Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 10 - Computer Randomly Sends Item To Recycle Bin


  • Please log in to reply
14 replies to this topic

#1 rjohnson2323

rjohnson2323

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 27 February 2016 - 10:53 PM

Over the past few months, my computer has begun randomly sending items to the recycling bin.  It will also randomly ask if I want to send items to the recycle bin, and when I hit cancel, it will be keep asking me over and over whether I want to send the item to the recycle bin.  I downloaded a keyboard test and it appears my delete key is working correctly, so I am wondering if I have been infected with malware.  I have posted and attached the logs requested in the posting instructions.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-02-2016
Ran by Johnsons (administrator) on LAPTOP-P1HGSJNF (27-02-2016 21:54:53)
Running from C:\Users\Johnsons\Downloads
Loaded Profiles: Johnsons (Available Profiles: Johnsons)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA System Driver\RMService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(SweetLabs, Inc) C:\Users\Johnsons\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\System Setting\TCrdMain_Win8.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe
(Nico Mak Computing) C:\Program Files\WinZip\FAH\FAHWindow64.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSYNC.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe
(Apple Inc.) C:\Program Files\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [180016 2015-06-08] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\Toshiba\System Setting\TCrdMain_Win8.exe [511280 2015-06-23] (TOSHIBA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954880 2015-11-21] (Synaptics Incorporated)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2015-03-23] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [179624 2016-02-18] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3873704 2016-02-01] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-90392143-1556726081-1778333158-1001\...\Run: [HP Deskjet 3050 J610 series (NET)] => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-90392143-1556726081-1778333158-1001\...\RunOnce: [Uninstall C:\Users\Johnsons\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Johnsons\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-09-12]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-09-12]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{7f94b650-0e16-493f-9f43-5a822e0616e4}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKU\S-1-5-21-90392143-1556726081-1778333158-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage-web.com/?s=toshibaupd&m=start
HKU\S-1-5-21-90392143-1556726081-1778333158-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba15.msn.com/?pc=TBTE
HKU\S-1-5-21-90392143-1556726081-1778333158-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://start.new.toshiba.com?cid=H15C2
HKU\S-1-5-21-90392143-1556726081-1778333158-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://homepage-web.com/?s=toshibaupd&m=start
HKU\S-1-5-21-90392143-1556726081-1778333158-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://start.new.toshiba.com?cid=H15C2
SearchScopes: HKU\S-1-5-21-90392143-1556726081-1778333158-1001 -> DefaultScope {C9DFDB89-47EB-4810-B3E0-4C31333C5AFE} URL = 
SearchScopes: HKU\S-1-5-21-90392143-1556726081-1778333158-1001 -> {C9DFDB89-47EB-4810-B3E0-4C31333C5AFE} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-02-04] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-02-04] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-04] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-04] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-04] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-04] (Microsoft Corporation)
 
FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-02-04] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-14] ()
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR DefaultSearchURL: Default -> hxxps://secure.homepage-web.com/?src=omnibox&partner=toshibaupd&q={searchTerms}
CHR DefaultSearchKeyword: Default -> homepage-web.com
CHR DefaultSuggestURL: Default -> hxxps://www.bing.com/osjson.aspx?query={searchTerms}
CHR Profile: C:\Users\Johnsons\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Johnsons\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-21]
CHR Extension: (Google Docs) - C:\Users\Johnsons\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-21]
CHR Extension: (Google Drive) - C:\Users\Johnsons\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-21]
CHR Extension: (YouTube) - C:\Users\Johnsons\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-21]
CHR Extension: (Google Search) - C:\Users\Johnsons\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-21]
CHR Extension: (Google Sheets) - C:\Users\Johnsons\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-21]
CHR Extension: (Google Docs Offline) - C:\Users\Johnsons\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Johnsons\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-21]
CHR Extension: (Gmail) - C:\Users\Johnsons\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-21]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [323152 2015-05-28] (Windows ® Win 7 DDK provider)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [604144 2016-02-01] (AVG Technologies CZ, s.r.o.)
R2 avgfws; C:\Program Files (x86)\AVG\Av\avgfws.exe [1580352 2016-02-01] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3881184 2016-02-01] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1045928 2016-02-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [561104 2016-02-01] (AVG Technologies CZ, s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2804976 2016-02-04] (Microsoft Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373824 2015-05-12] (WildTangent)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328624 2015-11-21] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [887232 2013-12-24] (Intel® Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255168 2015-11-21] (Synaptics Incorporated)
R2 TOSRMService; C:\Program Files (x86)\TOSHIBA\TOSHIBA System Driver\RMService.exe [326960 2015-06-24] (TOSHIBA)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4342936 2015-12-21] (Qualcomm Atheros Communications, Inc.)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [97208 2015-08-29] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2016-01-05] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-08] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [260528 2016-01-22] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-12-04] (AVG Technologies CZ, s.r.o.)
R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [23472 2016-01-08] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [315840 2015-12-16] (AVG Technologies CZ, s.r.o.)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [301784 2015-06-01] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [895256 2015-06-16] (Realtek                                            )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [51392 2015-11-21] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [45720 2015-06-13] (Toshiba Corporation)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-16] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-27 21:54 - 2016-02-27 21:55 - 00017021 _____ C:\Users\Johnsons\Downloads\FRST.txt
2016-02-27 21:54 - 2016-02-27 21:54 - 00000000 ____D C:\FRST
2016-02-27 21:52 - 2016-02-27 21:53 - 02371072 _____ (Farbar) C:\Users\Johnsons\Downloads\FRST64.exe
2016-02-27 21:32 - 2016-02-27 21:33 - 05657023 _____ (Swearware) C:\Users\Johnsons\Downloads\ComboFix (1).exe
2016-02-27 21:29 - 2016-02-27 21:29 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Johnsons\Downloads\SpyHunter-Installer.exe
2016-02-27 21:28 - 2016-02-27 21:28 - 05658013 _____ (Swearware) C:\Users\Johnsons\Downloads\ComboFix.exe
2016-02-27 21:17 - 2016-02-27 21:26 - 00000000 ____D C:\ProgramData\PassMark
2016-02-27 21:15 - 2016-02-27 21:16 - 02626544 _____ (PassMark Software ) C:\Users\Johnsons\Downloads\keytest_x64.exe
2016-02-27 14:20 - 2016-02-27 14:20 - 00000000 ___HD C:\OneDriveTemp
2016-02-21 17:24 - 2016-02-21 17:24 - 00010002 _____ C:\Users\Johnsons\Documents\Packing List.odt
2016-02-19 21:43 - 2016-02-19 21:43 - 00015366 _____ C:\Users\Johnsons\Downloads\Substitute Schedule D1_FTJ.pdf
2016-02-15 22:01 - 2016-02-15 22:01 - 00566997 _____ C:\Users\Johnsons\Downloads\2015 TAX RETURN - JOHN PETERSON.PDF
2016-02-11 12:36 - 2016-02-11 16:58 - 00017444 _____ C:\Users\Johnsons\Desktop\Kelsey science fair details.odt
2016-02-11 12:18 - 2016-02-15 18:16 - 00020116 _____ C:\Users\Johnsons\Desktop\Kelsey science fair overview.odt
2016-02-09 17:37 - 2016-01-27 00:56 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-02-09 17:37 - 2016-01-27 00:55 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-02-09 17:37 - 2016-01-27 00:45 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-02-09 17:37 - 2016-01-27 00:45 - 06605544 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-02-09 17:37 - 2016-01-27 00:37 - 01998176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-02-09 17:37 - 2016-01-27 00:10 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-02-09 17:37 - 2016-01-27 00:05 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-02-09 17:37 - 2016-01-27 00:05 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-02-09 17:37 - 2016-01-27 00:04 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-02-09 17:37 - 2016-01-26 23:58 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-02-09 17:37 - 2016-01-26 23:55 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-02-09 17:37 - 2016-01-26 23:54 - 24603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-02-09 17:37 - 2016-01-26 23:48 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-02-09 17:37 - 2016-01-26 23:41 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-02-09 17:36 - 2016-01-29 01:57 - 04502352 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-02-09 17:36 - 2016-01-29 01:33 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-02-09 17:36 - 2016-01-27 01:15 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-02-09 17:36 - 2016-01-27 01:15 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-02-09 17:36 - 2016-01-27 01:01 - 07476064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-02-09 17:36 - 2016-01-27 01:01 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-02-09 17:36 - 2016-01-27 01:01 - 01819720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-02-09 17:36 - 2016-01-27 00:59 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-02-09 17:36 - 2016-01-27 00:57 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-02-09 17:36 - 2016-01-27 00:57 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-02-09 17:36 - 2016-01-27 00:57 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-02-09 17:36 - 2016-01-27 00:55 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe
2016-02-09 17:36 - 2016-01-27 00:54 - 00295264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-02-09 17:36 - 2016-01-27 00:46 - 02606824 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-02-09 17:36 - 2016-01-27 00:46 - 01270072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-02-09 17:36 - 2016-01-27 00:44 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-02-09 17:36 - 2016-01-27 00:44 - 00085320 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
2016-02-09 17:36 - 2016-01-27 00:43 - 00359776 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-02-09 17:36 - 2016-01-27 00:37 - 00576352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-02-09 17:36 - 2016-01-27 00:21 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-02-09 17:36 - 2016-01-27 00:15 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll
2016-02-09 17:36 - 2016-01-27 00:13 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-02-09 17:36 - 2016-01-27 00:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-02-09 17:36 - 2016-01-27 00:11 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-02-09 17:36 - 2016-01-27 00:10 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-02-09 17:36 - 2016-01-27 00:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-02-09 17:36 - 2016-01-27 00:08 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
2016-02-09 17:36 - 2016-01-27 00:07 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassam.dll
2016-02-09 17:36 - 2016-01-27 00:05 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-02-09 17:36 - 2016-01-27 00:05 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-02-09 17:36 - 2016-01-27 00:04 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-02-09 17:36 - 2016-01-27 00:03 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-02-09 17:36 - 2016-01-27 00:02 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-02-09 17:36 - 2016-01-27 00:01 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-02-09 17:36 - 2016-01-26 23:59 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll
2016-02-09 17:36 - 2016-01-26 23:57 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-02-09 17:36 - 2016-01-26 23:55 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-02-09 17:36 - 2016-01-26 23:52 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-02-09 17:36 - 2016-01-26 23:50 - 02230784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-02-09 17:36 - 2016-01-26 23:50 - 01504768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-02-09 17:36 - 2016-01-26 23:50 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-02-09 17:36 - 2016-01-26 23:49 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-02-09 17:36 - 2016-01-26 23:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll
2016-02-09 17:36 - 2016-01-26 23:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-02-09 17:36 - 2016-01-26 23:39 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-02-09 17:36 - 2016-01-26 23:38 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-02-09 17:36 - 2016-01-26 23:38 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-02-09 17:36 - 2016-01-26 23:37 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-02-09 17:36 - 2016-01-26 23:36 - 02757120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-02-09 17:36 - 2016-01-26 23:32 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-02-09 17:36 - 2016-01-26 23:31 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll
2016-01-28 10:04 - 2016-01-16 01:23 - 08728920 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-01-28 10:04 - 2016-01-16 01:20 - 06971752 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-01-28 10:04 - 2016-01-16 00:45 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-01-28 10:04 - 2016-01-16 00:38 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-01-28 10:04 - 2016-01-16 00:35 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-01-28 10:04 - 2016-01-16 00:21 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-01-28 10:04 - 2016-01-16 00:17 - 05503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-01-28 10:03 - 2016-01-16 01:37 - 00202472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-01-28 10:03 - 2016-01-16 01:36 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-28 10:03 - 2016-01-16 01:36 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-28 10:03 - 2016-01-16 01:34 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-28 10:03 - 2016-01-16 01:24 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2016-01-28 10:03 - 2016-01-16 01:23 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-28 10:03 - 2016-01-16 01:23 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-28 10:03 - 2016-01-16 01:23 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-01-28 10:03 - 2016-01-16 01:23 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-01-28 10:03 - 2016-01-16 01:23 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-01-28 10:03 - 2016-01-16 01:21 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2016-01-28 10:03 - 2016-01-16 01:20 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-28 10:03 - 2016-01-16 01:20 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2016-01-28 10:03 - 2016-01-16 01:20 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-01-28 10:03 - 2016-01-16 01:19 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-28 10:03 - 2016-01-16 01:19 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-01-28 10:03 - 2016-01-16 01:12 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-01-28 10:03 - 2016-01-16 01:09 - 01089880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-01-28 10:03 - 2016-01-16 01:08 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-01-28 10:03 - 2016-01-16 01:08 - 00440152 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-01-28 10:03 - 2016-01-16 00:46 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-01-28 10:03 - 2016-01-16 00:44 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-01-28 10:03 - 2016-01-16 00:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
2016-01-28 10:03 - 2016-01-16 00:44 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2016-01-28 10:03 - 2016-01-16 00:43 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
2016-01-28 10:03 - 2016-01-16 00:42 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-01-28 10:03 - 2016-01-16 00:42 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll
2016-01-28 10:03 - 2016-01-16 00:41 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-01-28 10:03 - 2016-01-16 00:40 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2016-01-28 10:03 - 2016-01-16 00:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2016-01-28 10:03 - 2016-01-16 00:40 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
2016-01-28 10:03 - 2016-01-16 00:39 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2016-01-28 10:03 - 2016-01-16 00:38 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-01-28 10:03 - 2016-01-16 00:38 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll
2016-01-28 10:03 - 2016-01-16 00:38 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll
2016-01-28 10:03 - 2016-01-16 00:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-01-28 10:03 - 2016-01-16 00:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-01-28 10:03 - 2016-01-16 00:37 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-01-28 10:03 - 2016-01-16 00:37 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-01-28 10:03 - 2016-01-16 00:36 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-01-28 10:03 - 2016-01-16 00:36 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
2016-01-28 10:03 - 2016-01-16 00:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-01-28 10:03 - 2016-01-16 00:36 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll
2016-01-28 10:03 - 2016-01-16 00:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2016-01-28 10:03 - 2016-01-16 00:35 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-01-28 10:03 - 2016-01-16 00:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll
2016-01-28 10:03 - 2016-01-16 00:34 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-01-28 10:03 - 2016-01-16 00:34 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-01-28 10:03 - 2016-01-16 00:34 - 00477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2016-01-28 10:03 - 2016-01-16 00:34 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-01-28 10:03 - 2016-01-16 00:34 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
2016-01-28 10:03 - 2016-01-16 00:33 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2016-01-28 10:03 - 2016-01-16 00:33 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2016-01-28 10:03 - 2016-01-16 00:33 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-01-28 10:03 - 2016-01-16 00:32 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2016-01-28 10:03 - 2016-01-16 00:32 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2016-01-28 10:03 - 2016-01-16 00:31 - 00851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-01-28 10:03 - 2016-01-16 00:31 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-01-28 10:03 - 2016-01-16 00:31 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-01-28 10:03 - 2016-01-16 00:31 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-01-28 10:03 - 2016-01-16 00:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe
2016-01-28 10:03 - 2016-01-16 00:30 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-01-28 10:03 - 2016-01-16 00:30 - 01053696 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-01-28 10:03 - 2016-01-16 00:30 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-01-28 10:03 - 2016-01-16 00:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll
2016-01-28 10:03 - 2016-01-16 00:30 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbio.dll
2016-01-28 10:03 - 2016-01-16 00:29 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-01-28 10:03 - 2016-01-16 00:29 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-01-28 10:03 - 2016-01-16 00:28 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-01-28 10:03 - 2016-01-16 00:28 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-01-28 10:03 - 2016-01-16 00:28 - 00884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2016-01-28 10:03 - 2016-01-16 00:28 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll
2016-01-28 10:03 - 2016-01-16 00:27 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-01-28 10:03 - 2016-01-16 00:26 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-01-28 10:03 - 2016-01-16 00:26 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-01-28 10:03 - 2016-01-16 00:26 - 00260608 _____ C:\WINDOWS\system32\MTFServer.dll
2016-01-28 10:03 - 2016-01-16 00:26 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-01-28 10:03 - 2016-01-16 00:25 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2016-01-28 10:03 - 2016-01-16 00:25 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-01-28 10:03 - 2016-01-16 00:25 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-01-28 10:03 - 2016-01-16 00:24 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-01-28 10:03 - 2016-01-16 00:24 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-01-28 10:03 - 2016-01-16 00:24 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-01-28 10:03 - 2016-01-16 00:24 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-01-28 10:03 - 2016-01-16 00:23 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-01-28 10:03 - 2016-01-16 00:23 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-01-28 10:03 - 2016-01-16 00:20 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-01-28 10:03 - 2016-01-16 00:20 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-01-28 10:03 - 2016-01-16 00:20 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-01-28 10:03 - 2016-01-16 00:20 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2016-01-28 10:03 - 2016-01-16 00:19 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-01-28 10:03 - 2016-01-16 00:19 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-01-28 10:03 - 2016-01-16 00:19 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-01-28 10:03 - 2016-01-16 00:19 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-01-28 10:03 - 2016-01-16 00:18 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-28 10:03 - 2016-01-16 00:16 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-01-28 10:03 - 2016-01-16 00:16 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-28 10:03 - 2016-01-16 00:15 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-01-28 10:03 - 2016-01-16 00:14 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-01-28 10:03 - 2016-01-16 00:14 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-01-28 10:03 - 2016-01-16 00:11 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-27 21:26 - 2015-12-22 14:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-02-27 21:24 - 2015-09-12 02:25 - 00000000 ____D C:\ProgramData\Temp
2016-02-27 21:14 - 2015-12-21 13:04 - 00000938 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-27 21:07 - 2015-12-21 13:01 - 00000000 ____D C:\ProgramData\MFAData
2016-02-27 20:24 - 2015-11-21 19:42 - 00004170 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7806169F-77C2-4C59-B313-3F0298853F03}
2016-02-27 19:00 - 2015-11-21 12:53 - 00000000 ____D C:\Users\Johnsons\AppData\Local\Host App Service
2016-02-27 17:14 - 2015-12-21 13:04 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-27 14:23 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-27 14:20 - 2015-11-21 12:58 - 00000000 ___RD C:\Users\Johnsons\OneDrive
2016-02-27 14:19 - 2015-12-29 04:40 - 00000000 ____D C:\Users\Johnsons
2016-02-27 14:19 - 2015-11-21 12:53 - 00000000 __SHD C:\Users\Johnsons\IntelGraphicsProfiles
2016-02-26 22:00 - 2015-12-11 11:23 - 00002242 ____H C:\Users\Johnsons\Documents\Default.rdp
2016-02-26 21:06 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2016-02-26 08:52 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-24 21:14 - 2015-12-21 13:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-02-24 21:14 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
2016-02-24 21:09 - 2015-12-21 12:54 - 00000000 ____D C:\Users\Johnsons\AppData\Local\AvgSetupLog
2016-02-23 16:25 - 2015-10-30 02:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-02-23 16:19 - 2015-09-12 02:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-02-21 17:25 - 2015-11-21 20:30 - 00000000 ____D C:\Users\Johnsons\Documents\Tax returns
2016-02-21 16:53 - 2015-10-30 01:28 - 00008192 ___SH C:\WINDOWS\system32\config\ELAM
2016-02-19 21:16 - 2015-12-21 13:09 - 00002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-19 21:16 - 2015-12-21 13:09 - 00002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-19 20:49 - 2015-11-21 19:34 - 00000000 ____D C:\Users\Johnsons\Documents\Prior Hard Drive
2016-02-18 21:36 - 2015-12-21 13:00 - 00000882 _____ C:\Users\Public\Desktop\AVG.lnk
2016-02-18 21:36 - 2015-12-21 13:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-02-14 16:06 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\rescache
2016-02-13 09:27 - 2015-12-29 05:05 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-13 09:26 - 2015-10-30 01:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-02-13 09:22 - 2015-09-12 01:50 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-02-12 19:07 - 2015-10-30 02:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-02-12 19:01 - 2015-10-30 04:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-11 17:19 - 2015-11-21 12:58 - 00002383 _____ C:\Users\Johnsons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-02-11 16:51 - 2015-11-22 18:28 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-11 16:42 - 2015-11-22 18:28 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-10 13:13 - 2015-11-21 20:30 - 00000000 ____D C:\Users\Johnsons\Documents\Jennys docs
2016-02-09 20:04 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-08 10:08 - 2015-09-12 01:49 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-07 15:25 - 2015-11-21 12:53 - 00000000 ____D C:\Users\Johnsons\AppData\Local\Packages
2016-02-03 14:01 - 2015-10-30 02:26 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-02-03 14:01 - 2015-10-30 02:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-01 17:09 - 2015-12-21 13:04 - 00003996 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-01 17:09 - 2015-12-21 13:04 - 00003764 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-01-31 20:10 - 2015-12-29 07:22 - 00000000 ____D C:\Windows.old
2016-01-31 19:00 - 2015-11-21 20:30 - 00000000 ____D C:\Users\Johnsons\Documents\Misc Documents
2016-01-29 18:02 - 2015-10-30 02:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-01-29 18:02 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-01-29 18:02 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-01-29 18:02 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-01-29 18:02 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-01-29 18:02 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-29 18:02 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\bcastdvr
 
==================== Files in the root of some directories =======
 
2015-12-25 20:06 - 2015-12-25 20:06 - 0004608 _____ () C:\Users\Johnsons\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-12-08 19:42 - 2015-12-08 19:42 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-12-29 04:35 - 2015-12-29 04:35 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\Johnsons\AppData\Local\Temp\avguirn_081672185702.exe
C:\Users\Johnsons\AppData\Local\Temp\avguirn_08762027363.exe
C:\Users\Johnsons\AppData\Local\Temp\COMAP.EXE
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-02-21 14:00
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,575 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:44 PM

Posted 28 February 2016 - 10:15 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to the a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(SweetLabs, Inc) C:\Users\Johnsons\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-90392143-1556726081-1778333158-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage-web.com/?s=toshibaupd&m=start
HKU\S-1-5-21-90392143-1556726081-1778333158-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://homepage-web.com/?s=toshibaupd&m=start
CHR DefaultSearchURL: Default -> hxxps://secure.homepage-web.com/?src=omnibox&partner=toshibaupd&q={searchTerms}
CHR DefaultSearchKeyword: Default -> homepage-web.com
AlternateDataStreams: C:\ProgramData\Temp:BC359956
C:\Users\Johnsons\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

===

There could be some remnant items.

Run an online scan with Eset (easiest with Internet Explorer): http://www.eset.com/onlinescan/
To shorten the scanning time disable your antivirus program while scanning.

Select Enable detection of potentially unwanted applications.
Click Advanced Settings.

Select:
Scan Archives
Scan for potentially unsafe applications
Enable Anti-Stealth Technology


Click Start.

When the scan is finished, click on List of found threats and then Export to text file. Copy the content of the text file and paste its content in your reply.

This may take awhile, run it when you know you will not need the computer for an hour or two.
Clean everything that will be found.
<<<>>


Please let me know what problem persists with this computer.

#3 rjohnson2323

rjohnson2323
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 02 March 2016 - 10:02 PM

It's only been one day since I ran these items, but so far I have not been experiencing the problems I was having.  Eset found one item which I cleaned:
 
C:\Windows\Installer\1598d.msi a variant of Win32/Systweak.L potentially unwanted application
 
Thank you for your help with this.  Please let me know if I need to do something else after looking at the items you asked me to post.  The following is the fixlog you asked me to post:
 
Fix result of Farbar Recovery Scan Tool (x64) Version:27-02-2016
Ran by Johnsons (2016-02-28 21:15:53) Run:1
Running from C:\Users\Johnsons\Downloads
Loaded Profiles: Johnsons (Available Profiles: Johnsons)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
(SweetLabs, Inc) C:\Users\Johnsons\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-90392143-1556726081-1778333158-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage-web.com/?s=toshibaupd&m=start
HKU\S-1-5-21-90392143-1556726081-1778333158-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://homepage-web.com/?s=toshibaupd&m=start
CHR DefaultSearchURL: Default -> hxxps://secure.homepage-web.com/?src=omnibox&partner=toshibaupd&q={searchTerms}
CHR DefaultSearchKeyword: Default -> homepage-web.com
AlternateDataStreams: C:\ProgramData\Temp:BC359956
C:\Users\Johnsons\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Users\Johnsons\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-90392143-1556726081-1778333158-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-90392143-1556726081-1778333158-1001\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => value removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
C:\ProgramData\Temp => ":BC359956" ADS removed successfully.
C:\Users\Johnsons\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe => moved successfully
EmptyTemp: => 1.2 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 21:20:19 ====
 
Fix result of Farbar Recovery Scan Tool (x64) Version:27-02-2016
Ran by Johnsons (2016-02-28 21:15:53) Run:1
Running from C:\Users\Johnsons\Downloads
Loaded Profiles: Johnsons (Available Profiles: Johnsons)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
(SweetLabs, Inc) C:\Users\Johnsons\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-90392143-1556726081-1778333158-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage-web.com/?s=toshibaupd&m=start
HKU\S-1-5-21-90392143-1556726081-1778333158-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://homepage-web.com/?s=toshibaupd&m=start
CHR DefaultSearchURL: Default -> hxxps://secure.homepage-web.com/?src=omnibox&partner=toshibaupd&q={searchTerms}
CHR DefaultSearchKeyword: Default -> homepage-web.com
AlternateDataStreams: C:\ProgramData\Temp:BC359956
C:\Users\Johnsons\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Users\Johnsons\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-90392143-1556726081-1778333158-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-90392143-1556726081-1778333158-1001\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => value removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
C:\ProgramData\Temp => ":BC359956" ADS removed successfully.
C:\Users\Johnsons\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe => moved successfully
EmptyTemp: => 1.2 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 21:20:19 ====


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,575 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:44 PM

Posted 03 March 2016 - 09:16 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,575 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:44 PM

Posted 09 March 2016 - 09:51 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,575 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:44 PM

Posted 20 April 2016 - 07:17 AM

Re opened at the request of the owner.

Please run the Farbar tool and post the logs.
To create a new Addition.txt file please make sure the box to create a file is checked.

#7 rjohnson2323

rjohnson2323
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 20 April 2016 - 10:15 AM

Thank you for re-opening the topic.  My Additon.txt file is attached.  My FRST log is posted below:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-02-2016
Ran by Johnsons (administrator) on LAPTOP-P1HGSJNF (20-04-2016 11:03:21)
Running from C:\Users\Johnsons\Desktop
Loaded Profiles: Johnsons (Available Profiles: Johnsons)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA System Driver\RMService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\System Setting\TCrdMain_Win8.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Nico Mak Computing) C:\Program Files\WinZip\FAH\FAHWindow64.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
() C:\Program Files\WindowsApps\Microsoft.CommsPhone_2.15.28004.0_x64__8wekyb3d8bbwe\CallsApp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [180016 2015-06-08] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\Toshiba\System Setting\TCrdMain_Win8.exe [511280 2015-06-24] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954880 2015-11-21] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2015-03-23] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-04-14] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3930384 2016-04-06] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-90392143-1556726081-1778333158-1001\...\Run: [HP Deskjet 3050 J610 series (NET)] => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-90392143-1556726081-1778333158-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50670720 2016-03-01] (Skype Technologies S.A.)
HKU\S-1-5-21-90392143-1556726081-1778333158-1001\...\RunOnce: [Uninstall C:\Users\Johnsons\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Johnsons\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
HKU\S-1-5-21-90392143-1556726081-1778333158-1001\...\RunOnce: [Uninstall C:\Users\Johnsons\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Johnsons\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-09-12]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-09-12]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{7f94b650-0e16-493f-9f43-5a822e0616e4}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKU\S-1-5-21-90392143-1556726081-1778333158-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba15.msn.com/?pc=TBTE
HKU\S-1-5-21-90392143-1556726081-1778333158-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://start.new.toshiba.com?cid=H15C2
HKU\S-1-5-21-90392143-1556726081-1778333158-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://start.new.toshiba.com?cid=H15C2
SearchScopes: HKU\S-1-5-21-90392143-1556726081-1778333158-1001 -> DefaultScope {C9DFDB89-47EB-4810-B3E0-4C31333C5AFE} URL = 
SearchScopes: HKU\S-1-5-21-90392143-1556726081-1778333158-1001 -> {C9DFDB89-47EB-4810-B3E0-4C31333C5AFE} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-04-03] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-04-03] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-03] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-03] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-03] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-03] (Microsoft Corporation)
 
FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-04-03] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-14] ()
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Profile: C:\Users\Johnsons\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Johnsons\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-21]
CHR Extension: (Google Docs) - C:\Users\Johnsons\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-21]
CHR Extension: (Google Drive) - C:\Users\Johnsons\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-21]
CHR Extension: (YouTube) - C:\Users\Johnsons\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-21]
CHR Extension: (Google Search) - C:\Users\Johnsons\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-21]
CHR Extension: (Google Sheets) - C:\Users\Johnsons\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-21]
CHR Extension: (Google Docs Offline) - C:\Users\Johnsons\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Johnsons\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Gmail) - C:\Users\Johnsons\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-21]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [323152 2015-05-28] (Windows ® Win 7 DDK provider)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [638456 2016-04-06] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3993088 2016-04-06] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1074448 2016-04-14] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [593880 2016-04-06] (AVG Technologies CZ, s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2838768 2016-04-03] (Microsoft Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373824 2015-05-12] (WildTangent)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328624 2015-11-21] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [887232 2013-12-24] (Intel® Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255168 2015-11-21] (Synaptics Incorporated)
R2 TOSRMService; C:\Program Files (x86)\TOSHIBA\TOSHIBA System Driver\RMService.exe [326960 2015-06-24] (TOSHIBA)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4342936 2015-12-21] (Qualcomm Atheros Communications, Inc.)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162592 2016-02-16] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [306976 2016-03-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-26] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [246560 2016-03-07] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-12-04] (AVG Technologies CZ, s.r.o.)
R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [71456 2016-03-08] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [315840 2015-12-16] (AVG Technologies CZ, s.r.o.)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [301784 2015-06-01] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [895256 2015-06-16] (Realtek                                            )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [51392 2015-11-21] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [45720 2015-06-13] (Toshiba Corporation)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-16] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-20 11:03 - 2016-04-20 11:03 - 00016339 _____ C:\Users\Johnsons\Desktop\FRST.txt
2016-04-17 18:23 - 2016-04-17 18:23 - 00000000 ___HD C:\OneDriveTemp
2016-04-13 07:27 - 2016-03-29 04:01 - 00541304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-04-13 07:27 - 2016-03-29 03:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-04-13 07:27 - 2016-03-29 03:46 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-04-13 07:27 - 2016-03-29 03:19 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-04-13 07:27 - 2016-03-29 03:15 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-04-13 07:27 - 2016-03-29 03:12 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-04-13 07:27 - 2016-03-29 03:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-04-13 07:27 - 2016-03-29 03:02 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-04-13 07:27 - 2016-03-29 02:37 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-04-13 07:27 - 2016-03-29 02:26 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-04-13 07:27 - 2016-03-29 02:05 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-04-13 07:27 - 2016-03-29 02:02 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-04-13 07:27 - 2016-03-29 01:41 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-04-13 07:27 - 2016-03-29 01:38 - 18673664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-04-13 07:27 - 2016-03-29 01:37 - 19340800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-04-13 07:26 - 2016-04-01 23:14 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-04-13 07:26 - 2016-03-29 06:20 - 07474016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-04-13 07:26 - 2016-03-29 06:20 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 07:26 - 2016-03-29 06:18 - 02152280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-04-13 07:26 - 2016-03-29 05:37 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-04-13 07:26 - 2016-03-29 04:41 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-04-13 07:26 - 2016-03-29 04:06 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-04-13 07:26 - 2016-03-29 04:02 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-04-13 07:26 - 2016-03-29 03:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-04-13 07:26 - 2016-03-29 03:36 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-04-13 07:26 - 2016-03-29 03:15 - 01714688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-04-13 07:26 - 2016-03-29 03:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-04-13 07:26 - 2016-03-29 03:07 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-04-13 07:26 - 2016-03-29 03:02 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-04-13 07:26 - 2016-03-29 03:00 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-04-13 07:26 - 2016-03-29 02:42 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-04-13 07:26 - 2016-03-29 02:37 - 01444352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-04-13 07:26 - 2016-03-29 02:37 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-04-13 07:26 - 2016-03-29 02:32 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-04-13 07:26 - 2016-03-29 02:31 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-04-13 07:26 - 2016-03-29 02:28 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-04-13 07:26 - 2016-03-29 02:27 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-04-13 07:26 - 2016-03-29 02:19 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-04-13 07:26 - 2016-03-29 02:05 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-04-13 07:26 - 2016-03-29 02:01 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-04-13 07:26 - 2016-03-29 01:56 - 16985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-04-13 07:26 - 2016-03-29 01:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-04-13 07:26 - 2016-03-29 01:51 - 22378496 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-04-13 07:26 - 2016-03-29 01:51 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-04-13 07:26 - 2016-03-29 01:43 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-04-13 07:26 - 2016-03-29 01:41 - 24602112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-04-13 07:26 - 2016-03-29 01:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-04-13 07:26 - 2016-03-29 01:27 - 07836160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-04-13 07:26 - 2016-03-29 01:27 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-04-13 07:25 - 2016-04-02 00:13 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-04-13 07:25 - 2016-04-02 00:10 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-04-13 07:25 - 2016-04-01 23:26 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-04-13 07:25 - 2016-04-01 23:21 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-04-13 07:25 - 2016-04-01 23:19 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-04-13 07:25 - 2016-04-01 23:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-04-13 07:25 - 2016-04-01 23:15 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-04-13 07:25 - 2016-04-01 23:09 - 01832448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-04-13 07:25 - 2016-04-01 23:07 - 03575296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-04-13 07:25 - 2016-04-01 23:07 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-04-13 07:25 - 2016-04-01 23:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-04-13 07:25 - 2016-03-29 06:22 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-04-13 07:25 - 2016-03-29 06:22 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-04-13 07:25 - 2016-03-29 06:20 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-04-13 07:25 - 2016-03-29 06:20 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-04-13 07:25 - 2016-03-29 06:02 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-04-13 07:25 - 2016-03-29 05:56 - 01297752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-04-13 07:25 - 2016-03-29 05:28 - 00696664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-04-13 07:25 - 2016-03-29 05:17 - 00300104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-04-13 07:25 - 2016-03-29 05:13 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-04-13 07:25 - 2016-03-29 05:11 - 00605440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-04-13 07:25 - 2016-03-29 05:08 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-04-13 07:25 - 2016-03-29 04:44 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-04-13 07:25 - 2016-03-29 04:32 - 00253088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-04-13 07:25 - 2016-03-29 04:26 - 01089888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-04-13 07:25 - 2016-03-29 04:24 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-04-13 07:25 - 2016-03-29 03:51 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2016-04-13 07:25 - 2016-03-29 03:42 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-04-13 07:25 - 2016-03-29 03:39 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-04-13 07:25 - 2016-03-29 03:38 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-04-13 07:25 - 2016-03-29 03:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-04-13 07:25 - 2016-03-29 03:34 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-04-13 07:25 - 2016-03-29 03:28 - 00460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-04-13 07:25 - 2016-03-29 03:27 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-04-13 07:25 - 2016-03-29 03:23 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-04-13 07:25 - 2016-03-29 03:23 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-04-13 07:25 - 2016-03-29 03:22 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2016-04-13 07:25 - 2016-03-29 03:20 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-04-13 07:25 - 2016-03-29 03:19 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-04-13 07:25 - 2016-03-29 03:17 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-04-13 07:25 - 2016-03-29 03:16 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-04-13 07:25 - 2016-03-29 03:16 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-04-13 07:25 - 2016-03-29 03:14 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-04-13 07:25 - 2016-03-29 03:14 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-04-13 07:25 - 2016-03-29 03:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-04-13 07:25 - 2016-03-29 03:12 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-04-13 07:25 - 2016-03-29 03:11 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-04-13 07:25 - 2016-03-29 03:10 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-04-13 07:25 - 2016-03-29 03:10 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-04-13 07:25 - 2016-03-29 03:09 - 01239552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2016-04-13 07:25 - 2016-03-29 03:07 - 01902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-04-13 07:25 - 2016-03-29 03:06 - 01575936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-04-13 07:25 - 2016-03-29 03:05 - 01395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-04-13 07:25 - 2016-03-29 03:02 - 01211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-04-13 07:25 - 2016-03-29 03:00 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-04-13 07:25 - 2016-03-29 02:59 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-04-13 07:25 - 2016-03-29 02:56 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-04-13 07:25 - 2016-03-29 02:56 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-04-13 07:25 - 2016-03-29 02:55 - 01052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2016-04-13 07:25 - 2016-03-29 02:48 - 00346624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-04-13 07:25 - 2016-03-29 02:44 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-04-13 07:25 - 2016-03-29 02:43 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AccountsRt.dll
2016-04-13 07:25 - 2016-03-29 02:42 - 01410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-04-13 07:25 - 2016-03-29 02:39 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-04-13 07:25 - 2016-03-29 02:38 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-04-13 07:25 - 2016-03-29 02:36 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-04-13 07:25 - 2016-03-29 02:35 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-04-13 07:25 - 2016-03-29 02:34 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-04-13 07:25 - 2016-03-29 02:34 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-04-13 07:25 - 2016-03-29 02:32 - 01098240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-04-13 07:25 - 2016-03-29 02:31 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-04-13 07:25 - 2016-03-29 02:30 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-04-13 07:25 - 2016-03-29 02:29 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-04-13 07:25 - 2016-03-29 02:28 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-04-13 07:25 - 2016-03-29 02:27 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-04-13 07:25 - 2016-03-29 02:27 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-04-13 07:25 - 2016-03-29 02:17 - 00765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-04-13 07:25 - 2016-03-29 02:14 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2016-04-13 07:25 - 2016-03-29 02:05 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-04-13 07:25 - 2016-03-29 02:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-04-13 07:25 - 2016-03-29 01:58 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-04-13 07:25 - 2016-03-29 01:49 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-04-13 07:25 - 2016-03-29 01:45 - 03078144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-04-13 07:25 - 2016-03-29 01:38 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-04-13 07:25 - 2016-03-29 01:36 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-04-13 07:25 - 2016-03-29 01:26 - 00958976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-04-13 07:25 - 2016-03-29 01:25 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2016-04-13 07:24 - 2016-04-02 00:10 - 00770640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2016-04-13 07:24 - 2016-04-02 00:10 - 00374008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-04-13 07:24 - 2016-04-01 23:30 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-04-13 07:24 - 2016-04-01 23:29 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-04-13 07:24 - 2016-04-01 23:29 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-04-13 07:24 - 2016-04-01 23:25 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2016-04-13 07:24 - 2016-04-01 23:25 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2016-04-13 07:24 - 2016-04-01 23:23 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-04-13 07:24 - 2016-04-01 23:23 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-04-13 07:24 - 2016-04-01 23:08 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-04-13 07:24 - 2016-04-01 23:03 - 04774912 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-04-13 07:24 - 2016-03-29 06:23 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-04-13 07:24 - 2016-03-29 06:15 - 00100232 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2016-04-13 07:24 - 2016-03-29 06:11 - 00686976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-04-13 07:24 - 2016-03-29 06:05 - 01152864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-04-13 07:24 - 2016-03-29 06:02 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-04-13 07:24 - 2016-03-29 05:28 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-04-13 07:24 - 2016-03-29 05:28 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-04-13 07:24 - 2016-03-29 05:25 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-04-13 07:24 - 2016-03-29 05:25 - 00058400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-04-13 07:24 - 2016-03-29 05:19 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-04-13 07:24 - 2016-03-29 05:18 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-04-13 07:24 - 2016-03-29 05:11 - 00074424 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2016-04-13 07:24 - 2016-03-29 05:10 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
2016-04-13 07:24 - 2016-03-29 05:09 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
2016-04-13 07:24 - 2016-03-29 05:08 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2016-04-13 07:24 - 2016-03-29 05:07 - 00081144 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
2016-04-13 07:24 - 2016-03-29 04:44 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-04-13 07:24 - 2016-03-29 04:41 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-04-13 07:24 - 2016-03-29 04:26 - 02403680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-04-13 07:24 - 2016-03-29 04:26 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll
2016-04-13 07:24 - 2016-03-29 04:25 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll
2016-04-13 07:24 - 2016-03-29 04:23 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll
2016-04-13 07:24 - 2016-03-29 04:21 - 00378208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2016-04-13 07:24 - 2016-03-29 04:17 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-04-13 07:24 - 2016-03-29 04:16 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-04-13 07:24 - 2016-03-29 04:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2016-04-13 07:24 - 2016-03-29 04:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2016-04-13 07:24 - 2016-03-29 04:07 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-04-13 07:24 - 2016-03-29 04:07 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2016-04-13 07:24 - 2016-03-29 04:07 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll
2016-04-13 07:24 - 2016-03-29 04:00 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-04-13 07:24 - 2016-03-29 04:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2016-04-13 07:24 - 2016-03-29 04:00 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-04-13 07:24 - 2016-03-29 03:59 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2016-04-13 07:24 - 2016-03-29 03:57 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-04-13 07:24 - 2016-03-29 03:57 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-04-13 07:24 - 2016-03-29 03:57 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
2016-04-13 07:24 - 2016-03-29 03:55 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-04-13 07:24 - 2016-03-29 03:55 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
2016-04-13 07:24 - 2016-03-29 03:55 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2016-04-13 07:24 - 2016-03-29 03:54 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-04-13 07:24 - 2016-03-29 03:54 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-04-13 07:24 - 2016-03-29 03:53 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2016-04-13 07:24 - 2016-03-29 03:52 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2016-04-13 07:24 - 2016-03-29 03:51 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-04-13 07:24 - 2016-03-29 03:51 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-04-13 07:24 - 2016-03-29 03:50 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-04-13 07:24 - 2016-03-29 03:50 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-04-13 07:24 - 2016-03-29 03:50 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-04-13 07:24 - 2016-03-29 03:50 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2016-04-13 07:24 - 2016-03-29 03:49 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthLEEnum.sys
2016-04-13 07:24 - 2016-03-29 03:49 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-04-13 07:24 - 2016-03-29 03:48 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2016-04-13 07:24 - 2016-03-29 03:46 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2016-04-13 07:24 - 2016-03-29 03:44 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2016-04-13 07:24 - 2016-03-29 03:36 - 00530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2016-04-13 07:24 - 2016-03-29 03:35 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2016-04-13 07:24 - 2016-03-29 03:35 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2016-04-13 07:24 - 2016-03-29 03:34 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-04-13 07:24 - 2016-03-29 03:34 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2016-04-13 07:24 - 2016-03-29 03:34 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2016-04-13 07:24 - 2016-03-29 03:33 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2016-04-13 07:24 - 2016-03-29 03:30 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-04-13 07:24 - 2016-03-29 03:30 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-04-13 07:24 - 2016-03-29 03:26 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-04-13 07:24 - 2016-03-29 03:23 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2016-04-13 07:24 - 2016-03-29 03:21 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-13 07:24 - 2016-03-29 03:20 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2016-04-13 07:24 - 2016-03-29 03:20 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsdchngr.dll
2016-04-13 07:24 - 2016-03-29 03:18 - 00676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2016-04-13 07:24 - 2016-03-29 03:17 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2016-04-13 07:24 - 2016-03-29 03:17 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-04-13 07:24 - 2016-03-29 03:11 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2016-04-13 07:24 - 2016-03-29 03:11 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-04-13 07:24 - 2016-03-29 03:11 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll
2016-04-13 07:24 - 2016-03-29 03:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2016-04-13 07:24 - 2016-03-29 03:08 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-04-13 07:24 - 2016-03-29 03:08 - 00841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-04-13 07:24 - 2016-03-29 03:06 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-04-13 07:24 - 2016-03-29 03:06 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2016-04-13 07:24 - 2016-03-29 03:04 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2016-04-13 07:24 - 2016-03-29 03:03 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-04-13 07:24 - 2016-03-29 03:00 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-04-13 07:24 - 2016-03-29 02:59 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2016-04-13 07:24 - 2016-03-29 02:53 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2016-04-13 07:24 - 2016-03-29 02:53 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2016-04-13 07:24 - 2016-03-29 02:52 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-04-13 07:24 - 2016-03-29 02:52 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2016-04-13 07:24 - 2016-03-29 02:49 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2016-04-13 07:24 - 2016-03-29 02:42 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-13 07:24 - 2016-03-29 02:41 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2016-04-13 07:24 - 2016-03-29 02:40 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2016-04-13 07:24 - 2016-03-29 02:39 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2016-04-13 07:24 - 2016-03-29 02:39 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2016-04-13 07:24 - 2016-03-29 02:36 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-04-13 07:24 - 2016-03-29 02:34 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2016-04-13 07:24 - 2016-03-29 02:32 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-04-13 07:24 - 2016-03-29 02:32 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2016-04-13 07:24 - 2016-03-29 02:32 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-04-13 07:24 - 2016-03-29 02:32 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-04-13 07:24 - 2016-03-29 02:32 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-04-13 07:24 - 2016-03-29 02:32 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2016-04-13 07:24 - 2016-03-29 02:31 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-04-13 07:24 - 2016-03-29 02:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-04-13 07:24 - 2016-03-29 02:29 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-04-13 07:24 - 2016-03-29 02:27 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-04-13 07:24 - 2016-03-29 02:23 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2016-04-13 07:24 - 2016-03-29 02:22 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-04-13 07:24 - 2016-03-29 02:13 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2016-04-13 07:24 - 2016-03-29 02:10 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-04-13 07:24 - 2016-03-29 02:06 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-04-13 07:24 - 2016-03-29 02:05 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-04-13 07:24 - 2016-03-29 02:05 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-04-13 07:24 - 2016-03-29 02:04 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-04-13 07:24 - 2016-03-29 02:04 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-04-13 07:24 - 2016-03-29 02:01 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-04-13 07:24 - 2016-03-29 02:00 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-04-13 07:24 - 2016-03-29 01:45 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2016-04-13 07:24 - 2016-03-29 01:43 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-04-13 07:24 - 2016-03-29 01:35 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2016-04-13 07:24 - 2016-03-29 01:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2016-04-13 07:24 - 2016-03-29 01:27 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-04-13 07:24 - 2016-03-29 01:26 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-04-13 07:24 - 2016-03-29 01:25 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-04-13 07:24 - 2016-03-29 01:21 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-04-13 07:23 - 2016-03-29 04:06 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacchooks.dll
2016-04-13 07:23 - 2016-03-29 03:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-04-13 07:23 - 2016-03-29 03:50 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2016-04-13 07:23 - 2016-03-29 03:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-04-13 07:23 - 2016-03-29 03:32 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-04-13 07:23 - 2016-03-29 03:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-04-13 07:23 - 2016-03-29 03:20 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2016-04-13 07:23 - 2016-03-29 03:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacchooks.dll
2016-04-13 07:23 - 2016-03-29 03:14 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-04-13 07:23 - 2016-03-29 03:11 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-04-13 07:23 - 2016-03-29 03:11 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-04-13 07:23 - 2016-03-29 03:09 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-04-13 07:23 - 2016-03-29 03:08 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-04-13 07:23 - 2016-03-29 03:05 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2016-04-13 07:23 - 2016-03-29 03:00 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-04-13 07:23 - 2016-03-29 02:59 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-04-13 07:23 - 2016-03-29 02:34 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-04-13 07:23 - 2016-03-29 02:27 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-04-10 09:23 - 2016-04-10 09:23 - 00030123 _____ C:\Users\Johnsons\Downloads\2016 03 Summary.pdf
2016-04-06 07:01 - 2016-04-06 07:01 - 03156798 _____ C:\Users\Johnsons\Desktop\calcom34.pdf
2016-04-05 21:17 - 2016-04-05 21:17 - 00000000 ____D C:\Users\Johnsons\Tracing
2016-04-05 21:12 - 2016-04-17 18:42 - 00000000 ____D C:\Users\Johnsons\AppData\Roaming\Skype
2016-04-05 21:11 - 2016-04-05 21:12 - 00000000 ____D C:\ProgramData\Skype
2016-04-05 21:11 - 2016-04-05 21:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-04-05 21:11 - 2016-04-05 21:11 - 00002640 _____ C:\Users\Public\Desktop\Skype.lnk
2016-04-05 21:11 - 2016-04-05 21:11 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-04-05 21:07 - 2016-04-05 21:08 - 01503872 _____ (Skype Technologies S.A.) C:\Users\Johnsons\Downloads\SkypeSetup.exe
2016-03-22 16:53 - 2016-03-22 16:53 - 00001833 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-03-22 16:53 - 2016-03-22 16:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-03-22 16:52 - 2016-03-22 16:53 - 00000000 ____D C:\Program Files\iTunes
2016-03-22 16:52 - 2016-03-22 16:52 - 00000000 ____D C:\Program Files\iPod
2016-03-22 16:52 - 2016-03-22 16:52 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-03-22 16:47 - 2016-03-22 16:47 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2016-03-22 16:47 - 2016-03-22 16:47 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-20 11:02 - 2016-02-27 22:54 - 00000000 ____D C:\FRST
2016-04-20 10:56 - 2016-02-27 22:54 - 00016394 _____ C:\Users\Johnsons\Downloads\FRST.txt
2016-04-20 10:44 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-20 09:14 - 2015-12-21 14:04 - 00000938 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-20 09:12 - 2015-11-21 20:42 - 00004170 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7806169F-77C2-4C59-B313-3F0298853F03}
2016-04-20 09:11 - 2015-12-21 14:01 - 00000000 ____D C:\ProgramData\MFAData
2016-04-19 17:39 - 2015-10-30 02:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-04-19 09:55 - 2015-10-30 03:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-04-19 09:52 - 2015-09-12 03:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-04-19 09:36 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-17 21:28 - 2015-12-11 12:23 - 00002242 ____H C:\Users\Johnsons\Documents\Default.rdp
2016-04-17 21:03 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2016-04-17 18:23 - 2015-12-29 05:40 - 00000000 ____D C:\Users\Johnsons
2016-04-17 18:23 - 2015-12-21 14:04 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-17 18:23 - 2015-11-21 13:58 - 00000000 ___RD C:\Users\Johnsons\OneDrive
2016-04-17 18:23 - 2015-11-21 13:53 - 00000000 __SHD C:\Users\Johnsons\IntelGraphicsProfiles
2016-04-17 17:05 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2016-04-17 17:05 - 2015-09-12 02:49 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-17 17:01 - 2015-12-29 06:05 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-17 17:00 - 2015-10-30 02:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-04-15 07:28 - 2015-12-21 14:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-04-14 07:26 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\rescache
2016-04-13 23:51 - 2015-12-29 05:30 - 00366328 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-13 23:47 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-04-13 23:47 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-04-13 23:47 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-04-13 23:47 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-04-13 08:10 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-13 08:05 - 2015-11-22 19:28 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-13 07:30 - 2015-11-22 19:28 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-12 14:38 - 2015-11-21 13:53 - 00000000 ____D C:\Users\Johnsons\AppData\Local\Packages
2016-04-08 19:19 - 2015-12-21 14:09 - 00002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-08 19:19 - 2015-12-21 14:09 - 00002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-08 07:51 - 2015-12-21 14:00 - 00000882 _____ C:\Users\Public\Desktop\AVG.lnk
2016-04-08 07:51 - 2015-12-21 14:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-04-06 14:32 - 2015-10-30 03:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-04-06 14:32 - 2015-10-30 03:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-04 13:56 - 2015-11-21 21:30 - 00000000 ____D C:\Users\Johnsons\Documents\Jennys docs
2016-04-03 19:28 - 2015-11-21 21:30 - 00000000 ____D C:\Users\Johnsons\Documents\Misc Documents
2016-03-22 16:52 - 2015-11-21 14:22 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-03-22 16:47 - 2015-11-21 14:23 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
 
==================== Files in the root of some directories =======
 
2015-12-25 21:06 - 2015-12-25 21:06 - 0004608 _____ () C:\Users\Johnsons\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-12-08 20:42 - 2015-12-08 20:42 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-12-29 05:35 - 2015-12-29 05:35 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\Johnsons\AppData\Local\Temp\avguirn_081554271719.exe
C:\Users\Johnsons\AppData\Local\Temp\avguirn_08689800260.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-04-11 07:17
 
==================== End of FRST.txt ============================

Attached Files



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,575 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:44 PM

Posted 20 April 2016 - 10:30 AM

Remove this program via the Control Panel > Programs > Programs and Features applet.
App Explorer (HKU\S-1-5-21-90392143-1556726081-1778333158-1001\...\Host App Service) (Version: 0.271.1.237 - SweetLabs)
===


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Task: {7A9E43D8-F925-41D8-8D31-9A147C1F347A} - System32\Tasks\App Explorer => C:\Users\Johnsons\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
CHR Extension: (Chrome Web Store Payments) - C:\Users\Johnsons\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]


End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.

#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,575 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:44 PM

Posted 26 April 2016 - 10:08 AM

Are you still with me?

#10 rjohnson2323

rjohnson2323
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 26 April 2016 - 09:17 PM

I wanted to make sure that several days passed with no issues before posting again.  I have not had any issues since running the fix.  Below is my Fixlog.  Let me know if I need to take any additional steps.  Thanks for your help.
 
Fix result of Farbar Recovery Scan Tool (x64) Version:27-02-2016
Ran by Johnsons (2016-04-20 13:22:04) Run:2
Running from C:\Users\Johnsons\Desktop
Loaded Profiles: Johnsons (Available Profiles: Johnsons)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
Task: {7A9E43D8-F925-41D8-8D31-9A147C1F347A} - System32\Tasks\App Explorer => C:\Users\Johnsons\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
CHR Extension: (Chrome Web Store Payments) - C:\Users\Johnsons\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
 
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A9E43D8-F925-41D8-8D31-9A147C1F347A} => key not found. 
C:\WINDOWS\System32\Tasks\App Explorer => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\App Explorer => key not found. 
C:\Users\Johnsons\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
EmptyTemp: => 1.2 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 13:24:25 ====


#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,575 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:44 PM

Posted 27 April 2016 - 07:01 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#12 rjohnson2323

rjohnson2323
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 27 April 2016 - 07:48 PM

Just when I thought my issues were gone, they returned today.  They started again when I double-clicked on iTunes.  After that, my computer tried to send everything that I double-clicked on to the recycle bin.  It would also randomly start deleting items I was typing including this post.  Do you think this issue could have something to do with Itunes.  I have posted new logs.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-02-2016
Ran by Johnsons (administrator) on LAPTOP-P1HGSJNF (27-04-2016 19:44:03)
Running from C:\Users\Johnsons\Desktop
Loaded Profiles: Johnsons (Available Profiles: Johnsons)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA System Driver\RMService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\System Setting\TCrdMain_Win8.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Nico Mak Computing) C:\Program Files\WinZip\FAH\FAHWindow64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\sdiagnhost.exe
() C:\ProgramData\Avg_Update_0516avz\AVG-Secure-Search-Update_0516avz.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
() C:\Program Files\WindowsApps\Microsoft.BingFinance_4.9.51.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Money.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [180016 2015-06-08] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\Toshiba\System Setting\TCrdMain_Win8.exe [511280 2015-06-24] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954880 2015-11-21] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2015-03-23] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-04-14] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3930384 2016-04-06] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-90392143-1556726081-1778333158-1001\...\Run: [HP Deskjet 3050 J610 series (NET)] => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-90392143-1556726081-1778333158-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50670720 2016-03-01] (Skype Technologies S.A.)
HKU\S-1-5-21-90392143-1556726081-1778333158-1001\...\RunOnce: [Uninstall C:\Users\Johnsons\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Johnsons\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
HKU\S-1-5-21-90392143-1556726081-1778333158-1001\...\RunOnce: [Uninstall C:\Users\Johnsons\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Johnsons\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-90392143-1556726081-1778333158-1001\...\RunOnce: [Uninstall C:\Users\Johnsons\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Johnsons\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-21-90392143-1556726081-1778333158-1001\...\RunOnce: [Uninstall C:\Users\Johnsons\AppData\Local\Microsoft\OneDrive\17.3.6302.0225] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Johnsons\AppData\Local\Microsoft\OneDrive\17.3.6302.0225"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-09-12]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-09-12]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{7f94b650-0e16-493f-9f43-5a822e0616e4}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKU\S-1-5-21-90392143-1556726081-1778333158-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba15.msn.com/?pc=TBTE
HKU\S-1-5-21-90392143-1556726081-1778333158-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://start.new.toshiba.com?cid=H15C2
HKU\S-1-5-21-90392143-1556726081-1778333158-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://start.new.toshiba.com?cid=H15C2
SearchScopes: HKU\S-1-5-21-90392143-1556726081-1778333158-1001 -> DefaultScope {C9DFDB89-47EB-4810-B3E0-4C31333C5AFE} URL = 
SearchScopes: HKU\S-1-5-21-90392143-1556726081-1778333158-1001 -> {C9DFDB89-47EB-4810-B3E0-4C31333C5AFE} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-04-03] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-04-03] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-03] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-03] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-03] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-03] (Microsoft Corporation)
 
FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-04-03] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-14] ()
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Profile: C:\Users\Johnsons\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Johnsons\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-21]
CHR Extension: (Google Docs) - C:\Users\Johnsons\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-21]
CHR Extension: (Google Drive) - C:\Users\Johnsons\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-21]
CHR Extension: (YouTube) - C:\Users\Johnsons\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-21]
CHR Extension: (Google Search) - C:\Users\Johnsons\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-21]
CHR Extension: (Google Sheets) - C:\Users\Johnsons\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-21]
CHR Extension: (Google Docs Offline) - C:\Users\Johnsons\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Gmail) - C:\Users\Johnsons\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-21]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [323152 2015-05-28] (Windows ® Win 7 DDK provider)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [638456 2016-04-06] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3993088 2016-04-06] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1074448 2016-04-14] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [593880 2016-04-06] (AVG Technologies CZ, s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2838768 2016-04-03] (Microsoft Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373824 2015-05-12] (WildTangent)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328624 2015-11-21] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [887232 2013-12-24] (Intel® Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255168 2015-11-21] (Synaptics Incorporated)
R2 TOSRMService; C:\Program Files (x86)\TOSHIBA\TOSHIBA System Driver\RMService.exe [326960 2015-06-24] (TOSHIBA)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4342936 2015-12-21] (Qualcomm Atheros Communications, Inc.)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162592 2016-02-16] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [306976 2016-03-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-26] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [246560 2016-03-07] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-12-04] (AVG Technologies CZ, s.r.o.)
R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [71456 2016-03-08] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [315840 2015-12-16] (AVG Technologies CZ, s.r.o.)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [301784 2015-06-01] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [895256 2015-06-16] (Realtek                                            )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [51392 2015-11-21] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [45720 2015-06-13] (Toshiba Corporation)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-16] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-27 19:44 - 2016-04-27 19:46 - 00016472 _____ C:\Users\Johnsons\Desktop\FRST.txt
2016-04-26 14:07 - 2016-04-26 14:07 - 00000000 ___HD C:\OneDriveTemp
2016-04-25 11:30 - 2016-04-25 11:30 - 00003592 _____ C:\WINDOWS\System32\Tasks\AVG-SSU_0516avz_DELETE
2016-04-25 11:30 - 2016-04-25 11:30 - 00003180 _____ C:\WINDOWS\System32\Tasks\AVG-SSU_0516avz
2016-04-25 11:30 - 2016-04-25 11:30 - 00000000 ____D C:\ProgramData\Avg_Update_0516avz
2016-04-21 10:56 - 2016-04-21 10:56 - 00016008 _____ C:\Users\Johnsons\Desktop\brown county packing list.odt
2016-04-20 13:22 - 2016-04-20 13:24 - 00001349 _____ C:\Users\Johnsons\Desktop\Fixlog.txt
2016-04-13 07:27 - 2016-03-29 04:01 - 00541304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-04-13 07:27 - 2016-03-29 03:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-04-13 07:27 - 2016-03-29 03:46 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-04-13 07:27 - 2016-03-29 03:19 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-04-13 07:27 - 2016-03-29 03:15 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-04-13 07:27 - 2016-03-29 03:12 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-04-13 07:27 - 2016-03-29 03:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-04-13 07:27 - 2016-03-29 03:02 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-04-13 07:27 - 2016-03-29 02:37 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-04-13 07:27 - 2016-03-29 02:26 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-04-13 07:27 - 2016-03-29 02:05 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-04-13 07:27 - 2016-03-29 02:02 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-04-13 07:27 - 2016-03-29 01:41 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-04-13 07:27 - 2016-03-29 01:38 - 18673664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-04-13 07:27 - 2016-03-29 01:37 - 19340800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-04-13 07:26 - 2016-04-01 23:14 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-04-13 07:26 - 2016-03-29 06:20 - 07474016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-04-13 07:26 - 2016-03-29 06:20 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 07:26 - 2016-03-29 06:18 - 02152280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-04-13 07:26 - 2016-03-29 05:37 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-04-13 07:26 - 2016-03-29 04:41 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-04-13 07:26 - 2016-03-29 04:06 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-04-13 07:26 - 2016-03-29 04:02 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-04-13 07:26 - 2016-03-29 03:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-04-13 07:26 - 2016-03-29 03:36 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-04-13 07:26 - 2016-03-29 03:15 - 01714688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-04-13 07:26 - 2016-03-29 03:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-04-13 07:26 - 2016-03-29 03:07 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-04-13 07:26 - 2016-03-29 03:02 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-04-13 07:26 - 2016-03-29 03:00 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-04-13 07:26 - 2016-03-29 02:42 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-04-13 07:26 - 2016-03-29 02:37 - 01444352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-04-13 07:26 - 2016-03-29 02:37 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-04-13 07:26 - 2016-03-29 02:32 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-04-13 07:26 - 2016-03-29 02:31 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-04-13 07:26 - 2016-03-29 02:28 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-04-13 07:26 - 2016-03-29 02:27 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-04-13 07:26 - 2016-03-29 02:19 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-04-13 07:26 - 2016-03-29 02:05 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-04-13 07:26 - 2016-03-29 02:01 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-04-13 07:26 - 2016-03-29 01:56 - 16985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-04-13 07:26 - 2016-03-29 01:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-04-13 07:26 - 2016-03-29 01:51 - 22378496 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-04-13 07:26 - 2016-03-29 01:51 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-04-13 07:26 - 2016-03-29 01:43 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-04-13 07:26 - 2016-03-29 01:41 - 24602112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-04-13 07:26 - 2016-03-29 01:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-04-13 07:26 - 2016-03-29 01:27 - 07836160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-04-13 07:26 - 2016-03-29 01:27 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-04-13 07:25 - 2016-04-02 00:13 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-04-13 07:25 - 2016-04-02 00:10 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-04-13 07:25 - 2016-04-01 23:26 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-04-13 07:25 - 2016-04-01 23:21 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-04-13 07:25 - 2016-04-01 23:19 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-04-13 07:25 - 2016-04-01 23:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-04-13 07:25 - 2016-04-01 23:15 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-04-13 07:25 - 2016-04-01 23:09 - 01832448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-04-13 07:25 - 2016-04-01 23:07 - 03575296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-04-13 07:25 - 2016-04-01 23:07 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-04-13 07:25 - 2016-04-01 23:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-04-13 07:25 - 2016-03-29 06:22 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-04-13 07:25 - 2016-03-29 06:22 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-04-13 07:25 - 2016-03-29 06:20 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-04-13 07:25 - 2016-03-29 06:20 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-04-13 07:25 - 2016-03-29 06:02 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-04-13 07:25 - 2016-03-29 05:56 - 01297752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-04-13 07:25 - 2016-03-29 05:28 - 00696664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-04-13 07:25 - 2016-03-29 05:17 - 00300104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-04-13 07:25 - 2016-03-29 05:13 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-04-13 07:25 - 2016-03-29 05:11 - 00605440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-04-13 07:25 - 2016-03-29 05:08 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-04-13 07:25 - 2016-03-29 04:44 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-04-13 07:25 - 2016-03-29 04:32 - 00253088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-04-13 07:25 - 2016-03-29 04:26 - 01089888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-04-13 07:25 - 2016-03-29 04:24 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-04-13 07:25 - 2016-03-29 03:51 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2016-04-13 07:25 - 2016-03-29 03:42 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-04-13 07:25 - 2016-03-29 03:39 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-04-13 07:25 - 2016-03-29 03:38 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-04-13 07:25 - 2016-03-29 03:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-04-13 07:25 - 2016-03-29 03:34 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-04-13 07:25 - 2016-03-29 03:28 - 00460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-04-13 07:25 - 2016-03-29 03:27 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-04-13 07:25 - 2016-03-29 03:23 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-04-13 07:25 - 2016-03-29 03:23 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-04-13 07:25 - 2016-03-29 03:22 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2016-04-13 07:25 - 2016-03-29 03:20 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-04-13 07:25 - 2016-03-29 03:19 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-04-13 07:25 - 2016-03-29 03:17 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-04-13 07:25 - 2016-03-29 03:16 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-04-13 07:25 - 2016-03-29 03:16 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-04-13 07:25 - 2016-03-29 03:14 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-04-13 07:25 - 2016-03-29 03:14 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-04-13 07:25 - 2016-03-29 03:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-04-13 07:25 - 2016-03-29 03:12 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-04-13 07:25 - 2016-03-29 03:11 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-04-13 07:25 - 2016-03-29 03:10 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-04-13 07:25 - 2016-03-29 03:10 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-04-13 07:25 - 2016-03-29 03:09 - 01239552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2016-04-13 07:25 - 2016-03-29 03:07 - 01902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-04-13 07:25 - 2016-03-29 03:06 - 01575936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-04-13 07:25 - 2016-03-29 03:05 - 01395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-04-13 07:25 - 2016-03-29 03:02 - 01211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-04-13 07:25 - 2016-03-29 03:00 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-04-13 07:25 - 2016-03-29 02:59 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-04-13 07:25 - 2016-03-29 02:56 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-04-13 07:25 - 2016-03-29 02:56 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-04-13 07:25 - 2016-03-29 02:55 - 01052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2016-04-13 07:25 - 2016-03-29 02:48 - 00346624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-04-13 07:25 - 2016-03-29 02:44 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-04-13 07:25 - 2016-03-29 02:43 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AccountsRt.dll
2016-04-13 07:25 - 2016-03-29 02:42 - 01410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-04-13 07:25 - 2016-03-29 02:39 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-04-13 07:25 - 2016-03-29 02:38 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-04-13 07:25 - 2016-03-29 02:36 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-04-13 07:25 - 2016-03-29 02:35 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-04-13 07:25 - 2016-03-29 02:34 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-04-13 07:25 - 2016-03-29 02:34 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-04-13 07:25 - 2016-03-29 02:32 - 01098240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-04-13 07:25 - 2016-03-29 02:31 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-04-13 07:25 - 2016-03-29 02:30 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-04-13 07:25 - 2016-03-29 02:29 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-04-13 07:25 - 2016-03-29 02:28 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-04-13 07:25 - 2016-03-29 02:27 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-04-13 07:25 - 2016-03-29 02:27 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-04-13 07:25 - 2016-03-29 02:17 - 00765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-04-13 07:25 - 2016-03-29 02:14 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2016-04-13 07:25 - 2016-03-29 02:05 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-04-13 07:25 - 2016-03-29 02:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-04-13 07:25 - 2016-03-29 01:58 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-04-13 07:25 - 2016-03-29 01:49 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-04-13 07:25 - 2016-03-29 01:45 - 03078144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-04-13 07:25 - 2016-03-29 01:38 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-04-13 07:25 - 2016-03-29 01:36 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-04-13 07:25 - 2016-03-29 01:26 - 00958976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-04-13 07:25 - 2016-03-29 01:25 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2016-04-13 07:24 - 2016-04-02 00:10 - 00770640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2016-04-13 07:24 - 2016-04-02 00:10 - 00374008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-04-13 07:24 - 2016-04-01 23:30 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-04-13 07:24 - 2016-04-01 23:29 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-04-13 07:24 - 2016-04-01 23:29 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-04-13 07:24 - 2016-04-01 23:25 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2016-04-13 07:24 - 2016-04-01 23:25 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2016-04-13 07:24 - 2016-04-01 23:23 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-04-13 07:24 - 2016-04-01 23:23 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-04-13 07:24 - 2016-04-01 23:08 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-04-13 07:24 - 2016-04-01 23:03 - 04774912 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-04-13 07:24 - 2016-03-29 06:23 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-04-13 07:24 - 2016-03-29 06:15 - 00100232 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2016-04-13 07:24 - 2016-03-29 06:11 - 00686976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-04-13 07:24 - 2016-03-29 06:05 - 01152864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-04-13 07:24 - 2016-03-29 06:02 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-04-13 07:24 - 2016-03-29 05:28 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-04-13 07:24 - 2016-03-29 05:28 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-04-13 07:24 - 2016-03-29 05:25 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-04-13 07:24 - 2016-03-29 05:25 - 00058400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-04-13 07:24 - 2016-03-29 05:19 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-04-13 07:24 - 2016-03-29 05:18 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-04-13 07:24 - 2016-03-29 05:11 - 00074424 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2016-04-13 07:24 - 2016-03-29 05:10 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
2016-04-13 07:24 - 2016-03-29 05:09 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
2016-04-13 07:24 - 2016-03-29 05:08 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2016-04-13 07:24 - 2016-03-29 05:07 - 00081144 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
2016-04-13 07:24 - 2016-03-29 04:44 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-04-13 07:24 - 2016-03-29 04:41 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-04-13 07:24 - 2016-03-29 04:26 - 02403680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-04-13 07:24 - 2016-03-29 04:26 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll
2016-04-13 07:24 - 2016-03-29 04:25 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll
2016-04-13 07:24 - 2016-03-29 04:23 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll
2016-04-13 07:24 - 2016-03-29 04:21 - 00378208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2016-04-13 07:24 - 2016-03-29 04:17 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-04-13 07:24 - 2016-03-29 04:16 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-04-13 07:24 - 2016-03-29 04:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2016-04-13 07:24 - 2016-03-29 04:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2016-04-13 07:24 - 2016-03-29 04:07 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-04-13 07:24 - 2016-03-29 04:07 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2016-04-13 07:24 - 2016-03-29 04:07 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll
2016-04-13 07:24 - 2016-03-29 04:00 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-04-13 07:24 - 2016-03-29 04:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2016-04-13 07:24 - 2016-03-29 04:00 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-04-13 07:24 - 2016-03-29 03:59 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2016-04-13 07:24 - 2016-03-29 03:57 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-04-13 07:24 - 2016-03-29 03:57 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-04-13 07:24 - 2016-03-29 03:57 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
2016-04-13 07:24 - 2016-03-29 03:55 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-04-13 07:24 - 2016-03-29 03:55 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
2016-04-13 07:24 - 2016-03-29 03:55 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2016-04-13 07:24 - 2016-03-29 03:54 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-04-13 07:24 - 2016-03-29 03:54 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-04-13 07:24 - 2016-03-29 03:53 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2016-04-13 07:24 - 2016-03-29 03:52 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2016-04-13 07:24 - 2016-03-29 03:51 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-04-13 07:24 - 2016-03-29 03:51 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-04-13 07:24 - 2016-03-29 03:50 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-04-13 07:24 - 2016-03-29 03:50 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-04-13 07:24 - 2016-03-29 03:50 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-04-13 07:24 - 2016-03-29 03:50 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2016-04-13 07:24 - 2016-03-29 03:49 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthLEEnum.sys
2016-04-13 07:24 - 2016-03-29 03:49 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-04-13 07:24 - 2016-03-29 03:48 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2016-04-13 07:24 - 2016-03-29 03:46 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2016-04-13 07:24 - 2016-03-29 03:44 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2016-04-13 07:24 - 2016-03-29 03:36 - 00530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2016-04-13 07:24 - 2016-03-29 03:35 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2016-04-13 07:24 - 2016-03-29 03:35 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2016-04-13 07:24 - 2016-03-29 03:34 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-04-13 07:24 - 2016-03-29 03:34 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2016-04-13 07:24 - 2016-03-29 03:34 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2016-04-13 07:24 - 2016-03-29 03:33 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2016-04-13 07:24 - 2016-03-29 03:30 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-04-13 07:24 - 2016-03-29 03:30 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-04-13 07:24 - 2016-03-29 03:26 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-04-13 07:24 - 2016-03-29 03:23 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2016-04-13 07:24 - 2016-03-29 03:21 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-13 07:24 - 2016-03-29 03:20 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2016-04-13 07:24 - 2016-03-29 03:20 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsdchngr.dll
2016-04-13 07:24 - 2016-03-29 03:18 - 00676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2016-04-13 07:24 - 2016-03-29 03:17 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2016-04-13 07:24 - 2016-03-29 03:17 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-04-13 07:24 - 2016-03-29 03:11 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2016-04-13 07:24 - 2016-03-29 03:11 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-04-13 07:24 - 2016-03-29 03:11 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll
2016-04-13 07:24 - 2016-03-29 03:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2016-04-13 07:24 - 2016-03-29 03:08 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-04-13 07:24 - 2016-03-29 03:08 - 00841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-04-13 07:24 - 2016-03-29 03:06 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-04-13 07:24 - 2016-03-29 03:06 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2016-04-13 07:24 - 2016-03-29 03:04 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2016-04-13 07:24 - 2016-03-29 03:03 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-04-13 07:24 - 2016-03-29 03:00 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-04-13 07:24 - 2016-03-29 02:59 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2016-04-13 07:24 - 2016-03-29 02:53 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2016-04-13 07:24 - 2016-03-29 02:53 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2016-04-13 07:24 - 2016-03-29 02:52 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-04-13 07:24 - 2016-03-29 02:52 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2016-04-13 07:24 - 2016-03-29 02:49 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2016-04-13 07:24 - 2016-03-29 02:42 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-13 07:24 - 2016-03-29 02:41 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2016-04-13 07:24 - 2016-03-29 02:40 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2016-04-13 07:24 - 2016-03-29 02:39 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2016-04-13 07:24 - 2016-03-29 02:39 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2016-04-13 07:24 - 2016-03-29 02:36 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-04-13 07:24 - 2016-03-29 02:34 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2016-04-13 07:24 - 2016-03-29 02:32 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-04-13 07:24 - 2016-03-29 02:32 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2016-04-13 07:24 - 2016-03-29 02:32 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-04-13 07:24 - 2016-03-29 02:32 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-04-13 07:24 - 2016-03-29 02:32 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-04-13 07:24 - 2016-03-29 02:32 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2016-04-13 07:24 - 2016-03-29 02:31 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-04-13 07:24 - 2016-03-29 02:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-04-13 07:24 - 2016-03-29 02:29 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-04-13 07:24 - 2016-03-29 02:27 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-04-13 07:24 - 2016-03-29 02:23 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2016-04-13 07:24 - 2016-03-29 02:22 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-04-13 07:24 - 2016-03-29 02:13 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2016-04-13 07:24 - 2016-03-29 02:10 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-04-13 07:24 - 2016-03-29 02:06 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-04-13 07:24 - 2016-03-29 02:05 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-04-13 07:24 - 2016-03-29 02:05 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-04-13 07:24 - 2016-03-29 02:04 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-04-13 07:24 - 2016-03-29 02:04 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-04-13 07:24 - 2016-03-29 02:01 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-04-13 07:24 - 2016-03-29 02:00 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-04-13 07:24 - 2016-03-29 01:45 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2016-04-13 07:24 - 2016-03-29 01:43 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-04-13 07:24 - 2016-03-29 01:35 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2016-04-13 07:24 - 2016-03-29 01:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2016-04-13 07:24 - 2016-03-29 01:27 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-04-13 07:24 - 2016-03-29 01:26 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-04-13 07:24 - 2016-03-29 01:25 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-04-13 07:24 - 2016-03-29 01:21 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-04-13 07:23 - 2016-03-29 04:06 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacchooks.dll
2016-04-13 07:23 - 2016-03-29 03:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-04-13 07:23 - 2016-03-29 03:50 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2016-04-13 07:23 - 2016-03-29 03:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-04-13 07:23 - 2016-03-29 03:32 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-04-13 07:23 - 2016-03-29 03:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-04-13 07:23 - 2016-03-29 03:20 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2016-04-13 07:23 - 2016-03-29 03:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacchooks.dll
2016-04-13 07:23 - 2016-03-29 03:14 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-04-13 07:23 - 2016-03-29 03:11 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-04-13 07:23 - 2016-03-29 03:11 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-04-13 07:23 - 2016-03-29 03:09 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-04-13 07:23 - 2016-03-29 03:08 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-04-13 07:23 - 2016-03-29 03:05 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2016-04-13 07:23 - 2016-03-29 03:00 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-04-13 07:23 - 2016-03-29 02:59 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-04-13 07:23 - 2016-03-29 02:34 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-04-13 07:23 - 2016-03-29 02:27 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-04-10 09:23 - 2016-04-10 09:23 - 00030123 _____ C:\Users\Johnsons\Downloads\2016 03 Summary.pdf
2016-04-06 07:01 - 2016-04-06 07:01 - 03156798 _____ C:\Users\Johnsons\Desktop\calcom34.pdf
2016-04-05 21:17 - 2016-04-05 21:17 - 00000000 ____D C:\Users\Johnsons\Tracing
2016-04-05 21:12 - 2016-04-20 13:32 - 00000000 ____D C:\Users\Johnsons\AppData\Roaming\Skype
2016-04-05 21:11 - 2016-04-05 21:12 - 00000000 ____D C:\ProgramData\Skype
2016-04-05 21:11 - 2016-04-05 21:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-04-05 21:11 - 2016-04-05 21:11 - 00002640 _____ C:\Users\Public\Desktop\Skype.lnk
2016-04-05 21:11 - 2016-04-05 21:11 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-04-05 21:07 - 2016-04-05 21:08 - 01503872 _____ (Skype Technologies S.A.) C:\Users\Johnsons\Downloads\SkypeSetup.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-27 19:44 - 2016-02-27 22:54 - 00000000 ____D C:\FRST
2016-04-27 19:14 - 2015-12-21 14:04 - 00000938 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-27 19:12 - 2015-12-21 14:01 - 00000000 ____D C:\ProgramData\MFAData
2016-04-27 17:14 - 2015-12-21 14:04 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-27 07:45 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-27 07:45 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-27 07:43 - 2015-11-21 20:42 - 00004170 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7806169F-77C2-4C59-B313-3F0298853F03}
2016-04-26 21:21 - 2015-10-30 02:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-04-26 14:07 - 2015-11-21 13:58 - 00002383 _____ C:\Users\Johnsons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-04-26 14:07 - 2015-11-21 13:58 - 00000000 ___RD C:\Users\Johnsons\OneDrive
2016-04-24 19:37 - 2015-12-11 12:23 - 00002242 ____H C:\Users\Johnsons\Documents\Default.rdp
2016-04-24 19:34 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2016-04-20 13:27 - 2015-12-29 05:40 - 00000000 ____D C:\Users\Johnsons
2016-04-20 13:27 - 2015-11-21 13:53 - 00000000 __SHD C:\Users\Johnsons\IntelGraphicsProfiles
2016-04-20 13:26 - 2015-12-29 06:05 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-20 13:25 - 2015-10-30 02:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-04-20 10:56 - 2016-02-27 22:54 - 00016394 _____ C:\Users\Johnsons\Downloads\FRST.txt
2016-04-19 09:55 - 2015-10-30 03:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-04-19 09:52 - 2015-09-12 03:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-04-17 17:05 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2016-04-17 17:05 - 2015-09-12 02:49 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-15 07:28 - 2015-12-21 14:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-04-14 07:26 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\rescache
2016-04-13 23:51 - 2015-12-29 05:30 - 00366328 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-13 23:47 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-04-13 23:47 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-04-13 23:47 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-04-13 23:47 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-04-13 08:10 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-13 08:05 - 2015-11-22 19:28 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-13 07:30 - 2015-11-22 19:28 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-12 14:38 - 2015-11-21 13:53 - 00000000 ____D C:\Users\Johnsons\AppData\Local\Packages
2016-04-08 19:19 - 2015-12-21 14:09 - 00002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-08 19:19 - 2015-12-21 14:09 - 00002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-08 07:51 - 2015-12-21 14:00 - 00000882 _____ C:\Users\Public\Desktop\AVG.lnk
2016-04-08 07:51 - 2015-12-21 14:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-04-06 14:32 - 2015-10-30 03:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-04-06 14:32 - 2015-10-30 03:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-04 13:56 - 2015-11-21 21:30 - 00000000 ____D C:\Users\Johnsons\Documents\Jennys docs
2016-04-03 19:28 - 2015-11-21 21:30 - 00000000 ____D C:\Users\Johnsons\Documents\Misc Documents
 
==================== Files in the root of some directories =======
 
2015-12-25 21:06 - 2015-12-25 21:06 - 0004608 _____ () C:\Users\Johnsons\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-12-08 20:42 - 2015-12-08 20:42 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-12-29 05:35 - 2015-12-29 05:35 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-04-21 07:17
 
==================== End of FRST.txt ============================

Attached Files



#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,575 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:44 PM

Posted 28 April 2016 - 08:29 AM


This

I suspect that the cause is not caused by a virus but you Syncing OneDrive.

The files are temporaty saved in this Hidden folder in bold C:\OneDriveTemp.
To view the contents you must show all files and folders.
How to:
http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

If you have many files in the folder run this Farbar fix.

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.

start

EmptyTemp:
CloseProcesses:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

===

Test and find out if files are being sent to the recycle bin now that the temp files have been removed.

I submit this topic for reading.

https://community.spiceworks.com/topic/849973-problems-with-onedrive-syncing

You can Google this string "OneDriveTemp folder" and read about the Sync problems.

Has the running of the fix temporary stop the issues?

#14 rjohnson2323

rjohnson2323
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 02 May 2016 - 06:47 PM

I checked C:\OneDriveTemp and there was only one file in there.  I went ahead and ran the Farbar fix, but I'm still having issues.

 

The issue is most prevalent when trying to open programs from the desktop (they often get sent to the recycle bin instead of opening) and when trying to type documents (what I am typing will suddenly start getting deleted) or work in spreadsheets (the spreadsheet will start constantly asking me if I want to delete whatever is in the cell I'm working in).

 

Do you have any other thoughts on what the issue could be or how I might fix it?

 

 



#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,575 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:44 PM

Posted 03 May 2016 - 06:51 AM

I suspect that this is caused by a faulty mouse or keyboard.
It's certainly not malware.

Can you reinstall the mouse, or if possible change it.

Check the Business application forum for similar problem with the Spreadsheet application you use.
You may have to start a new topic.
http://www.bleepingcomputer.com/forums/f/16/business-applications/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users