Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Keep being redirected and pop ups appear when using Chrome


  • This topic is locked This topic is locked
15 replies to this topic

#1 jedwa20th

jedwa20th

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:50 PM

Posted 26 February 2016 - 05:37 PM

Hi. I constantly see links popping up in the bottom left hand corner of my screen when using Chrome browser. My browser is constantly redirected and I get popups appearing all the time. This started about 2 months ago, but has been getting worse and more persistent recently.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-02-2016
Ran by Jon (administrator) on JON-PC (26-02-2016 22:07:13)
Running from C:\Users\Jon\Downloads
Loaded Profiles: Jon & Guest (Available Profiles: Jon & Guest & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\ConfigurationWizard.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_2016.27.2.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_1.10.22012.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Google Inc.) C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040296 2015-08-28] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3251408 2015-09-23] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-07-05] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WSHelperSetup.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1691136 2012-05-31] (Wondershare)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2014-05-28] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2014-05-28] (Citrix Systems, Inc.)
HKU\S-1-5-21-3319042926-2513336005-101065848-1001\...\Run: [Google Update] => C:\Users\Jon\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-01] (Google Inc.)
HKU\S-1-5-21-3319042926-2513336005-101065848-1001\...\Run: [EPSON SX125 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGGE.EXE [224768 2009-09-14] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3319042926-2513336005-101065848-1001\...\Run: [EPSON SX100 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEDE.EXE [221696 2009-07-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3319042926-2513336005-101065848-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation)
HKU\S-1-5-21-3319042926-2513336005-101065848-1001\...\RunOnce: [Uninstall C:\Users\Jon\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jon\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
HKU\S-1-5-21-3319042926-2513336005-101065848-1001\...\RunOnce: [Uninstall C:\Users\Jon\AppData\Local\Microsoft\OneDrive\17.3.6281.1202] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jon\AppData\Local\Microsoft\OneDrive\17.3.6281.1202"
HKU\S-1-5-21-3319042926-2513336005-101065848-501\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{1b47da56-c7a6-46a8-bd6c-dd29779d5c6f}: [DhcpNameServer] 82.163.143.171
Tcpip\..\Interfaces\{247f0892-559c-4d85-b5a1-5ecf1078a4b3}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{8a3d041f-d36c-4432-81b8-7f483a9d87dc}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{9a855f79-22b2-451a-a852-edf15a35eb45}: [DhcpNameServer] 82.163.143.171

Internet Explorer:
==================
HKU\S-1-5-21-3319042926-2513336005-101065848-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/
HKU\S-1-5-21-3319042926-2513336005-101065848-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
HKU\S-1-5-21-3319042926-2513336005-101065848-501\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com
HKU\S-1-5-21-3319042926-2513336005-101065848-501\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3319042926-2513336005-101065848-1001 -> DefaultScope {4FBECAE9-C45B-4666-9C76-40C2152F31F5} URL = hxxp://uk.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-3319042926-2513336005-101065848-1001 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=112059&babsrc=SP_ss&mntrId=884b322500000000000018f46a98b60f
SearchScopes: HKU\S-1-5-21-3319042926-2513336005-101065848-1001 -> {4FBECAE9-C45B-4666-9C76-40C2152F31F5} URL = hxxp://uk.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-3319042926-2513336005-101065848-1001 -> {D43620F5-A567-4480-B086-CD77E512C384} URL = hxxp://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
SearchScopes: HKU\S-1-5-21-3319042926-2513336005-101065848-501 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll [2010-04-28] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120819210454.dll => No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-22] (Oracle Corporation)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120819210454.dll => No File
BHO-x32: W2PBrowser Class -> {AA609D72-8482-4076-8991-8CDAE5B93BCB} -> C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll [2010-06-08] ()
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-22] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3319042926-2513336005-101065848-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-3319042926-2513336005-101065848-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: HKLM-x32 {96AEAC49-3DCC-4442-B580-C2B4432FD82E} hxxp://wireless-setup.lboro.ac.uk/tools/xc_loader_activex.ocx
DPF: HKLM-x32 {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} hxxps://plugins.valueactive.eu/flashax/iefax.cab
DPF: HKLM-x32 {FC1CEE43-039F-451A-9A5A-31D87D032853} hxxp://wireless-setup.lboro.ac.uk/tools/xc_loader_activex.ocx
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-05-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-05-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-05-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-05-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-05-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-05-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-05-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-05-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-05-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-05-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-05-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-05-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-05-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-05-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-05-28] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-05-28] (Citrix Systems, Inc.)

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/wpi,version=1.4 -> C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll [2011-04-01] (Microsoft Corp)
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2014-05-28] (Citrix Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-22] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/wpi,version=1.4 -> C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll [2011-04-01] (Microsoft Corp)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-09-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3319042926-2513336005-101065848-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Jon\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-3319042926-2513336005-101065848-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Jon\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-04] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore => not found
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.co.uk/
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3325157&octid=EB_ORIGINAL_CTID&ISID=MC9231BD7-7349-4351-BF85-2AAECB34A089&SearchSource=55&CUI=&UM=8&UP=SP1922237E-9833-4000-8E63-58B08B1556BF&D=010216&SSPV="
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\Jon\AppData\Local\Google\Chrome\Application\48.0.2564.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Users\Jon\AppData\Local\Google\Chrome\Application\48.0.2564.116\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Jon\AppData\Local\Google\Chrome\Application\48.0.2564.116\pdf.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Citrix ICA Client) - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.600.19) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll => No File
CHR Plugin: (Java™ Platform SE 7 U60) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll => No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll => No File
CHR Plugin: (WPI Detector 1.4) - C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll (Microsoft Corp)
CHR Plugin: (Google Update) - C:\Users\Jon\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll => No File
CHR Profile: C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Google Search) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (IE Tab) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2016-02-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-23]
CHR Extension: (Gmail) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM-x32\...\Chrome\Extension: [fdloijijlkoblmigdofommgnheckmaki] - C:\Program Files (x86)\Funmoods\funmoods\1.5.11.16\funmoodsOEM.crx <not found>
StartMenuInternet: Google Chrome - C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ETDService; C:\Program Files\Elantech\ETDService.exe [139984 2015-09-23] (ELAN Microelectronics Corp.)
S2 MsDepSvc; C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [67400 2011-04-01] (Microsoft Corporation)
S2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [61913952 2010-04-03] (Microsoft Corporation)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [428384 2010-04-03] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\System32\drivers\athwnx.sys [4207104 2015-10-30] (Qualcomm Atheros Communications, Inc.)
R3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [41024 2015-09-23] (ELAN Microelectronic Corp.)
S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2010-11-02] (Windows ® 2003 DDK 3790 provider)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 yukonw8; C:\Windows\System32\drivers\yk63x64.sys [288768 2015-10-30] (Marvell)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-26 22:07 - 2016-02-26 22:08 - 00024386 ____C C:\Users\Jon\Downloads\FRST.txt
2016-02-26 22:06 - 2016-02-26 22:07 - 00000000 ___DC C:\FRST
2016-02-26 22:06 - 2016-02-26 22:06 - 02371072 ____C (Farbar) C:\Users\Jon\Downloads\FRST64.exe
2016-02-26 22:06 - 2016-02-26 22:06 - 00784798 ____C C:\Users\Jon\Downloads\Unconfirmed 425381.crdownload
2016-02-26 12:13 - 2016-02-26 06:00 - 00000000 ___DC C:\WINDOWS\Panther
2016-02-26 12:08 - 2016-02-26 12:09 - 00000000 ___DC C:\Windows.old
2016-02-26 12:02 - 2016-02-26 12:02 - 24603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 08728920 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 07476064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-02-26 12:02 - 2016-02-26 12:02 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 04502352 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-02-26 12:02 - 2016-02-26 12:02 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-02-26 12:02 - 2016-02-26 12:02 - 03993600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 02757120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2016-02-26 12:02 - 2016-02-26 12:02 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2016-02-26 12:02 - 2016-02-26 12:02 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 02587696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 02180128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 02155008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 02152800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-02-26 12:02 - 2016-02-26 12:02 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-02-26 12:02 - 2016-02-26 12:02 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-02-26 12:02 - 2016-02-26 12:02 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 01995776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 01819720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 01814528 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2016-02-26 12:02 - 2016-02-26 12:02 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 01648640 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-02-26 12:02 - 2016-02-26 12:02 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-02-26 12:02 - 2016-02-26 12:02 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-02-26 12:02 - 2016-02-26 12:02 - 01309376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 01281376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-02-26 12:02 - 2016-02-26 12:02 - 01223168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 01155944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 01141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-02-26 12:02 - 2016-02-26 12:02 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 01092456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 01089880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-02-26 12:02 - 2016-02-26 12:02 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-02-26 12:02 - 2016-02-26 12:02 - 01065080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 01053696 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 01042432 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 01035776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 01020096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 01009152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-02-26 12:02 - 2016-02-26 12:02 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00983464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00973664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00931328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
2016-02-26 12:02 - 2016-02-26 12:02 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00900608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00898184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-02-26 12:02 - 2016-02-26 12:02 - 00884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00884256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00871936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2016-02-26 12:02 - 2016-02-26 12:02 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00858952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00823264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-02-26 12:02 - 2016-02-26 12:02 - 00803840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00796352 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00786696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-02-26 12:02 - 2016-02-26 12:02 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00716928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00701384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00698208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-02-26 12:02 - 2016-02-26 12:02 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00683008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00671472 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00644096 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-02-26 12:02 - 2016-02-26 12:02 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00586208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00586080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-02-26 12:02 - 2016-02-26 12:02 - 00578912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2016-02-26 12:02 - 2016-02-26 12:02 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00558592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00526856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00523616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2016-02-26 12:02 - 2016-02-26 12:02 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2016-02-26 12:02 - 2016-02-26 12:02 - 00516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00515584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00511320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00462760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00454056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00450904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00440152 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-02-26 12:02 - 2016-02-26 12:02 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-02-26 12:02 - 2016-02-26 12:02 - 00412512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-02-26 12:02 - 2016-02-26 12:02 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2016-02-26 12:02 - 2016-02-26 12:02 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2016-02-26 12:02 - 2016-02-26 12:02 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-02-26 12:02 - 2016-02-26 12:02 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00337840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-02-26 12:02 - 2016-02-26 12:02 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-02-26 12:02 - 2016-02-26 12:02 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-02-26 12:02 - 2016-02-26 12:02 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00292352 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00289248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00264544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00264192 _____ (Nokia) C:\WINDOWS\system32\NmaDirect.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00260608 _____ C:\WINDOWS\system32\MTFServer.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00245840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-02-26 12:02 - 2016-02-26 12:02 - 00234504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-02-26 12:02 - 2016-02-26 12:02 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00208176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00205824 _____ (Nokia) C:\WINDOWS\SysWOW64\NmaDirect.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassam.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00202472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-02-26 12:02 - 2016-02-26 12:02 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-02-26 12:02 - 2016-02-26 12:02 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-02-26 12:02 - 2016-02-26 12:02 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2016-02-26 12:02 - 2016-02-26 12:02 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2016-02-26 12:02 - 2016-02-26 12:02 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2016-02-26 12:02 - 2016-02-26 12:02 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-02-26 12:02 - 2016-02-26 12:02 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-02-26 12:02 - 2016-02-26 12:02 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00119320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-02-26 12:02 - 2016-02-26 12:02 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2016-02-26 12:02 - 2016-02-26 12:02 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MapControls.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00110032 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00100160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-02-26 12:02 - 2016-02-26 12:02 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00088392 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00085320 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
2016-02-26 12:02 - 2016-02-26 12:02 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe
2016-02-26 12:02 - 2016-02-26 12:02 - 00080600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwapi.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMSRoamingSecurity.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.XboxLive.ProxyStub.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssign32.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00073360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ihvrilproxy.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00063528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wwapi.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssign32.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosResource.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosResource.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2016-02-26 12:02 - 2016-02-26 12:02 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\rilproxy.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-02-26 12:02 - 2016-02-26 12:02 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wwanpref.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00051680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsUtilsV2.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2016-02-26 12:02 - 2016-02-26 12:02 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsplib.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.proxy.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2016-02-26 12:02 - 2016-02-26 12:02 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-02-26 12:02 - 2016-02-26 12:02 - 00035680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wimmount.sys
2016-02-26 12:02 - 2016-02-26 12:02 - 00035656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2016-02-26 12:02 - 2016-02-26 12:02 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00032040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe
2016-02-26 12:02 - 2016-02-26 12:02 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringconfigsp.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-02-26 12:02 - 2016-02-26 12:02 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.proxy.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-02-26 12:02 - 2016-02-26 12:02 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
2016-02-26 12:02 - 2016-02-26 12:02 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshrm.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe
2016-02-26 12:02 - 2016-02-26 12:02 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\IcsEntitlementHost.exe
2016-02-26 12:02 - 2016-02-26 12:02 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosTrace.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosHost.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\readingviewresources.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlStringsRes.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlStringsRes.dll
2016-02-26 12:02 - 2016-02-26 12:02 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 06971752 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 06605544 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 05503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-02-26 12:01 - 2016-02-26 12:01 - 03355136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 02843136 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 02772584 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 02680320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 02653816 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 02606824 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 02230784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 02185840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 02026736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 02001408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 01998176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-02-26 12:01 - 2016-02-26 12:01 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 01860096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 01859448 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 01804664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 01594408 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 01504768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-02-26 12:01 - 2016-02-26 12:01 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 01371792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 01270072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00911648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-02-26 12:01 - 2016-02-26 12:01 - 00675064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-02-26 12:01 - 2016-02-26 12:01 - 00576352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-02-26 12:01 - 2016-02-26 12:01 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-02-26 12:01 - 2016-02-26 12:01 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00499432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00359776 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00295264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-AppModelExecEvents.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityCommon.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-02-26 12:01 - 2016-02-26 12:01 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-02-26 12:01 - 2016-02-26 12:01 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ETWCoreUIComponentsResources.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ETWCoreUIComponentsResources.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
2016-02-26 12:01 - 2016-02-26 12:01 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ProximityCommon.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys
2016-02-26 12:01 - 2016-02-26 12:01 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-02-26 12:01 - 2016-02-26 12:01 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2016-02-26 12:01 - 2016-02-26 12:01 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbio.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManagerProxy.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-02-26 12:01 - 2016-02-26 12:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\BackgroundTransferHost.exe
2016-02-26 12:01 - 2016-02-26 12:01 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCoreRes.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCoreRes.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe
2016-02-26 12:01 - 2016-02-26 12:01 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2016-02-26 12:01 - 2016-02-26 12:01 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2016-02-26 11:56 - 2016-02-26 11:56 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-02-26 11:53 - 2016-02-26 11:53 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2016-02-26 11:53 - 2016-02-26 11:53 - 00000000 ____D C:\WINDOWS\system32\msmq
2016-02-26 11:53 - 2016-02-26 11:53 - 00000000 ____D C:\WINDOWS\system32\BestPractices
2016-02-26 11:53 - 2016-02-26 11:53 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-02-26 11:53 - 2016-02-26 11:53 - 00000000 ____D C:\Program Files\MSBuild
2016-02-26 11:53 - 2016-02-26 11:53 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-02-26 11:53 - 2016-02-26 11:53 - 00000000 ____D C:\inetpub
2016-02-26 11:53 - 2016-02-26 04:37 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-02-26 11:52 - 2015-10-24 01:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2016-02-26 11:52 - 2015-10-24 01:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-02-26 11:52 - 2015-10-24 01:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2016-02-26 11:52 - 2015-10-24 01:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2016-02-26 11:52 - 2015-10-24 01:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2016-02-26 11:52 - 2015-10-24 01:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-02-26 11:40 - 2016-02-26 11:40 - 00000000 ___HC C:\$WINRE_BACKUP_PARTITION.MARKER
2016-02-26 07:14 - 2016-02-26 07:14 - 00000000 __HDC C:\OneDriveTemp
2016-02-26 07:09 - 2016-02-26 07:09 - 00000000 ____D C:\Users\Jon\AppData\Local\ActiveSync
2016-02-26 07:06 - 2016-02-26 07:06 - 00000020 ___SH C:\Users\Jon\ntuser.ini
2016-02-26 04:48 - 2016-02-26 04:48 - 00000000 _SHDL C:\Users\Default\My Documents
2016-02-26 04:48 - 2016-02-26 04:48 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2016-02-26 04:48 - 2016-02-26 04:48 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2016-02-26 04:48 - 2016-02-26 04:48 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2016-02-26 04:48 - 2016-02-26 04:48 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2016-02-26 04:48 - 2016-02-26 04:48 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2016-02-26 04:48 - 2016-02-26 04:48 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2016-02-26 04:44 - 2016-02-26 04:44 - 00000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2016-02-26 04:36 - 2016-02-26 04:36 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-02-26 04:36 - 2016-02-26 04:36 - 00000000 ____D C:\Users\Default\Documents\Visual Studio 2010
2016-02-26 04:36 - 2016-02-26 04:36 - 00000000 ____D C:\Users\Default\AppData\Roaming\Media Center Programs
2016-02-26 04:36 - 2016-02-26 04:36 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2016-02-26 04:36 - 2016-02-26 04:36 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2016-02-26 04:36 - 2016-02-26 04:36 - 00000000 ____D C:\Users\Default User\Documents\Visual Studio 2010
2016-02-26 04:36 - 2016-02-26 04:36 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Media Center Programs
2016-02-26 04:36 - 2016-02-26 04:36 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2016-02-26 04:36 - 2016-02-26 04:36 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2016-02-26 04:27 - 2016-02-26 04:27 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2016-02-26 04:25 - 2016-02-26 04:25 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2016-02-26 04:22 - 2016-02-26 07:11 - 00000000 ____D C:\Users\Jon
2016-02-26 04:22 - 2016-02-26 04:42 - 00000000 ____D C:\Users\Guest
2016-02-26 04:22 - 2016-02-26 04:42 - 00000000 ____D C:\Users\DefaultAppPool
2016-02-26 04:22 - 2016-02-26 04:22 - 00000000 _SHDL C:\Users\Jon\My Documents
2016-02-26 04:22 - 2016-02-26 04:22 - 00000000 _SHDL C:\Users\Jon\Documents\My Videos
2016-02-26 04:22 - 2016-02-26 04:22 - 00000000 _SHDL C:\Users\Jon\Documents\My Pictures
2016-02-26 04:22 - 2016-02-26 04:22 - 00000000 _SHDL C:\Users\Jon\Documents\My Music
2016-02-26 04:22 - 2016-02-26 04:22 - 00000000 _SHDL C:\Users\Guest\My Documents
2016-02-26 04:22 - 2016-02-26 04:22 - 00000000 _SHDL C:\Users\Guest\Documents\My Videos
2016-02-26 04:22 - 2016-02-26 04:22 - 00000000 _SHDL C:\Users\Guest\Documents\My Pictures
2016-02-26 04:22 - 2016-02-26 04:22 - 00000000 _SHDL C:\Users\Guest\Documents\My Music
2016-02-26 04:22 - 2016-02-26 04:22 - 00000000 _SHDL C:\Users\DefaultAppPool\My Documents
2016-02-26 04:22 - 2016-02-26 04:22 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Videos
2016-02-26 04:22 - 2016-02-26 04:22 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Pictures
2016-02-26 04:22 - 2016-02-26 04:22 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Music
2016-02-26 04:21 - 2016-02-26 04:45 - 01102452 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-26 04:21 - 2016-02-26 04:21 - 00965390 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2016-02-26 04:19 - 2016-02-26 04:19 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_ETD_01009.Wdf
2016-02-26 04:19 - 2016-02-26 04:19 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2016-02-26 04:18 - 2016-02-26 04:29 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2016-02-26 04:18 - 2016-02-26 04:27 - 00000000 ____D C:\Program Files\Elantech
2016-02-26 04:18 - 2016-02-26 04:18 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-02-26 04:18 - 2016-02-26 04:18 - 00000000 ____D C:\Program Files\Realtek
2016-02-26 04:15 - 2015-10-30 07:17 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2016-02-26 04:14 - 2016-02-26 04:38 - 00467192 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-02-21 10:35 - 2016-02-21 10:35 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2016-02-21 10:13 - 2016-01-21 13:47 - 00000000 ____D C:\Users\DefaultAppPool\Documents\Visual Studio 2010
2016-02-21 10:13 - 2016-01-21 13:47 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Media Center Programs
2016-02-21 10:13 - 2016-01-21 13:47 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Macromedia
2016-02-21 10:13 - 2016-01-21 13:47 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Local\Microsoft Help
2016-02-21 10:04 - 2016-02-21 10:04 - 00000000 ____D C:\ProgramData\0039d114-5a57-0
2016-02-21 10:01 - 2016-02-21 10:01 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2016-02-21 09:59 - 2016-02-26 04:44 - 00019458 _____ C:\WINDOWS\System32\Tasks\{B315E72F-65A7-5426-82C9-01AFAC4FB317}
2016-02-21 09:59 - 2016-02-26 04:44 - 00019458 _____ C:\WINDOWS\System32\Tasks\{2E233D8D-C5A0-65C5-0130-EF41D406050F}
2016-02-21 09:59 - 2016-02-26 04:44 - 00003078 _____ C:\WINDOWS\System32\Tasks\{3CAB4C15-F9B0-1122-15D1-390012F53D22}
2016-02-21 09:59 - 2016-02-21 09:59 - 00000000 ____D C:\ProgramData\b7e571f
2016-02-21 09:59 - 2016-02-21 09:59 - 00000000 ____D C:\ProgramData\0039d114-0791-0
2016-02-21 09:59 - 2016-02-21 09:59 - 00000000 ____D C:\ProgramData\{21d31afe-212c-1}
2016-02-21 09:59 - 2016-02-21 09:59 - 00000000 ____D C:\ProgramData\{15b05a6d-412c-0}
2016-02-21 09:59 - 2016-02-21 09:59 - 00000000 ____D C:\ProgramData\{141f65fd-512c-1}
2016-02-21 09:59 - 2016-02-21 09:59 - 00000000 ____D C:\ProgramData\{0a923f3c-212c-0}
2016-01-30 15:41 - 2016-01-30 15:41 - 00880838 ____C C:\Users\Jon\Downloads\Vouchers.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-26 21:57 - 2012-08-22 09:28 - 00000830 ____C C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-02-26 21:46 - 2011-08-21 14:33 - 00000914 ____C C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3319042926-2513336005-101065848-1001UA.job
2016-02-26 19:14 - 2010-08-12 04:43 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2016-02-26 19:14 - 2010-08-12 04:35 - 00000000 __HDC C:\Program Files (x86)\InstallShield Installation Information
2016-02-26 14:19 - 2015-10-30 07:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-26 13:46 - 2011-08-21 14:33 - 00000862 ____C C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3319042926-2513336005-101065848-1001Core.job
2016-02-26 12:12 - 2015-10-30 07:24 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-02-26 12:04 - 2015-10-30 09:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-26 12:04 - 2015-10-30 07:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-02-26 12:04 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-02-26 12:04 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-02-26 12:04 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-02-26 12:04 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-02-26 12:04 - 2015-10-30 07:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-26 12:04 - 2015-10-30 06:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-02-26 12:04 - 2015-10-30 06:28 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-02-26 11:53 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2016-02-26 11:53 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2016-02-26 11:53 - 2015-10-30 07:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll
2016-02-26 11:53 - 2015-10-30 07:19 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqutil.dll
2016-02-26 11:53 - 2015-10-30 07:19 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.dll
2016-02-26 11:53 - 2015-10-30 07:19 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2016-02-26 11:53 - 2015-10-30 07:19 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqrt.dll
2016-02-26 11:53 - 2015-10-30 07:19 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.tlb
2016-02-26 11:53 - 2015-10-30 07:19 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa30.tlb
2016-02-26 11:53 - 2015-10-30 07:19 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa20.tlb
2016-02-26 11:53 - 2015-10-30 07:19 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2016-02-26 11:53 - 2015-10-30 07:19 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa10.tlb
2016-02-26 11:53 - 2015-10-30 07:19 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2016-02-26 11:53 - 2015-10-30 07:19 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2016-02-26 11:53 - 2015-10-30 07:19 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll
2016-02-26 11:53 - 2015-10-30 07:19 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2016-02-26 11:53 - 2015-10-30 07:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2016-02-26 11:53 - 2015-10-30 07:19 - 00009096 _____ C:\WINDOWS\SysWOW64\msmqtrc.mof
2016-02-26 11:53 - 2015-10-30 07:18 - 01417728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
2016-02-26 11:53 - 2015-10-30 07:18 - 00813056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll
2016-02-26 11:53 - 2015-10-30 07:18 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll
2016-02-26 11:53 - 2015-10-30 07:18 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.dll
2016-02-26 11:53 - 2015-10-30 07:18 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll
2016-02-26 11:53 - 2015-10-30 07:18 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2016-02-26 11:53 - 2015-10-30 07:18 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys
2016-02-26 11:53 - 2015-10-30 07:18 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll
2016-02-26 11:53 - 2015-10-30 07:18 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb
2016-02-26 11:53 - 2015-10-30 07:18 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb
2016-02-26 11:53 - 2015-10-30 07:18 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2016-02-26 11:53 - 2015-10-30 07:18 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb
2016-02-26 11:53 - 2015-10-30 07:18 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2016-02-26 11:53 - 2015-10-30 07:18 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe
2016-02-26 11:53 - 2015-10-30 07:18 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb
2016-02-26 11:53 - 2015-10-30 07:18 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
2016-02-26 11:53 - 2015-10-30 07:18 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2016-02-26 11:53 - 2015-10-30 07:18 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll
2016-02-26 11:53 - 2015-10-30 07:18 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2016-02-26 11:53 - 2015-10-30 07:18 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2016-02-26 11:53 - 2015-10-30 07:18 - 00009096 _____ C:\WINDOWS\system32\msmqtrc.mof
2016-02-26 07:33 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-26 07:27 - 2016-01-21 14:03 - 00000000 ____D C:\Users\Jon\AppData\Local\Packages
2016-02-26 07:26 - 2015-10-30 07:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2016-02-26 07:14 - 2016-01-21 14:14 - 00002393 _____ C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-02-26 07:14 - 2016-01-21 14:14 - 00000000 ___RD C:\Users\Jon\OneDrive
2016-02-26 07:10 - 2015-10-30 07:21 - 00000000 ____D C:\WINDOWS\INF
2016-02-26 07:07 - 2015-10-30 07:24 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-02-26 07:07 - 2015-10-30 07:24 - 00000000 ___RD C:\WINDOWS\MiracastView
2016-02-26 07:07 - 2015-10-30 07:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-02-26 07:07 - 2015-09-10 05:42 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-02-26 04:50 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\rescache
2016-02-26 04:48 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-02-26 04:47 - 2016-01-20 20:47 - 00031404 ____C C:\WINDOWS\diagerr.xml
2016-02-26 04:47 - 2016-01-20 20:47 - 00030483 ____C C:\WINDOWS\diagwrn.xml
2016-02-26 04:47 - 2015-10-30 06:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-02-26 04:45 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\Registration
2016-02-26 04:44 - 2016-01-21 13:57 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2016-02-26 04:44 - 2015-10-30 07:24 - 00000000 __RSD C:\WINDOWS\Media
2016-02-26 04:44 - 2015-10-30 07:24 - 00000000 __RHD C:\Users\Public\Libraries
2016-02-26 04:44 - 2015-05-03 10:24 - 00002618 _____ C:\WINDOWS\System32\Tasks\ProPCCleaner_Popup
2016-02-26 04:44 - 2015-05-03 10:24 - 00002474 _____ C:\WINDOWS\System32\Tasks\ProPCCleaner_Start
2016-02-26 04:44 - 2012-08-22 09:28 - 00003110 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-02-26 04:44 - 2012-06-25 20:25 - 00002264 _____ C:\WINDOWS\System32\Tasks\{4326EC02-569C-46A9-BCE5-0DBF6581C14C}
2016-02-26 04:44 - 2011-08-21 14:33 - 00003588 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3319042926-2513336005-101065848-1001UA
2016-02-26 04:44 - 2011-08-21 14:33 - 00003320 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3319042926-2513336005-101065848-1001Core
2016-02-26 04:44 - 2011-08-21 13:33 - 00002536 _____ C:\WINDOWS\System32\Tasks\EasyPartitionManager
2016-02-26 04:44 - 2010-08-12 04:49 - 00002464 _____ C:\WINDOWS\System32\Tasks\BatteryLifeExtender
2016-02-26 04:44 - 2010-08-12 04:48 - 00002566 _____ C:\WINDOWS\System32\Tasks\EasyDisplayMgr
2016-02-26 04:44 - 2010-08-12 04:47 - 00002998 _____ C:\WINDOWS\System32\Tasks\EasySpeedUpManager
2016-02-26 04:44 - 2010-08-12 04:47 - 00002478 _____ C:\WINDOWS\System32\Tasks\EasyBatteryManager
2016-02-26 04:44 - 2010-08-12 04:46 - 00002564 _____ C:\WINDOWS\System32\Tasks\SUPBackground
2016-02-26 04:37 - 2015-10-30 09:07 - 00000000 ____D C:\WINDOWS\ShellNew
2016-02-26 04:37 - 2015-10-30 07:24 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-02-26 04:37 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2016-02-26 04:37 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2016-02-26 04:37 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\et-EE
2016-02-26 04:37 - 2015-10-30 06:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-02-26 04:37 - 2014-08-10 07:31 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-02-26 04:37 - 2012-05-21 11:48 - 00000000 ___DC C:\ProgramData\regid.1986-12.com.adobe
2016-02-26 04:37 - 2012-05-11 22:53 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-02-26 04:37 - 2012-04-20 23:43 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WCF RIA Services V1.0 SP1
2016-02-26 04:37 - 2012-04-20 23:31 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express
2016-02-26 04:37 - 2012-04-20 23:09 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008 R2
2016-02-26 04:37 - 2012-04-20 16:14 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft WebMatrix
2016-02-26 04:37 - 2012-04-20 16:13 - 00000000 ___DC C:\WINDOWS\SysWOW64\1033
2016-02-26 04:37 - 2012-04-20 16:13 - 00000000 ___DC C:\WINDOWS\system32\1033
2016-02-26 04:37 - 2012-04-20 16:11 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IIS 7.0 Extensions
2016-02-26 04:37 - 2012-04-20 12:01 - 00000000 ___DC C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Core FTP
2016-02-26 04:37 - 2011-12-02 08:52 - 00000000 __RDC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2016-02-26 04:37 - 2011-09-20 12:52 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-02-26 04:37 - 2011-08-21 15:45 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2016-02-26 04:37 - 2011-08-21 15:45 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-02-26 04:37 - 2011-08-21 13:29 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2016-02-26 04:36 - 2015-07-10 09:47 - 00000000 ____D C:\Users\Default.migrated
2016-02-26 04:29 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2016-02-26 04:29 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2016-02-26 04:29 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-02-26 04:29 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\spool
2016-02-26 04:29 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-02-26 04:29 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-02-26 04:29 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\IME
2016-02-26 04:29 - 2011-12-05 11:29 - 00000000 ___DC C:\WINDOWS\system32\SPReview
2016-02-26 04:29 - 2011-12-05 11:27 - 00000000 ___DC C:\WINDOWS\system32\EventProviders
2016-02-26 04:29 - 2010-08-12 04:35 - 00000000 ___DC C:\WINDOWS\SysWOW64\x64
2016-02-26 04:29 - 2010-08-12 04:35 - 00000000 ___DC C:\WINDOWS\SysWOW64\Lang
2016-02-26 04:28 - 2016-01-13 18:48 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-02-26 04:28 - 2015-10-30 09:03 - 00000000 ____D C:\WINDOWS\OCR
2016-02-26 04:28 - 2015-10-30 09:02 - 00000000 ____D C:\WINDOWS\DigitalLocker
2016-02-26 04:28 - 2015-10-30 07:24 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2016-02-26 04:28 - 2015-10-30 07:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-02-26 04:28 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\schemas
2016-02-26 04:28 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-02-26 04:28 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\IME
2016-02-26 04:28 - 2015-10-30 07:24 - 00000000 ____D C:\ProgramData\USOPrivate
2016-02-26 04:28 - 2012-04-20 23:39 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 3 SDK
2016-02-26 04:28 - 2012-04-20 23:14 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
2016-02-26 04:28 - 2011-12-21 10:48 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Samsung
2016-02-26 04:28 - 2011-09-22 09:36 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2016-02-26 04:28 - 2011-08-21 13:26 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers
2016-02-26 04:27 - 2015-10-30 07:24 - 00000000 __SHD C:\Program Files\Windows Sidebar
2016-02-26 04:27 - 2015-10-30 07:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-02-26 04:27 - 2012-04-20 16:11 - 00000000 ___DC C:\Program Files\IIS
2016-02-26 04:27 - 2009-07-14 05:32 - 00000000 ___DC C:\Program Files\Microsoft Games
2016-02-26 04:24 - 2012-04-19 22:15 - 00000000 ___DC C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MySQL
2016-02-26 04:21 - 2015-10-30 06:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-02-26 04:14 - 2015-10-30 09:13 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2016-02-26 03:30 - 2015-10-30 09:42 - 00000000 ___HD C:\$WINDOWS.~BT
2016-02-21 13:14 - 2009-07-14 02:34 - 00000478 ____C C:\WINDOWS\win.ini
2016-02-21 13:11 - 2013-07-22 21:47 - 00000000 ___DC C:\WINDOWS\system32\MRT
2016-02-21 12:56 - 2011-12-05 11:23 - 146614896 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-21 11:06 - 2011-08-21 14:37 - 00002479 ____C C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-21 11:06 - 2011-08-21 14:37 - 00002471 ____C C:\Users\Jon\Desktop\Google Chrome.lnk
2016-02-21 10:01 - 2016-01-02 11:14 - 00000000 ___DC C:\ProgramData\40253344-71a5-0
2016-02-21 09:59 - 2016-01-02 11:14 - 00000000 ___DC C:\ProgramData\40253344-0c97-1
2016-01-31 21:03 - 2011-09-18 16:30 - 00000000 ___DC C:\Users\Jon\AppData\Roaming\Skype
2016-01-31 14:53 - 2016-01-21 16:08 - 00000000 ____D C:\Users\Jon\AppData\Local\Comms

==================== Files in the root of some directories =======

2011-10-27 20:48 - 2011-10-27 20:48 - 0000006 ____C () C:\Program Files (x86)\Common Files\WPVersion.txt
2015-03-12 21:46 - 2015-03-12 21:46 - 0000093 ____C () C:\Users\Jon\AppData\Roaming\ARCompanion.log
2016-02-26 04:19 - 2016-02-26 04:19 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-02-26 04:13

==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 satchfan

satchfan

  • Malware Response Team
  • 2,669 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:01:50 PM

Posted 26 February 2016 - 05:46 PM

Hello jedwa20th and welcome to Bleeping Computer.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Note: Please run these in the order given in the instructions.

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.


  • run AdwCleaner
  • when it has finished, select Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Download and run Junkware Removal Tool

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.

===================================================

Run Farbar Recovery Scan Tool

Please run FRST again and post the new log.

Logs to include with next post:

AdwCleaner log
JRT.txt
New Frst.txt


Thanks

Satchfan


Edited by satchfan, 26 February 2016 - 05:46 PM.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#3 jedwa20th

jedwa20th
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:50 PM

Posted 26 February 2016 - 06:10 PM

Thanks satchfan. I have followed the instructions. Please see attached logs.

Attached Files



#4 satchfan

satchfan

  • Malware Response Team
  • 2,669 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:01:50 PM

Posted 28 February 2016 - 03:35 AM

Apologies for the delay but I missed or didn't get your reply.

 

I am looking at your logs now and will reply shortly.

 

Satchfan


Edited by satchfan, 28 February 2016 - 05:14 AM.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#5 satchfan

satchfan

  • Malware Response Team
  • 2,669 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:01:50 PM

Posted 28 February 2016 - 06:29 AM

You need to move Farbar Recovery Scan Tool to your desktop otherwise fixes will not work.

  • go to your Downloads folder and locate Farbar Recovery Scan Tool
  • right click and select Cut
  • go to an empty spot on your desktop, right click and select Paste

Farbar Recovery Scan Tool should now be on your desktop.

================================================

Run Farbar Recovery Scan Tool

Open notepad. Please copy the contents of the code box below and paste it into Notepad.


ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
Tcpip\..\Interfaces\{9a855f79-22b2-451a-a852-edf15a35eb45}: [DhcpNameServer] 82.163.143.171
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120819210454.dll => No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120819210454.dll => No File
Toolbar: HKU\S-1-5-21-3319042926-2513336005-101065848-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-3319042926-2513336005-101065848-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore => not found
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Native Client) - C:\Users\Jon\AppData\Local\Google\Chrome\Application\48.0.2564.116\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Jon\AppData\Local\Google\Chrome\Application\48.0.2564.116\pdf.dll => No File
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.600.19) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll => No File
CHR Plugin: (Java(TM) Platform SE 7 U60) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll => No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll => No File
CHR Plugin: (Google Update) - C:\Users\Jon\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll => No File
CustomCLSID: HKU\S-1-5-21-3319042926-2513336005-101065848-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Jon\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3319042926-2513336005-101065848-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Jon\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3319042926-2513336005-101065848-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Jon\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3319042926-2513336005-101065848-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Jon\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3319042926-2513336005-101065848-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Jon\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3319042926-2513336005-101065848-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Jon\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3319042926-2513336005-101065848-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Jon\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3319042926-2513336005-101065848-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Jon\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3319042926-2513336005-101065848-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Jon\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3319042926-2513336005-101065848-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Jon\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3319042926-2513336005-101065848-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Jon\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
Task: {0972B2EC-0E4D-4958-A8E1-84A772926DC6} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {0E733FC9-6F4B-42F3-ADB8-C44B34BC5E33} - \Microsoft\Windows\Setup\GWXTriggers\Logon-URT -> No File <==== ATTENTION
Task: {2252BB50-3EC3-4650-86D4-954876973045} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {25891945-975D-49B2-81D4-11E41672B302} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {2D4C81FA-E7A2-46CB-8FF9-3984534484C9} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe <==== ATTENTION
Task: {57CBA0FC-4091-4CE8-AFA8-BC2DAAC47C2E} - System32\Tasks\{B315E72F-65A7-5426-82C9-01AFAC4FB317} => powershell.exe -windowstyle hidden -noninteractive -ExecutionPolicy bypass -EncodedCommand OwA7ACAAOwA7ADsAOwAgADsAOwAgADsAIAAgACAAOwA7ADsAOwA7ADsAIAAgACAAIAA7ACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAPQAiAHMAdABvAHAAIgA7ACQAcwBjAD0AIgBTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACIAOwAkAFcAYQByAG4A (the data entry has 7892 more characters).
Task: {60B95769-1E5A-4050-8667-0E46467ED488} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {6141F8A0-E762-4249-ADD5-D71ABA090196} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {6B7CE0F8-B49F-4843-A9A2-1DBA2D246DCA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {9429919C-2FD6-4736-8EC1-9132397A3D18} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {AA392F07-65C2-480F-B758-292F0ECB51C6} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe <==== ATTENTION
Task: {C31C01DF-227E-468B-BEAD-2D7DC599B0EA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {D0BEBB71-39AD-49A6-AAA7-A2AE126D25E4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {D5C7FA2A-3032-4080-A393-9E2F0E28233C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {D8272D40-5016-458A-AC60-7D0AB39D3536} - System32\Tasks\{2E233D8D-C5A0-65C5-0130-EF41D406050F} => powershell.exe -windowstyle hidden -noninteractive -ExecutionPolicy bypass -EncodedCommand IAAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AIgBzAHQAbwBwACIAOwAkAHMAYwA9ACIAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQAiADsAJABXAGEAcgBuAGkAbgBnAFAAcgBlAGYAZQByAGUAbgBjAGUAPQAkAHMAYwA7ACQAUAByAG8AZwByAGUA (the data entry has 7892 more characters).
Task: {DE86CF4A-71CF-4912-AC8B-E48DCE3D708E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {EBADBD73-1447-4C40-B7D1-8BB53942E425} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {FF2F60D3-1EBC-4F4C-AFD6-1A143096FB66} - System32\Tasks\{3CAB4C15-F9B0-1122-15D1-390012F53D22} => /s /n /i:"/rt" "C:\PROGRA~3\b7e571f\3f946b80.dll"
C:\Program Files (x86)\Pro PC Cleaner
CMD: ipconfig /flushdns
EmptyTemp:

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST64 then click Fix just once and wait
  • it will create a log on your desktop, (Fixlog.txt); please post it to your reply.

================================================

Download Malwarebytes-Anti-Malware

Click here.
 

  • double-click mbam-setup.exe and follow the prompts to install the program – (Note: Vista & 7 & 10 users, please right-click and select “Run as Administrator”)
  • select the “Scan” tab at the top
  • there are three scan types; choose Threat Scan, then click on Scan
  • when the scan is complete, if no malicious items are found you can close the program
  • if malicious items are found be sure that everything is checked and click Quarantine
  • when removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • the log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • copy and paste the contents of that report in your next reply and exit MBAM.

NOTE: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Logs to include with next post:

Fixlog.txt
Mbam.txt


Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#6 jedwa20th

jedwa20th
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:50 PM

Posted 01 March 2016 - 06:10 PM

Thanks again Satchfan - really appreciate the help. 

 

I moved FRST to my desktop, and then ran the tools you suggested. Please find attached the requested logs.

Attached Files



#7 satchfan

satchfan

  • Malware Response Team
  • 2,669 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:01:50 PM

Posted 01 March 2016 - 06:49 PM

I’d like to run one more before we do an online scan to be sure it’s all gone.

Download zoek.exe to your Desktop:

Important: Disable your AntiVirus and AntiSpyware programs, so they do not interfere with the running of Zoek.exe. You can find instructions how to disable your security applications here
 

  • on Windows Vista, 7/8/10, right-click Zoek.exe and select: Run as Administrator
  • give it a few seconds to appear
  • copy/paste the entire script inside the codebox below into the input field of Zoek:
    createsrpoint;
    firefoxlook;
    chromelook;  
    autoclean;
    emptyalltemp;
    ipconfig /flushdns;b
    close any open programs.
  • click the Run script button, and wait. It takes a few minutes to run.
  • when the tool finishes, the zoek-results.log is opened in Notepad: the log can also be found on the systemdrive, normally C:\
  • if a reboot is needed, the log will be opened after the reboot.

Please post the results.

 

Thanks

 

Satchfan
 


Edited by satchfan, 01 March 2016 - 06:51 PM.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#8 satchfan

satchfan

  • Malware Response Team
  • 2,669 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:01:50 PM

Posted 05 March 2016 - 08:18 AM

Hi jedwa20th

It has been several days since I sent my last set of instructions to help with your computer problem.

Please let me know if you still need help. If I do not hear from you within 24 hours I'll assume that all is now OK and close this topic.

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#9 jedwa20th

jedwa20th
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:50 PM

Posted 05 March 2016 - 11:07 AM

Hi Satchfan - very sorry for the delay. I never received an email about your previous response for some reason.

 

I have run Zoek now and have attached the results.

 

Thanks again,

Jon

Attached Files



#10 satchfan

satchfan

  • Malware Response Team
  • 2,669 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:01:50 PM

Posted 05 March 2016 - 01:14 PM

I also didn't receive a reply a couple of weeks ago and the poor person I was helping thought I'd deserted them. Don't know why that happens sometimes.

 

Zoek did its job.

 

Let’s run an online scan to be sure nothing is left and if that’s clear I’ll send instructions to tidy up.

Run ESET Online Scan

Note: This may take a long time so please be patient.

IMPORTANT Please make sure you uncheck the box next to Remove found threats. Eset will detect anything that looks even slightly suspicious, which could include legitimate program files. If you do not uncheck the box, Eset will automatically remove all suspicious files which could leave some of your software inoperable.

Note: You can use Internet Explorer, FireFox or  Chrome for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.

ESET OnlineScan

  • click the Run Eset online Scanner button
  • for alternate browsers only: (Microsoft Internet Explorer users can skip these steps)


    o    click on esetinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    o    double click on the Eset installer icon on your desktop.
     

  • check Yes, I accept the Terms of Use
  • click the Start button
  • accept any security warnings from your browser
  • check Enable detection of potentially unwanted applications
  • click Advanced settings and select the following:


    o    scan archives
    o    scan for potentially unsafe applications
    o    enable Anti-Stealth technology


    Note: Do not check Remove found threats
     

  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • when the scan completes, push List of found threats
  • push Export to Text file and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.


    Note - if ESET doesn't find any threats, no report will be created.
     

  • push the back button.
  • push Finish

When the scan is complete:

If no threats were found:


o    put a checkmark in "Uninstall application on close"
o    close program
o    report to me that nothing was found.
 

If threats were found:


o    click on "list of threats found"
o    click on "export to text file" and save it as ESET results and save to the desktop
o    click on back
o    put a checkmark in "Uninstall application on close"
o    click on finish
o    close program
o    copy and paste the report here.
 

Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#11 jedwa20th

jedwa20th
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:50 PM

Posted 06 March 2016 - 12:19 PM

Hi Satchfan - please find attached ESET results. Thanks again for your help!!

 

Jon

Attached Files



#12 satchfan

satchfan

  • Malware Response Team
  • 2,669 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:01:50 PM

Posted 06 March 2016 - 12:57 PM

Some of your backups are infected and need to be removed. The rest of what was found will be deleted when we tidy up.

Please copy all text in the code box below and paste it into Notepad:
 

@echo off
del /f /s /q "C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome\utorrentbar.jar
del /f /s /q "C:\Users\Jon\Downloads\CuteWriter.exe”
del /f /s /q "D:\JON-PC\Backup Set 2016-01-05 214820\Backup Files 2016-01-05 214820\Backup files 3.zip”
del /f /s /q "D:\JON-PC\Backup Set 2016-01-05 214820\Backup Files 2016-01-05 214820\Backup files 7.zip”
del /f /s /q "D:\JON-PC\Backup Set 2016-01-05 214820\Backup Files 2016-01-05 214820\Backup files 8.zip”
del /f /s /q "D:\JON-PC\Backup Set 2016-01-24 211142\Backup Files 2016-01-31 203555\Backup files 1.zip”
del /f /s /q "D:\JON-PC\Backup Set 2016-01-24 211142\Backup Files 2016-01-31 203555\Backup files 7.zip”
del /f /s /q "D:\JON-PC\Backup Set 2016-01-24 211142\Backup Files 2016-01-31 203555\Backup files 8.zip“
del %0
  • save the Notepad file to your desktop and name it delfiles.bat
  • save type as "All Files"
  • on your desktop, double-click on delfiles.bat to run it, (a black CMD window will flash, then disappear - this is normal).

The files/folders, if found, will have been deleted and the "delfile.bat" file will also be deleted.

Can you tell me if you’re OK to tidy up and if so, I’ll send instructions later.

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#13 jedwa20th

jedwa20th
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:50 PM

Posted 06 March 2016 - 01:59 PM

Yes sure, I'm happy to do the tidy up. I ran your script which seemed to run successfully.

 

Many thanks,

Jon



#14 satchfan

satchfan

  • Malware Response Team
  • 2,669 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:01:50 PM

Posted 06 March 2016 - 06:18 PM

Glad all is now good.

 

11:15 pm here now so will send instructions tomorrow to clean up.

 

Nina


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#15 satchfan

satchfan

  • Malware Response Team
  • 2,669 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:01:50 PM

Posted 08 March 2016 - 03:36 AM

Apologies for the delay.


Now that you’re free from malware, as long as your computer seems to be running well, please follow these simple steps to tidy up you computer and decrease the likelihood of getting infected again:

Uninstall AdwCleaner

  • double click on adwcleaner.exe to run the tool
  • click on Uninstall
  • confirm with Yes.

===================================================

Download & run Delfix

  • download Delfix from here to remove many of the tools we've used during the cleaning process.
  • ensure “Remove disinfection tools” is checked.

Also place a checkmark next to:


o    Create registry backup
o    Purge system restore


  • click the Run button.

You can delete all other logs and programs we’ve used that are on your desktop. Just click on them and press Delete.

===================================================

Update installed programs

Your version of Java is out-of-date and need to be removed and updated.

Having the latest updates and removing old versions ensures there are no security vulnerabilities in your system.

Uninstall Java 8 Update 31

NEXT

Install the latest version of Java:

Java

NOTE – when you install Java, before clicking on Install, be sure to Uncheck “Install the Ask Toolbar and make Ask my default search provider”

Java.gif

Even though I just had you get the latest version of Java, there is a vulnerability with regards to Java and web browsers. Therefore, we recommend to disable java in web browsers.

More information can be found here.

===================================================

Recommended programs

SpywareBlaster. SpywareBlaster protects against bad ActiveX, it immunizes your PC against them. It blocks over 11,000 bad sites and uses no resources of your computer.

======================

Update and run Malwarebytes. This really is an excellent program that you should also update and run on a regular basis, probably weekly.

======================

It’s important to keep programs up to date so that malware doesn't exploit any old security flaws.

FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated.

======================

Download WOT

Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:


green if it's safe
yellow for caution
red for unsafe
 

You can download the WOT add-on for Firefox, Chrome, Internet Explorer, Opera, and Safari browsers. It does not slow down your browsing experience, it is easy to use and free. Just click “Download” and you are ready to go!

======================

MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

A couple of links with information here and here which can answer any questions you might have about installing/using it.

======================

Unchecky

Be careful when downloading free software. Many free programs come bundled with adware, many of which cause redirects/popups and verge on being malware. There is a program that automatically “unckecks” the boxes you may not notice when downloading programs.

Download and install Unchecky .

======================

Download and install CryptoPrevent

Crypto Ransomware Warning

There are particularly nasty “Ransomware” infections out there at the moment that encrypt your files and the only way possible to get them “de-crypted” is to pay a ransome. You can read more about this here.

  • download CryptoPrevent
  • save the file to your Desktop and then open the program by clicking Run when prompted from your browser or by going to the desktop where the file was saved and double-clicking.
  • accept all the defaults during the install. The last screen of the install has a checkmark in "Launch CryptoPrevent". This will launch the program once you click Finish
  • you will get a prompt asking if you purchased a Product Key for Automatic Updates. Click No
  • you will then be prompted to learn more about automatic updates or if you want to purchase a key. This is up to you but you don't have to
  • click OK to continue and select your protection level. Go ahead and click OK.
  • click the Apply button to set Default protection
  • you may get a message stating that Windows Sidebar and Desktop Gadgets are a major security vulnerability and asking you if you want to disable them. If you don't use these features, answer Yes.

You are now protected.

Note: The free version doesn't provide automatic updates but should be updated often, (at least weekly), as this infection has serious consequences. To update it manually, open the program, select the “Updates” menu then select Check for Updates to see if there are any available.

===================================================

I also recommend that you read the following:

Best Practices for Safe Computing - Prevention of Malware Infection by miekiemoes

Simple and easy ways to keep your computer safe and secure on the Internet  by Lawrence Abrams

I will keep this open for 24 hours in case you have any problems, after which I’ll close the topic.

Safe computing

Nina

 


Edited by satchfan, 08 March 2016 - 03:36 AM.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users