.
 

Emsisoft Anti-Malware
Kaspersky Total Security


===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Click Format and check Word Wrap
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
2016-02-07 16:00 - 2016-02-07 16:00 - 00942816 _____ ( ) C:\Users\John\Downloads\Z-ZipSetup.exe
CMD: type "C:\ComboFix.txt"
File: C:\ComboFix.txt
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Check your computer performance
  • If you still have issues complete the following step
===================================================

Clean Boot

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msconfig and press Enter
  • If you are prompted for an administrator password or for a confirmation, type the password, or provide confirmation
  • Click the General tab then click Selective Startup
  • Check Load system services
  • Uncheck Load Startup Items

2440069.png

  • Click the Services tab
  • Click to select the Hide All Microsoft Services check box
  • Click Disable All, and then click OK
  • When you are prompted, click Restart and boot into Normal Mode
  • Check your computer performance
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Clean Boot results
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Pcnot

Pcnot
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sarasota FL
  • Local time:09:12 AM

Posted 11 February 2016 - 10:10 PM

Oh My!  So far  so good, it seems to work.

 

One thing, the last step, System Summary info...Left click on System Summary did nothing?

Also, my fixit log won't copy and paste?

 

I will try again tomorrow

 

Blessings!

 

John

....​



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:12 AM

Posted 11 February 2016 - 10:35 PM

Hi John, and blessings to you as well. :)

Just a bit of clarification. Did you have to do the Clean Boot steps? Just want to understand which part of the instructions makes your computer feel better.

If you left click in the Reply window then hit the Ctrl + V key at the same time does it paste the information?

Left clicking on System Summary is only to make sure that entry is highlighted. If it is, try the remaining steps.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Pcnot

Pcnot
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sarasota FL
  • Local time:09:12 AM

Posted 12 February 2016 - 12:14 PM

Hi Oh My!

 

All appeared well after the FRST exercise.  The log is pasted below.  The Clean Boot helped me feel better; the computer is fine. :crazy:

I did the clean boot and attached the zipped summary file.  Is the summary related to the clean boot?  Otherwise I have nothing to show for my clean boot.

 

Thank you so much for your help, 10+ awesome!

Fix result of Farbar Recovery Scan Tool (x64) Version:07-02-2016
Ran by John (2016-02-12 11:50:26) Run:2
Running from C:\Users\John\Desktop
Loaded Profiles: John (Available Profiles: John)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
2016-02-07 16:00 - 2016-02-07 16:00 - 00942816 _____ ( ) C:\Users\John\Downloads\Z-ZipSetup.exe
CMD: type "C:\ComboFix.txt"
File: C:\ComboFix.txt
*****************
 
"C:\Users\John\Downloads\Z-ZipSetup.exe" => not found.
 
=========  type "C:\ComboFix.txt" =========
 
The system cannot find the file specified.
 
========= End of CMD: =========
 

========================= File: C:\ComboFix.txt ========================
 
"C:\ComboFix.txt" => not found.
====== End of File: ======
 

==== End of Fixlog 11:50:26 ====

 

 

 

Attached Files



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:12 AM

Posted 12 February 2016 - 12:34 PM

Greetings John and thank you for your kindness.

I didn't expect the FRST step to resolve the issue, to be honest. In anticipation it might not help I had you run the Clean Boot steps. That process doesn't produce any log and the System Summary log is something completely different. What the Clean Boot does is stop all non-Microsoft 3rd party programs from running. The theory is one of those 3rd party programs might be causing a conflict resulting in the symptoms you were experiencing. It was sort of a contingency step.

Here is what I would like to do now.

===================================================

Reversing Clean Boot State
--------------------
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msconfig and press Enter
  • If you are prompted for an administrator password or for a confirmation, type the password, or provide confirmation
  • In the System Configuration Utility dialog box, click Normal Startup on the General tab
  • Click OK
  • When you are prompted, click Restart
===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click Run ESET Online Scanner.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Click Enable detection of potentially unwanted applications
  • Accept any security warnings from your browser.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Check Uninstall application on close and Delete quarantined files
  • Click the Finish button.
  • Close the ESET window and reboot your computer
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Were you able to reverse Clean Boot?
  • ESET log
  • Security Check log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Pcnot

Pcnot
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sarasota FL
  • Local time:09:12 AM

Posted 12 February 2016 - 10:05 PM

  Results of screen317's Security Check version 1.014 --- 12/23/15 
   x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Windows Defender          
Kaspersky Total Security  
Hi Oh My!

 

I was able to reverse clean boot.

I seem to have "lost" the ESET log?  Do you know if I can recover, it did not save to my notepad?

 

Here is the Security Check pasted below.  Right now everything seems to be running well, and thanks again! 

 

John

 

 

Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Secunia PSI (3.0.0.11005)  
````````Process Check: objlist.exe by Laurent```````` 
 Kaspersky Lab Kaspersky Total Security 16.0.0 avp.exe 
 Kaspersky Lab Kaspersky Total Security 16.0.0 avpui.exe 
 Kaspersky Lab Kaspersky Password Manager 8.0.3 kpm.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 



#8 Pcnot

Pcnot
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sarasota FL
  • Local time:09:12 AM

Posted 12 February 2016 - 10:08 PM

  Actually, here is the Security Check...

 

Results of screen317's Security Check version 1.014 --- 12/23/15 
   x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Windows Defender          
Kaspersky Total Security  
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Secunia PSI (3.0.0.11005)  
````````Process Check: objlist.exe by Laurent```````` 
 Kaspersky Lab Kaspersky Total Security 16.0.0 avp.exe 
 Kaspersky Lab Kaspersky Total Security 16.0.0 avpui.exe 
 Kaspersky Lab Kaspersky Password Manager 8.0.3 kpm.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:12 AM

Posted 12 February 2016 - 10:41 PM

Look here:

C:\Program Files\ESET\EsetOnlineScanner\log.txt


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Pcnot

Pcnot
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sarasota FL
  • Local time:09:12 AM

Posted 13 February 2016 - 09:22 AM

Hi Oh My!

I blew it, I must have cleaned those files out, I'm a little OCD with running CCleaner and an anti-malware check:(

I am running ESET again. I wlll say that there were 9 alerts for some adware related to CCleaner which I believe were removed. I thought I had saved the log but apparently failed to or looked in the wrong place. It is not located in the Program Files either.

My bad, I will try again with ESET but since I think it successfully removed yesterdays threats I might be outta luck in terms of documenting that particular snapshot of our progress. However, the computer has been asymptomatic since your very first set of recommendations.

ESET data for 02-13-2016 PENDING

Thanks again for your help!

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:12 AM

Posted 13 February 2016 - 11:44 AM

No need to be concerned, really. By the time I run ESET is is typically just a mop up exercise to remove annoying things that are not of any significant concern. Let's see what ESET says this time but I think we will find we are clean.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Pcnot

Pcnot
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sarasota FL
  • Local time:09:12 AM

Posted 13 February 2016 - 01:42 PM

Hi Oh My!

 

ESET is clean, nothing found.  Looks like we might be clean!



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:12 AM

Posted 13 February 2016 - 02:48 PM

Yes, we are all set.

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and you may delete any programs or logs on your computer as a result of our efforts. If we used Emsisoft Emergency Kit just delete the icon on your desktop and the C:\EEK folder. For everything else you simply delete the log files or desktop icons.

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:I will leave this topic open for just a brief period of time in case you have any further issues then it will be closed shortly thereafter.

Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Pcnot

Pcnot
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sarasota FL
  • Local time:09:12 AM

Posted 13 February 2016 - 04:28 PM

Thanks for taking the time to help!  This was painless (for me), many blessings to you and yours!



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:12 AM

Posted 13 February 2016 - 04:32 PM

Thank you John and the same to you.

 

You are welcome back any time you need help. We are always here.

 

Gary


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users