Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: EU Fines Google $5 Billion for Breaching Antitrust Rules in Android

Featured Deal: Get 96% off the MCSA SQL Server Training Deal

Possible malware; odd behavior in Norton Security

Started by Bill Pierce , Mar 13 2016 04:11 PM

This topic is locked

10 replies to this topic

#1 Bill Pierce

Members
46 posts
OFFLINE

Gender:Male
Location:Burlington, Ontario
Local time:01:02 PM

Posted 13 March 2016 - 04:11 PM

I'm not sure if I am infected or not. My problems began to appear when Norton Security updated itself to the latest version via Norton's LiveUpdate feature. After that, the browser protection and exploit prevention settings of NS turned themselves off. Turning these features back on manually would cause them to turn off again after about 30 seconds.

At that point I ran Malwarebytes, which reported an infection with PUP.Optional.CrossRider. I followed the instructions for removal that I found here: https://malwaretips.com/blogs/pup-optional-crossrider-virus/. Malwarebytes no longer reports any infection. This partially changed the behavior of Norton Security, in that it now allows me to set browser protection on. However, if I turn on exploit prevention, it continues to turn both browser protection and exploit protection off. In short, I cannot leave exploit protection turned on without having both it and browser protection turned off after about 30 seconds.

I posted a question to the Norton Security forum and received a reply that my computer may continue to be infected; they are uncertain if the problem is with malware or a possible (as yet unreported) bug in the latest version of NS. They have asked me to ensure that I have no malware on my computer before I contact them again.

I have run FRST, and I paste the FRST.txt file below, as well as attach the Addition.txt file.

I greatly appreciate any support.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Bill Pierce (administrator) on PORKY (13-03-2016 16:32:41)
Running from C:\Users\Bill Pierce\Desktop
Loaded Profiles: Bill Pierce (Available Profiles: Bill Pierce & DefaultAppPool)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start10\Start10Srv.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\ModernMix\MMixSrv.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start10\Start10_64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(MSI) C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(MSI) C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Symantec) C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\ns.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(VMLite, Inc.) C:\Program Files\VMLite\VMLite Workstation\VMLiteService.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
(MSI) C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe
(Traysoft Inc.) C:\Program Files (x86)\PhoneTray\PhoneTrayService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\ns.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\ModernMix\MMix_64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\ModernMix\MMix_32.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Abine Inc.) C:\Program Files (x86)\DoNotTrackMe\AbineAutoUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Traysoft Inc.) C:\Program Files (x86)\PhoneTray\PhoneTray.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe
(Micro-Star INT'L CO.,LTD.) C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe
(TP-LINK) C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\Live Update.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE
() C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe
() C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSYNC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel® Corporation) C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\XtuService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Abine Inc.) C:\Program Files (x86)\DoNotTrackMe\5.5.1930\AbineService.exe
(Eyeo GmbH) C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe
(VMLite, Inc.) C:\Program Files\VMLite\VMLite Workstation\VBoxSVC.exe
(VMLite, Inc.) C:\Program Files\VMLite\VMLite Workstation\VMLite.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.302.8200.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Realtek Semiconductor) C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8725248 2015-10-16] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2789248 2016-02-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM\...\Run: [WrtMon.exe] => C:\WINDOWS\system32\spool\drivers\x64\3\WrtMon.exe [26448 2008-05-24] (NewSoft Technology Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [NPSStartup] => [X]
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443408 2014-02-07] (BlackBerry Limited)
HKLM-x32\...\Run: [RIM PeerManager] => C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe [4465152 2013-11-28] (Research In Motion Limited)
HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2013-08-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\WINDOWS\RaidTool\xInsIDE.exe
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25122080 2016-02-16] (Dropbox, Inc.)
HKLM-x32\...\Run: [SSDMonitor] => C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe [106112 2015-08-14] (Symantec Corporation)
HKLM-x32\...\Run: [Fast Boot] => C:\Program Files (x86)\MSI\Fast Boot\StartFastBoot.exe [759120 2015-04-22] ()
HKLM-x32\...\Run: [Super Charger] => C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe [1027024 2015-09-09] (MSI)
HKLM-x32\...\Run: [TP-LINK USB Printer Controller] => C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe [4265984 2014-06-19] (TP-LINK)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [11336656 2016-02-04] (Micro-Star INT'L CO., LTD.)
HKLM-x32\...\Run: [Command Center] => C:\Program Files (x86)\MSI\Command Center\StartCommandCenter.exe [830416 2016-02-16] (MSI)
HKLM-x32\...\RunOnce: [AbineAutoUpdate] => C:\Program Files (x86)\DoNotTrackMe\AbineAutoUpdate.exe [126704 2016-01-28] (Abine Inc.)
Winlogon\Notify\PCANotify-x32: PCANotify.dll [X]
HKLM\...\Policies\Explorer: [NoRecentDocsNetHood] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ATTENTION
HKU\S-1-5-21-2422629387-1192540806-1023300286-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2015-07-13] (TomTom)
HKU\S-1-5-21-2422629387-1192540806-1023300286-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Bill Pierce\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2422629387-1192540806-1023300286-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2016-01-28] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-2422629387-1192540806-1023300286-1001\...\RunOnce: [Uninstall C:\Users\Bill Pierce\AppData\Local\Microsoft\OneDrive\17.3.6301.0127_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Bill Pierce\AppData\Local\Microsoft\OneDrive\17.3.6301.0127_1\amd64"
HKU\S-1-5-21-2422629387-1192540806-1023300286-1001\...\RunOnce: [Uninstall C:\Users\Bill Pierce\AppData\Local\Microsoft\OneDrive\17.3.6301.0127_1] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Bill Pierce\AppData\Local\Microsoft\OneDrive\17.3.6301.0127_1"
HKU\S-1-5-21-2422629387-1192540806-1023300286-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-2422629387-1192540806-1023300286-1001\...\Policies\Explorer: [NoPreviewPane] 0
HKU\S-1-5-21-2422629387-1192540806-1023300286-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-2422629387-1192540806-1023300286-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-2422629387-1192540806-1023300286-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-2422629387-1192540806-1023300286-1001\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-2422629387-1192540806-1023300286-1001\...\Policies\Explorer: [NoWinkeys] 0
HKU\S-1-5-21-2422629387-1192540806-1023300286-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-2422629387-1192540806-1023300286-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-2422629387-1192540806-1023300286-1001\...\Policies\Explorer: [HideSCANetwork] 0
HKU\S-1-5-21-2422629387-1192540806-1023300286-1001\...\Policies\Explorer: [HideSCAVolume] 0
HKU\S-1-5-21-2422629387-1192540806-1023300286-1001\...\MountPoints2: {108509b9-de63-11e5-8297-448a5b5da8ba} - "V:\setup.exe"
HKU\S-1-5-21-2422629387-1192540806-1023300286-1001\...\MountPoints2: {bae2eff5-df38-11e5-8297-448a5b5da8ba} - "V:\setup.exe"
HKU\S-1-5-21-2422629387-1192540806-1023300286-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Mystify.scr [150528 2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Bill Pierce\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64\FileSyncShell64.dll [2016-03-11] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Bill Pierce\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64\FileSyncShell64.dll [2016-03-11] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Bill Pierce\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64\FileSyncShell64.dll [2016-03-11] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00HumyoPaired] -> {A203F945-39E9-4286-AFA2-F3ADFCD5FAAA} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension.dll [2012-11-13] (Trend Micro Inc.)
ShellIconOverlayIdentifiers: [00HumyoPriority] -> {6F1BB626-1107-4b82-B322-54C5E64461B8} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension.dll [2012-11-13] (Trend Micro Inc.)
ShellIconOverlayIdentifiers: [00HumyoProblem] -> {7479C9AF-DA81-4944-92E5-23E49390BB2B} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension.dll [2012-11-13] (Trend Micro Inc.)
ShellIconOverlayIdentifiers: [00HumyoSynced] -> {7479C9AF-DA81-4944-92E5-23E49390BB2A} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension.dll [2012-11-13] (Trend Micro Inc.)
ShellIconOverlayIdentifiers: [00HumyoSyncing] -> {7479C9AF-DA81-4944-92E5-23E49390BB29} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension.dll [2012-11-13] (Trend Micro Inc.)
ShellIconOverlayIdentifiers: [00HumyoUnavailable] -> {66669544-5639-4922-99C8-CE7A86651364} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension.dll [2012-11-13] (Trend Micro Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Bill Pierce\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileSyncShell.dll [2016-03-11] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Bill Pierce\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileSyncShell.dll [2016-03-11] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Bill Pierce\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileSyncShell.dll [2016-03-11] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [00HumyoPaired] -> {A203F945-39E9-4286-AFA2-F3ADFCD5FAAA} => No File
ShellIconOverlayIdentifiers-x32: [00HumyoPriority] -> {6F1BB626-1107-4b82-B322-54C5E64461B8} => No File
ShellIconOverlayIdentifiers-x32: [00HumyoProblem] -> {7479C9AF-DA81-4944-92E5-23E49390BB2B} => No File
ShellIconOverlayIdentifiers-x32: [00HumyoSynced] -> {7479C9AF-DA81-4944-92E5-23E49390BB2A} => No File
ShellIconOverlayIdentifiers-x32: [00HumyoSyncing] -> {7479C9AF-DA81-4944-92E5-23E49390BB29} => No File
ShellIconOverlayIdentifiers-x32: [00HumyoUnavailable] -> {66669544-5639-4922-99C8-CE7A86651364} => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PhoneTray.lnk [2015-02-22]
ShortcutTarget: PhoneTray.lnk -> C:\Program Files (x86)\PhoneTray\PhoneTray.exe (Traysoft Inc.)
Startup: C:\Users\Bill Pierce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-10-02]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{2537fcef-de02-4814-9783-4d7073d82a07}: [NameServer] 199.85.126.10,199.85.127.10
Tcpip\..\Interfaces\{cbe2ab92-4022-4e70-a852-48bcfddcaf7c}: [NameServer] 24.226.1.93,24.226.1.94,24.226.10.193,24.226.10.194

Internet Explorer:
==================
HKU\S-1-5-21-2422629387-1192540806-1023300286-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKU\S-1-5-21-2422629387-1192540806-1023300286-1001 -> DefaultScope {C545710C-2BD9-47F8-A661-8AA552047308} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=
SearchScopes: HKU\S-1-5-21-2422629387-1192540806-1023300286-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=1000&geo=US&ver=22&locale=en_US&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-2422629387-1192540806-1023300286-1001 -> {C545710C-2BD9-47F8-A661-8AA552047308} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-03-12] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-18] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Blur BHO -> {C584D6D2-EF22-4C61-BF5B-0C7E723D836C} -> C:\Program Files (x86)\DoNotTrackMe\5.5.1930\AbineBHO64.dll [2016-01-28] (Abine Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-03-12] (Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-07] (Oracle Corporation)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Blur BHO -> {C584D6D2-EF22-4C61-BF5B-0C7E723D836C} -> C:\Program Files (x86)\DoNotTrackMe\5.5.1930\AbineBHO.dll [2016-01-28] (Abine Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-07] (Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-18] (Google Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
DPF: HKLM-x32 {01025D1C-BB03-4369-8344-732CD0DCCCF0} hxxp://www.geforce.com/services_toolkit/ShimGen/1.1.28.1/GPU_Reader.cab
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://qtinstall.apple.com/qtactivex/qtplugin.cab
DPF: HKLM-x32 {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
DPF: HKLM-x32 {0742B9EF-8C83-41CA-BFBA-830A59E23533} hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: HKLM-x32 {22945A69-1191-4DCF-9E6F-409BDE94D101} hxxp://chil.solidworks.com/htdocs/pdownload/edrawings/e2011sp03/cab//eModelsStandard.cab
DPF: HKLM-x32 {44990B00-3C9D-426D-81DF-AAB636FA4345} hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1350216267514
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: HKLM-x32 {82774781-8F4E-11D1-AB1C-0000F8773BF0} hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: HKLM-x32 {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.24.0.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {ED28050F-D713-43BA-A376-DCC5C35407D5} hxxp://entjs.msn.com/client/msnmusax9302.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
DPF: HKLM-x32 {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} hxxp://www.trueswitch.com/TrueInstall.exe
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2015-08-05] (Belarc, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-12] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-12] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-12] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-12] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-2422629387-1192540806-1023300286-1001 -> hxxp://www.excite.com/

FireFox:
========
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ [] ()
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-15] (CANON INC.)
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-07] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2011-08-22] (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-03-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ [] ()
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-10-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-10-13] (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.448 -> C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nppl3260.dll [2010-02-04] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nprpjplug.dll [2010-02-04] (RealNetworks, Inc.)
FF Plugin-x32: @rim.com/npappworld -> C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll [2013-04-11] ()
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2014-04-30] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Extension: No Name - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha5\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta714\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha569\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1535\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha975\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha8533\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home589\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode2937\ff [not found]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.5.15\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.5.15\coFFAddon [2016-03-02]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.5.15\coFFAddon

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.ca/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Bill Pierce\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Bill Pierce\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-09]
CHR Extension: (Google Drive) - C:\Users\Bill Pierce\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25]
CHR Extension: (YouTube) - C:\Users\Bill Pierce\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-25]
CHR Extension: (Adblock Plus) - C:\Users\Bill Pierce\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-02-24]
CHR Extension: (Norton Security Toolbar) - C:\Users\Bill Pierce\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-02-04]
CHR Extension: (Google Search) - C:\Users\Bill Pierce\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
CHR Extension: (Blur) - C:\Users\Bill Pierce\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2016-02-04]
CHR Extension: (Google Docs Offline) - C:\Users\Bill Pierce\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-15]
CHR Extension: (Norton Identity Safe) - C:\Users\Bill Pierce\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-14]
CHR Extension: (Norton Safe) - C:\Users\Bill Pierce\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2014-09-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Bill Pierce\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-29]
CHR Extension: (pflmllfnnabikmfkkaddkoolinlfninn) - C:\Users\Bill Pierce\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflmllfnnabikmfkkaddkoolinlfninn [2014-10-18]
CHR Extension: (Gmail) - C:\Users\Bill Pierce\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-04]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\Exts\Chrome.crx [2016-03-02]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ahmcccagmbagkpbdgpammblejlmiempb] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\Exts\Chrome.crx [2016-03-02]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 APC UPS Service; C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe [689464 2009-01-06] (American Power Conversion Corporation)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2014-01-21] (BlackBerry Limited) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2804976 2016-02-28] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-03] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-03] (Dropbox, Inc.)
S3 DiskDoctorService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [1147424 2012-09-29] (Symantec Corporation)
S2 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [414360 2015-09-14] ()
S4 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [626208 2009-08-10] ()
S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [803856 2016-01-28] (Garmin Ltd. or its subsidiaries)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164672 2016-02-17] (NVIDIA Corporation)
S2 gupdate1c9e5f5de612b20; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc.)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 ModernMix; C:\Program Files (x86)\Stardock\ModernMix\MMixSrv.exe [74296 2014-06-12] (Stardock Software, Inc)
S3 MSIClock_CC; C:\Program Files (x86)\MSI\Command Center\ClockGen\MSIClockService.exe [4162512 2016-02-04] (MSI)
S3 MSICOMM_CC; C:\Program Files (x86)\MSI\Command Center\MSICommService.exe [2200872 2016-02-01] (MSI)
S3 MSICPU_CC; C:\Program Files (x86)\MSI\Command Center\CPU\MSICPUService.exe [4162512 2016-02-04] (MSI)
R2 MSICTL_CC; C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe [2013648 2016-02-16] (MSI)
R2 MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe [2312144 2016-02-22] (MSI)
S3 MSISMB_CC; C:\Program Files (x86)\MSI\Command Center\SMBus\MSISMBService.exe [2073040 2016-02-04] (MSI)
S3 MSISuperIO_CC; C:\Program Files (x86)\MSI\Command Center\SuperIO\MSISuperIOService.exe [596944 2016-02-01] (MSI)
R2 MSI_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe [105296 2015-06-04] (MSI)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [1787344 2016-02-05] (Micro-Star INT'L CO., LTD.)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe [163280 2015-05-18] (MSI)
S2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [30240 2013-09-26] (MICRO-STAR INTERNATIONAL CO., LTD.)
S4 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [537896 2008-12-12] (Nero AG)
R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\NS.exe [289080 2016-02-26] (Symantec Corporation)
S4 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [206880 2009-08-10] ()
S4 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [180224 2007-09-04] (NVIDIA) [File not signed]
R2 NU16StartManagerSvc; C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [792608 2012-09-29] (Symantec)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1880960 2016-02-17] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6474112 2016-02-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2609024 2016-02-17] (NVIDIA Corporation)
R2 PhoneTrayService; C:\Program Files (x86)\PhoneTray\PhoneTrayService.exe [14696 2015-02-21] (Traysoft Inc.)
R2 RIM MDNS; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [389632 2013-11-28] (Apple Inc.) [File not signed]
R2 RIM Tunnel Service; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1304064 2013-11-28] (Research In Motion Limited) [File not signed]
S4 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [620544 2008-11-11] (Nokia.) [File not signed]
S4 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2011-05-22] (SolidWorks) [File not signed]
S3 SpeedDiskService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [1160224 2012-09-29] (Symantec Corporation)
R2 Start10; C:\Program Files (x86)\Stardock\Start10\Start10Srv.exe [219664 2015-02-03] (Stardock Software, Inc)
S2 SuperRAIDSvc; C:\MSI\Smart Utilities\SuperRAIDSvc.exe [29648 2015-02-09] (Micro-Star INT'L CO., LTD.)
S4 Symantec RemoteAssist; C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe [394704 2008-01-29] (Symantec, Inc.)
S2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [112792 2015-09-14] ()
S4 UpdateCenterService; C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe [282728 2009-11-06] (NVIDIA)
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [414360 2015-09-14] ()
R2 VMLiteService; C:\Program Files\VMLite\VMLite Workstation\VMLiteService.exe [426600 2010-08-21] (VMLite, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\XtuService.exe [19216 2015-07-07] (Intel® Corporation)
S2 NSL; "C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe" /s "NSL" /m "C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\diMaster.dll" /prefetch:1

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 Achernar; C:\Windows\System32\Drivers\Achernar.sys [34104 2016-02-04] (NewSoft Technology Corporation)
S3 AcpiCtlDrv; C:\Windows\System32\drivers\AcpiCtlDrv.sys [25880 2012-07-17] (Intel Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.5.5.15\Definitions\BASHDefs\20160309.001_60c\BHDrvx64.sys [1766640 2016-03-09] (Symantec Corporation)
R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1606000.08E\ccSetx64.sys [173808 2015-11-11] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2016-02-04] (Symantec Corporation)
S3 ENTECH64; C:\Windows\system32\DRIVERS\ENTECH64.sys [12744 2008-04-22] (EnTech Taiwan)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2016-02-04] (Symantec Corporation)
S3 i8042HDR; C:\Windows\system32\DRIVERS\i8042HDR.sys [15920 2009-08-15] (Windows ® Codename Longhorn DDK provider)
R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.5.5.15\Definitions\IPSDefs\20160311.001\IDSvia64.sys [767224 2016-03-01] (Symantec Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [22216 2014-05-27] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [22728 2014-05-27] ()
R2 iocbios2; C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [30224 2015-05-28] (Intel Corporation)
R3 ISCT; C:\Windows\System32\drivers\ISCTD.sys [44744 2014-05-27] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security\NortonData\22.5.5.15\Definitions\VirusDefs\20160313.003\ENG64.SYS [138488 2016-03-10] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security\NortonData\22.5.5.15\Definitions\VirusDefs\20160313.003\EX64.SYS [2148080 2016-03-10] (Symantec Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
S3 NTIOLib_1_0_6; C:\Program Files (x86)\Setup Files\Ms7850v170\NTIOLib_X64.sys [11888 2011-01-06] (MSI) [File not signed]
R3 NTIOLib_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\NTIOLib_X64.sys [13368 2012-10-26] (MSI)
R3 NTIOLib_MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\NTIOLib_X64.sys [13368 2012-11-26] (MSI)
S3 NTIOLib_MSI_RAID; C:\MSI\Smart Utilities\NTIOLib_X64.sys [13808 2014-03-17] (MSI)
S3 NVR0Dev; C:\Windows\nvoclk64.sys [39968 2007-09-04] (NVidia Corp.)
U5 nvstor64; C:\Windows\System32\Drivers\nvstor64.sys [244328 2010-04-09] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28032 2016-02-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
R2 OkiPar64; C:\Windows\System32\DRIVERS\OKIPAR64.SYS [46600 2007-11-14] (Oki Data Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-12-02] (BlackBerry Limited)
R3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2013-09-12] (Research in Motion Limited)
R3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [886528 2015-05-29] (Realtek )
S1 SBRE; C:\Windows\system32\drivers\SBREdrv.sys [55384 2011-06-28] (Sunbelt Software)
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
R3 SRTSP; C:\Windows\System32\Drivers\NSx64\1606000.08E\SRTSP64.SYS [928504 2016-02-23] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1606000.08E\SRTSPX64.SYS [50936 2015-11-11] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1606000.08E\SYMEFASI64.SYS [1621232 2016-02-23] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NSx64\1606000.08E\SymELAM.sys [24192 2015-11-11] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [111344 2016-03-02] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NSx64\1606000.08E\Ironx64.SYS [295664 2016-02-23] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NSx64\1606000.08E\SYMNETS.SYS [577768 2016-02-23] (Symantec Corporation)
R3 tplinkUDSMBus; C:\Windows\system32\drivers\TplinkUDSMBus.sys [116936 2014-05-22] (Windows ® Codename Longhorn DDK provider)
R3 tplinkUDSTcpBus; C:\Windows\System32\Drivers\tplinkUDSTcpBus.sys [196296 2014-05-22] (Windows ® Codename Longhorn DDK provider)
R3 USBIPEnum; C:\Windows\System32\drivers\USBIPEnum.sys [52296 2015-12-01] (Windows ® Win 7 DDK provider)
R1 VBoxDrv; C:\Windows\System32\drivers\VBoxDrv.sys [204328 2010-08-11] (VMLite, Inc.)
R3 VBoxNetAdp; C:\Windows\System32\drivers\VBoxNetAdp.sys [146216 2010-08-11] (VMLite, Inc.)
S3 VBoxNetFlt; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [165800 2010-08-11] (VMLite, Inc.)
R1 vmlitedrv; C:\Windows\System32\drivers\vmlitedrv.sys [14952 2010-08-03] (VMLite, Inc.)
R3 vmlitestor; C:\Windows\System32\drivers\vmlitestor.sys [177768 2010-08-11] (VMLite, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-07-10] (Intel Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-13 16:32 - 2016-03-13 16:33 - 00052314 _____ C:\Users\Bill Pierce\Desktop\FRST.txt
2016-03-13 16:32 - 2016-03-13 16:32 - 00000000 ____D C:\FRST
2016-03-13 16:31 - 2016-03-13 16:32 - 02374144 _____ (Farbar) C:\Users\Bill Pierce\Desktop\FRST64.exe
2016-03-13 07:47 - 2016-03-13 07:48 - 00268884 _____ C:\WINDOWS\Minidump\031316-44625-01.dmp
2016-03-13 07:38 - 2016-03-13 07:38 - 00000306 _____ C:\WINDOWS\Tasks\NUSchedule.job
2016-03-13 03:05 - 2016-03-13 03:05 - 00297540 _____ C:\WINDOWS\Minidump\031316-58906-01.dmp
2016-03-13 03:04 - 2016-03-13 07:47 - 853357357 _____ C:\WINDOWS\MEMORY.DMP
2016-03-12 19:14 - 2016-03-12 19:14 - 00000000 ___HD C:\OneDriveTemp
2016-03-12 19:11 - 2016-03-12 19:11 - 00218764 _____ C:\WINDOWS\Minidump\031216-42890-01.dmp
2016-03-12 19:06 - 2015-08-18 10:51 - 01692840 _____ (MSI) C:\WINDOWS\SysWOW64\muachost.exe
2016-03-12 19:06 - 2013-02-08 12:04 - 00000000 _____ C:\RAMDiskImage.img
2016-03-12 11:51 - 2016-03-12 11:51 - 00002501 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-03-12 11:51 - 2016-03-12 11:51 - 00002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-03-12 11:51 - 2016-03-12 11:51 - 00002464 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2016-03-12 11:51 - 2016-03-12 11:51 - 00002463 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-03-12 11:51 - 2016-03-12 11:51 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-03-12 11:51 - 2016-03-12 11:51 - 00002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-03-12 11:51 - 2016-03-12 11:51 - 00002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-03-12 11:51 - 2016-03-12 11:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2016-03-12 11:41 - 2016-03-12 11:41 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-03-11 08:54 - 2016-03-11 08:55 - 119528976 _____ C:\Users\Bill Pierce\Desktop\710_b042_multilanguage.exe
2016-03-11 08:41 - 2016-03-08 03:12 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-03-11 08:41 - 2016-03-08 03:12 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-11 08:38 - 2016-03-11 08:38 - 00002579 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-03-11 08:38 - 2016-03-11 08:38 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2016-03-11 08:38 - 2016-03-11 08:38 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-03-11 08:30 - 2016-03-11 08:30 - 00002420 _____ C:\Users\Bill Pierce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-03-10 18:57 - 2016-03-11 08:24 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-03-10 18:57 - 2016-03-10 19:02 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-03-10 18:38 - 2016-03-13 00:27 - 00000000 ____D C:\Users\Bill Pierce\Desktop\HiJackThis
2016-03-08 14:46 - 2016-03-01 01:31 - 00848168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-03-08 14:46 - 2016-03-01 01:22 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-03-08 14:46 - 2016-02-24 05:52 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-03-08 14:46 - 2016-02-24 05:51 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-03-08 14:46 - 2016-02-24 05:48 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-03-08 14:46 - 2016-02-24 05:47 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-03-08 14:46 - 2016-02-24 05:40 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-03-08 14:46 - 2016-02-24 05:34 - 01613664 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-03-08 14:46 - 2016-02-24 05:28 - 03449168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2016-03-08 14:46 - 2016-02-24 05:15 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-03-08 14:46 - 2016-02-24 04:58 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-03-08 14:46 - 2016-02-24 04:54 - 00127840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2016-03-08 14:46 - 2016-02-24 04:51 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-03-08 14:46 - 2016-02-24 04:50 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-03-08 14:46 - 2016-02-24 04:46 - 06607080 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-03-08 14:46 - 2016-02-24 04:43 - 00625000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2016-03-08 14:46 - 2016-02-24 04:39 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-03-08 14:46 - 2016-02-24 04:39 - 00141560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2016-03-08 14:46 - 2016-02-24 04:19 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-03-08 14:46 - 2016-02-24 04:14 - 00216416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-03-08 14:46 - 2016-02-24 04:11 - 01997152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-03-08 14:46 - 2016-02-24 04:11 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-03-08 14:46 - 2016-02-24 04:11 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-03-08 14:46 - 2016-02-24 04:11 - 00652392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-03-08 14:46 - 2016-02-24 04:11 - 00394080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-03-08 14:46 - 2016-02-24 04:11 - 00258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll
2016-03-08 14:46 - 2016-02-24 04:10 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-03-08 14:46 - 2016-02-24 04:10 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-03-08 14:46 - 2016-02-24 04:09 - 00640472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-03-08 14:46 - 2016-02-24 04:09 - 00147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2016-03-08 14:46 - 2016-02-24 04:06 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-03-08 14:46 - 2016-02-24 03:59 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-03-08 14:46 - 2016-02-24 03:39 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTypeHelperUtil.dll
2016-03-08 14:46 - 2016-02-24 03:39 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExtrasXmlParser.dll
2016-03-08 14:46 - 2016-02-24 03:38 - 00187744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-03-08 14:46 - 2016-02-24 03:38 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2016-03-08 14:46 - 2016-02-24 03:37 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataLanguageUtil.dll
2016-03-08 14:46 - 2016-02-24 03:36 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenanceClient.dll
2016-03-08 14:46 - 2016-02-24 03:35 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-03-08 14:46 - 2016-02-24 03:35 - 00523752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-03-08 14:46 - 2016-02-24 03:35 - 00220064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqmapi.dll
2016-03-08 14:46 - 2016-02-24 03:35 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-03-08 14:46 - 2016-02-24 03:33 - 00538736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-03-08 14:46 - 2016-02-24 03:33 - 00141664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2016-03-08 14:46 - 2016-02-24 03:31 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-03-08 14:46 - 2016-02-24 03:30 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp.dll
2016-03-08 14:46 - 2016-02-24 03:28 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\POSyncServices.dll
2016-03-08 14:46 - 2016-02-24 03:23 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-03-08 14:46 - 2016-02-24 03:23 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll
2016-03-08 14:46 - 2016-02-24 03:22 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2016-03-08 14:46 - 2016-02-24 03:20 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2016-03-08 14:46 - 2016-02-24 03:20 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-03-08 14:46 - 2016-02-24 03:20 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-03-08 14:46 - 2016-02-24 03:19 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2016-03-08 14:46 - 2016-02-24 03:19 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2016-03-08 14:46 - 2016-02-24 03:15 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-03-08 14:46 - 2016-02-24 03:14 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll
2016-03-08 14:46 - 2016-02-24 03:13 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2016-03-08 14:46 - 2016-02-24 03:12 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\cemapi.dll
2016-03-08 14:46 - 2016-02-24 03:12 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2016-03-08 14:46 - 2016-02-24 03:10 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2016-03-08 14:46 - 2016-02-24 03:09 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2016-03-08 14:46 - 2016-02-24 03:09 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll
2016-03-08 14:46 - 2016-02-24 03:07 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2016-03-08 14:46 - 2016-02-24 03:05 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-03-08 14:46 - 2016-02-24 03:03 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-03-08 14:46 - 2016-02-24 03:02 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2016-03-08 14:46 - 2016-02-24 03:01 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-03-08 14:46 - 2016-02-24 03:01 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2016-03-08 14:46 - 2016-02-24 03:01 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2016-03-08 14:46 - 2016-02-24 03:00 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2016-03-08 14:46 - 2016-02-24 02:59 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2016-03-08 14:46 - 2016-02-24 02:59 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2016-03-08 14:46 - 2016-02-24 02:59 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-03-08 14:46 - 2016-02-24 02:58 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\scapi.dll
2016-03-08 14:46 - 2016-02-24 02:55 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2016-03-08 14:46 - 2016-02-24 02:55 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2016-03-08 14:46 - 2016-02-24 02:55 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll
2016-03-08 14:46 - 2016-02-24 02:54 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2016-03-08 14:46 - 2016-02-24 02:54 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2016-03-08 14:46 - 2016-02-24 02:54 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2016-03-08 14:46 - 2016-02-24 02:54 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll
2016-03-08 14:46 - 2016-02-24 02:53 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2016-03-08 14:46 - 2016-02-24 02:53 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll
2016-03-08 14:46 - 2016-02-24 02:52 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2016-03-08 14:46 - 2016-02-24 02:52 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PimIndexMaintenanceClient.dll
2016-03-08 14:46 - 2016-02-24 02:51 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-03-08 14:46 - 2016-02-24 02:49 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2016-03-08 14:46 - 2016-02-24 02:47 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-03-08 14:46 - 2016-02-24 02:46 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfapigp.dll
2016-03-08 14:46 - 2016-02-24 02:44 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-03-08 14:46 - 2016-02-24 02:44 - 00915456 _____ (Microsoft Corporation) C:\WINDOWS\system32\configurationclient.dll
2016-03-08 14:46 - 2016-02-24 02:44 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2016-03-08 14:46 - 2016-02-24 02:44 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\POSyncServices.dll
2016-03-08 14:46 - 2016-02-24 02:43 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-03-08 14:46 - 2016-02-24 02:43 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2016-03-08 14:46 - 2016-02-24 02:41 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-03-08 14:46 - 2016-02-24 02:41 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-03-08 14:46 - 2016-02-24 02:40 - 01224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2016-03-08 14:46 - 2016-02-24 02:40 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-03-08 14:46 - 2016-02-24 02:40 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll
2016-03-08 14:46 - 2016-02-24 02:39 - 01390592 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-03-08 14:46 - 2016-02-24 02:39 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2016-03-08 14:46 - 2016-02-24 02:38 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2016-03-08 14:46 - 2016-02-24 02:36 - 01847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2016-03-08 14:46 - 2016-02-24 02:34 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2016-03-08 14:46 - 2016-02-24 02:34 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-03-08 14:46 - 2016-02-24 02:32 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2016-03-08 14:46 - 2016-02-24 02:32 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2016-03-08 14:46 - 2016-02-24 02:31 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cemapi.dll
2016-03-08 14:46 - 2016-02-24 02:31 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2016-03-08 14:46 - 2016-02-24 02:28 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-03-08 14:46 - 2016-02-24 02:28 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2016-03-08 14:46 - 2016-02-24 02:28 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll
2016-03-08 14:46 - 2016-02-24 02:25 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll
2016-03-08 14:46 - 2016-02-24 02:23 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2016-03-08 14:46 - 2016-02-24 02:22 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2016-03-08 14:46 - 2016-02-24 02:21 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2016-03-08 14:46 - 2016-02-24 02:21 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2016-03-08 14:46 - 2016-02-24 02:18 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2016-03-08 14:46 - 2016-02-24 02:18 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2016-03-08 14:46 - 2016-02-24 02:18 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2016-03-08 14:46 - 2016-02-24 02:17 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2016-03-08 14:46 - 2016-02-24 02:16 - 00394752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2016-03-08 14:46 - 2016-02-24 02:13 - 00540160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2016-03-08 14:46 - 2016-02-24 02:11 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-03-08 14:46 - 2016-02-24 02:09 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-03-08 14:46 - 2016-02-24 02:09 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-03-08 14:46 - 2016-02-24 02:09 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2016-03-08 14:46 - 2016-02-24 02:09 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2016-03-08 14:46 - 2016-02-24 02:07 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2016-03-08 14:46 - 2016-02-24 02:07 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-03-08 14:46 - 2016-02-24 02:07 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-03-08 14:46 - 2016-02-24 02:04 - 01497088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2016-03-08 14:46 - 2016-02-24 02:03 - 00769536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2016-03-08 14:46 - 2016-02-24 02:01 - 01831936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-03-08 14:46 - 2016-02-24 02:00 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-03-08 14:46 - 2016-02-24 02:00 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-03-08 14:46 - 2016-02-24 01:57 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-03-08 14:46 - 2016-02-24 01:55 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-03-08 14:46 - 2016-02-24 01:43 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwbase.dll
2016-03-08 14:46 - 2016-02-24 01:34 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-03-08 14:46 - 2016-02-24 01:22 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwbase.dll
2016-03-08 14:46 - 2016-02-24 01:20 - 22376960 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-03-08 14:46 - 2016-02-24 01:18 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-03-08 14:46 - 2016-02-24 01:12 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-03-08 14:46 - 2016-02-24 01:12 - 05321728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-03-08 14:46 - 2016-02-24 01:10 - 24600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-03-08 14:46 - 2016-02-24 01:09 - 06972416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-03-08 14:46 - 2016-02-24 01:05 - 12586496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-03-08 14:46 - 2016-02-24 01:03 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-03-08 14:46 - 2016-02-24 00:59 - 05661696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-03-08 14:46 - 2016-02-24 00:55 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-03-08 10:31 - 2016-03-08 10:31 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2016-03-08 09:45 - 2016-03-08 09:45 - 01524224 _____ C:\Users\Bill Pierce\Desktop\adwcleaner_5.101.exe
2016-03-07 01:06 - 2016-03-07 01:16 - 00000000 ____D C:\ProgramData\HitmanPro
2016-03-07 01:06 - 2016-03-07 01:06 - 00000000 ____D C:\Program Files\HitmanPro
2016-03-07 01:05 - 2016-03-07 01:06 - 11441744 _____ (SurfRight B.V.) C:\Users\Bill Pierce\Desktop\HitmanPro_x64.exe
2016-03-07 00:40 - 2016-03-12 23:55 - 00000749 _____ C:\Users\Bill Pierce\Desktop\JRT.txt
2016-03-07 00:36 - 2016-03-07 00:36 - 01609216 _____ (Malwarebytes) C:\Users\Bill Pierce\Desktop\JRT.exe
2016-03-07 00:23 - 2016-03-12 23:44 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-06 22:40 - 2016-03-06 22:41 - 00297804 _____ C:\WINDOWS\Minidump\030616-71812-01.dmp
2016-03-06 17:06 - 2016-03-13 07:47 - 00000000 ____D C:\WINDOWS\Minidump
2016-03-06 17:06 - 2016-03-06 17:06 - 00259708 _____ C:\WINDOWS\Minidump\030616-32984-01.dmp
2016-03-03 10:23 - 2016-03-13 13:00 - 00000354 _____ C:\WINDOWS\Tasks\SpeedDiskSchedule.job
2016-03-03 10:23 - 2016-03-03 10:23 - 00002942 _____ C:\WINDOWS\System32\Tasks\SpeedDiskSchedule
2016-03-03 10:14 - 2016-03-13 07:38 - 00002930 _____ C:\WINDOWS\System32\Tasks\NUSchedule
2016-03-03 10:13 - 2016-03-13 07:49 - 00000312 _____ C:\WINDOWS\Tasks\NUAutoUpdate.job
2016-03-03 10:13 - 2016-03-03 10:13 - 00002588 _____ C:\WINDOWS\System32\Tasks\NUAutoUpdate
2016-03-02 17:43 - 2016-03-13 13:07 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Security
2016-03-02 17:41 - 2016-03-02 17:41 - 00003388 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2016-03-02 17:21 - 2016-03-02 17:21 - 00111344 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2016-03-02 17:21 - 2016-03-02 17:21 - 00008214 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2016-03-02 17:19 - 2016-03-02 17:41 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2016-03-02 17:19 - 2016-03-02 17:19 - 00000000 ____D C:\Program Files (x86)\Norton Security
2016-03-02 15:02 - 2016-03-02 15:02 - 00083123 _____ C:\Users\Bill Pierce\Documents\Megan - Catch-22.pdf
2016-03-01 15:26 - 2016-02-23 07:27 - 02654872 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-03-01 15:26 - 2016-02-23 07:27 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-03-01 15:26 - 2016-02-23 07:25 - 02152288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-03-01 15:26 - 2016-02-23 07:25 - 01818696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-03-01 15:26 - 2016-02-23 06:34 - 01859960 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-03-01 15:26 - 2016-02-23 06:34 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-03-01 15:26 - 2016-02-23 06:33 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-03-01 15:26 - 2016-02-23 06:32 - 08705672 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-03-01 15:26 - 2016-02-23 06:32 - 02544264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-03-01 15:26 - 2016-02-23 06:32 - 01152328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2016-03-01 15:26 - 2016-02-23 06:32 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-03-01 15:26 - 2016-02-23 06:31 - 01017032 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2016-03-01 15:26 - 2016-02-23 06:31 - 00819648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2016-03-01 15:26 - 2016-02-23 06:31 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-03-01 15:26 - 2016-02-23 06:25 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-03-01 15:26 - 2016-02-23 06:21 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-03-01 15:26 - 2016-02-23 05:45 - 02773096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-03-01 15:26 - 2016-02-23 05:39 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-03-01 15:26 - 2016-02-23 05:38 - 06952088 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-03-01 15:26 - 2016-02-23 05:38 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-03-01 15:26 - 2016-02-23 05:38 - 00980352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2016-03-01 15:26 - 2016-02-23 05:38 - 00895080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2016-03-01 15:26 - 2016-02-23 05:38 - 00882720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-03-01 15:26 - 2016-02-23 05:37 - 00713824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2016-03-01 15:26 - 2016-02-23 05:32 - 00791744 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-03-01 15:26 - 2016-02-23 05:30 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-03-01 15:26 - 2016-02-23 05:27 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-03-01 15:26 - 2016-02-23 05:27 - 00376536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2016-03-01 15:26 - 2016-02-23 05:20 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSave.dll
2016-03-01 15:26 - 2016-02-23 05:17 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-03-01 15:26 - 2016-02-23 04:56 - 02186864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-03-01 15:26 - 2016-02-23 04:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuickActionsDataModel.dll
2016-03-01 15:26 - 2016-02-23 04:29 - 00591872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-03-01 15:26 - 2016-02-23 04:27 - 00307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2016-03-01 15:26 - 2016-02-23 04:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-03-01 15:26 - 2016-02-23 04:20 - 00493568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-03-01 15:26 - 2016-02-23 04:19 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-03-01 15:26 - 2016-02-23 04:14 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2016-03-01 15:26 - 2016-02-23 04:12 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-03-01 15:26 - 2016-02-23 04:10 - 00997376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2016-03-01 15:26 - 2016-02-23 04:10 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-03-01 15:26 - 2016-02-23 04:09 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-03-01 15:26 - 2016-02-23 04:09 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-03-01 15:26 - 2016-02-23 04:09 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-03-01 15:26 - 2016-02-23 04:06 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-03-01 15:26 - 2016-02-23 04:04 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2016-03-01 15:26 - 2016-02-23 04:04 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-03-01 15:26 - 2016-02-23 04:02 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-03-01 15:26 - 2016-02-23 04:00 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-03-01 15:26 - 2016-02-23 03:58 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerServer.dll
2016-03-01 15:26 - 2016-02-23 03:37 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-03-01 15:26 - 2016-02-23 03:31 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2016-03-01 15:26 - 2016-02-23 03:30 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-03-01 15:26 - 2016-02-23 03:30 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-03-01 15:26 - 2016-02-23 03:24 - 04827136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-03-01 15:26 - 2016-02-23 03:24 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-03-01 15:26 - 2016-02-23 03:24 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-03-01 15:26 - 2016-02-23 03:22 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-03-01 15:26 - 2016-02-23 03:17 - 02635264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-03-01 15:26 - 2016-02-23 03:14 - 00990720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-03-01 15:26 - 2016-02-23 03:11 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-03-01 15:26 - 2016-02-23 02:59 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-03-01 15:26 - 2016-02-23 02:56 - 04412928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-03-01 15:26 - 2016-02-23 02:55 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-03-01 15:26 - 2016-02-23 02:55 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-03-01 15:26 - 2016-02-23 02:53 - 01799168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-03-01 15:26 - 2016-02-23 02:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-03-01 15:26 - 2016-02-23 02:50 - 09919488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-03-01 15:26 - 2016-02-23 02:42 - 03425792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-03-01 15:26 - 2016-02-23 02:41 - 02912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2016-03-01 15:26 - 2016-02-23 02:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-03-01 15:26 - 2016-02-23 02:39 - 02581504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-03-01 15:26 - 2016-02-23 02:36 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-03-01 15:26 - 2016-02-23 02:36 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-03-01 15:26 - 2016-02-23 02:35 - 07533568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-03-01 15:26 - 2016-02-23 02:33 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2016-03-01 15:26 - 2016-02-23 02:32 - 02793472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-03-01 15:26 - 2016-02-23 02:30 - 02061312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-03-01 15:26 - 2016-02-23 02:28 - 06740992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-03-01 15:26 - 2016-02-08 23:24 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-03-01 15:26 - 2016-02-08 23:07 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-03-01 15:26 - 2016-02-08 23:04 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-03-01 15:25 - 2016-02-23 07:29 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-03-01 15:25 - 2016-02-23 07:29 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-03-01 15:25 - 2016-02-23 07:27 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-03-01 15:25 - 2016-02-23 07:25 - 00563552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2016-03-01 15:25 - 2016-02-23 07:15 - 00779384 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2016-03-01 15:25 - 2016-02-23 07:08 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-03-01 15:25 - 2016-02-23 06:33 - 00389992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-03-01 15:25 - 2016-02-23 06:32 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-03-01 15:25 - 2016-02-23 06:32 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-03-01 15:25 - 2016-02-23 06:31 - 00476728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2016-03-01 15:25 - 2016-02-23 06:31 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-03-01 15:25 - 2016-02-23 06:22 - 00572272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2016-03-01 15:25 - 2016-02-23 06:17 - 00146272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2016-03-01 15:25 - 2016-02-23 05:40 - 00430944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-03-01 15:25 - 2016-02-23 05:38 - 00450912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-03-01 15:25 - 2016-02-23 05:38 - 00420928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2016-03-01 15:25 - 2016-02-23 05:25 - 00534368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-03-01 15:25 - 2016-02-23 05:20 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-03-01 15:25 - 2016-02-23 05:19 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-03-01 15:25 - 2016-02-23 05:12 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\provpackageapidll.dll
2016-03-01 15:25 - 2016-02-23 05:10 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
2016-03-01 15:25 - 2016-02-23 05:07 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-03-01 15:25 - 2016-02-23 05:07 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2016-03-01 15:25 - 2016-02-23 05:06 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2016-03-01 15:25 - 2016-02-23 05:01 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2016-03-01 15:25 - 2016-02-23 05:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-03-01 15:25 - 2016-02-23 05:00 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2016-03-01 15:25 - 2016-02-23 04:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-03-01 15:25 - 2016-02-23 04:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-03-01 15:25 - 2016-02-23 04:58 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\irmon.dll
2016-03-01 15:25 - 2016-02-23 04:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-03-01 15:25 - 2016-02-23 04:55 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2016-03-01 15:25 - 2016-02-23 04:53 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2016-03-01 15:25 - 2016-02-23 04:53 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-03-01 15:25 - 2016-02-23 04:52 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-03-01 15:25 - 2016-02-23 04:50 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-03-01 15:25 - 2016-02-23 04:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-03-01 15:25 - 2016-02-23 04:48 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerClient.dll
2016-03-01 15:25 - 2016-02-23 04:40 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-03-01 15:25 - 2016-02-23 04:39 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2016-03-01 15:25 - 2016-02-23 04:38 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2016-03-01 15:25 - 2016-02-23 04:38 - 00287712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2016-03-01 15:25 - 2016-02-23 04:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-03-01 15:25 - 2016-02-23 04:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-03-01 15:25 - 2016-02-23 04:37 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-03-01 15:25 - 2016-02-23 04:34 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2016-03-01 15:25 - 2016-02-23 04:34 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2016-03-01 15:25 - 2016-02-23 04:33 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-03-01 15:25 - 2016-02-23 04:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-03-01 15:25 - 2016-02-23 04:31 - 00463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2016-03-01 15:25 - 2016-02-23 04:28 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-03-01 15:25 - 2016-02-23 04:26 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2016-03-01 15:25 - 2016-02-23 04:23 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2016-03-01 15:25 - 2016-02-23 04:22 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2016-03-01 15:25 - 2016-02-23 04:20 - 00847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2016-03-01 15:25 - 2016-02-23 04:20 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-03-01 15:25 - 2016-02-23 04:19 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2016-03-01 15:25 - 2016-02-23 04:18 - 00557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-03-01 15:25 - 2016-02-23 04:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-03-01 15:25 - 2016-02-23 04:11 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-03-01 15:25 - 2016-02-23 04:06 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-03-01 15:25 - 2016-02-23 04:06 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-03-01 15:25 - 2016-02-23 04:05 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-03-01 15:25 - 2016-02-23 04:04 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-03-01 15:25 - 2016-02-23 04:02 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2016-03-01 15:25 - 2016-02-23 04:02 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-03-01 15:25 - 2016-02-23 03:58 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-03-01 15:25 - 2016-02-23 03:58 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-03-01 15:25 - 2016-02-23 03:58 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-03-01 15:25 - 2016-02-23 03:57 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TimeBrokerClient.dll
2016-03-01 15:25 - 2016-02-23 03:52 - 00456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-03-01 15:25 - 2016-02-23 03:50 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2016-03-01 15:25 - 2016-02-23 03:49 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-03-01 15:25 - 2016-02-23 03:48 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2016-03-01 15:25 - 2016-02-23 03:47 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2016-03-01 15:25 - 2016-02-23 03:38 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2016-03-01 15:25 - 2016-02-23 03:37 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2016-03-01 15:25 - 2016-02-23 03:36 - 00713728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2016-03-01 15:25 - 2016-02-23 03:36 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-03-01 15:25 - 2016-02-23 03:36 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-03-01 15:25 - 2016-02-23 03:35 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2016-03-01 15:25 - 2016-02-23 03:29 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-03-01 15:25 - 2016-02-23 03:28 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-03-01 15:25 - 2016-02-23 03:28 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-03-01 15:25 - 2016-02-23 03:24 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2016-03-01 15:25 - 2016-02-23 03:21 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-03-01 15:25 - 2016-02-23 03:21 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-03-01 15:25 - 2016-02-23 03:20 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-03-01 15:25 - 2016-02-23 03:05 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-03-01 15:25 - 2016-02-23 03:01 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2016-03-01 15:25 - 2016-02-23 02:58 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-03-01 15:25 - 2016-02-23 02:51 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-03-01 15:25 - 2016-02-09 00:28 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-03-01 15:25 - 2016-02-09 00:13 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-03-01 15:25 - 2016-02-08 23:18 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2016-03-01 15:25 - 2016-02-08 23:18 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2016-03-01 15:25 - 2016-02-08 23:07 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-03-01 11:01 - 2016-03-02 17:23 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Remove and Reinstall
2016-03-01 10:42 - 2008-04-13 20:12 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\winhlp32.exe
2016-03-01 00:44 - 2016-03-02 17:45 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2016-03-01 00:44 - 2016-03-01 00:44 - 00000000 ____D C:\Program Files\Common Files\AV
2016-02-29 20:17 - 2016-02-29 20:17 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-02-29 18:29 - 2016-02-29 18:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinCDEmu
2016-02-29 18:29 - 2016-02-29 18:29 - 00000000 ____D C:\Program Files (x86)\WinCDEmu
2016-02-29 13:19 - 2016-02-29 13:19 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2016-02-28 19:05 - 2016-02-28 19:05 - 00003266 _____ C:\WINDOWS\System32\Tasks\SidebarExecute
2016-02-28 18:49 - 2016-02-28 19:00 - 00000000 ___DC C:\WINDOWS\Panther
2016-02-28 18:47 - 2016-02-28 18:47 - 00000000 ____D C:\Windows.old
2016-02-28 18:46 - 2016-02-28 18:46 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 05503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 04502352 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-02-28 18:46 - 2016-02-28 18:46 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-02-28 18:46 - 2016-02-28 18:46 - 03993600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 03355136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 02843136 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2016-02-28 18:46 - 2016-02-28 18:46 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2016-02-28 18:46 - 2016-02-28 18:46 - 02680320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 02606824 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 02587696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 02155008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-02-28 18:46 - 2016-02-28 18:46 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-02-28 18:46 - 2016-02-28 18:46 - 02026736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 02001408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 01860096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 01814528 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 01804664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2016-02-28 18:46 - 2016-02-28 18:46 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 01648640 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 01594408 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-02-28 18:46 - 2016-02-28 18:46 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-02-28 18:46 - 2016-02-28 18:46 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 01371792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 01309376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 01281376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 01270072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-02-28 18:46 - 2016-02-28 18:46 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 01092456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 01089880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-02-28 18:46 - 2016-02-28 18:46 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-02-28 18:46 - 2016-02-28 18:46 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 01042432 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 01035776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 01009152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-02-28 18:46 - 2016-02-28 18:46 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00973664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00931328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
2016-02-28 18:46 - 2016-02-28 18:46 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00911648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00900608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-02-28 18:46 - 2016-02-28 18:46 - 00884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00871936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2016-02-28 18:46 - 2016-02-28 18:46 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00858952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00803840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00786696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-02-28 18:46 - 2016-02-28 18:46 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00701384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00698208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-02-28 18:46 - 2016-02-28 18:46 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00683008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00675064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00671472 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00644096 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-02-28 18:46 - 2016-02-28 18:46 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00586208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00586080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-02-28 18:46 - 2016-02-28 18:46 - 00578912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2016-02-28 18:46 - 2016-02-28 18:46 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00558592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00526856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00523616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2016-02-28 18:46 - 2016-02-28 18:46 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00515584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00511320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00499432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00462760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00454056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00440152 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-02-28 18:46 - 2016-02-28 18:46 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00412512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-02-28 18:46 - 2016-02-28 18:46 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00337840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-02-28 18:46 - 2016-02-28 18:46 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-02-28 18:46 - 2016-02-28 18:46 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-02-28 18:46 - 2016-02-28 18:46 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00292352 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00289248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00264544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00264192 _____ (Nokia) C:\WINDOWS\system32\NmaDirect.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00260608 _____ C:\WINDOWS\system32\MTFServer.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00245840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-02-28 18:46 - 2016-02-28 18:46 - 00234504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-02-28 18:46 - 2016-02-28 18:46 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00208176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00205824 _____ (Nokia) C:\WINDOWS\SysWOW64\NmaDirect.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-AppModelExecEvents.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassam.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00202472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityCommon.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-02-28 18:46 - 2016-02-28 18:46 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-02-28 18:46 - 2016-02-28 18:46 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2016-02-28 18:46 - 2016-02-28 18:46 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2016-02-28 18:46 - 2016-02-28 18:46 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2016-02-28 18:46 - 2016-02-28 18:46 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-02-28 18:46 - 2016-02-28 18:46 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-02-28 18:46 - 2016-02-28 18:46 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ETWCoreUIComponentsResources.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ETWCoreUIComponentsResources.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
2016-02-28 18:46 - 2016-02-28 18:46 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ProximityCommon.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00119320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-02-28 18:46 - 2016-02-28 18:46 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2016-02-28 18:46 - 2016-02-28 18:46 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys
2016-02-28 18:46 - 2016-02-28 18:46 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-02-28 18:46 - 2016-02-28 18:46 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MapControls.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00110032 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00100160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-02-28 18:46 - 2016-02-28 18:46 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2016-02-28 18:46 - 2016-02-28 18:46 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbio.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00088392 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00085320 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
2016-02-28 18:46 - 2016-02-28 18:46 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe
2016-02-28 18:46 - 2016-02-28 18:46 - 00080600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwapi.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMSRoamingSecurity.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.XboxLive.ProxyStub.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssign32.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00073360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManagerProxy.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-02-28 18:46 - 2016-02-28 18:46 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ihvrilproxy.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00063528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wwapi.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssign32.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosResource.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosResource.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2016-02-28 18:46 - 2016-02-28 18:46 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\rilproxy.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-02-28 18:46 - 2016-02-28 18:46 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wwanpref.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00051680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsUtilsV2.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2016-02-28 18:46 - 2016-02-28 18:46 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsplib.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.proxy.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2016-02-28 18:46 - 2016-02-28 18:46 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\BackgroundTransferHost.exe
2016-02-28 18:46 - 2016-02-28 18:46 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCoreRes.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCoreRes.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00035680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wimmount.sys
2016-02-28 18:46 - 2016-02-28 18:46 - 00035656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2016-02-28 18:46 - 2016-02-28 18:46 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe
2016-02-28 18:46 - 2016-02-28 18:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00032040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe
2016-02-28 18:46 - 2016-02-28 18:46 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringconfigsp.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.proxy.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-02-28 18:46 - 2016-02-28 18:46 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
2016-02-28 18:46 - 2016-02-28 18:46 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshrm.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe
2016-02-28 18:46 - 2016-02-28 18:46 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\IcsEntitlementHost.exe
2016-02-28 18:46 - 2016-02-28 18:46 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosTrace.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosHost.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\readingviewresources.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlStringsRes.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlStringsRes.dll
2016-02-28 18:46 - 2016-02-28 18:46 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2016-02-28 18:37 - 2016-02-28 18:37 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-02-28 18:35 - 2016-02-28 18:35 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2016-02-28 18:35 - 2016-02-28 18:35 - 00000000 ____D C:\WINDOWS\system32\msmq
2016-02-28 18:35 - 2016-02-28 18:35 - 00000000 ____D C:\WINDOWS\system32\BestPractices
2016-02-28 18:35 - 2016-02-28 18:35 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-02-28 18:35 - 2016-02-28 18:35 - 00000000 ____D C:\Program Files\MSBuild
2016-02-28 18:35 - 2016-02-28 18:35 - 00000000 ____D C:\Program Files\Hyper-V
2016-02-28 18:35 - 2016-02-28 18:35 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-02-28 18:35 - 2016-02-28 18:35 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-02-28 18:35 - 2016-02-28 18:35 - 00000000 ____D C:\inetpub
2016-02-28 18:34 - 2015-10-23 21:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2016-02-28 18:34 - 2015-10-23 21:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-02-28 18:34 - 2015-10-23 21:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2016-02-28 18:34 - 2015-10-23 21:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2016-02-28 18:34 - 2015-10-23 21:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2016-02-28 18:34 - 2015-10-23 21:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-02-28 16:48 - 2016-02-28 16:48 - 00001844 __RSH C:\ProgramData\ntuser.pol
2016-02-28 16:34 - 2016-02-28 16:34 - 00000020 ___SH C:\Users\Bill Pierce\ntuser.ini
2016-02-28 16:34 - 2016-02-28 16:34 - 00000000 _SHDL C:\Users\Default\My Documents
2016-02-28 16:34 - 2016-02-28 16:34 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2016-02-28 16:34 - 2016-02-28 16:34 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2016-02-28 16:34 - 2016-02-28 16:34 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2016-02-28 16:34 - 2016-02-28 16:34 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2016-02-28 16:34 - 2016-02-28 16:34 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2016-02-28 16:34 - 2016-02-28 16:34 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2016-02-28 16:28 - 2016-03-13 07:47 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-28 16:14 - 2016-02-28 16:14 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-02-28 16:14 - 2016-02-28 16:14 - 00000000 ____D C:\Users\Default\AppData\Roaming\Trusteer
2016-02-28 16:14 - 2016-02-28 16:14 - 00000000 ____D C:\Users\Default\AppData\Roaming\Media Center Programs
2016-02-28 16:14 - 2016-02-28 16:14 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2016-02-28 16:14 - 2016-02-28 16:14 - 00000000 ____D C:\Users\Default\AppData\Roaming\Garmin
2016-02-28 16:14 - 2016-02-28 16:14 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2016-02-28 16:14 - 2016-02-28 16:14 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2016-02-28 16:14 - 2016-02-28 16:14 - 00000000 ____D C:\Users\Default\AppData\Local\Garmin_Ltd._or_its_subsid
2016-02-28 16:14 - 2016-02-28 16:14 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Trusteer
2016-02-28 16:14 - 2016-02-28 16:14 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Media Center Programs
2016-02-28 16:14 - 2016-02-28 16:14 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2016-02-28 16:14 - 2016-02-28 16:14 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Garmin
2016-02-28 16:14 - 2016-02-28 16:14 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2016-02-28 16:14 - 2016-02-28 16:14 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2016-02-28 16:14 - 2016-02-28 16:14 - 00000000 ____D C:\Users\Default User\AppData\Local\Garmin_Ltd._or_its_subsid
2016-02-28 16:08 - 2016-02-28 16:08 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2016-02-28 16:07 - 2016-02-28 16:07 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2016-02-28 16:05 - 2016-03-13 03:05 - 00000000 ____D C:\Users\Bill Pierce
2016-02-28 16:05 - 2016-02-28 16:05 - 00000000 _SHDL C:\Users\Bill Pierce\My Documents
2016-02-28 16:05 - 2016-02-28 16:05 - 00000000 _SHDL C:\Users\Bill Pierce\Documents\My Videos
2016-02-28 16:05 - 2016-02-28 16:05 - 00000000 _SHDL C:\Users\Bill Pierce\Documents\My Pictures
2016-02-28 16:05 - 2016-02-28 16:05 - 00000000 _SHDL C:\Users\Bill Pierce\Documents\My Music
2016-02-28 16:04 - 2016-03-13 07:54 - 00007248 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-28 16:04 - 2016-03-11 08:25 - 00000000 ____D C:\Users\DefaultAppPool
2016-02-28 16:04 - 2016-02-28 16:04 - 00965390 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2016-02-28 16:04 - 2016-02-28 16:04 - 00000000 _SHDL C:\Users\DefaultAppPool\My Documents
2016-02-28 16:04 - 2016-02-28 16:04 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Videos
2016-02-28 16:04 - 2016-02-28 16:04 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Pictures
2016-02-28 16:04 - 2016-02-28 16:04 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Music
2016-02-28 16:02 - 2016-03-13 07:47 - 00000000 ____D C:\ProgramData\NVIDIA
2016-02-28 16:02 - 2016-02-28 16:02 - 00000000 ____D C:\Program Files\LSI SoftModem
2016-02-28 16:02 - 2015-10-13 13:26 - 06783280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-02-28 16:02 - 2015-10-13 13:26 - 03522168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-02-28 16:02 - 2015-10-13 13:26 - 02557616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-02-28 16:02 - 2015-10-13 13:26 - 00933168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2016-02-28 16:02 - 2015-10-13 13:26 - 00384176 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-02-28 16:02 - 2015-10-13 13:26 - 00062584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-02-28 16:02 - 2015-10-13 12:19 - 05972783 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-02-28 16:01 - 2016-02-28 16:08 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-02-28 16:01 - 2016-02-28 16:08 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-02-28 16:01 - 2016-02-28 16:01 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2016-02-28 16:01 - 2016-02-28 16:01 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2016-02-28 16:01 - 2016-02-28 16:01 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf
2016-02-28 16:01 - 2016-02-28 16:01 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-02-28 16:01 - 2016-02-28 16:01 - 00000000 ____D C:\Program Files\Realtek
2016-02-28 15:59 - 2015-10-30 03:17 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2016-02-28 15:56 - 2016-03-12 19:11 - 00413072 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-02-28 14:56 - 2016-02-28 15:19 - 00000000 ___HD C:\$WINDOWS.~BT
2016-02-17 18:23 - 2016-02-17 18:23 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-02-17 17:04 - 2016-02-28 16:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-02-17 16:48 - 2016-02-17 16:48 - 00000000 ___HD C:\$Windows.~WS
2016-02-17 10:58 - 2016-02-17 10:58 - 00000000 _____ C:\WINDOWS\exctrlst.INI
2016-02-17 10:53 - 2016-02-17 10:53 - 00000000 ____D C:\Program Files (x86)\Resource Kit
2016-02-13 08:13 - 2016-02-13 08:13 - 00000000 _____ C:\Users\Bill Pierce\s-1-5-21-2422629387-1192540806-1023300286-1001.rrr

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-13 16:27 - 2015-07-03 10:17 - 00000930 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-03-13 16:27 - 2015-07-03 10:17 - 00000926 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-03-13 16:11 - 2012-11-20 16:43 - 00000000 ____D C:\Users\Bill Pierce\VMLites
2016-03-13 15:41 - 2016-02-02 06:36 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-13 12:59 - 2015-10-02 12:59 - 00000300 _____ C:\WINDOWS\Tasks\RtlNetworkGenieVistaStart.job
2016-03-13 11:16 - 2015-07-31 17:33 - 00004160 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4F5BA495-7B5F-4090-8115-48E648263666}
2016-03-13 11:00 - 2015-09-23 15:42 - 00000000 ____D C:\Users\Bill Pierce\AppData\LocalLow\Adblock Plus for IE
2016-03-13 10:33 - 2013-06-19 14:18 - 00000000 ____D C:\Program Files (x86)\PhoneTray
2016-03-13 07:52 - 2015-07-03 10:23 - 00000000 ___RD C:\Users\Bill Pierce\Dropbox
2016-03-13 07:52 - 2015-07-03 10:17 - 00000000 ____D C:\Users\Bill Pierce\AppData\Local\Dropbox
2016-03-13 07:51 - 2015-07-31 13:06 - 00000000 ___RD C:\Users\Bill Pierce\OneDrive
2016-03-13 07:49 - 2016-02-02 06:36 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-13 07:49 - 2015-09-15 22:24 - 00000000 ____D C:\Program Files (x86)\DoNotTrackMe
2016-03-13 07:48 - 2013-10-17 10:14 - 00000000 ____D C:\Users\Public\Documents\PhoneTray
2016-03-13 07:38 - 2012-11-30 04:16 - 00000000 ____D C:\Users\Bill Pierce\AppData\Roaming\Norton Utilities 16
2016-03-13 07:38 - 2009-09-09 00:04 - 00000000 ____D C:\ProgramData\TEMP
2016-03-13 00:50 - 2009-07-26 22:48 - 00000000 ____D C:\Users\Bill Pierce\AppData\Local\CrashDumps
2016-03-13 00:33 - 2015-10-30 02:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-03-12 23:20 - 2015-01-15 14:19 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-03-12 19:06 - 2014-05-15 11:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
2016-03-12 19:06 - 2014-05-15 10:48 - 00000000 ____D C:\MSI
2016-03-12 18:50 - 2009-06-01 12:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-03-12 11:50 - 2015-10-30 03:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-03-12 11:41 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-03-12 09:55 - 2009-10-26 16:34 - 00000000 ____D C:\Program Files (x86)\IrfanView
2016-03-12 09:54 - 2015-10-30 03:24 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-03-12 09:14 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-03-11 11:51 - 2010-01-15 12:25 - 00000000 ____D C:\Users\Bill Pierce\AppData\Roaming\uTorrent
2016-03-11 09:09 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2016-03-11 09:09 - 2013-06-03 14:20 - 00000000 ____D C:\ProgramData\Research In Motion
2016-03-11 09:09 - 2013-06-03 14:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackBerry
2016-03-11 09:09 - 2013-06-03 14:20 - 00000000 ____D C:\Program Files (x86)\Research In Motion
2016-03-11 08:43 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-11 08:41 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-11 08:41 - 2015-06-11 09:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-03-11 08:25 - 2015-10-30 02:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-03-11 08:25 - 2011-10-18 21:11 - 00000000 ____D C:\Users\Bill Pierce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2016-03-11 08:24 - 2009-05-26 11:40 - 00000000 ____D C:\ProgramData\Norton
2016-03-11 08:19 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\registration
2016-03-11 08:18 - 2012-11-19 14:39 - 00000000 ____D C:\Users\Bill Pierce\AppData\Local\Packages
2016-03-11 08:18 - 2011-10-18 21:11 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2016-03-11 08:18 - 2010-06-15 13:09 - 00000000 ____D C:\Users\Bill Pierce\AppData\Local\Apple
2016-03-08 19:59 - 2009-08-12 07:41 - 00189440 ___SH C:\Users\Bill Pierce\Documents\Thumbs.db
2016-03-08 15:32 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-03-08 15:32 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-03-08 15:32 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-03-08 15:32 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-03-08 14:52 - 2013-07-09 15:58 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-03-08 14:47 - 2010-03-09 15:26 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-03-06 17:26 - 2010-10-09 15:24 - 00000000 ____D C:\Users\Bill Pierce\AppData\Local\ElevatedDiagnostics
2016-03-06 17:11 - 2015-10-30 02:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-03-04 09:08 - 2012-07-28 22:54 - 00013312 _____ C:\Users\Bill Pierce\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-03-03 10:13 - 2009-05-26 17:41 - 00000000 ____D C:\ProgramData\Symantec
2016-03-02 22:55 - 2015-10-30 03:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-03-02 17:41 - 2015-08-10 00:19 - 00000000 ____D C:\WINDOWS\system32\Drivers\NSx64
2016-03-02 17:36 - 2009-09-16 22:24 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
2016-03-02 17:21 - 2015-08-10 00:20 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2016-03-02 16:52 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\rescache
2016-03-01 15:48 - 2012-12-05 18:50 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-03-01 15:43 - 2015-10-30 05:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-03-01 15:43 - 2015-10-30 03:24 - 00000000 __RSD C:\WINDOWS\Media
2016-03-01 15:43 - 2015-10-30 03:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-03-01 15:43 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-03-01 15:43 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-03-01 15:43 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-03-01 15:43 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-03-01 15:43 - 2015-10-30 02:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-03-01 15:43 - 2015-10-30 02:28 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-03-01 10:48 - 2015-11-17 15:08 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-02-29 23:22 - 2016-02-06 00:56 - 00000000 ____D C:\Users\Bill Pierce\Documents\2015USTaxes
2016-02-29 04:16 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\appcompat
2016-02-28 19:11 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Windows Sidebar
2016-02-28 19:11 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2016-02-28 18:49 - 2015-10-30 03:24 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-02-28 18:47 - 2015-10-30 03:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-02-28 18:47 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2016-02-28 18:47 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-02-28 18:47 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-02-28 18:42 - 2015-10-30 05:03 - 00000000 ____D C:\WINDOWS\OCR
2016-02-28 18:41 - 2015-10-30 03:24 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2016-02-28 18:41 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2016-02-28 18:41 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-02-28 18:41 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\IME
2016-02-28 18:41 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Windows Defender
2016-02-28 18:41 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-02-28 18:41 - 2015-10-30 02:28 - 00000000 ____D C:\WINDOWS\servicing
2016-02-28 18:35 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2016-02-28 18:35 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2016-02-28 18:35 - 2015-10-30 03:19 - 01140224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Windows.Smc.dll
2016-02-28 18:35 - 2015-10-30 03:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll
2016-02-28 18:35 - 2015-10-30 03:19 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.dll
2016-02-28 18:35 - 2015-10-30 03:19 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2016-02-28 18:35 - 2015-10-30 03:19 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.tlb
2016-02-28 18:35 - 2015-10-30 03:19 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa30.tlb
2016-02-28 18:35 - 2015-10-30 03:19 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDRCWSProxy.DLL
2016-02-28 18:35 - 2015-10-30 03:19 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDEWSProxy.DLL
2016-02-28 18:35 - 2015-10-30 03:19 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa20.tlb
2016-02-28 18:35 - 2015-10-30 03:19 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2016-02-28 18:35 - 2015-10-30 03:19 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa10.tlb
2016-02-28 18:35 - 2015-10-30 03:19 - 00033614 _____ C:\WINDOWS\system32\ScanManagement.msc
2016-02-28 18:35 - 2015-10-30 03:19 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2016-02-28 18:35 - 2015-10-30 03:19 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2016-02-28 18:35 - 2015-10-30 03:19 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll
2016-02-28 18:35 - 2015-10-30 03:19 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2016-02-28 18:35 - 2015-10-30 03:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2016-02-28 18:35 - 2015-10-30 03:19 - 00009096 _____ C:\WINDOWS\SysWOW64\msmqtrc.mof
2016-02-28 18:35 - 2015-10-30 03:18 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll
2016-02-28 18:35 - 2015-10-30 03:18 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmconnect.exe
2016-02-28 18:35 - 2015-10-30 03:18 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll
2016-02-28 18:35 - 2015-10-30 03:18 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2016-02-28 18:35 - 2015-10-30 03:18 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys
2016-02-28 18:35 - 2015-10-30 03:18 - 00144967 _____ C:\WINDOWS\system32\virtmgmt.msc
2016-02-28 18:35 - 2015-10-30 03:18 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll
2016-02-28 18:35 - 2015-10-30 03:18 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2016-02-28 18:35 - 2015-10-30 03:18 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2016-02-28 18:35 - 2015-10-30 03:18 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2016-02-28 18:35 - 2015-10-30 03:18 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2016-02-28 18:35 - 2015-10-30 03:18 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2016-02-28 18:34 - 2015-10-30 03:19 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqutil.dll
2016-02-28 18:34 - 2015-10-30 03:19 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMCNative.dll
2016-02-28 18:34 - 2015-10-30 03:19 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SMCNative.dll
2016-02-28 18:34 - 2015-10-30 03:19 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqrt.dll
2016-02-28 18:34 - 2015-10-30 03:19 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDEWSProxy.DLL
2016-02-28 18:34 - 2015-10-30 03:19 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDRCWSProxy.DLL
2016-02-28 18:34 - 2015-10-30 03:18 - 01417728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
2016-02-28 18:34 - 2015-10-30 03:18 - 00813056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll
2016-02-28 18:34 - 2015-10-30 03:18 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.dll
2016-02-28 18:34 - 2015-10-30 03:18 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteFileBrowse.dll
2016-02-28 18:34 - 2015-10-30 03:18 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb
2016-02-28 18:34 - 2015-10-30 03:18 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb
2016-02-28 18:34 - 2015-10-30 03:18 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb
2016-02-28 18:34 - 2015-10-30 03:18 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe
2016-02-28 18:34 - 2015-10-30 03:18 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb
2016-02-28 18:34 - 2015-10-30 03:18 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
2016-02-28 18:34 - 2015-10-30 03:18 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll
2016-02-28 18:34 - 2015-10-30 03:18 - 00009096 _____ C:\WINDOWS\system32\msmqtrc.mof
2016-02-28 16:51 - 2015-10-30 03:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2016-02-28 16:39 - 2015-10-30 03:24 - 00000000 __RHD C:\Users\Public\Libraries
2016-02-28 16:36 - 2015-10-30 03:24 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-02-28 16:36 - 2015-10-30 03:24 - 00000000 ___RD C:\WINDOWS\MiracastView
2016-02-28 16:36 - 2015-10-30 03:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-02-28 16:33 - 2013-10-17 09:58 - 00013338 _____ C:\WINDOWS\diagwrn.xml
2016-02-28 16:33 - 2013-10-17 09:58 - 00013338 _____ C:\WINDOWS\diagerr.xml
2016-02-28 16:29 - 2015-07-03 10:17 - 00003466 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2016-02-28 16:29 - 2012-11-26 23:52 - 00002230 _____ C:\WINDOWS\System32\Tasks\{B0244296-106F-4D0B-A9DC-1BDF2A003F1A}
2016-02-28 16:29 - 2012-03-07 23:56 - 00002306 _____ C:\WINDOWS\System32\Tasks\{92A20A3C-BB16-48F7-87B1-8C3AD640E668}
2016-02-28 16:29 - 2012-02-26 18:59 - 00002474 _____ C:\WINDOWS\System32\Tasks\{F9A6D05F-0CA8-4A70-A6C5-CEF5DCCC0517}
2016-02-28 16:29 - 2010-01-17 10:46 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2016-02-28 16:29 - 2009-06-01 07:46 - 00002500 _____ C:\WINDOWS\System32\Tasks\{5161C6E5-8716-470C-A7BA-A53536A77D00}
2016-02-28 16:29 - 2009-05-31 07:28 - 00002474 _____ C:\WINDOWS\System32\Tasks\{11BD38B9-952A-4A3D-82E7-02177D8C6368}
2016-02-28 16:28 - 2016-02-02 05:13 - 00002702 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask
2016-02-28 16:28 - 2016-01-14 18:24 - 00002954 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-02-28 16:28 - 2015-11-12 01:05 - 00002110 _____ C:\WINDOWS\System32\Tasks\USER_ESRV_SVC_WILLAMETTE
2016-02-28 16:28 - 2015-10-02 12:59 - 00002596 _____ C:\WINDOWS\System32\Tasks\RtlNetworkGenieVistaStart
2016-02-28 16:28 - 2015-07-03 10:17 - 00003238 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2016-02-28 16:28 - 2014-04-13 09:46 - 00002420 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2016-02-28 16:28 - 2014-04-13 09:46 - 00002394 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2016-02-28 16:28 - 2014-04-13 09:46 - 00002392 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2016-02-28 16:28 - 2014-04-13 09:46 - 00002378 _____ C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2016-02-28 16:28 - 2014-04-13 09:46 - 00002376 _____ C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2016-02-28 16:28 - 2013-10-01 18:47 - 00002284 _____ C:\WINDOWS\System32\Tasks\{85D6C398-880E-46AA-8865-29AE6A9AAB12}
2016-02-28 16:28 - 2013-06-28 15:38 - 00002496 _____ C:\WINDOWS\System32\Tasks\{EC2449BD-1D10-44A2-BF0E-E6CA3F2E20D5}
2016-02-28 16:28 - 2012-11-26 23:52 - 00002230 _____ C:\WINDOWS\System32\Tasks\{99E02DFE-AB3C-433C-9A21-C5478CC9EA1B}
2016-02-28 16:28 - 2012-11-26 23:51 - 00002290 _____ C:\WINDOWS\System32\Tasks\{673FCEC9-C906-419C-A7FE-F917C5A54391}
2016-02-28 16:28 - 2012-11-26 23:49 - 00002230 _____ C:\WINDOWS\System32\Tasks\{A37C957F-2DA0-4674-93AC-042AC1011B5C}
2016-02-28 16:28 - 2012-11-26 23:49 - 00002230 _____ C:\WINDOWS\System32\Tasks\{2076E5D0-40B1-47E9-9BF0-92D993376E48}
2016-02-28 16:28 - 2012-11-19 14:46 - 00002940 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2422629387-1192540806-1023300286-1001
2016-02-28 16:28 - 2012-08-02 08:26 - 00002302 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe
2016-02-28 16:28 - 2012-04-10 20:24 - 00002290 _____ C:\WINDOWS\System32\Tasks\{8B819B5F-817A-43A4-BEE5-F32E5DDB3E1F}
2016-02-28 16:28 - 2012-03-08 11:39 - 00002444 _____ C:\WINDOWS\System32\Tasks\{925F4877-50AA-4C16-BB11-8FDEB1BC13D5}
2016-02-28 16:28 - 2012-03-08 00:15 - 00002454 _____ C:\WINDOWS\System32\Tasks\{06C4C5B1-E542-4491-9095-DA347EBE0E63}
2016-02-28 16:28 - 2012-03-08 00:14 - 00002306 _____ C:\WINDOWS\System32\Tasks\{B96F3914-91FB-45F5-80DA-CAD3B29B7B9A}
2016-02-28 16:28 - 2012-03-07 23:58 - 00002368 _____ C:\WINDOWS\System32\Tasks\{6BBC2489-F6BA-49F1-8589-9FE43DBE816F}
2016-02-28 16:28 - 2011-08-26 07:43 - 00002848 _____ C:\WINDOWS\System32\Tasks\Ad-Aware Update (Weekly)
2016-02-28 16:28 - 2011-05-02 14:38 - 00002446 _____ C:\WINDOWS\System32\Tasks\{55C5439E-22A8-43EE-98ED-608E90607E83}
2016-02-28 16:28 - 2011-04-13 17:51 - 00002282 _____ C:\WINDOWS\System32\Tasks\{CD9CC6C6-EECB-4B53-B03B-A88A9FE4D5C4}
2016-02-28 16:28 - 2011-04-13 14:58 - 00002284 _____ C:\WINDOWS\System32\Tasks\{AD25BAE5-5BF3-44F2-93F9-DD14EA5BA378}
2016-02-28 16:28 - 2011-04-01 15:47 - 00002460 _____ C:\WINDOWS\System32\Tasks\{52705735-45C3-465C-A9E9-838A335E36D5}
2016-02-28 16:28 - 2010-12-26 21:21 - 00002388 _____ C:\WINDOWS\System32\Tasks\{2C222F8B-8655-4596-BC43-9E00CA27605A}
2016-02-28 16:28 - 2010-12-26 21:16 - 00002328 _____ C:\WINDOWS\System32\Tasks\{9A1A3A8A-9C95-484A-BF10-D5DE70BEEDD0}
2016-02-28 16:28 - 2010-12-26 21:12 - 00002474 _____ C:\WINDOWS\System32\Tasks\{4D435EF2-D173-4941-9489-97612D7FA77E}
2016-02-28 16:28 - 2010-10-04 22:29 - 00002264 _____ C:\WINDOWS\System32\Tasks\{1522B97A-7AFB-4E52-BC3E-B2D53B1A058B}
2016-02-28 16:28 - 2010-10-04 21:01 - 00002324 _____ C:\WINDOWS\System32\Tasks\{3E99A261-2581-48C4-A590-F43E9B5E2E19}
2016-02-28 16:28 - 2010-10-04 15:54 - 00002326 _____ C:\WINDOWS\System32\Tasks\{559FBC8A-2500-4990-A579-D11EBDAFA1D6}
2016-02-28 16:28 - 2010-08-03 22:28 - 00002486 _____ C:\WINDOWS\System32\Tasks\{B8F41E86-FA35-4B20-8641-AD0113A7B6ED}
2016-02-28 16:28 - 2010-06-08 13:23 - 00002282 _____ C:\WINDOWS\System32\Tasks\{5064A034-C19B-470A-BF97-52F41E3EF2CD}
2016-02-28 16:28 - 2010-06-08 08:55 - 00002350 _____ C:\WINDOWS\System32\Tasks\{6357106F-E86E-4551-888E-D296629E7AD9}
2016-02-28 16:28 - 2010-06-01 08:50 - 00002336 _____ C:\WINDOWS\System32\Tasks\{F51332D8-0A84-4473-B9DA-294F0E951D8D}
2016-02-28 16:28 - 2010-06-01 08:10 - 00002310 _____ C:\WINDOWS\System32\Tasks\{1D0115F3-7EB5-4628-87F5-0FB1E32A8124}
2016-02-28 16:28 - 2010-04-20 08:36 - 00002376 _____ C:\WINDOWS\System32\Tasks\{601A886E-ED48-47AC-A953-0EE44CEFE50F}
2016-02-28 16:28 - 2010-03-13 11:33 - 00002380 _____ C:\WINDOWS\System32\Tasks\{22A0722E-C7B8-44D0-85C1-5B583665CFA3}
2016-02-28 16:28 - 2010-03-13 11:19 - 00002346 _____ C:\WINDOWS\System32\Tasks\{90D5C0A6-FCED-4E73-955A-83053C6860F5}
2016-02-28 16:28 - 2010-03-09 14:06 - 00002522 _____ C:\WINDOWS\System32\Tasks\{F6B21D2B-64F6-4C32-9274-CF99C90CF777}
2016-02-28 16:28 - 2010-03-09 12:15 - 00002522 _____ C:\WINDOWS\System32\Tasks\{DBAEC886-D4B6-4EE9-8173-208B808B650B}
2016-02-28 16:28 - 2010-02-19 16:09 - 00002500 _____ C:\WINDOWS\System32\Tasks\{B6819DEC-8F43-4204-8D2D-4004204CD20F}
2016-02-28 16:28 - 2010-01-13 13:43 - 00002434 _____ C:\WINDOWS\System32\Tasks\{7CCBAD76-A320-423C-9624-84B2594BADEA}
2016-02-28 16:28 - 2009-12-16 09:55 - 00002522 _____ C:\WINDOWS\System32\Tasks\{3F61827E-3E30-434E-9A5A-92E564B67977}
2016-02-28 16:28 - 2009-11-14 19:31 - 00002480 _____ C:\WINDOWS\System32\Tasks\{C190FB0B-DB3E-44F6-8649-56A5963C2B38}
2016-02-28 16:28 - 2009-10-14 14:57 - 00002146 _____ C:\WINDOWS\System32\Tasks\{8170DE13-857B-40D9-B95C-BA357B417F82}
2016-02-28 16:28 - 2009-10-14 08:58 - 00002240 _____ C:\WINDOWS\System32\Tasks\{E4E3C965-15E4-400A-9471-BD27BAD08D16}
2016-02-28 16:28 - 2009-08-11 16:11 - 00002522 _____ C:\WINDOWS\System32\Tasks\{B7061DD3-B48C-4EE0-B64A-45275BD38679}
2016-02-28 16:28 - 2009-07-05 11:31 - 00003436 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-28 16:28 - 2009-07-05 11:31 - 00003212 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-28 16:28 - 2009-06-16 16:25 - 00002512 _____ C:\WINDOWS\System32\Tasks\{2328726C-00B8-4AFB-95D9-B373F6BF2592}
2016-02-28 16:28 - 2009-06-12 09:46 - 00002476 _____ C:\WINDOWS\System32\Tasks\{ACA24D27-A509-4B6E-B4C8-F924B0E020CB}
2016-02-28 16:28 - 2009-06-02 15:43 - 00002322 _____ C:\WINDOWS\System32\Tasks\{4C40EB50-C540-4449-96F7-A1C0985134E2}
2016-02-28 16:28 - 2009-06-01 13:06 - 00002466 _____ C:\WINDOWS\System32\Tasks\{8E8C7A9B-28C2-469C-B99E-9D13992D3CE5}
2016-02-28 16:28 - 2009-06-01 11:58 - 00002260 _____ C:\WINDOWS\System32\Tasks\{722A8DCD-4F9A-436C-A38D-C60A7E21E715}
2016-02-28 16:28 - 2009-05-31 07:30 - 00002462 _____ C:\WINDOWS\System32\Tasks\{9AA7D089-7A1E-499B-8908-1554FB42BD78}
2016-02-28 16:28 - 2009-05-31 06:42 - 00002224 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_rundll32_exe
2016-02-28 16:28 - 2009-05-31 06:32 - 00002182 _____ C:\WINDOWS\System32\Tasks\{2D76B571-87D1-4189-8950-4A0DB9E8AE83}
2016-02-28 16:26 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-02-28 16:14 - 2015-10-30 02:28 - 00000000 ____D C:\Users\Default.migrated
2016-02-28 16:10 - 2015-10-30 05:02 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2016-02-28 16:10 - 2015-10-30 05:02 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2016-02-28 16:10 - 2015-10-30 05:02 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2016-02-28 16:10 - 2015-10-30 03:24 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2016-02-28 16:10 - 2015-10-30 03:24 - 00000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2016-02-28 16:10 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\Web
2016-02-28 16:10 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI
2016-02-28 16:10 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2016-02-28 16:10 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2016-02-28 16:10 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2016-02-28 16:10 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2016-02-28 16:10 - 2015-10-07 16:00 - 00000000 ____D C:\WINDOWS\SysWOW64\5.1.1857
2016-02-28 16:10 - 2015-07-13 13:21 - 00000000 ____D C:\WINDOWS\SysWOW64\4.9.1762
2016-02-28 16:10 - 2015-06-18 15:19 - 00000000 ____D C:\WINDOWS\SysWOW64\4.8.1689
2016-02-28 16:10 - 2015-06-17 15:49 - 00000000 ____D C:\WINDOWS\SysWOW64\4.7.1574
2016-02-28 16:10 - 2015-03-24 14:40 - 00000000 ____D C:\WINDOWS\SysWOW64\LiveUpdate
2016-02-28 16:10 - 2012-05-08 14:00 - 00000000 __SHD C:\WINDOWS\SysWOW64\%APPDATA%
2016-02-28 16:10 - 2012-03-08 12:13 - 00000000 ____D C:\WINDOWS\SysWOW64\Samsung_USB_Drivers
2016-02-28 16:10 - 2010-10-05 14:48 - 00000000 ____D C:\WINDOWS\SysWOW64\PhotoImpression Slideshow
2016-02-28 16:10 - 2009-05-31 07:19 - 00000000 ____D C:\WINDOWS\SysWOW64\Futuremark
2016-02-28 16:09 - 2015-10-30 05:07 - 00000000 ____D C:\WINDOWS\ShellNew
2016-02-28 16:09 - 2015-10-30 05:02 - 00000000 ____D C:\WINDOWS\system32\WCN
2016-02-28 16:09 - 2015-10-30 05:02 - 00000000 ____D C:\WINDOWS\system32\slmgr
2016-02-28 16:09 - 2015-10-30 03:24 - 00000000 ___SD C:\WINDOWS\system32\Configuration
2016-02-28 16:09 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\spool
2016-02-28 16:09 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-02-28 16:09 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-02-28 16:09 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\MUI
2016-02-28 16:09 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2016-02-28 16:09 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\IME
2016-02-28 16:09 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\schemas
2016-02-28 16:09 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\Resources
2016-02-28 16:09 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-02-28 16:09 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\ModemLogs
2016-02-28 16:09 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-02-28 16:09 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\InputMethod
2016-02-28 16:09 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2016-02-28 16:09 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2016-02-28 16:09 - 2012-05-08 15:15 - 00000000 __SHD C:\WINDOWS\system32\%APPDATA%
2016-02-28 16:09 - 2011-02-22 15:58 - 00000000 ____D C:\WINDOWS\system32\SPReview
2016-02-28 16:09 - 2011-02-22 15:57 - 00000000 ____D C:\WINDOWS\system32\EventProviders
2016-02-28 16:09 - 2009-06-09 19:36 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2016-02-28 16:09 - 2009-05-26 15:51 - 00000000 ___HD C:\WINDOWS\system32\CanonIJ Uninstaller Information
2016-02-28 16:08 - 2016-02-05 11:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NAPS2
2016-02-28 16:08 - 2015-12-20 22:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-02-28 16:08 - 2015-12-19 18:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitvise SSH Client
2016-02-28 16:08 - 2015-12-18 10:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK
2016-02-28 16:08 - 2015-11-12 20:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2016-02-28 16:08 - 2015-11-12 18:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2016-02-28 16:08 - 2015-11-12 17:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2016-02-28 16:08 - 2015-11-12 01:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2016-02-28 16:08 - 2015-10-30 05:02 - 00000000 ____D C:\WINDOWS\DigitalLocker
2016-02-28 16:08 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\Help
2016-02-28 16:08 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\Cursors
2016-02-28 16:08 - 2015-10-30 03:24 - 00000000 ____D C:\ProgramData\USOPrivate
2016-02-28 16:08 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-02-28 16:08 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Common Files\System
2016-02-28 16:08 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-02-28 16:08 - 2015-08-14 23:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Utilities 16
2016-02-28 16:08 - 2015-08-12 09:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI® Intel® Extreme Tuning Utility
2016-02-28 16:08 - 2015-08-09 17:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xiph.Org
2016-02-28 16:08 - 2015-07-30 22:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-02-28 16:08 - 2015-06-02 20:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\dBpoweramp
2016-02-28 16:08 - 2015-06-01 17:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-02-28 16:08 - 2015-05-07 07:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
2016-02-28 16:08 - 2015-04-04 23:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® Processor Identification Utility
2016-02-28 16:08 - 2015-03-01 00:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake
2016-02-28 16:08 - 2015-01-15 14:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-28 16:08 - 2014-10-16 17:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-02-28 16:08 - 2014-08-18 15:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Documents To Go Desktop for BlackBerry
2016-02-28 16:08 - 2014-08-02 21:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2016-02-28 16:08 - 2014-05-29 13:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JMicron Technology Corp
2016-02-28 16:08 - 2014-05-15 11:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
2016-02-28 16:08 - 2014-05-07 16:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2016-02-28 16:08 - 2014-04-27 15:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMLite Workstation
2016-02-28 16:08 - 2014-04-13 09:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
2016-02-28 16:08 - 2013-12-10 18:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2016-02-28 16:08 - 2013-12-02 15:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2016-02-28 16:08 - 2013-11-07 20:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Learn to Play Bridge
2016-02-28 16:08 - 2013-09-29 23:55 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-02-28 16:08 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\ADFS
2016-02-28 16:08 - 2013-06-19 14:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhoneTray Pro
2016-02-28 16:08 - 2013-05-23 21:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2012
2016-02-28 16:08 - 2013-02-20 18:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Okidata
2016-02-28 16:08 - 2013-02-20 18:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-Link Network Print Server
2016-02-28 16:08 - 2013-02-03 22:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
2016-02-28 16:08 - 2012-11-29 13:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeoSmart Technologies
2016-02-28 16:08 - 2012-11-26 00:08 - 00000000 ____D C:\Program Files\Microsoft Games
2016-02-28 16:08 - 2012-11-19 20:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\8GadgetPack
2016-02-28 16:08 - 2012-05-08 15:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-02-28 16:08 - 2012-02-16 00:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\smartmontools
2016-02-28 16:08 - 2012-02-15 21:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2016-02-28 16:08 - 2011-11-15 10:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOL
2016-02-28 16:08 - 2011-10-14 12:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
2016-02-28 16:08 - 2011-05-22 23:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SolidWorks 2011
2016-02-28 16:08 - 2011-04-13 17:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime Alternative
2016-02-28 16:08 - 2011-03-01 15:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vista Caller-ID
2016-02-28 16:08 - 2011-02-22 23:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Nvidia Demos
2016-02-28 16:08 - 2010-12-08 22:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
2016-02-28 16:08 - 2010-10-19 22:42 - 00000000 ____D C:\WINDOWS\en
2016-02-28 16:08 - 2010-10-04 15:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP4200 Manual
2016-02-28 16:08 - 2010-10-04 14:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2016-02-28 16:08 - 2010-09-29 14:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jodix
2016-02-28 16:08 - 2010-09-14 16:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Meeting 2007
2016-02-28 16:08 - 2010-09-07 10:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shark007 Codecs
2016-02-28 16:08 - 2010-05-26 05:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
2016-02-28 16:08 - 2010-05-13 12:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Audio Pack
2016-02-28 16:08 - 2010-01-16 09:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-02-28 16:08 - 2010-01-06 21:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Longman iBT Prep 2.0
2016-02-28 16:08 - 2009-11-14 19:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.73
2016-02-28 16:08 - 2009-10-26 18:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Karen's Power Tools
2016-02-28 16:08 - 2009-10-26 16:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView
2016-02-28 16:08 - 2009-10-14 14:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Presto! PageManager 6
2016-02-28 16:08 - 2009-08-20 22:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\APC
2016-02-28 16:08 - 2009-06-01 15:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-02-28 16:08 - 2009-06-01 11:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visioneer Pro OCR 100
2016-02-28 16:08 - 2009-06-01 07:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Futuremark
2016-02-28 16:08 - 2009-05-31 06:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetWaiting
2016-02-28 16:08 - 2009-05-31 06:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FaxTalk Communicator SE 4.7
2016-02-28 16:08 - 2009-05-30 20:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8
2016-02-28 16:08 - 2009-05-27 15:19 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2016-02-28 16:08 - 2009-05-26 15:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP4200
2016-02-28 16:07 - 2009-04-22 03:16 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-02-28 16:06 - 2016-02-04 12:11 - 00000000 ____D C:\Users\Bill Pierce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2016-02-28 16:06 - 2015-12-07 23:33 - 00000000 ____D C:\Users\Bill Pierce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Holy Spirit, Southsea
2016-02-28 16:06 - 2015-10-02 23:15 - 00000000 ____D C:\Users\Bill Pierce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2007
2016-02-28 16:06 - 2015-08-28 00:08 - 00000000 ____D C:\Users\Bill Pierce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AIM for Windows
2016-02-28 16:06 - 2015-08-01 09:42 - 00000000 ____D C:\Users\Bill Pierce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kodi
2016-02-28 16:06 - 2015-01-08 15:57 - 00000000 ____D C:\Users\Bill Pierce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TomTomHeaven
2016-02-28 16:06 - 2014-09-25 19:22 - 00000000 ____D C:\Users\Bill Pierce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2016-02-28 16:06 - 2012-11-26 00:08 - 00000000 ____D C:\Users\Bill Pierce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-02-28 16:06 - 2012-11-26 00:08 - 00000000 ____D C:\Users\Bill Pierce\AppData\Roaming\Microsoft\Windows\Start Menu\Games
2016-02-28 16:06 - 2012-11-20 17:09 - 00000000 ____D C:\Users\Bill Pierce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VMLite Workstation
2016-02-28 16:06 - 2012-10-11 09:20 - 00000000 ____D C:\Users\Bill Pierce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Balabolka
2016-02-28 16:06 - 2011-12-05 11:14 - 00000000 ____D C:\Users\Bill Pierce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FirstClass
2016-02-28 16:06 - 2011-11-15 16:56 - 00000000 ____D C:\Users\Bill Pierce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CS2Outlook 1.0
2016-02-28 16:06 - 2011-10-01 14:51 - 00000000 ____D C:\Users\Bill Pierce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Network utilities - old
2016-02-28 16:06 - 2010-10-07 17:04 - 00000000 ____D C:\Users\Bill Pierce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2016-02-28 16:06 - 2010-09-17 17:43 - 00000000 ____D C:\Users\Bill Pierce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BootDisk2BootStick
2016-02-28 16:06 - 2009-06-23 18:27 - 00000000 ___RD C:\Users\Bill Pierce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Virtual PC
2016-02-28 16:06 - 2009-06-04 14:52 - 00000000 ____D C:\Users\Bill Pierce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Walmart
2016-02-28 16:06 - 2009-06-04 07:38 - 00000000 ____D C:\Users\Bill Pierce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ProMash
2016-02-28 16:06 - 2009-06-01 12:11 - 00000000 ____D C:\Users\Bill Pierce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016
2016-02-28 16:02 - 2012-09-13 21:39 - 00000000 ____D C:\temp
2016-02-28 15:57 - 2015-10-30 05:14 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2016-02-25 14:30 - 2013-05-27 19:31 - 00000000 ____D C:\Users\Bill Pierce\AppData\Local\NVIDIA
2016-02-25 14:30 - 2010-01-16 22:38 - 00000000 ____D C:\Users\Bill Pierce\AppData\Local\NVIDIA Corporation
2016-02-18 11:06 - 2010-08-14 20:27 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-02-17 17:04 - 2015-07-03 10:17 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-02-17 02:40 - 2016-01-31 23:52 - 00112216 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2016-02-17 02:40 - 2014-08-16 14:39 - 01903344 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2016-02-17 02:40 - 2014-08-16 14:39 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2016-02-17 02:40 - 2014-08-16 14:39 - 01571624 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2016-02-17 02:40 - 2014-08-16 14:39 - 01316184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll

==================== Files in the root of some directories =======

2013-04-18 13:06 - 2013-04-18 13:06 - 0023294 _____ () C:\Users\Bill Pierce\AppData\Roaming\Comma Separated Values (DOS).ADR
2014-10-11 17:16 - 2014-10-11 17:16 - 0024769 _____ () C:\Users\Bill Pierce\AppData\Roaming\Comma Separated Values (Windows).ADR
2013-06-03 19:05 - 2013-06-20 23:33 - 0007444 _____ () C:\Users\Bill Pierce\AppData\Roaming\Comma Separated Values (Windows).EML
2009-05-31 22:38 - 2009-06-04 16:02 - 0000042 _____ () C:\Users\Bill Pierce\AppData\Roaming\default.pls
2013-04-16 22:43 - 2016-03-13 00:51 - 0037319 _____ () C:\Users\Bill Pierce\AppData\Roaming\Rim.Desktop.Exception.log
2013-04-16 22:42 - 2016-03-11 09:09 - 0017168 _____ () C:\Users\Bill Pierce\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2013-04-16 22:43 - 2016-03-13 00:51 - 0031570 _____ () C:\Users\Bill Pierce\AppData\Roaming\Rim.DesktopHelper.Exception.log
2013-05-31 19:08 - 2016-03-13 00:51 - 0026334 _____ () C:\Users\Bill Pierce\AppData\Roaming\Rim.Transcoder.Exception.log
2012-04-20 21:30 - 2012-05-10 10:18 - 0000156 _____ () C:\Users\Bill Pierce\AppData\Roaming\Safer-Networking.log
2009-12-20 23:43 - 2009-12-20 23:43 - 0000008 _____ () C:\Users\Bill Pierce\AppData\Roaming\usb.dat.bin
2012-07-28 22:54 - 2016-03-04 09:08 - 0013312 _____ () C:\Users\Bill Pierce\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-10 11:35 - 2013-10-10 11:35 - 0000218 _____ () C:\Users\Bill Pierce\AppData\Local\recently-used.xbel
2011-09-10 22:45 - 2016-02-11 17:44 - 0007607 _____ () C:\Users\Bill Pierce\AppData\Local\resmon.resmoncfg
2015-06-15 13:20 - 2015-06-15 13:20 - 0019535 _____ () C:\ProgramData\empty.ico

Some files in TEMP:
====================
C:\Users\Bill Pierce\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-03-11 09:30

==================== End of FRST.txt ============================

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 Oh My!

Adware and Spyware and Malware.....

Malware Response Instructor
36,790 posts
OFFLINE

Gender:Male
Location:California
Local time:10:02 AM

Posted 13 March 2016 - 06:55 PM

Greetings Bill Pierce and :welcome:

to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:

First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
When you post your reply, use the button instead.
In the upper right hand corner of the topic you will see the button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
I would like to remind you to make no further changes to your computer unless I direct you to do so.

===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Can you tell me if you uninstalled and reinstalled Norton March 2nd or 3rd. Was that because you were having issues but it didn't solve the problem?

Is there an Addition.txt file on your Desktop? If so please copy and paste the information in your reply. If not, please run a FRST scan after completing the below steps, and make sure you place a check mark in Addition.txt.

Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.

Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Uninstalling a Program using Add/Remove Program

--------------------

I recommend the uninstalling of the below listed program(s). If you desire to keep the program I would ask that you reinstall it following our efforts here.

Press windows key + r on your keyboard at the same time
Type appwiz.cpl and press Enter
A list of installed programs will be displayed
Uninstall the following by clicking on the program(s) below (and any other similar names) and selecting Remove or Uninstall

Spybot - Search & Destroy
Ad-Aware

Reboot your computer

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------

Press the Windows key + r on your keyboard at the same time. Type in notepad and press Enter
Click Format and check Word Wrap
Please copy and paste the contents of the below code box into the open notepad and save it to your Desktop as fixlist.txt. If FRST.exe is not on your Deskptop please move it to that location. (<<<Important)

CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [NPSStartup] => [X]
Winlogon\Notify\PCANotify-x32: PCANotify.dll [X]
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
HKU\S-1-5-21-2422629387-1192540806-1023300286-1001\...\MountPoints2: {108509b9-de63-11e5-8297-448a5b5da8ba} - "V:\setup.exe"
HKU\S-1-5-21-2422629387-1192540806-1023300286-1001\...\MountPoints2: {bae2eff5-df38-11e5-8297-448a5b5da8ba} - "V:\setup.exe"
ShellIconOverlayIdentifiers-x32: [00HumyoPaired] -> {A203F945-39E9-4286-AFA2-F3ADFCD5FAAA} =>  No File
ShellIconOverlayIdentifiers-x32: [00HumyoPriority] -> {6F1BB626-1107-4b82-B322-54C5E64461B8} =>  No File
ShellIconOverlayIdentifiers-x32: [00HumyoProblem] -> {7479C9AF-DA81-4944-92E5-23E49390BB2B} =>  No File
ShellIconOverlayIdentifiers-x32: [00HumyoSynced] -> {7479C9AF-DA81-4944-92E5-23E49390BB2A} =>  No File
ShellIconOverlayIdentifiers-x32: [00HumyoSyncing] -> {7479C9AF-DA81-4944-92E5-23E49390BB29} =>  No File
ShellIconOverlayIdentifiers-x32: [00HumyoUnavailable] -> {66669544-5639-4922-99C8-CE7A86651364} =>  No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKU\S-1-5-21-2422629387-1192540806-1023300286-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
FF Extension: No Name - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha5\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta714\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha569\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1535\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha975\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha8533\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home589\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode2937\ff [not found]
CHR HKLM-x32\...\Chrome\Extension: [ahmcccagmbagkpbdgpammblejlmiempb] - <no Path/update_url>
U3 idsvc; no ImagePath
2016-02-28 16:29 - 2012-11-26 23:52 - 00002230 _____ C:\WINDOWS\System32\Tasks\{B0244296-106F-4D0B-A9DC-1BDF2A003F1A}
2016-02-28 16:29 - 2012-03-07 23:56 - 00002306 _____ C:\WINDOWS\System32\Tasks\{92A20A3C-BB16-48F7-87B1-8C3AD640E668}
2016-02-28 16:29 - 2012-02-26 18:59 - 00002474 _____ C:\WINDOWS\System32\Tasks\{F9A6D05F-0CA8-4A70-A6C5-CEF5DCCC0517}
2016-02-28 16:29 - 2009-06-01 07:46 - 00002500 _____ C:\WINDOWS\System32\Tasks\{5161C6E5-8716-470C-A7BA-A53536A77D00}
2016-02-28 16:29 - 2009-05-31 07:28 - 00002474 _____ C:\WINDOWS\System32\Tasks\{11BD38B9-952A-4A3D-82E7-02177D8C6368}
2016-02-28 16:28 - 2013-10-01 18:47 - 00002284 _____ C:\WINDOWS\System32\Tasks\{85D6C398-880E-46AA-8865-29AE6A9AAB12}
2016-02-28 16:28 - 2013-06-28 15:38 - 00002496 _____ C:\WINDOWS\System32\Tasks\{EC2449BD-1D10-44A2-BF0E-E6CA3F2E20D5}
2016-02-28 16:28 - 2012-11-26 23:52 - 00002230 _____ C:\WINDOWS\System32\Tasks\{99E02DFE-AB3C-433C-9A21-C5478CC9EA1B}
2016-02-28 16:28 - 2012-11-26 23:51 - 00002290 _____ C:\WINDOWS\System32\Tasks\{673FCEC9-C906-419C-A7FE-F917C5A54391}
2016-02-28 16:28 - 2012-11-26 23:49 - 00002230 _____ C:\WINDOWS\System32\Tasks\{A37C957F-2DA0-4674-93AC-042AC1011B5C}
2016-02-28 16:28 - 2012-11-26 23:49 - 00002230 _____ C:\WINDOWS\System32\Tasks\{2076E5D0-40B1-47E9-9BF0-92D993376E48}
2016-02-28 16:28 - 2012-04-10 20:24 - 00002290 _____ C:\WINDOWS\System32\Tasks\{8B819B5F-817A-43A4-BEE5-F32E5DDB3E1F}
2016-02-28 16:28 - 2012-03-08 11:39 - 00002444 _____ C:\WINDOWS\System32\Tasks\{925F4877-50AA-4C16-BB11-8FDEB1BC13D5}
2016-02-28 16:28 - 2012-03-08 00:15 - 00002454 _____ C:\WINDOWS\System32\Tasks\{06C4C5B1-E542-4491-9095-DA347EBE0E63}
2016-02-28 16:28 - 2012-03-08 00:14 - 00002306 _____ C:\WINDOWS\System32\Tasks\{B96F3914-91FB-45F5-80DA-CAD3B29B7B9A}
2016-02-28 16:28 - 2012-03-07 23:58 - 00002368 _____ C:\WINDOWS\System32\Tasks\{6BBC2489-F6BA-49F1-8589-9FE43DBE816F}
2016-02-28 16:28 - 2011-05-02 14:38 - 00002446 _____ C:\WINDOWS\System32\Tasks\{55C5439E-22A8-43EE-98ED-608E90607E83}
2016-02-28 16:28 - 2011-04-13 17:51 - 00002282 _____ C:\WINDOWS\System32\Tasks\{CD9CC6C6-EECB-4B53-B03B-A88A9FE4D5C4}
2016-02-28 16:28 - 2011-04-13 14:58 - 00002284 _____ C:\WINDOWS\System32\Tasks\{AD25BAE5-5BF3-44F2-93F9-DD14EA5BA378}
2016-02-28 16:28 - 2011-04-01 15:47 - 00002460 _____ C:\WINDOWS\System32\Tasks\{52705735-45C3-465C-A9E9-838A335E36D5}
2016-02-28 16:28 - 2010-12-26 21:21 - 00002388 _____ C:\WINDOWS\System32\Tasks\{2C222F8B-8655-4596-BC43-9E00CA27605A}
2016-02-28 16:28 - 2010-12-26 21:16 - 00002328 _____ C:\WINDOWS\System32\Tasks\{9A1A3A8A-9C95-484A-BF10-D5DE70BEEDD0}
2016-02-28 16:28 - 2010-12-26 21:12 - 00002474 _____ C:\WINDOWS\System32\Tasks\{4D435EF2-D173-4941-9489-97612D7FA77E}
2016-02-28 16:28 - 2010-10-04 22:29 - 00002264 _____ C:\WINDOWS\System32\Tasks\{1522B97A-7AFB-4E52-BC3E-B2D53B1A058B}
2016-02-28 16:28 - 2010-10-04 21:01 - 00002324 _____ C:\WINDOWS\System32\Tasks\{3E99A261-2581-48C4-A590-F43E9B5E2E19}
2016-02-28 16:28 - 2010-10-04 15:54 - 00002326 _____ C:\WINDOWS\System32\Tasks\{559FBC8A-2500-4990-A579-D11EBDAFA1D6}
2016-02-28 16:28 - 2010-08-03 22:28 - 00002486 _____ C:\WINDOWS\System32\Tasks\{B8F41E86-FA35-4B20-8641-AD0113A7B6ED}
2016-02-28 16:28 - 2010-06-08 13:23 - 00002282 _____ C:\WINDOWS\System32\Tasks\{5064A034-C19B-470A-BF97-52F41E3EF2CD}
2016-02-28 16:28 - 2010-06-08 08:55 - 00002350 _____ C:\WINDOWS\System32\Tasks\{6357106F-E86E-4551-888E-D296629E7AD9}
2016-02-28 16:28 - 2010-06-01 08:50 - 00002336 _____ C:\WINDOWS\System32\Tasks\{F51332D8-0A84-4473-B9DA-294F0E951D8D}
2016-02-28 16:28 - 2010-06-01 08:10 - 00002310 _____ C:\WINDOWS\System32\Tasks\{1D0115F3-7EB5-4628-87F5-0FB1E32A8124}
2016-02-28 16:28 - 2010-04-20 08:36 - 00002376 _____ C:\WINDOWS\System32\Tasks\{601A886E-ED48-47AC-A953-0EE44CEFE50F}
2016-02-28 16:28 - 2010-03-13 11:33 - 00002380 _____ C:\WINDOWS\System32\Tasks\{22A0722E-C7B8-44D0-85C1-5B583665CFA3}
2016-02-28 16:28 - 2010-03-13 11:19 - 00002346 _____ C:\WINDOWS\System32\Tasks\{90D5C0A6-FCED-4E73-955A-83053C6860F5}
2016-02-28 16:28 - 2010-03-09 14:06 - 00002522 _____ C:\WINDOWS\System32\Tasks\{F6B21D2B-64F6-4C32-9274-CF99C90CF777}
2016-02-28 16:28 - 2010-03-09 12:15 - 00002522 _____ C:\WINDOWS\System32\Tasks\{DBAEC886-D4B6-4EE9-8173-208B808B650B}
2016-02-28 16:28 - 2010-02-19 16:09 - 00002500 _____ C:\WINDOWS\System32\Tasks\{B6819DEC-8F43-4204-8D2D-4004204CD20F}
2016-02-28 16:28 - 2010-01-13 13:43 - 00002434 _____ C:\WINDOWS\System32\Tasks\{7CCBAD76-A320-423C-9624-84B2594BADEA}
2016-02-28 16:28 - 2009-12-16 09:55 - 00002522 _____ C:\WINDOWS\System32\Tasks\{3F61827E-3E30-434E-9A5A-92E564B67977}
2016-02-28 16:28 - 2009-11-14 19:31 - 00002480 _____ C:\WINDOWS\System32\Tasks\{C190FB0B-DB3E-44F6-8649-56A5963C2B38}
2016-02-28 16:28 - 2009-10-14 14:57 - 00002146 _____ C:\WINDOWS\System32\Tasks\{8170DE13-857B-40D9-B95C-BA357B417F82}
2016-02-28 16:28 - 2009-10-14 08:58 - 00002240 _____ C:\WINDOWS\System32\Tasks\{E4E3C965-15E4-400A-9471-BD27BAD08D16}
2016-02-28 16:28 - 2009-08-11 16:11 - 00002522 _____ C:\WINDOWS\System32\Tasks\{B7061DD3-B48C-4EE0-B64A-45275BD38679}
2016-02-28 16:28 - 2009-06-16 16:25 - 00002512 _____ C:\WINDOWS\System32\Tasks\{2328726C-00B8-4AFB-95D9-B373F6BF2592}
2016-02-28 16:28 - 2009-06-12 09:46 - 00002476 _____ C:\WINDOWS\System32\Tasks\{ACA24D27-A509-4B6E-B4C8-F924B0E020CB}
2016-02-28 16:28 - 2009-06-02 15:43 - 00002322 _____ C:\WINDOWS\System32\Tasks\{4C40EB50-C540-4449-96F7-A1C0985134E2}
2016-02-28 16:28 - 2009-06-01 13:06 - 00002466 _____ C:\WINDOWS\System32\Tasks\{8E8C7A9B-28C2-469C-B99E-9D13992D3CE5}
2016-02-28 16:28 - 2009-06-01 11:58 - 00002260 _____ C:\WINDOWS\System32\Tasks\{722A8DCD-4F9A-436C-A38D-C60A7E21E715}
2016-02-28 16:28 - 2009-05-31 07:30 - 00002462 _____ C:\WINDOWS\System32\Tasks\{9AA7D089-7A1E-499B-8908-1554FB42BD78}
2016-02-28 16:28 - 2009-05-31 06:32 - 00002182 _____ C:\WINDOWS\System32\Tasks\{2D76B571-87D1-4189-8950-4A0DB9E8AE83}
2016-03-01 11:01 - 2016-03-02 17:23 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Remove and Reinstall

Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

===================================================

Exporting User Profiles Using Farbar's MiniRegTool

--------------------

Please download MiniRegTool.zip (for 32 bit systems) or MiniRegTool64.zip (for 64 bit systems) and save it to your desktop
Unzip the folder and double click the icon
Copy and paste the following into the white box:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

Check the Export keys radio button.
Press the Go button and post the result.

===================================================

Uploading Minidump Files

--------------------

Press the Windows Key + E at the same time then navigate to the following location:

C:\WINDOWS\Minidump

If they exist, upload the last 3 most recently dated files here
Notify me on the post when the files have been successfully uploaded

===================================================

System Summary Information

--------------------

Press the windows key + r on your keyboard at the same time
Type msinfo32 and press Enter
Left click on System Summary
Click File, Save, and name the file Summary
Zip and attach the file to your reply

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:

Reply to question
Fixlog
Registry Key export
Uploaded Minidump files
System Summary Information
Addition.txt
Update on computer behavior

Gary

If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Bill Pierce

Topic Starter

Members
46 posts
OFFLINE

Gender:Male
Location:Burlington, Ontario
Local time:01:02 PM

Posted 14 March 2016 - 01:13 PM

Thank you for your reply.

Let's see if I can answer your questions and respond to your requests in the correct order.

Yes, I ran Norton's Remove and Reinstall utility, which is Norton's first suggestion for problems without a clear solution. Unfortunately, the problem continued.

Apparently I failed to properly attach Addition,txt to my original post. It is pasted later in this post.

At one time I had uTorrent installed on this computer, but I uninstalled it. It is no longer listed in the installed programs in the Control Panel.

In the past I may have had Ad-Aware and Spybot Search and Destroy installed, but if so, I uninstalled them. They are listed in the installed programs in the Control Panel.

I ran FRST with the contents of Fixlist.txt. The resulting Fixlog.txt is pasted later in this post.

Unfortunately, it seems I ran MinRegTool twice with the specified Registry key. The resulting Result.txt file is now empty. Please advise as to how to correct this problem.

I have uploaded the last three Minidump files and marked them to your attention.

The requested System Info is zipped and attached to this post.

Please let me know what additional information I can provide.

(Requested pasted files follow)

--------------------------------------------------------------------------------------------------------

(Addition.txt)

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01

Ran by Bill Pierce (2016-03-13 16:33:44)

Running from C:\Users\Bill Pierce\Desktop

Windows 10 Pro Version 1511 (X64) (2016-02-28 20:34:39)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2422629387-1192540806-1023300286-500 - Administrator - Disabled)

ASPNET (S-1-5-21-2422629387-1192540806-1023300286-1035 - Limited - Enabled)

Bill Pierce (S-1-5-21-2422629387-1192540806-1023300286-1001 - Administrator - Enabled) => C:\Users\Bill Pierce

DefaultAccount (S-1-5-21-2422629387-1192540806-1023300286-503 - Limited - Disabled)

Guest (S-1-5-21-2422629387-1192540806-1023300286-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-2422629387-1192540806-1023300286-1041 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Norton Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}

FW: Norton Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3DMark Vantage (HKLM-x32\...\{C40C3C3D-97CF-44B5-836C-766E374464B3}) (Version: 1.0.3.1 - Futuremark Corporation)

7-Zip 4.65 (HKLM-x32\...\7-Zip) (Version: - )

8GadgetPack (HKLM-x32\...\{83565935-4B7E-4F35-9A78-427316C80C98}) (Version: 4.1.0 - Helmut Buhler)

Abacast Distributed Live (HKU\S-1-5-21-2422629387-1192540806-1023300286-1001\...\Abacast Distributed Live) (Version: 2.3b1 - Abacast, Inc.)

Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)

Acrobat.com (x32 Version: 2.0.0 - Adobe Systems Incorporated) Hidden

Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{0F347A49-E36C-4639-8D2E-003AD408B8B2}) (Version: 1.5 - Eyeo GmbH)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.0.19480 - Adobe Systems Incorporated)

Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0.1 - Adobe Systems Incorporated)

Adrianne demo by NVIDIA (remove only) (HKLM-x32\...\Adrianne) (Version: - )

AIM for Windows (HKU\S-1-5-21-2422629387-1192540806-1023300286-1001\...\AIM) (Version: - AOL Inc.)

Akamai NetSession Interface (HKU\S-1-5-21-2422629387-1192540806-1023300286-1001\...\Akamai) (Version: - Akamai Technologies, Inc)

ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden

AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version: - AOL Inc.)

APC PowerChute Personal Edition v2.2 (HKLM-x32\...\{E2486DE6-CC2E-48C0-AD20-C2C142FA1636}) (Version: 2.2 - American Power Conversion)

Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)

ArcSoft PhotoImpression 6 (HKLM-x32\...\{68F433C5-20ED-4B9B-ADFA-A798349EEE79}) (Version: - ArcSoft)

Balabolka (HKLM-x32\...\Balabolka) (Version: 2.05 - Ilya Morozov)

Bing Bar (HKLM-x32\...\{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}) (Version: 7.0.609.0 - Microsoft Corporation)

Bing Maps 3D (HKLM\...\{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}) (Version: 4.0.903.16005 - Microsoft Corporation)

Bitvise SSH Client - FlowSshNet (x64) (HKLM\...\{3506D54C-E80F-41CE-B95A-91AE1C4DD486}) (Version: 5.37.0.0 - Bitvise Limited)

Bitvise SSH Client - FlowSshNet (x86) (HKLM-x32\...\{4B58203F-1E1E-494B-8265-B0030F9D641C}) (Version: 5.37.0.0 - Bitvise Limited)

Bitvise SSH Client 6.45 (remove only) (HKLM-x32\...\BvSshClient) (Version: 6.45 - Bitvise Limited)

BlackBerry App World Browser Plugin (HKLM-x32\...\{D87591F9-DAA0-4D75-914E-D6542570E9F8}) (Version: 4.3.2.6 - Research In Motion Limited)

BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)

BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research In Motion Ltd.) Hidden

BlackBerry Device Software Updater (HKLM-x32\...\{E31C1E19-81D2-40C0-BE40-30A2A54E9C27}) (Version: 8.0.0.50 - Research In Motion Ltd)

BlackBerry Link (HKLM-x32\...\BlackBerry_10_Desktop) (Version: 1.2.2.13 - BlackBerry Ltd.)

BlackBerry Link (x32 Version: 1.2.2.13 - BlackBerry Ltd.) Hidden

BlackBerry USB and Modem Drivers 7.0 (HKLM-x32\...\BlackBerry_HandheldManager) (Version: 7.0.0.43 - Research In Motion Ltd.)

BlackBerry USB and Modem Drivers 7.0 (x32 Version: 7.0.0.43 - Research In Motion Ltd.) Hidden

Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)

BootDisk2BootStick 0.10 (HKLM-x32\...\BootDisk2BootStick) (Version: 0.10 - Meine Firma)

Bullzip PDF Printer 9.8.0.1599 (HKLM\...\Bullzip PDF Printer_is1) (Version: 9.8.0.1599 - Bullzip)

Business Contact Manager for Outlook 2007 SP2 (HKLM-x32\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)

Business Contact Manager for Outlook 2007 SP2 (x32 Version: 3.0.8619.1 - Microsoft Corporation) Hidden

Calendar Printing Assistant for Microsoft Office Outlook 2007 (HKLM-x32\...\{90120000-00A7-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

calibre 64bit (HKLM\...\{B1A4D7FA-D994-4304-8A31-D68ECF2B813D}) (Version: 2.47.0 - Kovid Goyal)

Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )

Canon iP4200 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4200) (Version: - )

Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )

Canon Setup Utility 2.0 (HKLM-x32\...\Canon Setup Utility 2.0) (Version: - )

CodeTwo FolderSync Addin (HKLM-x32\...\{55B10EA4-B9B4-4BFE-83F2-6D5478D3B04E}) (Version: 1.4.1.3 - CodeTwo)

Convert (HKLM-x32\...\{23970E31-948B-466E-8376-1224D32FDF0C}) (Version: 4.10 - Joshua F. Madison)

CS2Outlook 1.0 (HKLM-x32\...\CS2Outlook 1.0) (Version: - )

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

dBpoweramp (HKLM-x32\...\dBpoweramp) (Version: Release 15.3 - Illustrate)

dBpoweramp DSP Effects (HKLM-x32\...\dBpoweramp DSP Effects) (Version: Release 11 - Illustrate)

dBpoweramp Ogg Vorbis Codec (HKLM-x32\...\dBpoweramp Ogg Vorbis Codec) (Version: Release 20 (Vorbis v1.3.1) - Illustrate)

Documents To Go Desktop for BlackBerry (HKLM-x32\...\DTGDesktop-BB) (Version: 2.0000.055 - DataViz, Inc.)

DoNotTrackMe Add-on 5.5.1930 (HKLM-x32\...\DoNotTrackMe Add-on_is1) (Version: 5.5.1930 - Abine Inc)

Dropbox (HKLM-x32\...\Dropbox) (Version: 3.14.7 - Dropbox, Inc.)

Dropbox Update Helper (x32 Version: 1.3.27.33 - Dropbox, Inc.) Hidden

EasyBCD 2.2 (HKLM-x32\...\EasyBCD) (Version: 2.2 - NeoSmart Technologies)

Elevated Installer (x32 Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden

ePreserver (HKLM-x32\...\{C5410280-2298-46B4-936C-165A31F64C89}) (Version: 11.0.418.0 - Connected Software)

FaxTalk Communicator SE 4.7 (HKLM-x32\...\{4477B161-C8F1-42D3-85B0-2037760CA86C}) (Version: 4.70.1008 - Thought Communications)

Feedback Tool (HKLM-x32\...\{13A5E785-5197-4EAD-8EE3-D660271E49BC}) (Version: 1.2.0 - Microsoft Corporation)

Free Mp3 Wma Converter V 1.9 (HKLM-x32\...\Free Mp3 Wma Converter_is1) (Version: 1.9.0.0 - Koyote Soft)

Free WMA to MP3 Converter 1.16 (HKLM-x32\...\Free WMA to MP3 Converter_is1) (Version: - Jodix Technologies Ltd.)

Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 3.21.2.1 - Futuremark Corporation)

Gaming Lan Manager (HKLM-x32\...\{3318282C-D4D6-4B29-BBD5-95FC34B54FF0}_is1) (Version: 1.0.0.02 - Micro-Star INT'L CO.,LTD.)

Garmin City Navigator North America NT 2015.10 (HKLM-x32\...\{FCDB42FC-A70B-4041-877F-D73E16DE4345}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)

Garmin City Navigator North America NT 2016.20 (HKLM-x32\...\{79A8C65B-0289-45A2-9A8D-6AAE0B64A374}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)

Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)

Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)

Garmin Express (HKLM-x32\...\{0733d53f-b41d-47cc-b336-d95751c4b2cb}) (Version: 4.1.16.0 - Garmin Ltd or its subsidiaries)

Garmin Express (x32 Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden

Garmin Express Tray (x32 Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden

Garmin POI Loader (HKLM-x32\...\{3213ED5E-7BBE-4613-BE69-8B1E4FE520DD}) (Version: 2.7.3 - Garmin Ltd or its subsidiaries)

Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)

Google Drive (HKLM-x32\...\{895D0391-459F-4D45-B8DD-13F0DE70C66E}) (Version: 1.28.1549.1322 - Google, Inc.)

Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden

HandBrake 0.10.1 (HKLM-x32\...\HandBrake) (Version: 0.10.1 - )

HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)

ieSpell (HKLM-x32\...\ieSpell) (Version: 2.6.4 (build 573) - Red Egg Software)

InCD Reader (HKLM-x32\...\{A27281BC-98AA-4DC8-AA39-20B9E27B1033}) (Version: 5.9.4 - Nero AG)

Intel Driver Update Utility (HKLM-x32\...\{fe92d390-13ee-4660-a2f8-39a066fdffe0}) (Version: 2.2.0.5 - Intel)

Intel® Chipset Device Software (x32 Version: 10.1.1.9 - Intel® Corporation) Hidden

Intel® Driver Update Utility 2.2.0.5 (x32 Version: 2.2.0.1 - Intel) Hidden

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)

Intel® Processor Identification Utility (HKLM-x32\...\{A92A4DB0-CD37-42D1-BE1D-603D53C24328}) (Version: 1.0.0.0 - Intel Corporation)

Intel® Smart Connect Technology (HKLM\...\{3CC1CC76-AB3A-4360-AB6F-1355D05A2A17}) (Version: 5.0.10.2907 - Intel Corporation)

Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\3FD0C489-0F02-481a-A3E1-9754CD396761) (Version: - Intel Corporation)

IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.41 - Irfan Skiljan)

iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)

Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)

JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.17.59.0 - JMicron Technology Corp.)

join.me (HKU\S-1-5-21-2422629387-1192540806-1023300286-1001\...\JoinMe) (Version: 1.6.0.172 - LogMeIn, Inc.)

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Karen's Time Sync (HKLM-x32\...\Karen's Time Sync) (Version: 2.0.0.2 - Karen Kenworthy)

Kits Configuration Installer (x32 Version: 8.59.25584 - Microsoft) Hidden

K-Lite Codec Pack 10.1.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.1.5 - )

Kodi (HKU\S-1-5-21-2422629387-1192540806-1023300286-1001\...\Kodi) (Version: - XBMC-Foundation)

Learn to Play Bridge (HKLM-x32\...\Learn_to_Play_Bridge) (Version: - )

LeechFTP (HKLM-x32\...\LeechFTP) (Version: - )

Longman iBT Prep 2.0 (HKLM-x32\...\Longman iBT 2.0) (Version: - )

LSI USB 2.0 Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.102 - LSI Corporation)

Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)

Microsoft Games for Windows 8 x64 (HKLM\...\{B6047A78-062F-4C6F-A82D-B94DAF72FB73}) (Version: 1.2 - Microsoft)

Microsoft Math Add-in for Word 2007 (HKLM-x32\...\{47D0C5E6-9FBA-49DB-8F88-BFAA5BA38646}) (Version: 3.5.0 - Microsoft Corporation)

Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)

Microsoft Office 2003 Web Components (HKLM-x32\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)

Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)

Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6568.2036 - Microsoft Corporation)

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)

Microsoft Office Live Meeting 2007 (HKLM-x32\...\{BCC7E198-1D10-4B55-956E-550A196F8056}) (Version: 8.0.6362.190 - Microsoft Corporation)

Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)

Microsoft Office Professional 2007 (HKLM-x32\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Small Business Connectivity Components (HKLM-x32\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)

Microsoft Office Sounds (HKLM-x32\...\{10CE1EA2-12E9-11D3-825E-00C04F6843FE}) (Version: 1.0.0.0 - Microsoft Corp)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Setup (English) (HKLM\...\{8CB0713F-CFE0-445D-BCB2-538465860E1A}) (Version: 11.1.3128.0 - Microsoft Corporation)

Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)

Microsoft Sync Framework 2.0 Core Components (x64) ENU (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)

Microsoft Sync Framework 2.0 Provider Services (x64) ENU (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)

Microsoft Tool Web Package : EXCTRLST.EXE (HKLM-x32\...\{B0650E3D-FDCA-4908-B74B-0CC1731BDB93}) (Version: 1.00.0.1 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

Mp3tag v2.72 (HKLM-x32\...\Mp3tag) (Version: v2.72 - Florian Heidenreich)

MSI Command Center (HKLM-x32\...\{85A2564E-9ED9-448A-91E4-B9211EE58A08}_is1) (Version: 1.0.1.11 - MSI)

MSI Fast Boot (HKLM-x32\...\{0F212E7A-65EB-4668-A8D7-749026A64F8E}_is1) (Version: 1.0.1.8 - MSI)

MSI GamingApp (HKLM-x32\...\{E0229316-E73B-484B-B9E0-45098AB38D8C}}_is1) (Version: 1.0.0.2 - MSI)

MSI Live Update 6 (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.1.012 - MSI)

MSI Smart Utilities (HKLM-x32\...\{009E5DF2-3F97-480B-89DA-F2D5E672E14A}_is1) (Version: 2.0.0.11 - MSI)

MSI Super Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.3.0.02 - MSI)

MSI® Intel® Extreme Tuning Utility (HKLM-x32\...\{482c7431-75e2-4124-a453-6a294cd2c6a4}) (Version: 6.0.2.101 - Intel Corporation)

MSI® Intel® Extreme Tuning Utility (x32 Version: 6.0.2.101 - Intel Corporation) Hidden

MSN Music Assistant (HKLM-x32\...\MSN Music Assistant) (Version: - )

MSVC80_x64 (Version: 1.0.1.0 - Nokia) Hidden

MSVC80_x86 (x32 Version: 1.0.1.0 - Nokia) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MyDriveConnect 4.0.4.2260 (HKLM-x32\...\MyDriveConnect) (Version: 4.0.4.2260 - TomTom)

NAPS2 4.6.1 (HKLM-x32\...\NAPS2 (Not Another PDF Scanner 2)_is1) (Version: - Ben Olden-Cooligan)

Nero 8 Essentials (HKLM-x32\...\{1CA7ACD6-B21B-4240-AA05-4FC55F6E1033}) (Version: 8.3.465 - Nero AG)

NetWaiting (HKLM-x32\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.07.100 - BVRP Software, Inc)

Network Print Monitor for Windows (HKLM-x32\...\Network Print Monitor) (Version: - )

NetworkGenie (HKLM-x32\...\{B416A23D-C2BD-4956-8BAE-5C3BAFF1AC1E}) (Version: 1.0.0.8 - MSI)

Norton Bootable Recovery Tool Wizard (HKLM-x32\...\NBRTWizard) (Version: 3.1.0.11 - Symantec Corporation)

Norton Security (HKLM-x32\...\NS) (Version: 22.6.0.142 - Symantec Corporation)

Norton Utilities 16 (HKLM-x32\...\Norton Utilities 16_is1) (Version: 16.0 - Symantec Corporation)

NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)

NVIDIA 3D Vision Driver 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.92 - NVIDIA Corporation)

NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5896 - NVIDIA Corporation)

NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)

NVIDIA ForceWare Network Access Manager (HKLM-x32\...\InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7316 - NVIDIA Corporation)

NVIDIA GeForce Experience 2.10.2.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.10.2.40 - NVIDIA Corporation)

NVIDIA Graphics Driver 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.92 - NVIDIA Corporation)

NVIDIA MediaShield (HKLM-x32\...\{CC452A50-5C87-4A1F-B295-445C3C69BF7D}) (Version: 11.1.0.43 - NVIDIA Corporation)

NVIDIA nTune (HKLM-x32\...\InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}) (Version: 1.00.0000 - NVIDIA Corporation)

NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)

NVIDIA System Monitor (HKLM-x32\...\InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}) (Version: 6.5 - NVIDIA Corporation)

NVIDIA System Update (HKLM-x32\...\InstallShield_{65A92AAA-3D05-4C94-9F70-731C05E60C16}) (Version: 3.00 - NVIDIA Corporation)

Octoshape add-in for Adobe Flash Player (HKU\S-1-5-21-2422629387-1192540806-1023300286-1001\...\Octoshape add-in for Adobe Flash Player) (Version: - )

Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6528.1017 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Licensing Component (Version: 16.0.6528.1017 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6528.1017 - Microsoft Corporation) Hidden

OKI B410 Printer Menu Setup Tool (HKLM-x32\...\{4F928B83-3D8E-402B-8480-5C5C3BCE8040}) (Version: 1.0.2 - Okidata)

Open PLS in Windows Media Player 2.3.0 (HKLM-x32\...\{F868C16D-75F8-4EE8-BCBF-422D0833415D}_is1) (Version: 2.3 - Jon Galloway)

Outlook Duplicates Remover 5.0 (HKLM-x32\...\Outlook Duplicates Remover 5.0) (Version: - )

PC Connectivity Solution (HKLM-x32\...\{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}) (Version: 8.47.7.0 - Nokia)

PCI SoftV92 Modem (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: 7.80.5.0 - Conexant Systems)

PhoneTray Pro (HKLM-x32\...\PhoneTrayPro) (Version: - Traysoft Inc.)

PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)

Presto! PageManager 6.02 (HKLM-x32\...\{5BE42A03-E7B8-42A9-B1BB-FC48B03D58B8}) (Version: - )

ProMash (HKLM-x32\...\{491EAC1A-8ECB-45D5-97D1-0583D5676914}) (Version: 1.8.a - Sausalito Brewing Co.)

QuickTime Alternative 3.2.2 (HKLM-x32\...\QuicktimeAlt_is1) (Version: 3.2.2 - )

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7634 - Realtek Semiconductor Corp.)

Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version: - )

SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)

SDK Debuggers (x32 Version: 8.59.29746 - Microsoft Corporation) Hidden

SeaTools for Windows (HKLM-x32\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.6 - Seagate Technology)

SecurDisc Viewer (HKLM-x32\...\{80CCA55B-FCA8-47E2-9BFE-A24CDEE51033}) (Version: 1.4.4 - Nero AG)

SHIELD Streaming (Version: 5.1.0270 - NVIDIA Corporation) Hidden

SHIELD Wireless Controller Driver (Version: 2.10.2.40 - NVIDIA Corporation) Hidden

Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)

Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)

smartmontools (HKLM-x32\...\smartmontools) (Version: 5.42 2011-10-20 r3458 (sf-win32-5.42-1) - )

SolidWorks 2011 Document Manager API (HKLM-x32\...\{571A894F-DDF5-4B5D-A9D4-9B7189B0BF13}) (Version: 19.00.5019 - SolidWorks Corporation)

SolidWorks eDrawings 2011 x64 (HKLM\...\{200A0AE7-34A9-474E-B023-6D49BFEFE801}) (Version: 11.3.124 - Dassault Systèmes SolidWorks Corp.)

Sound Blaster Cinema (HKLM-x32\...\{8801CA65-921A-4CCC-9D63-879D1D0BAA97}) (Version: 1.00.05 - Creative Technology Limited)

Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)

Spybot - Search & Destroy 2 (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.0.7 - Safer-Networking Ltd.)

Stardock ModernMix (HKLM-x32\...\Stardock ModernMix) (Version: 1.21 - Stardock Software, Inc.)

Stardock Start10 (HKLM-x32\...\Stardock Start10) (Version: 1.08 - Stardock Software, Inc.)

Symantec Technical Support Web Controls (HKLM-x32\...\{20C53FA2-4307-4671-A93F-9463B29DFCF1}) (Version: 3.5.3 - Symantec Corporation)

SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)

System Requirements Lab (HKLM-x32\...\SystemRequirementsLab) (Version: - )

System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)

TomTom HOME (HKLM-x32\...\{0E09BE17-EDEA-42CA-8974-42A587F51510}) (Version: 2.9.8 - TomTom)

TomTom HOME (HKLM-x32\...\{5DCB2EB3-87AD-426E-8D74-8B92C9D731C4}) (Version: 2.9.8 - TomTom)

TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - TomTom)

TomTom HOME (HKLM-x32\...\{BB05590A-6602-43F3-A400-77EA0976BC0A}) (Version: 2.9.8 - TomTom)

TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)

TomTomHeavenXplorer (HKU\S-1-5-21-2422629387-1192540806-1023300286-1001\...\dda546d3bf1d50ff) (Version: 1.0.0.55 - TomTomHeaven)

TP-LINK USB Printer Controller (HKLM-x32\...\{7C3B2884-0F53-4FBD-AB2A-192BD4FB01A1}) (Version: 1.14.0613 - TP-LINK)

TravelScan 464 (HKLM-x32\...\{60843C2A-5DDF-4775-9D75-28A29E05FC76}) (Version: 2.01.0004 - Syscan)

Travelscan 464 (HKLM-x32\...\{993A77AE-8369-417C-AEE2-E9A346C64956}) (Version: 2.00.0000 - Syscan)

Trend Micro SafeSync (HKLM\...\HFRS_is1) (Version: 5.1.0.1358 - Trend Micro)

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)

VCRedistSetup (x32 Version: 1.0.0 - Nero AG) Hidden

VGA Boost (HKLM-x32\...\{809ACFAE-9A4D-4C60-9223-D8B615CD8CBA}}_is1) (Version: 1.0.0.7 - MSI)

Visioneer Pro OCR 100 (HKLM-x32\...\Visioneer Pro OCR 100) (Version: - )

Vista Caller-ID (HKLM-x32\...\{08F63326-636E-4C3E-9F4D-747912C04224}) (Version: 1.0.85 - Kentdome)

Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)

Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)

Visual Studio C++ 9.0 Runtime (HKLM-x32\...\{08C7A49D-2B12-46F6-8B41-26D3B0D1C01F}) (Version: 1.0.0 - TomTom International B.V.)

VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)

VMLite Workstation (HKLM\...\{197F2BEF-2705-406E-8CEB-8E404FFFE414}) (Version: 3.2.6 - VMLite)

WebM Media Foundation Components (HKLM-x32\...\webmmf) (Version: 1.0.1.2 - WebM Project)

Win7codecs (HKLM-x32\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 2.8.1 - Shark007)

WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.1 - Sysprogs)

Windows 7 Games for Windows 8 and 10 (HKLM-x32\...\MicrosoftGamesForWin8) (Version: 1.1.0.10 - )

Windows Desktop Gadgets (HKLM\...\Windows Desktop Gadgets_is1) (Version: 2.0 - hxxp://gadgetsrevived.com)

Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)

Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)

Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) (HKLM\...\FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D) (Version: 08/22/2008 7.0.0.0 - Nokia)

Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)

Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)

Windows Mobile Device Center Driver Update (HKLM\...\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}) (Version: 6.1.6965.0 - Microsoft Corporation)

Windows Software Development Kit (HKLM-x32\...\{363a2c1e-637f-45ce-933b-5a5463efd945}) (Version: 8.59.29750 - Microsoft Corporation)

Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)

Xiph QuickTime Components (HKLM-x32\...\XiphQT) (Version: - )

Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)

Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2422629387-1192540806-1023300286-1001_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> no filepath

CustomCLSID: HKU\S-1-5-21-2422629387-1192540806-1023300286-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> no filepath

CustomCLSID: HKU\S-1-5-21-2422629387-1192540806-1023300286-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Bill Pierce\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {001AEA64-6577-4154-8383-582C3BAFF115} - System32\Tasks\NUSchedule => C:\Program Files (x86)\Symantec\Norton Utilities 16\nu.exe [2015-08-14] (Symantec)

Task: {0262913C-E2D5-48BD-A6F1-AD2D20F36B66} - System32\Tasks\{52705735-45C3-465C-A9E9-838A335E36D5} => pcalua.exe -a "C:\Program Files (x86)\NVIDIA Corporation\NVidia Demos\Adrianne\bin\NVDemoSetup.exe" -d "C:\Program Files (x86)\NVIDIA Corporation\NVidia Demos\Adrianne\bin"

Task: {033CB9DB-FFC3-400A-8F56-3CC370D467A3} - System32\Tasks\{559FBC8A-2500-4990-A579-D11EBDAFA1D6} => pcalua.exe -a "C:\Users\Bill Pierce\Downloads\ip4200_ug_win_us_110.EXE" -d "C:\Users\Bill Pierce\Desktop"

Task: {03D3A1FB-C835-44E1-A6F1-35F6AC37A283} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)

Task: {048EEE7B-F451-4908-864B-10471307CB33} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\WINDOWS\system32\MRT.exe [2016-03-08] (Microsoft Corporation)

Task: {08304B64-6F67-4710-BD90-DC5CFE7FE251} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe

Task: {09A2D47F-143C-4336-96A3-349070D24F00} - System32\Tasks\{3F61827E-3E30-434E-9A5A-92E564B67977} => pcalua.exe -a "C:\Users\Bill Pierce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WCW48ZSP\195.81_desktop_win7_winvista_32bit_english_beta[2].exe" -d "C:\Users\Bill Pierce\Desktop"

Task: {09B8A98E-4E60-40DD-ACE6-82B36A6E5186} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\WSCStub.exe [2016-02-26] (Symantec Corporation)

Task: {0AF3C04C-A378-42AB-9919-B9B650AC3B7B} - System32\Tasks\{EC2449BD-1D10-44A2-BF0E-E6CA3F2E20D5} => pcalua.exe -a "C:\Users\Bill Pierce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QNO3UCI0\MouseKeyboardCenter_64bit_ENG_2.2.173.exe" -d "C:\Users\Bill Pierce\Desktop"

Task: {0BE1AF3E-4B71-44AB-9352-C5E4FAE0EBD5} - System32\Tasks\SpeedDiskSchedule => C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\ScheduledDefrag.exe [2012-09-29] ()

Task: {0F125446-098F-4DF5-B7C2-975232AACE29} - System32\Tasks\{8B819B5F-817A-43A4-BEE5-F32E5DDB3E1F} => pcalua.exe -a "C:\Users\Bill Pierce\AppData\Local\Temp\Temp1_usr_1091.zip\usr_1091.exe"

Task: {0F2EAF49-C8AF-4C34-8425-AF90215B1743} - System32\Tasks\{722A8DCD-4F9A-436C-A38D-C60A7E21E715} => pcalua.exe -a D:\Vision\ProOcr\disk1\SETUP.EXE -d D:\Vision\ProOcr\disk1

Task: {121710F0-A6DC-45D6-A8CB-3F0E49B0780D} - System32\Tasks\{99E02DFE-AB3C-433C-9A21-C5478CC9EA1B} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.0.59.126/en/go/help.faq.installer?LastError=2

Task: {14E9AABE-B7BB-4351-8965-74D75B3F3BC7} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> No File <==== ATTENTION

Task: {15156DA7-9894-425D-91B0-C63EE5FB3098} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe

Task: {1522C444-0F53-4477-AE1F-C3A330DB8AA3} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe

Task: {1A3A7598-CECF-42FE-A391-494E679AE84A} - System32\Tasks\{85D6C398-880E-46AA-8865-29AE6A9AAB12} => pcalua.exe -a "C:\Program Files\SAMSUNG\SYMBIAN USB Download Driver\Uninstall64.exe"

Task: {1B0D4A51-16F8-4257-BE25-9AEF3D6CD87E} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-01-28] ()

Task: {1EC9E311-E9C2-441D-A2A9-C5FA3406AB76} - System32\Tasks\{925F4877-50AA-4C16-BB11-8FDEB1BC13D5} => pcalua.exe -a "C:\Users\Bill Pierce\Desktop\Samsung_NPS_IJ4_2\PC Studio\New PC Studio 1.4.0.IJ4_2.exe" -d "C:\Users\Bill Pierce\Desktop\Samsung_NPS_IJ4_2\PC Studio"

Task: {21CD16D0-6E3F-4C3D-A4D5-8C2FCA8BB305} - System32\Tasks\{55C5439E-22A8-43EE-98ED-608E90607E83} => pcalua.exe -a "C:\Users\Bill Pierce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UTHJBE2Y\RapportSetup.exe" -d "C:\Users\Bill Pierce\Desktop"

Task: {21DF9F9C-5A11-40FA-A143-14A37B884860} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-02-28] (Microsoft Corporation)

Task: {23DE4BF8-AA9F-468A-8B6D-8E76F4F7443A} - System32\Tasks\{B8F41E86-FA35-4B20-8641-AD0113A7B6ED} => pcalua.exe -a "C:\Users\Bill Pierce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0W3IZDZD\jre-6u21-windows-i586-iftw-rv[1].exe" -d "C:\Users\Bill Pierce\Desktop"

Task: {253070C5-4D80-4AFD-9A3E-B14CA3D5B48C} - System32\Tasks\{E4E3C965-15E4-400A-9471-BD27BAD08D16} => pcalua.exe -a D:\PC\PageManager\SETUP.EXE -d D:\PC\PageManager

Task: {2765A58A-693B-4421-B6F7-4A23088399ED} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe

Task: {2B298829-D361-415A-A487-CACA17206E05} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe

Task: {2C133B8F-B7BD-435C-B7C8-DD1A49191733} - System32\Tasks\{9A1A3A8A-9C95-484A-BF10-D5DE70BEEDD0} => pcalua.exe -a "C:\Users\Bill Pierce\Desktop\ttgo510-710.clear_flash.exe" -d "C:\Users\Bill Pierce\Desktop"

Task: {2F0396E5-1404-4975-9BFC-A171DC0A4FA3} - System32\Tasks\RtlNetworkGenieVistaStart => C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe [2014-04-23] (Realtek Semiconductor)

Task: {2FD9A600-9C92-4830-9542-3F90254D0E57} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe

Task: {34AC1277-2549-463D-8C72-D4D639C50E77} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)

Task: {366AF46E-DE50-45AF-84AD-5CFC373A5225} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION

Task: {3746DF00-B783-4882-9218-C063F7F31B4D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe

Task: {385F2105-6956-47E5-8ACF-576808D9DDB6} - System32\Tasks\{673FCEC9-C906-419C-A7FE-F917C5A54391} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.0.0.126/en/go/help.faq.installer?source=lightinstaller&LastError=2

Task: {3B45AA27-1F0B-4CC7-BA6B-8690F5200E4A} - System32\Tasks\{B7061DD3-B48C-4EE0-B64A-45275BD38679} => pcalua.exe -a "C:\Users\Bill Pierce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NSD2WKPQ\190.38_desktop_win7_winvista_64bit_english_whql[1].exe" -d "C:\Users\Bill Pierce\Desktop"

Task: {3C439C16-3F70-4C71-B28A-BEA1A6CA910E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION

Task: {3C4B07DB-31DF-4692-B600-1F587BAEED70} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION

Task: {401E2FD6-B9FD-459B-B1B0-E424C8718B4F} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe

Task: {41952914-0C8E-4CF7-A4B9-57B4AFC4072D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)

Task: {42EF8D40-B246-427F-9A9D-17FF484B8601} - System32\Tasks\{601A886E-ED48-47AC-A953-0EE44CEFE50F} => pcalua.exe -a "C:\Users\Bill Pierce\Desktop\197.45_desktop_win7_winvista_64bit_english_whql.exe" -d "C:\Users\Bill Pierce\Desktop"

Task: {4970D0D8-66BC-4F05-9724-6E8515796FBF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-08] (Microsoft Corporation)

Task: {4D15010A-E404-4AF0-B257-5F74CE7CE45F} - System32\Tasks\{B96F3914-91FB-45F5-80DA-CAD3B29B7B9A} => pcalua.exe -a "C:\Users\Bill Pierce\AppData\Local\Temp\Temp3_Samsung_NPS_IJ4_2.zip\Install.exe"

Task: {4D997ED9-F497-428D-A51F-20F6281BD896} - System32\Tasks\{CD9CC6C6-EECB-4B53-B03B-A88A9FE4D5C4} => pcalua.exe -a "C:\Program Files (x86)\QuickTime Alternative\QTSystem\quicktime.cpl"

Task: {4FB271F1-F55B-4543-949B-B232072FFE1D} - System32\Tasks\Norton Security\Norton Autofix => C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation)

Task: {508546A3-0321-40E2-95BD-5D1DCA9996CB} - System32\Tasks\{F51332D8-0A84-4473-B9DA-294F0E951D8D} => pcalua.exe -a "C:\Users\Bill Pierce\Desktop\irfanview_plugins_427_setup.exe" -d "C:\Users\Bill Pierce\Desktop"

Task: {50CC649B-8991-4F1F-A909-8D8126AC2159} - System32\Tasks\NUAutoUpdate => C:\Program Files (x86)\Symantec\Norton Utilities 16\SULauncher.exe [2015-08-14] (Symantec)

Task: {5189BFAD-6CF2-4B6C-BCC7-DE0DB629AC6A} - System32\Tasks\{B6819DEC-8F43-4204-8D2D-4004204CD20F} => pcalua.exe -a "C:\Users\Bill Pierce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IH3KK9L3\5.05.47.00_ntune_winxp_international[1].exe" -d "C:\Users\Bill Pierce\Desktop"

Task: {546F8B3F-7CBC-4F22-A4EC-E630BBA91E88} - System32\Tasks\Microsoft_Hardware_Launch_rundll32_exe => Rundll32.exe url.dll,OpenURL hxxp://go.microsoft.com/fwlink/?LinkId=116866

Task: {576448D2-1746-450E-A477-3065F98D70AE} - System32\Tasks\{2328726C-00B8-4AFB-95D9-B373F6BF2592} => pcalua.exe -a "C:\Users\Bill Pierce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W2AAJ2SI\15.25_nforce_winvista64_international_whql[1].exe" -d "C:\Users\Bill Pierce\Desktop"

Task: {57B92CF9-9535-4B01-933B-32DDE3772DB4} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION

Task: {57F12FDD-8AAD-4B10-AE95-92C5EB322607} - System32\Tasks\{2D76B571-87D1-4189-8950-4A0DB9E8AE83} => pcalua.exe -a E:\Setup.exe -d E:\

Task: {5D35EE07-B37D-4D96-8540-384D7C911166} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe

Task: {5D5B3726-5D17-4A86-8485-EFD95644FBE3} - System32\Tasks\{1522B97A-7AFB-4E52-BC3E-B2D53B1A058B} => pcalua.exe -a "F:\Photo Impression 3\Setup.exe" -d "F:\Photo Impression 3"

Task: {5FF456F1-6699-4F38-B5FB-114F1F18F427} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)

Task: {60AE47AF-7EDF-4926-B3DE-7247C29AB170} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe

Task: {622C0564-4221-40F9-819F-203E7176704A} - System32\Tasks\{7CCBAD76-A320-423C-9624-84B2594BADEA} => pcalua.exe -a "C:\Users\Bill Pierce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WCW48ZSP\ogg[1].exe" -d "C:\Users\Bill Pierce\Desktop"

Task: {62FCF1DA-1740-4C7C-B5D9-74BDF3B8C4BD} - System32\Tasks\{A37C957F-2DA0-4674-93AC-042AC1011B5C} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.0.59.126/en/go/help.faq.installer?LastError=2

Task: {6435FA0C-0DD2-48A6-8F71-453CC82CE604} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe

Task: {6450C84F-D400-4D78-B2F4-EE59AC009F90} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe

Task: {6550BB19-D5B4-4D1C-95F4-50638911A5E1} - System32\Tasks\{6BBC2489-F6BA-49F1-8589-9FE43DBE816F} => pcalua.exe -a "C:\Users\Bill Pierce\Desktop\Samsung_NPS_IJ4_2\Install.exe" -d "C:\Users\Bill Pierce\Desktop\Samsung_NPS_IJ4_2"

Task: {66866968-EC86-4FB0-82CC-26584843202E} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)

Task: {672C0EFF-5231-4B22-9547-C3B9FBF7A16B} - System32\Tasks\{2076E5D0-40B1-47E9-9BF0-92D993376E48} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.0.59.126/en/go/help.faq.installer?LastError=2

Task: {6EFA9CCA-9094-4CA1-976B-B33D0D79E421} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION

Task: {6F3E1CC7-EADB-449A-9CEA-B7CC6E3E92E4} - System32\Tasks\{1D0115F3-7EB5-4628-87F5-0FB1E32A8124} => pcalua.exe -a "C:\Users\Bill Pierce\Desktop\iview427_setup.exe" -d "C:\Users\Bill Pierce\Desktop"

Task: {70B50B79-AA1C-4B16-8FF7-23F042C996BB} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)

Task: {726F7F4C-A427-454F-B8F2-B2CC90CC7CC5} - System32\Tasks\{ACA24D27-A509-4B6E-B4C8-F924B0E020CB} => pcalua.exe -a "C:\Users\Bill Pierce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WMF164DW\oggcodecs_0.81.15562-x64[1].exe" -d "C:\Users\Bill Pierce\Desktop"

Task: {746943C7-3F5A-4762-B1F2-B948979D33B9} - System32\Tasks\{AD25BAE5-5BF3-44F2-93F9-DD14EA5BA378} => pcalua.exe -a "C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.cpl" -c QuickTime

Task: {794302E1-EB7B-4F67-8458-583097B930D0} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-02-28] (Microsoft Corporation)

Task: {794820E1-5E98-4F92-AE1E-8EAA1063E64A} - System32\Tasks\{9AA7D089-7A1E-499B-8908-1554FB42BD78} => pcalua.exe -a "C:\Users\Bill Pierce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5EGT0GXC\AdobeAIRInstaller[1].exe" -d "C:\Users\Bill Pierce\Desktop"

Task: {7F571ACC-FE6D-48B0-B48F-BF41C388D7C2} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2013-10-02] (Microsoft Corporation)

Task: {7F6D1360-36B9-41C2-A753-11132E2EB8E7} - System32\Tasks\{6357106F-E86E-4551-888E-D296629E7AD9} => pcalua.exe -a "C:\Users\Bill Pierce\Desktop\20071214121912578_PCStudioII10_GG1.exe" -d "C:\Users\Bill Pierce\Desktop"

Task: {7FE3F9D8-6A1F-42FE-A0F3-8EBC011E8BC4} - System32\Tasks\{4C40EB50-C540-4449-96F7-A1C0985134E2} => pcalua.exe -a "C:\Users\Bill Pierce\Desktop\befsr41v2_SetupWiz_2.exe" -d "C:\Users\Bill Pierce\Desktop"

Task: {8128D2AD-E262-40DF-81C4-48EBDB1F0D6E} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe

Task: {82A83C02-F7E2-4BA6-A85E-F5C155CBD6BB} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe

Task: {8326F4E0-7F73-4508-BB12-8152365233D0} - System32\Tasks\USER_ESRV_SVC_WILLAMETTE => Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs"

Task: {8554BBF5-936F-4D51-8886-10AD0A2D9E4F} - System32\Tasks\{8E8C7A9B-28C2-469C-B99E-9D13992D3CE5} => pcalua.exe -a "C:\Users\Bill Pierce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5EGT0GXC\StrobePro.303110.EN[1].exe" -d "C:\Users\Bill Pierce\Desktop"

Task: {8924F21B-39CC-496E-996C-2C40C03D4427} - System32\Tasks\{5064A034-C19B-470A-BF97-52F41E3EF2CD} => pcalua.exe -a "C:\Program Files\SAMSUNG\SAMSUNG Mobile USB Modem\SSM_Uninstall.exe"

Task: {89E108A6-745C-45D5-BF6D-BB6E08AB22EC} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)

Task: {8BE04E13-EF55-40AE-A168-91987050E623} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION

Task: {92ADB579-3056-491D-804A-EE0B1A0FC498} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation)

Task: {9B8B2CBE-12FF-40A3-A77D-BFC545BDC9DA} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)

Task: {9C79680C-F13B-44EC-9DC9-154E6502147C} - \CCleanerSkipUAC -> No File <==== ATTENTION

Task: {9CC925C7-4932-407B-AA43-146E26743750} - System32\Tasks\{C190FB0B-DB3E-44F6-8649-56A5963C2B38} => pcalua.exe -a "C:\Users\Bill Pierce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SGNYNGC9\DOSBox0.73-win32-installer[1].exe" -d "C:\Users\Bill Pierce\Desktop"

Task: {9CD34859-FA68-445E-A34F-7DD54E8A0032} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION

Task: {A15A69D4-2D90-4E3D-82A8-78AAEDD74F24} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-03-12] (Microsoft Corporation)

Task: {A60C5F2C-E297-4862-9362-E8E4E476CBB5} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2016-02-26] (Symantec Corporation)

Task: {A7AF381C-46E4-44F8-BC03-2ECB81547784} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe

Task: {A7CE56DF-D274-4DF5-A0FA-056C3AF5EA68} - System32\Tasks\{DBAEC886-D4B6-4EE9-8173-208B808B650B} => pcalua.exe -a "C:\Users\Bill Pierce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JJT8RNTO\196.34_desktop_win7_winvista_64bit_english_beta[1].exe" -d "C:\Users\Bill Pierce\Desktop"

Task: {AA04121B-EA96-43F5-ADAC-1C3FB51B92A0} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe

Task: {AF59BBCA-09EB-4B31-A980-B4CD899B408F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION

Task: {B253CAC5-1C56-4E6D-851D-78F5BCB70FD0} - System32\Tasks\{3E99A261-2581-48C4-A590-F43E9B5E2E19} => pcalua.exe -a "C:\Users\Bill Pierce\Desktop\English\setup.exe" -d "C:\Users\Bill Pierce\Desktop\English"

Task: {B60E932F-C78E-4202-9B28-3B0ADC2DBE2C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)

Task: {B955E3CE-7703-4FDA-A929-DA8934337BC1} - System32\Tasks\{F6B21D2B-64F6-4C32-9274-CF99C90CF777} => pcalua.exe -a "C:\Users\Bill Pierce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JJT8RNTO\196.34_desktop_win7_winvista_32bit_english_beta[1].exe" -d "C:\Users\Bill Pierce\Desktop"

Task: {BE1D0C9B-91BF-47F1-9500-4C5069618705} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe

Task: {C0B55D54-EE96-4FA1-86D3-D9E137E876D7} - System32\Tasks\{4D435EF2-D173-4941-9489-97612D7FA77E} => pcalua.exe -a "C:\Users\Bill Pierce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TUDLEPF2\ttgo510-710.clear_flash[1].exe" -d "C:\Users\Bill Pierce\Desktop"

Task: {C460F395-FE25-465D-88FB-D84CEA97EDF9} - System32\Tasks\{90D5C0A6-FCED-4E73-955A-83053C6860F5} => pcalua.exe -a "C:\Users\Bill Pierce\Desktop\hdaudio_1.00.00.59_xp_vista_win7.exe" -d "C:\Users\Bill Pierce\Desktop"

Task: {C4642180-BB7D-4E23-9D6E-4177CE1C3324} - System32\Tasks\{8170DE13-857B-40D9-B95C-BA357B417F82} => C:\Program Files (x86)\NewSoft\Presto! PageManager 6\prestopm.exe [2003-01-29] (NewSoft Technology Corporation)

Task: {C7CD62F5-475A-4A01-86B3-D052FAD2A35E} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe

Task: {C9184FC5-D399-4D5C-8AB5-59E60903AD47} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION

Task: {CABF17E7-6408-4186-BB3B-D1171E944A95} - System32\Tasks\{2C222F8B-8655-4596-BC43-9E00CA27605A} => pcalua.exe -a "C:\Users\Bill Pierce\Desktop\ttgo510-710.clear_flash\setup.exe" -d "C:\Users\Bill Pierce\Desktop\ttgo510-710.clear_flash"

Task: {CB181110-2D5A-4D9A-B576-F1720A38727B} - System32\Tasks\{22A0722E-C7B8-44D0-85C1-5B583665CFA3} => pcalua.exe -a C:\NVIDIA\HDAudioWHQLDriver\1.00.00.59\International\setup.exe -d C:\NVIDIA\HDAudioWHQLDriver\1.00.00.59\International

Task: {CE1F70EE-617A-4F4D-8890-BA1A8145BF21} - System32\Tasks\{06C4C5B1-E542-4491-9095-DA347EBE0E63} => pcalua.exe -a "C:\Users\Bill Pierce\Desktop\Samsung_NPS_IJ4_2\USB Driver\Samsung_USB_Driver_Installer.exe" -d "C:\Users\Bill Pierce\Desktop\Samsung_NPS_IJ4_2\USB Driver"

Task: {D171B41B-AF87-423D-89A6-FFFD21155C18} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe

Task: {D263F2C5-5D17-4F2A-96C9-6E78C7BDA7D3} - System32\Tasks\{5161C6E5-8716-470C-A7BA-A53536A77D00} => pcalua.exe -a "C:\Users\Bill Pierce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJAT2NKK\3DMark_Vantage_v101_hotfix_installer[1].exe" -d "C:\Users\Bill Pierce\Desktop"

Task: {D29FD88D-FC6A-4C4B-9E2F-F2F989091DFD} - System32\Tasks\{11BD38B9-952A-4A3D-82E7-02177D8C6368} => pcalua.exe -a "C:\Users\Bill Pierce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2LFCEMSW\install_flash_player_ax[1].exe" -d "C:\Users\Bill Pierce\Desktop"

Task: {D4659594-5823-4E9F-83F7-1D9E932FD353} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe

Task: {D4D26160-D3CF-49C8-BDE6-E2E0BCF4E9AC} - System32\Tasks\{F9A6D05F-0CA8-4A70-A6C5-CEF5DCCC0517} => pcalua.exe -a "C:\Users\Bill Pierce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95H8SCN6\jre-6u31-windows-i586-iftw.exe" -d "C:\Users\Bill Pierce\Desktop"

Task: {DBF716AE-4A62-43CC-A019-D1DB978298C5} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [2015-05-05] (Intel Corporation)

Task: {DE5C7AD8-72B4-4DC3-A086-644C72C9BD14} - System32\Tasks\{92A20A3C-BB16-48F7-87B1-8C3AD640E668} => pcalua.exe -a "C:\Users\Bill Pierce\AppData\Local\Temp\Temp1_Samsung_NPS_IJ4_2.zip\Install.exe"

Task: {DF4443C4-A5E9-4DE7-88E7-1362FE101C31} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation)

Task: {E1D1C1A8-561F-4318-AFB1-0CA7FC85ADB2} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-03] (Dropbox, Inc.)

Task: {E2E2795C-FE1C-4BF7-80BE-4889550BA8F8} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-03] (Dropbox, Inc.)

Task: {E62EC0A3-0B80-4B88-8A52-20D4253752F2} - System32\Tasks\{B0244296-106F-4D0B-A9DC-1BDF2A003F1A} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.0.59.126/en/go/help.faq.installer?LastError=2

Task: {E832B1ED-8E03-463D-A84B-746ED13ABA6A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION

Task: {E960A7B4-EDEA-4965-94E1-0D3979D8A140} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe

Task: {EBB3019A-60C5-4A5F-B593-07E9A1FFF5FA} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe

Task: {EE98AAA2-8CC0-4910-8F53-40F20F5480BE} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe

Task: {EEF04CF7-A720-436E-B75D-0040F07C7F0A} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe

Task: {EEFF69B9-FD2F-41A9-A5A9-9DF857FAA6B5} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION

Task: {F9ABE033-D018-49A6-86BD-7EC2D153119C} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\NUAutoUpdate.job => C:\Program Files (x86)\Symantec\Norton Utilities 16\SULauncher.exe

Task: C:\WINDOWS\Tasks\NUSchedule.job => C:\Program Files (x86)\Symantec\Norton Utilities 16\nu.exe

Task: C:\WINDOWS\Tasks\RtlNetworkGenieVistaStart.job => C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe

Task: C:\WINDOWS\Tasks\SpeedDiskSchedule.job => C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\ScheduledDefrag.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll

2016-02-28 16:02 - 2015-10-13 13:26 - 00125616 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2013-02-01 07:36 - 2012-12-06 14:52 - 00136704 _____ () C:\WINDOWS\System32\ZLHP2600.DLL

2015-05-15 16:26 - 2015-05-15 16:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2016-02-25 14:30 - 2016-02-17 02:56 - 01416064 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll

2016-02-25 14:30 - 2016-02-17 02:56 - 00299392 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll

2016-02-25 14:30 - 2016-02-17 02:56 - 03613056 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll

2010-08-11 15:18 - 2010-08-11 15:18 - 00202344 _____ () C:\Program Files\VMLite\VMLite Workstation\VBoxDDU.dll

2010-08-11 15:18 - 2010-08-11 15:18 - 02725480 _____ () C:\Program Files\VMLite\VMLite Workstation\VBoxRT.dll

2009-03-26 23:03 - 2009-03-26 23:03 - 01289728 _____ () C:\Program Files\VMLite\VMLite Workstation\LIBEAY32.dll

2016-03-01 15:26 - 2016-02-23 07:27 - 02654872 _____ () C:\WINDOWS\system32\CoreUIComponents.dll

2016-03-01 15:26 - 2016-02-23 07:27 - 02654872 _____ () C:\WINDOWS\System32\CoreUIComponents.dll

2016-03-12 11:45 - 2016-03-12 11:45 - 08914120 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll

2016-01-22 05:04 - 2016-01-22 05:04 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe

2016-02-28 18:46 - 2016-02-28 18:46 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll

2016-03-01 15:26 - 2016-02-23 04:36 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll

2016-02-28 18:46 - 2016-02-28 18:46 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll

2016-02-28 18:46 - 2016-02-28 18:46 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll

2016-02-28 18:46 - 2016-02-28 18:46 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll

2016-02-28 18:46 - 2016-02-28 18:46 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll

2014-05-15 11:14 - 2012-11-01 11:23 - 00089600 _____ () C:\Windows\SYSTEM32\CmdRtr64.DLL

2014-05-15 11:14 - 2012-11-01 11:21 - 00325120 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL

2016-03-12 11:41 - 2016-02-28 03:20 - 00173248 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll

2013-10-22 20:30 - 2013-10-22 20:30 - 00661008 _____ () C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe

2010-08-11 15:18 - 2010-08-11 15:18 - 01359976 _____ () C:\Program Files\VMLite\VMLite Workstation\VBoxVMM.dll

2009-11-29 18:13 - 2009-11-29 18:13 - 11164160 _____ () C:\Program Files\VMLite\VMLite Workstation\QtGui4.dll

2009-11-29 17:56 - 2009-11-29 17:56 - 01030656 _____ () C:\Program Files\VMLite\VMLite Workstation\QtNetwork4.dll

2009-11-29 18:25 - 2009-11-29 18:25 - 00543232 _____ () C:\Program Files\VMLite\VMLite Workstation\QtOpenGL4.dll

2010-08-11 15:18 - 2010-08-11 15:18 - 00048744 _____ () C:\Program Files\VMLite\VMLite Workstation\VBoxREM.dll

2009-11-29 17:55 - 2009-11-29 17:55 - 03116032 _____ () C:\Program Files\VMLite\VMLite Workstation\QtCore4.dll

2016-03-04 01:51 - 2016-03-04 01:51 - 00016384 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.302.8200.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

2016-03-04 01:51 - 2016-03-04 01:51 - 16062976 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.302.8200.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll

2016-03-04 01:51 - 2016-03-04 01:51 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.302.8200.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll

2016-02-08 01:11 - 2005-07-18 14:43 - 00160256 _____ () C:\Program Files (x86)\MSI\Live Update\unrar.dll

2016-01-22 05:04 - 2016-01-22 05:04 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll

2016-01-22 05:04 - 2016-01-22 05:04 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll

2015-03-30 17:33 - 2016-02-17 03:02 - 00020352 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll

2015-10-30 03:17 - 2015-10-30 03:17 - 01021792 _____ () C:\Windows\SYSTEM32\speech\engines\tts\MSTTSEngine.dll

2015-10-30 03:17 - 2015-10-30 03:17 - 00528384 _____ () C:\Windows\SYSTEM32\speech\engines\tts\MSTTSLoc.DLL

2016-02-17 17:04 - 2016-01-12 14:44 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd

2016-02-17 17:04 - 2016-01-12 14:45 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd

2016-02-17 17:04 - 2016-01-12 14:44 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll

2016-02-17 17:04 - 2016-01-12 14:44 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd

2016-02-17 17:04 - 2016-01-12 14:44 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd

2016-02-17 17:04 - 2016-02-16 14:39 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd

2016-02-17 17:04 - 2016-01-12 14:46 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd

2016-02-17 17:04 - 2016-01-12 14:44 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll

2016-02-17 17:04 - 2016-02-16 14:39 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd

2016-02-17 17:04 - 2016-01-12 14:44 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd

2016-02-17 17:04 - 2016-02-16 14:38 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd

2016-02-17 17:04 - 2016-01-12 14:45 - 00112592 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd

2016-02-17 17:04 - 2016-02-16 14:38 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd

2016-02-17 17:04 - 2016-02-16 14:38 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd

2016-02-17 17:04 - 2016-02-16 14:39 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_python_x66cf7a7cx17a72769.pyd

2016-02-17 17:04 - 2016-02-16 14:39 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd

2016-02-17 17:04 - 2016-02-16 14:39 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd

2016-02-17 17:04 - 2016-01-12 14:46 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd

2016-02-17 17:04 - 2016-01-12 14:46 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd

2016-02-17 17:04 - 2016-01-12 14:47 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd

2016-02-17 17:04 - 2016-01-12 14:46 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd

2016-02-17 17:04 - 2016-02-16 14:39 - 00021832 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd

2016-02-17 17:04 - 2016-01-12 14:46 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd

2016-02-17 17:04 - 2016-01-12 14:46 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd

2016-02-17 17:04 - 2016-01-12 14:47 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd

2016-02-17 17:04 - 2016-01-12 14:47 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd

2016-02-17 17:04 - 2016-01-12 14:47 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd

2016-02-17 17:04 - 2016-01-12 14:47 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd

2016-02-17 17:04 - 2016-02-16 14:39 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd

2016-02-17 17:04 - 2016-01-12 14:46 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd

2016-02-17 17:04 - 2016-01-12 14:47 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd

2016-02-17 17:04 - 2016-02-16 14:38 - 00117056 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd

2016-02-17 17:04 - 2016-02-16 14:39 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd

2016-02-17 17:04 - 2016-01-12 14:47 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll

2016-02-17 17:04 - 2016-02-16 14:39 - 00031568 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd

2016-02-17 17:04 - 2015-11-04 20:04 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll

2016-02-17 17:04 - 2016-02-16 14:39 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd

2016-02-17 17:04 - 2016-01-12 14:44 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd

2016-02-17 17:04 - 2016-01-12 14:44 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd

2016-02-17 17:04 - 2016-01-12 14:45 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd

2016-02-17 17:04 - 2016-02-16 14:39 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd

2016-02-17 17:04 - 2016-02-16 14:39 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd

2016-02-17 17:04 - 2016-02-16 14:39 - 00021824 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32._winffi_kernel32.pyd

2016-02-17 17:04 - 2016-02-16 14:39 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd

2016-02-17 17:04 - 2016-02-16 14:39 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd

2016-02-17 17:04 - 2016-02-16 14:38 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd

2016-02-17 17:04 - 2016-01-12 14:47 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd

2016-02-17 17:04 - 2016-02-16 14:39 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd

2016-02-17 17:04 - 2016-02-16 14:39 - 00084792 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL

2016-02-17 17:04 - 2016-02-16 14:39 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd

2016-02-17 17:04 - 2016-01-12 14:45 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd

2016-02-17 17:04 - 2016-02-16 14:39 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd

2016-02-17 17:04 - 2016-02-16 14:39 - 01971504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd

2016-02-17 17:04 - 2016-02-16 14:39 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd

2016-02-17 17:04 - 2016-02-16 14:39 - 00132912 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd

2016-02-17 17:04 - 2016-02-16 14:39 - 00223544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd

2016-02-17 17:04 - 2016-02-16 14:39 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd

2016-02-17 17:04 - 2016-02-16 14:39 - 00158008 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd

2016-02-17 17:04 - 2016-02-16 14:39 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd

2016-02-17 17:04 - 2016-01-12 14:49 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll

2016-02-17 17:04 - 2016-01-12 14:49 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll

2016-02-17 17:04 - 2016-02-16 14:39 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd

2016-02-17 17:04 - 2016-02-16 14:39 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd

2016-02-17 17:04 - 2016-02-16 14:39 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd

2016-02-17 17:04 - 2016-01-12 14:52 - 00697304 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll

2014-05-15 11:16 - 2013-09-16 15:20 - 01242584 ____R () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

2015-10-02 12:58 - 2014-04-21 15:09 - 00150528 _____ () C:\Program Files (x86)\MSI\NetworkGenie\gep.dll

2009-02-26 18:18 - 2009-02-26 18:18 - 00099160 _____ () C:\Program Files (x86)\Microsoft Office\Office12\cpaoaddin.dll

2016-03-12 11:46 - 2016-03-12 11:48 - 00464584 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\msfad.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:792D4CF1 [340]

AlternateDataStreams: C:\ProgramData\TEMP:D287FACF [137]

AlternateDataStreams: C:\ProgramData\TEMP:D3A96964 [184]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-2422629387-1192540806-1023300286-1001\Software\Classes\.exe: => <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2422629387-1192540806-1023300286-1001\...\ets.org -> hxxps://ets.org

IE trusted site: HKU\S-1-5-21-2422629387-1192540806-1023300286-1001\...\microsoft.com -> hxxp://office.microsoft.com

IE trusted site: HKU\S-1-5-21-2422629387-1192540806-1023300286-1001\...\time.gov -> hxxp://www.time.gov

IE restricted site: HKU\S-1-5-21-2422629387-1192540806-1023300286-1001\...\007guard.com -> install.007guard.com

IE restricted site: HKU\S-1-5-21-2422629387-1192540806-1023300286-1001\...\008i.com -> 008i.com

IE restricted site: HKU\S-1-5-21-2422629387-1192540806-1023300286-1001\...\008k.com -> www.008k.com

IE restricted site: HKU\S-1-5-21-2422629387-1192540806-1023300286-1001\...\00hq.com -> www.00hq.com

IE restricted site: HKU\S-1-5-21-2422629387-1192540806-1023300286-1001\...\010402.com -> 010402.com

IE restricted site: HKU\S-1-5-21-2422629387-1192540806-1023300286-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com

IE restricted site: HKU\S-1-5-21-2422629387-1192540806-1023300286-1001\...\0scan.com -> www.0scan.com

IE restricted site: HKU\S-1-5-21-2422629387-1192540806-1023300286-1001\...\1-2005-search.com -> www.1-2005-search.com

IE restricted site: HKU\S-1-5-21-2422629387-1192540806-1023300286-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com

IE restricted site: HKU\S-1-5-21-2422629387-1192540806-1023300286-1001\...\1000gratisproben.com -> www.1000gratisproben.com

IE restricted site: HKU\S-1-5-21-2422629387-1192540806-1023300286-1001\...\1001namen.com -> www.1001namen.com

IE restricted site: HKU\S-1-5-21-2422629387-1192540806-1023300286-1001\...\100888290cs.com -> mir.100888290cs.com

IE restricted site: HKU\S-1-5-21-2422629387-1192540806-1023300286-1001\...\100sexlinks.com -> www.100sexlinks.com

IE restricted site: HKU\S-1-5-21-2422629387-1192540806-1023300286-1001\...\10sek.com -> www.10sek.com

IE restricted site: HKU\S-1-5-21-2422629387-1192540806-1023300286-1001\...\12-26.net -> user1.12-26.net

IE restricted site: HKU\S-1-5-21-2422629387-1192540806-1023300286-1001\...\12-27.net -> user1.12-27.net

IE restricted site: HKU\S-1-5-21-2422629387-1192540806-1023300286-1001\...\123fporn.info -> www.123fporn.info

IE restricted site: HKU\S-1-5-21-2422629387-1192540806-1023300286-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com

IE restricted site: HKU\S-1-5-21-2422629387-1192540806-1023300286-1001\...\123moviedownload.com -> www.123moviedownload.com

IE restricted site: HKU\S-1-5-21-2422629387-1192540806-1023300286-1001\...\123simsen.com -> www.123simsen.com

There are 7749 more sites.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-03-11 13:03 - 2016-03-11 13:03 - 00442666 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

127.0.0.1 www.100sexlinks.com

127.0.0.1 100sexlinks.com

127.0.0.1 www.10sek.com

127.0.0.1 10sek.com

127.0.0.1 www.1-2005-search.com

127.0.0.1 1-2005-search.com

127.0.0.1 www.123fporn.info

127.0.0.1 123fporn.info

127.0.0.1 123haustiereundmehr.com

127.0.0.1 www.123haustiereundmehr.com

127.0.0.1 123moviedownload.com

127.0.0.1 www.123moviedownload.com

There are 15200 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2422629387-1192540806-1023300286-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Bill Pierce\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\clou1280.bmp

DNS Servers: 24.226.1.93 - 24.226.1.94

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3

MSCONFIG\Services: DiskDoctorService => 3

MSCONFIG\Services: ForceWare Intelligent Application Manager (IAM) => 2

MSCONFIG\Services: gupdate1c9e5f5de612b20 => 2

MSCONFIG\Services: gupdatem => 3

MSCONFIG\Services: gusvc => 3

MSCONFIG\Services: Lavasoft Ad-Aware Service => 2

MSCONFIG\Services: MsMpSvc => 3

MSCONFIG\Services: nSvcIp => 2

MSCONFIG\Services: nTuneService => 2

MSCONFIG\Services: nvUpdatusService => 2

MSCONFIG\Services: SDScannerService => 3

MSCONFIG\Services: SDUpdateService => 3

MSCONFIG\Services: SDWSCService => 3

MSCONFIG\Services: ServiceLayer => 3

MSCONFIG\Services: SolidWorks Licensing Service => 3

MSCONFIG\Services: SpeedDiskService => 3

MSCONFIG\Services: Stereo Service => 2

MSCONFIG\Services: Symantec RemoteAssist => 3

MSCONFIG\Services: TomTomHOMEService => 2

MSCONFIG\Services: UpdateCenterService => 2

MSCONFIG\Services: Viewpoint Manager Service => 2

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^APC UPS Status.lnk => C:\Windows\pss\APC UPS Status.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Vista Caller-ID.lnk => C:\Windows\pss\Vista Caller-ID.lnkCommon Startup

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: AutoShutdownManager =>

MSCONFIG\startupreg: AutoStartNPSAgent =>

MSCONFIG\startupreg: CallControl 4.7 => "C:\PROGRAM FILES (X86)\FAXTALK COMMUNICATOR\FTCtrl32.exe" /autoload

MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

MSCONFIG\startupreg: Display => C:\Program Files (x86)\APC\APC PowerChute Personal Edition\DataCollectionLauncher.exe

MSCONFIG\startupreg: Google Update =>

MSCONFIG\startupreg: IntelliPoint => "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"

MSCONFIG\startupreg: IntelliType Pro => "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"

MSCONFIG\startupreg: Messenger (Yahoo!) =>

MSCONFIG\startupreg: MSC =>

MSCONFIG\startupreg: NVIDIA nTune => "C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" clear

MSCONFIG\startupreg: NVRaidService => C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe

MSCONFIG\startupreg: PhoneTray =>

MSCONFIG\startupreg: SDTray =>

MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" -s

MSCONFIG\startupreg: Windows Mobile Device Center => %windir%\WindowsMobile\wmdc.exe

HKLM\...\StartupApproved\StartupFolder: => "StartMenu8.lnk"

HKLM\...\StartupApproved\StartupFolder: => "Trend Micro SafeSync.lnk"

HKU\S-1-5-21-2422629387-1192540806-1023300286-1001\...\StartupApproved\Run: => "Akamai NetSession Interface"

HKU\S-1-5-21-2422629387-1192540806-1023300286-1001\...\StartupApproved\Run: => "uTorrent"

HKU\S-1-5-21-2422629387-1192540806-1023300286-1001\...\StartupApproved\Run: => "MyDriveConnect.exe"

HKU\S-1-5-21-2422629387-1192540806-1023300286-1001\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139

FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe

FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe

FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe

FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe

FirewallRules: [ScanManagement-RCWS-Out-TCP] => (Allow) %SystemRoot%\System32\mmc.exe

FirewallRules: [ScanManagement-WSD-Out-TCP] => (Allow) %SystemRoot%\System32\mmc.exe

FirewallRules: [{B3DB72EB-DB71-40C2-B493-B353292B619B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

FirewallRules: [{AB0745EF-81EE-415C-B00E-DEEB67B021E0}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

FirewallRules: [{8EAB7BB3-7F68-46DE-80A0-3A35CB437597}] => (Allow) C:\Users\Bill Pierce\Desktop\PM90123_Trial-76935510.exe

FirewallRules: [{CAD6BBCC-6803-46DA-B32F-03171D7E9217}] => (Allow) C:\Users\Bill Pierce\Desktop\PM90123_Trial-76935510.exe

FirewallRules: [{9EA4A210-BF3D-4748-9FFB-91391240CD2E}] => (Allow) LPort=7437

FirewallRules: [{F4BC8DA4-F619-43F7-8CE6-05D6A96ACBE4}] => (Allow) C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe

FirewallRules: [{D43E979E-A835-42E0-AC43-CB1165574A04}] => (Allow) C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe

FirewallRules: [{654B2015-B3E0-42F0-9655-9879B03FB0AE}] => (Allow) C:\Program Files\iTunes\iTunes.exe

FirewallRules: [{5266EBA8-0FD5-4610-A14B-8ECE838CE829}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{382A8BC6-83E8-40C1-BF06-B250D4093C53}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{B80F918C-F94C-4A6D-A1C1-6B78E84A62C6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe

FirewallRules: [{A2FFCD3D-C4A5-43CD-9384-D2067FD11BDE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe

FirewallRules: [{F73D9F00-4083-4062-AC2F-558AA57FDC03}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe

FirewallRules: [{33BCE462-8300-4B02-A8AA-D051AFD70118}] => (Allow) C:\Windows\SysWOW64\muzapp.exe

FirewallRules: [{3CF57C6F-1559-451E-8CC9-7B91F2E29950}] => (Allow) C:\Windows\SysWOW64\muzapp.exe

FirewallRules: [{8C6579DA-E7BA-4859-8B95-8DC37E8C59C5}] => (Block) C:\users\bill pierce\appdata\local\akamai\netsession_win.exe

FirewallRules: [{E4B49908-A2B9-4DAD-B76E-10C6DD8F4E05}] => (Block) C:\users\bill pierce\appdata\local\akamai\netsession_win.exe

FirewallRules: [UDP Query User{202C275F-76AA-4075-A5E5-8007DCFCEBD3}C:\users\bill pierce\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\bill pierce\appdata\local\akamai\netsession_win.exe

FirewallRules: [TCP Query User{93497D5E-5E8E-4E36-99A4-71F0470C7229}C:\users\bill pierce\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\bill pierce\appdata\local\akamai\netsession_win.exe

FirewallRules: [{E985D496-B2DB-4AA7-8B9C-943DC6C8C379}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

FirewallRules: [{87F28FD5-2FF9-41CB-8E38-5F3E4EB7E57E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

FirewallRules: [{563F91EB-DA16-4544-B956-877D468D9ADA}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

FirewallRules: [{E39EAF92-C7B6-4A25-8095-CCF7B35479EB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

FirewallRules: [{3D43ECC1-ED36-4BEA-A804-3AAA0FA11C29}] => (Allow) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe

FirewallRules: [{924632F0-CFC7-4257-9244-E10D41C0129C}] => (Allow) C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe

FirewallRules: [{57095A9C-6DC4-41FC-8305-DB9EA8632A31}] => (Allow) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe

FirewallRules: [{3E53B86D-28E3-490D-BCA3-B40502B9A529}] => (Allow) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe

FirewallRules: [{BD99AC74-2A67-4970-B3F6-49B0813BACA9}] => (Allow) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe

FirewallRules: [{D8649999-A881-4334-8DE8-813578A33E76}] => (Allow) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe

FirewallRules: [{AB8C2061-0E6A-4C5E-9F5A-A050A3189D22}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe

FirewallRules: [{70B38A51-53A1-4787-A7C5-F4E8CB41E6DE}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe

FirewallRules: [{925A35D6-02EE-433E-A4BD-4D3B24D56832}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

FirewallRules: [{F5EFB4A8-520F-4BB6-85BB-DA058B38A8B0}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe

FirewallRules: [{E94EEFBC-8738-474F-9EB9-5C300E63206F}] => (Allow) LPort=1900

FirewallRules: [{2DC84E66-A0F0-4B25-A851-4C42F0F05B5A}] => (Allow) LPort=2869

FirewallRules: [{109D2381-20EE-494B-96B5-BE1F04164933}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

FirewallRules: [{76F00474-0433-48B1-AC7F-FCD2509B09B6}] => (Allow) C:\Program Files (x86)\Microsoft Office\Live Meeting 8\Console\PWConsole.exe

FirewallRules: [{5250F338-4842-473B-BDE2-D7186A976844}] => (Allow) C:\Program Files (x86)\Microsoft Office\Live Meeting 8\Console\PWConsole.exe

FirewallRules: [{57FBF515-C3B6-423F-93F0-8CDCD62F5384}] => (Allow) C:\Program Files (x86)\Microsoft Office\Live Meeting 8\Console\PWConsole.exe

FirewallRules: [{41461916-026F-40F9-87DE-C0E931CBF0CF}] => (Allow) C:\Program Files (x86)\Microsoft Office\Live Meeting 8\Console\PWConsole.exe

FirewallRules: [{46F0B009-0EDC-4234-9009-90C366F476AA}] => (Allow) svchost.exe

FirewallRules: [{5DA1ECBC-2B26-4C1F-8F17-9D9E59E82843}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

FirewallRules: [{AE202347-0F15-4DCD-909E-A581237BE3BB}] => (Block) C:\windows\system32\wfs.exe

FirewallRules: [{7961D48A-6786-4F8E-8103-DD5BE9F1B4C8}] => (Block) C:\windows\system32\wfs.exe

FirewallRules: [UDP Query User{43182688-103C-4347-94DB-50F318341260}C:\windows\system32\wfs.exe] => (Allow) C:\windows\system32\wfs.exe

FirewallRules: [TCP Query User{9E79BB66-CD25-4C38-98F8-DC2ABC0F1C63}C:\windows\system32\wfs.exe] => (Allow) C:\windows\system32\wfs.exe

FirewallRules: [{82D181A4-A201-4F1D-A18C-5B4BE8FB5C35}] => (Block) C:\windows\lmia10f.tmp\lmi_rescue.exe

FirewallRules: [{DB3546CE-32B6-4A45-8073-105483AAFAAC}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe

FirewallRules: [{55FDFFE4-2D90-4710-A143-CCD659ADB82B}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe

FirewallRules: [{8DF7957F-A4A8-41FE-8BEB-716BD79A8B84}] => (Allow) LPort=4481

FirewallRules: [{8D5A1EFC-7C45-49EC-9EE4-475C44D7E09C}] => (Allow) LPort=4481

FirewallRules: [{C482A0C5-A490-491D-841C-7116DC52DBF4}] => (Allow) LPort=4482

FirewallRules: [{D86786C5-E3EB-43F9-95F9-0E5F7436A0BD}] => (Allow) LPort=4482

FirewallRules: [{32AEFA75-C30B-45A4-BBDC-F631CD291BE0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe

==================== Restore Points =========================

11-03-2016 04:01:35 Created by Norton Utilities

11-03-2016 08:14:21 Restore Operation

12-03-2016 04:01:16 Created by Norton Utilities

12-03-2016 09:53:03 Created by Norton Utilities

12-03-2016 23:52:09 JRT Pre-Junkware Removal

13-03-2016 07:36:29 Created by Norton Utilities

==================== Faulty Device Manager Devices =============

Name: Microsoft PS/2 Mouse

Description: Microsoft PS/2 Mouse

Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: i8042prt

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Lenovo ThinkPad PS/2 keyboard

Description: Lenovo ThinkPad PS/2 keyboard

Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard keyboards)

Service: i8042prt

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:

==================

Error: (03/13/2016 01:07:33 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )

Description: Subscription licensing service failed: -1073418220

Error: (03/13/2016 12:59:06 PM) (Source: Perflib) (EventID: 1023) (User: )

Description: rdyboost4

Error: (03/13/2016 12:59:06 PM) (Source: Perflib) (EventID: 1008) (User: )

Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (03/13/2016 11:33:11 AM) (Source: Perflib) (EventID: 1008) (User: )

Description: ISAPISearchC:\WINDOWS\system32\query.dll8

Error: (03/13/2016 11:33:11 AM) (Source: Perflib) (EventID: 1008) (User: )

Description: ContentIndexC:\WINDOWS\system32\query.dll8

Error: (03/13/2016 11:33:11 AM) (Source: Perflib) (EventID: 1008) (User: )

Description: ContentFilterC:\WINDOWS\System32\query.dll8

Error: (03/13/2016 07:56:24 AM) (Source: RIM MDNS) (EventID: 100) (User: )

Description: Client application bug: DNSServiceResolve(Friendly_054A837A5B7E7CD4_73921DB7AC70FF0A._bp2p._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (03/13/2016 07:54:40 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)

Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (03/13/2016 07:54:40 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)

Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (03/13/2016 07:54:17 AM) (Source: RIM MDNS) (EventID: 100) (User: )

Description: Client application bug: DNSServiceResolve(Friendly_DAD2F89083C8CB3A_9CC4894A0652FFF3._bp2p._tcp.local.) active for over two minutes. This places considerable burden on the network.

System errors:

=============

Error: (03/13/2016 07:48:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The SuperRAIDSvc service failed to start due to the following error:

%%1053

Error: (03/13/2016 07:48:33 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the SuperRAIDSvc service to connect.

Error: (03/13/2016 07:48:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The SystemUsageReportSvc_WILLAMETTE service failed to start due to the following error:

%%1053

Error: (03/13/2016 07:48:31 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the SystemUsageReportSvc_WILLAMETTE service to connect.

Error: (03/13/2016 07:48:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The ClickToRunSvc service failed to start due to the following error:

%%1053

Error: (03/13/2016 07:48:30 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the ClickToRunSvc service to connect.

Error: (03/13/2016 07:48:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Garmin Device Interaction Service service failed to start due to the following error:

%%1053

Error: (03/13/2016 07:48:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The MSI_Trigger_Service service failed to start due to the following error:

%%1053

Error: (03/13/2016 07:48:30 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the MSI_Trigger_Service service to connect.

Error: (03/13/2016 07:48:30 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Device Interaction Service service to connect.

CodeIntegrity:

===================================

Date: 2016-03-13 14:43:22.564

Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume6\Program Files (x86)\Stardock\ModernMix\MMix_64.dll that did not meet the Store signing level requirements.

Date: 2016-03-12 10:52:40.766

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-12 10:52:15.668

Date: 2016-03-12 10:45:36.734

Date: 2016-03-12 10:40:39.688

Date: 2016-03-11 09:20:46.419

Date: 2016-03-11 07:41:50.723

Date: 2016-03-11 07:34:31.775

Date: 2016-03-10 22:39:57.599

Date: 2016-03-10 20:50:58.684

==================== Memory info ===========================

Processor: Intel® Core™ i3-4130 CPU @ 3.40GHz

Percentage of memory in use: 40%

Total physical RAM: 8136 MB

Available physical RAM: 4857.39 MB

Total Virtual: 16328 MB

Available Virtual: 11553.27 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.97 GB) (Free:530.53 GB) NTFS

Drive d: () (Fixed) (Total:232.88 GB) (Free:144.31 GB) NTFS

Drive g: (ADATA UFD) (Removable) (Total:57.81 GB) (Free:22.07 GB) exFAT

Drive h: (Backup) (Fixed) (Total:223.48 GB) (Free:180.61 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (Size: 232.9 GB) (Disk ID: B737B737)

Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

========================================================

Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 6BE32F8A)

Partition 1: (Active) - (Size=1.5 GB) - (Type=27)

Partition 2: (Not Active) - (Size=223.5 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=7.9 GB) - (Type=17)

========================================================

Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 6659A885)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

========================================================

Disk: 3 (Size: 57.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

---------------------------------------------------------------------------------------------------

(Fixlog.txt)

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01

Ran by Bill Pierce (2016-03-14 10:04:32) Run:1

Running from C:\Users\Bill Pierce\Desktop

Loaded Profiles: Bill Pierce (Available Profiles: Bill Pierce & DefaultAppPool)

Boot Mode: Normal

==============================================

fixlist content:

*****************

CreateRestorePoint:

CloseProcesses:

HKLM-x32\...\Run: [NPSStartup] => [X]

Winlogon\Notify\PCANotify-x32: PCANotify.dll [X]

HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ATTENTION

HKU\S-1-5-21-2422629387-1192540806-1023300286-1001\...\MountPoints2: {108509b9-de63-11e5-8297-448a5b5da8ba} - "V:\setup.exe"

HKU\S-1-5-21-2422629387-1192540806-1023300286-1001\...\MountPoints2: {bae2eff5-df38-11e5-8297-448a5b5da8ba} - "V:\setup.exe"

ShellIconOverlayIdentifiers-x32: [00HumyoPaired] -> {A203F945-39E9-4286-AFA2-F3ADFCD5FAAA} => No File

ShellIconOverlayIdentifiers-x32: [00HumyoPriority] -> {6F1BB626-1107-4b82-B322-54C5E64461B8} => No File

ShellIconOverlayIdentifiers-x32: [00HumyoProblem] -> {7479C9AF-DA81-4944-92E5-23E49390BB2B} => No File

ShellIconOverlayIdentifiers-x32: [00HumyoSynced] -> {7479C9AF-DA81-4944-92E5-23E49390BB2A} => No File

ShellIconOverlayIdentifiers-x32: [00HumyoSyncing] -> {7479C9AF-DA81-4944-92E5-23E49390BB29} => No File

ShellIconOverlayIdentifiers-x32: [00HumyoUnavailable] -> {66669544-5639-4922-99C8-CE7A86651364} => No File

GroupPolicy: Restriction - Chrome <======= ATTENTION

GroupPolicyScripts: Restriction <======= ATTENTION

GroupPolicyScripts\User: Restriction <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

HKU\S-1-5-21-2422629387-1192540806-1023300286-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File

FF Extension: No Name - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ff [not found]

FF Extension: No Name - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha5\ff [not found]

FF Extension: No Name - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta714\ff [not found]

FF Extension: No Name - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha569\ff [not found]

FF Extension: No Name - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1535\ff [not found]

FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha975\ff [not found]

FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha8533\ff [not found]

FF Extension: No Name - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home589\ff [not found]

FF Extension: No Name - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode2937\ff [not found]

CHR HKLM-x32\...\Chrome\Extension: [ahmcccagmbagkpbdgpammblejlmiempb] - <no Path/update_url>

U3 idsvc; no ImagePath

2016-02-28 16:29 - 2012-11-26 23:52 - 00002230 _____ C:\WINDOWS\System32\Tasks\{B0244296-106F-4D0B-A9DC-1BDF2A003F1A}

2016-02-28 16:29 - 2012-03-07 23:56 - 00002306 _____ C:\WINDOWS\System32\Tasks\{92A20A3C-BB16-48F7-87B1-8C3AD640E668}

2016-02-28 16:29 - 2012-02-26 18:59 - 00002474 _____ C:\WINDOWS\System32\Tasks\{F9A6D05F-0CA8-4A70-A6C5-CEF5DCCC0517}

2016-02-28 16:29 - 2009-06-01 07:46 - 00002500 _____ C:\WINDOWS\System32\Tasks\{5161C6E5-8716-470C-A7BA-A53536A77D00}

2016-02-28 16:29 - 2009-05-31 07:28 - 00002474 _____ C:\WINDOWS\System32\Tasks\{11BD38B9-952A-4A3D-82E7-02177D8C6368}

2016-02-28 16:28 - 2013-10-01 18:47 - 00002284 _____ C:\WINDOWS\System32\Tasks\{85D6C398-880E-46AA-8865-29AE6A9AAB12}

2016-02-28 16:28 - 2013-06-28 15:38 - 00002496 _____ C:\WINDOWS\System32\Tasks\{EC2449BD-1D10-44A2-BF0E-E6CA3F2E20D5}

2016-02-28 16:28 - 2012-11-26 23:52 - 00002230 _____ C:\WINDOWS\System32\Tasks\{99E02DFE-AB3C-433C-9A21-C5478CC9EA1B}

2016-02-28 16:28 - 2012-11-26 23:51 - 00002290 _____ C:\WINDOWS\System32\Tasks\{673FCEC9-C906-419C-A7FE-F917C5A54391}

2016-02-28 16:28 - 2012-11-26 23:49 - 00002230 _____ C:\WINDOWS\System32\Tasks\{A37C957F-2DA0-4674-93AC-042AC1011B5C}

2016-02-28 16:28 - 2012-11-26 23:49 - 00002230 _____ C:\WINDOWS\System32\Tasks\{2076E5D0-40B1-47E9-9BF0-92D993376E48}

2016-02-28 16:28 - 2012-04-10 20:24 - 00002290 _____ C:\WINDOWS\System32\Tasks\{8B819B5F-817A-43A4-BEE5-F32E5DDB3E1F}

2016-02-28 16:28 - 2012-03-08 11:39 - 00002444 _____ C:\WINDOWS\System32\Tasks\{925F4877-50AA-4C16-BB11-8FDEB1BC13D5}

2016-02-28 16:28 - 2012-03-08 00:15 - 00002454 _____ C:\WINDOWS\System32\Tasks\{06C4C5B1-E542-4491-9095-DA347EBE0E63}

2016-02-28 16:28 - 2012-03-08 00:14 - 00002306 _____ C:\WINDOWS\System32\Tasks\{B96F3914-91FB-45F5-80DA-CAD3B29B7B9A}

2016-02-28 16:28 - 2012-03-07 23:58 - 00002368 _____ C:\WINDOWS\System32\Tasks\{6BBC2489-F6BA-49F1-8589-9FE43DBE816F}

2016-02-28 16:28 - 2011-05-02 14:38 - 00002446 _____ C:\WINDOWS\System32\Tasks\{55C5439E-22A8-43EE-98ED-608E90607E83}

2016-02-28 16:28 - 2011-04-13 17:51 - 00002282 _____ C:\WINDOWS\System32\Tasks\{CD9CC6C6-EECB-4B53-B03B-A88A9FE4D5C4}

2016-02-28 16:28 - 2011-04-13 14:58 - 00002284 _____ C:\WINDOWS\System32\Tasks\{AD25BAE5-5BF3-44F2-93F9-DD14EA5BA378}

2016-02-28 16:28 - 2011-04-01 15:47 - 00002460 _____ C:\WINDOWS\System32\Tasks\{52705735-45C3-465C-A9E9-838A335E36D5}

2016-02-28 16:28 - 2010-12-26 21:21 - 00002388 _____ C:\WINDOWS\System32\Tasks\{2C222F8B-8655-4596-BC43-9E00CA27605A}

2016-02-28 16:28 - 2010-12-26 21:16 - 00002328 _____ C:\WINDOWS\System32\Tasks\{9A1A3A8A-9C95-484A-BF10-D5DE70BEEDD0}

2016-02-28 16:28 - 2010-12-26 21:12 - 00002474 _____ C:\WINDOWS\System32\Tasks\{4D435EF2-D173-4941-9489-97612D7FA77E}

2016-02-28 16:28 - 2010-10-04 22:29 - 00002264 _____ C:\WINDOWS\System32\Tasks\{1522B97A-7AFB-4E52-BC3E-B2D53B1A058B}

2016-02-28 16:28 - 2010-10-04 21:01 - 00002324 _____ C:\WINDOWS\System32\Tasks\{3E99A261-2581-48C4-A590-F43E9B5E2E19}

2016-02-28 16:28 - 2010-10-04 15:54 - 00002326 _____ C:\WINDOWS\System32\Tasks\{559FBC8A-2500-4990-A579-D11EBDAFA1D6}

2016-02-28 16:28 - 2010-08-03 22:28 - 00002486 _____ C:\WINDOWS\System32\Tasks\{B8F41E86-FA35-4B20-8641-AD0113A7B6ED}

2016-02-28 16:28 - 2010-06-08 13:23 - 00002282 _____ C:\WINDOWS\System32\Tasks\{5064A034-C19B-470A-BF97-52F41E3EF2CD}

2016-02-28 16:28 - 2010-06-08 08:55 - 00002350 _____ C:\WINDOWS\System32\Tasks\{6357106F-E86E-4551-888E-D296629E7AD9}

2016-02-28 16:28 - 2010-06-01 08:50 - 00002336 _____ C:\WINDOWS\System32\Tasks\{F51332D8-0A84-4473-B9DA-294F0E951D8D}

2016-02-28 16:28 - 2010-06-01 08:10 - 00002310 _____ C:\WINDOWS\System32\Tasks\{1D0115F3-7EB5-4628-87F5-0FB1E32A8124}

2016-02-28 16:28 - 2010-04-20 08:36 - 00002376 _____ C:\WINDOWS\System32\Tasks\{601A886E-ED48-47AC-A953-0EE44CEFE50F}

2016-02-28 16:28 - 2010-03-13 11:33 - 00002380 _____ C:\WINDOWS\System32\Tasks\{22A0722E-C7B8-44D0-85C1-5B583665CFA3}

2016-02-28 16:28 - 2010-03-13 11:19 - 00002346 _____ C:\WINDOWS\System32\Tasks\{90D5C0A6-FCED-4E73-955A-83053C6860F5}

2016-02-28 16:28 - 2010-03-09 14:06 - 00002522 _____ C:\WINDOWS\System32\Tasks\{F6B21D2B-64F6-4C32-9274-CF99C90CF777}

2016-02-28 16:28 - 2010-03-09 12:15 - 00002522 _____ C:\WINDOWS\System32\Tasks\{DBAEC886-D4B6-4EE9-8173-208B808B650B}

2016-02-28 16:28 - 2010-02-19 16:09 - 00002500 _____ C:\WINDOWS\System32\Tasks\{B6819DEC-8F43-4204-8D2D-4004204CD20F}

2016-02-28 16:28 - 2010-01-13 13:43 - 00002434 _____ C:\WINDOWS\System32\Tasks\{7CCBAD76-A320-423C-9624-84B2594BADEA}

2016-02-28 16:28 - 2009-12-16 09:55 - 00002522 _____ C:\WINDOWS\System32\Tasks\{3F61827E-3E30-434E-9A5A-92E564B67977}

2016-02-28 16:28 - 2009-11-14 19:31 - 00002480 _____ C:\WINDOWS\System32\Tasks\{C190FB0B-DB3E-44F6-8649-56A5963C2B38}

2016-02-28 16:28 - 2009-10-14 14:57 - 00002146 _____ C:\WINDOWS\System32\Tasks\{8170DE13-857B-40D9-B95C-BA357B417F82}

2016-02-28 16:28 - 2009-10-14 08:58 - 00002240 _____ C:\WINDOWS\System32\Tasks\{E4E3C965-15E4-400A-9471-BD27BAD08D16}

2016-02-28 16:28 - 2009-08-11 16:11 - 00002522 _____ C:\WINDOWS\System32\Tasks\{B7061DD3-B48C-4EE0-B64A-45275BD38679}

2016-02-28 16:28 - 2009-06-16 16:25 - 00002512 _____ C:\WINDOWS\System32\Tasks\{2328726C-00B8-4AFB-95D9-B373F6BF2592}

2016-02-28 16:28 - 2009-06-12 09:46 - 00002476 _____ C:\WINDOWS\System32\Tasks\{ACA24D27-A509-4B6E-B4C8-F924B0E020CB}

2016-02-28 16:28 - 2009-06-02 15:43 - 00002322 _____ C:\WINDOWS\System32\Tasks\{4C40EB50-C540-4449-96F7-A1C0985134E2}

2016-02-28 16:28 - 2009-06-01 13:06 - 00002466 _____ C:\WINDOWS\System32\Tasks\{8E8C7A9B-28C2-469C-B99E-9D13992D3CE5}

2016-02-28 16:28 - 2009-06-01 11:58 - 00002260 _____ C:\WINDOWS\System32\Tasks\{722A8DCD-4F9A-436C-A38D-C60A7E21E715}

2016-02-28 16:28 - 2009-05-31 07:30 - 00002462 _____ C:\WINDOWS\System32\Tasks\{9AA7D089-7A1E-499B-8908-1554FB42BD78}

2016-02-28 16:28 - 2009-05-31 06:32 - 00002182 _____ C:\WINDOWS\System32\Tasks\{2D76B571-87D1-4189-8950-4A0DB9E8AE83}

2016-03-01 11:01 - 2016-03-02 17:23 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Remove and Reinstall

*****************

Restore point was successfully created.

Processes closed successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\NPSStartup => value removed successfully

"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PCANotify" => key removed successfully

"HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore" => key removed successfully

"HKU\S-1-5-21-2422629387-1192540806-1023300286-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{108509b9-de63-11e5-8297-448a5b5da8ba}" => key removed successfully

HKCR\CLSID\{108509b9-de63-11e5-8297-448a5b5da8ba} => key not found.

"HKU\S-1-5-21-2422629387-1192540806-1023300286-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bae2eff5-df38-11e5-8297-448a5b5da8ba}" => key removed successfully

HKCR\CLSID\{bae2eff5-df38-11e5-8297-448a5b5da8ba} => key not found.

"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00HumyoPaired" => key removed successfully

"HKCR\Wow6432Node\CLSID\{A203F945-39E9-4286-AFA2-F3ADFCD5FAAA}" => key removed successfully

"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00HumyoPriority" => key removed successfully

"HKCR\Wow6432Node\CLSID\{6F1BB626-1107-4b82-B322-54C5E64461B8}" => key removed successfully

"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00HumyoProblem" => key removed successfully

"HKCR\Wow6432Node\CLSID\{7479C9AF-DA81-4944-92E5-23E49390BB2B}" => key removed successfully

"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00HumyoSynced" => key removed successfully

"HKCR\Wow6432Node\CLSID\{7479C9AF-DA81-4944-92E5-23E49390BB2A}" => key removed successfully

"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00HumyoSyncing" => key removed successfully

"HKCR\Wow6432Node\CLSID\{7479C9AF-DA81-4944-92E5-23E49390BB29}" => key removed successfully

"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00HumyoUnavailable" => key removed successfully

"HKCR\Wow6432Node\CLSID\{66669544-5639-4922-99C8-CE7A86651364}" => key removed successfully

C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully

C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully

C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully

"C:\WINDOWS\system32\GroupPolicy\Machine" => not found.

C:\WINDOWS\system32\GroupPolicy\User => moved successfully

"HKLM\SOFTWARE\Policies\Google" => key removed successfully

"HKU\S-1-5-21-2422629387-1192540806-1023300286-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value removed successfully

"HKCR\Wow6432Node\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}" => key removed successfully

C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ff => not found.

FF Extension: No Name - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ff [not found] => not found

C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha5\ff => not found.

FF Extension: No Name - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha5\ff [not found] => not found

C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta714\ff => not found.

FF Extension: No Name - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta714\ff [not found] => not found

C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha569\ff => not found.

FF Extension: No Name - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha569\ff [not found] => not found

C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1535\ff => not found.

FF Extension: No Name - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1535\ff [not found] => not found

C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha975\ff => not found.

FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha975\ff [not found] => not found

C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha8533\ff => not found.

FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha8533\ff [not found] => not found

C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home589\ff => not found.

FF Extension: No Name - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home589\ff [not found] => not found

C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode2937\ff => not found.

FF Extension: No Name - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode2937\ff [not found] => not found

"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ahmcccagmbagkpbdgpammblejlmiempb" => key removed successfully

idsvc => service removed successfully

C:\WINDOWS\System32\Tasks\{B0244296-106F-4D0B-A9DC-1BDF2A003F1A} => moved successfully

C:\WINDOWS\System32\Tasks\{92A20A3C-BB16-48F7-87B1-8C3AD640E668} => moved successfully

C:\WINDOWS\System32\Tasks\{F9A6D05F-0CA8-4A70-A6C5-CEF5DCCC0517} => moved successfully

C:\WINDOWS\System32\Tasks\{5161C6E5-8716-470C-A7BA-A53536A77D00} => moved successfully

C:\WINDOWS\System32\Tasks\{11BD38B9-952A-4A3D-82E7-02177D8C6368} => moved successfully

C:\WINDOWS\System32\Tasks\{85D6C398-880E-46AA-8865-29AE6A9AAB12} => moved successfully

C:\WINDOWS\System32\Tasks\{EC2449BD-1D10-44A2-BF0E-E6CA3F2E20D5} => moved successfully

C:\WINDOWS\System32\Tasks\{99E02DFE-AB3C-433C-9A21-C5478CC9EA1B} => moved successfully

C:\WINDOWS\System32\Tasks\{673FCEC9-C906-419C-A7FE-F917C5A54391} => moved successfully

C:\WINDOWS\System32\Tasks\{A37C957F-2DA0-4674-93AC-042AC1011B5C} => moved successfully

C:\WINDOWS\System32\Tasks\{2076E5D0-40B1-47E9-9BF0-92D993376E48} => moved successfully

C:\WINDOWS\System32\Tasks\{8B819B5F-817A-43A4-BEE5-F32E5DDB3E1F} => moved successfully

C:\WINDOWS\System32\Tasks\{925F4877-50AA-4C16-BB11-8FDEB1BC13D5} => moved successfully

C:\WINDOWS\System32\Tasks\{06C4C5B1-E542-4491-9095-DA347EBE0E63} => moved successfully

C:\WINDOWS\System32\Tasks\{B96F3914-91FB-45F5-80DA-CAD3B29B7B9A} => moved successfully

C:\WINDOWS\System32\Tasks\{6BBC2489-F6BA-49F1-8589-9FE43DBE816F} => moved successfully

C:\WINDOWS\System32\Tasks\{55C5439E-22A8-43EE-98ED-608E90607E83} => moved successfully

C:\WINDOWS\System32\Tasks\{CD9CC6C6-EECB-4B53-B03B-A88A9FE4D5C4} => moved successfully

C:\WINDOWS\System32\Tasks\{AD25BAE5-5BF3-44F2-93F9-DD14EA5BA378} => moved successfully

C:\WINDOWS\System32\Tasks\{52705735-45C3-465C-A9E9-838A335E36D5} => moved successfully

C:\WINDOWS\System32\Tasks\{2C222F8B-8655-4596-BC43-9E00CA27605A} => moved successfully

C:\WINDOWS\System32\Tasks\{9A1A3A8A-9C95-484A-BF10-D5DE70BEEDD0} => moved successfully

C:\WINDOWS\System32\Tasks\{4D435EF2-D173-4941-9489-97612D7FA77E} => moved successfully

C:\WINDOWS\System32\Tasks\{1522B97A-7AFB-4E52-BC3E-B2D53B1A058B} => moved successfully

C:\WINDOWS\System32\Tasks\{3E99A261-2581-48C4-A590-F43E9B5E2E19} => moved successfully

C:\WINDOWS\System32\Tasks\{559FBC8A-2500-4990-A579-D11EBDAFA1D6} => moved successfully

C:\WINDOWS\System32\Tasks\{B8F41E86-FA35-4B20-8641-AD0113A7B6ED} => moved successfully

C:\WINDOWS\System32\Tasks\{5064A034-C19B-470A-BF97-52F41E3EF2CD} => moved successfully

C:\WINDOWS\System32\Tasks\{6357106F-E86E-4551-888E-D296629E7AD9} => moved successfully

C:\WINDOWS\System32\Tasks\{F51332D8-0A84-4473-B9DA-294F0E951D8D} => moved successfully

C:\WINDOWS\System32\Tasks\{1D0115F3-7EB5-4628-87F5-0FB1E32A8124} => moved successfully

C:\WINDOWS\System32\Tasks\{601A886E-ED48-47AC-A953-0EE44CEFE50F} => moved successfully

C:\WINDOWS\System32\Tasks\{22A0722E-C7B8-44D0-85C1-5B583665CFA3} => moved successfully

C:\WINDOWS\System32\Tasks\{90D5C0A6-FCED-4E73-955A-83053C6860F5} => moved successfully

C:\WINDOWS\System32\Tasks\{F6B21D2B-64F6-4C32-9274-CF99C90CF777} => moved successfully

C:\WINDOWS\System32\Tasks\{DBAEC886-D4B6-4EE9-8173-208B808B650B} => moved successfully

C:\WINDOWS\System32\Tasks\{B6819DEC-8F43-4204-8D2D-4004204CD20F} => moved successfully

C:\WINDOWS\System32\Tasks\{7CCBAD76-A320-423C-9624-84B2594BADEA} => moved successfully

C:\WINDOWS\System32\Tasks\{3F61827E-3E30-434E-9A5A-92E564B67977} => moved successfully

C:\WINDOWS\System32\Tasks\{C190FB0B-DB3E-44F6-8649-56A5963C2B38} => moved successfully

C:\WINDOWS\System32\Tasks\{8170DE13-857B-40D9-B95C-BA357B417F82} => moved successfully

C:\WINDOWS\System32\Tasks\{E4E3C965-15E4-400A-9471-BD27BAD08D16} => moved successfully

C:\WINDOWS\System32\Tasks\{B7061DD3-B48C-4EE0-B64A-45275BD38679} => moved successfully

C:\WINDOWS\System32\Tasks\{2328726C-00B8-4AFB-95D9-B373F6BF2592} => moved successfully

C:\WINDOWS\System32\Tasks\{ACA24D27-A509-4B6E-B4C8-F924B0E020CB} => moved successfully

C:\WINDOWS\System32\Tasks\{4C40EB50-C540-4449-96F7-A1C0985134E2} => moved successfully

C:\WINDOWS\System32\Tasks\{8E8C7A9B-28C2-469C-B99E-9D13992D3CE5} => moved successfully

C:\WINDOWS\System32\Tasks\{722A8DCD-4F9A-436C-A38D-C60A7E21E715} => moved successfully

C:\WINDOWS\System32\Tasks\{9AA7D089-7A1E-499B-8908-1554FB42BD78} => moved successfully

C:\WINDOWS\System32\Tasks\{2D76B571-87D1-4189-8950-4A0DB9E8AE83} => moved successfully

C:\WINDOWS\System32\Tasks\Norton Remove and Reinstall => moved successfully

The system needed a reboot.

==== End of Fixlog 10:04:35 ====

------------------------------------------------------------------------------------------------

Attached Files

BillPierce System Summary.zip 101.91KB 1 downloads

#4 Oh My!

Adware and Spyware and Malware.....

Malware Response Instructor
36,790 posts
OFFLINE

Gender:Male
Location:California
Local time:10:02 AM

Posted 14 March 2016 - 02:21 PM

Greetings and thank you for the very nice reply.

Do you recognize this?

D:\Vision\ProOcr\disk1\SETUP.EXE

---

Unfortunately, it seems I ran MinRegTool twice with the specified Registry key. The resulting Result.txt file is now empty. Please advise as to how to correct this problem.

Delete the Result.txt document from your Desktop and run the step again.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------

Press the Windows key + r on your keyboard at the same time. Type in notepad and press Enter
Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)

CustomCLSID: HKU\S-1-5-21-2422629387-1192540806-1023300286-1001_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2422629387-1192540806-1023300286-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> no filepath
Task: {0F125446-098F-4DF5-B7C2-975232AACE29} - System32\Tasks\{8B819B5F-817A-43A4-BEE5-F32E5DDB3E1F} => pcalua.exe -a "C:\Users\Bill Pierce\AppData\Local\Temp\Temp1_usr_1091.zip\usr_1091.exe"
C:\Users\Bill Pierce\AppData\Local\Temp\Temp1_usr_1091.zip
Task: {14E9AABE-B7BB-4351-8965-74D75B3F3BC7} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> No File <==== ATTENTION
Task: {366AF46E-DE50-45AF-84AD-5CFC373A5225} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {3C439C16-3F70-4C71-B28A-BEA1A6CA910E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {3C4B07DB-31DF-4692-B600-1F587BAEED70} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {57B92CF9-9535-4B01-933B-32DDE3772DB4} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {6450C84F-D400-4D78-B2F4-EE59AC009F90} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
C:\Program Files (x86)\Lavasoft
Task: {6EFA9CCA-9094-4CA1-976B-B33D0D79E421} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {8BE04E13-EF55-40AE-A168-91987050E623} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {9C79680C-F13B-44EC-9DC9-154E6502147C} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {9CD34859-FA68-445E-A34F-7DD54E8A0032} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {AF59BBCA-09EB-4B31-A980-B4CD899B408F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {C9184FC5-D399-4D5C-8AB5-59E60903AD47} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {E832B1ED-8E03-463D-A84B-746ED13ABA6A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {EEFF69B9-FD2F-41A9-A5A9-9DF857FAA6B5} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:792D4CF1 [340]
AlternateDataStreams: C:\ProgramData\TEMP:D287FACF [137]
AlternateDataStreams: C:\ProgramData\TEMP:D3A96964 [184]
HKU\S-1-5-21-2422629387-1192540806-1023300286-1001\Software\Classes\.exe:  =>  <===== ATTENTION

Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

===================================================

Zoek by Smeenk - Running Commands and Performing a Scan

--------------------

Download Zoek and save it to your Desktop
Right click the icon, select Run as Admistrator, and wait for the Program to appear on your Desktop (may take 15 seconds or so)
Verify Scan All Users is selected
Click More Options and place a check mark in the following boxes:

Do a Deep Scan
Auto Clean

Click Run Script and wait patiently for the program to run
Do not use your computer while the scan is running
When completed a zoek-results.txt report will appear on your desktop. You can also locate it in your C:\ directory. Copy and paste the contents in your reply

===================================================

Clean Boot

--------------------

Press the windows key + r on your keyboard at the same time
Type msconfig and press Enter
If you are prompted for an administrator password or for a confirmation, type the password, or provide confirmation
Click the General tab then click Selective Startup
Check Load system services
Uncheck Load Startup Items

Click the Services tab
Click to select the Hide All Microsoft Services check box
Click Disable All except for Norton related entries and then click OK
When you are prompted, click Restart and boot into Normal Mode
Check Norton behavior

MiniRegTool report
Do you recognize entry?
Fixlog
Zoek report
Norton in Clean Boot?

#5 Bill Pierce

Topic Starter

Members
46 posts
OFFLINE

Gender:Male
Location:Burlington, Ontario
Local time:01:02 PM

Posted 14 March 2016 - 10:36 PM

Again thank you very much for your response.

And again I will try to answer and respond to your questions and requests in the proper sequence.

No, I do not recognize the entry D:\Vision\ProOcr\disk1\SETUP.EXE.

Pasted at the end of this post is the correct Registry key export file Result.txt.

Also posted at the end of this post is the Fixlog.txt file from the second running of FRST.EXE.

Also pasted at end of this post is the Zoek file Zoek-results.txt.

A clean boot with only the Norton Security service enabled did not change the problem. The exploit prevention feature of NS must be turned off in order for browser protection to remain enabled. Otherwise both browser protection and exploit prevention turn themselves off after about 30-60 seconds.

-----------------------------------------------------------------------------------------------------------------------------

(Result.txt from the MiniReg Tool Registry key export)

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList]
"Default"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,44,00,72,00,69,00,\
76,00,65,00,25,00,5c,00,55,00,73,00,65,00,72,00,73,00,5c,00,44,00,65,00,66,\
00,61,00,75,00,6c,00,74,00,00,00
"ProfilesDirectory"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,44,00,72,\
00,69,00,76,00,65,00,25,00,5c,00,55,00,73,00,65,00,72,00,73,00,00,00
"ProgramData"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,44,00,72,00,69,\
00,76,00,65,00,25,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,44,00,\
61,00,74,00,61,00,00,00
"Public"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,44,00,72,00,69,00,76,\
00,65,00,25,00,5c,00,55,00,73,00,65,00,72,00,73,00,5c,00,50,00,75,00,62,00,\
6c,00,69,00,63,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18]
"Flags"=dword:0000000c
"ProfileImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\
00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,63,00,6f,00,6e,00,66,00,69,00,67,00,5c,00,73,00,79,00,73,00,74,00,65,\
00,6d,00,70,00,72,00,6f,00,66,00,69,00,6c,00,65,00,00,00
"RefCount"=dword:00000001
"Sid"=hex:01,01,00,00,00,00,00,05,12,00,00,00
"State"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19]
"ProfileImagePath"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,\
00,53,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,50,00,72,00,6f,00,\
66,00,69,00,6c,00,65,00,73,00,5c,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,\
00,72,00,76,00,69,00,63,00,65,00,00,00
"Flags"=dword:00000000
"State"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20]
"ProfileImagePath"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,\
00,53,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,50,00,72,00,6f,00,\
66,00,69,00,6c,00,65,00,73,00,5c,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,\
00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00
"Flags"=dword:00000000
"State"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2422629387-1192540806-1023300286-1001]
"ProfileImagePath"=hex(2):43,00,3a,00,5c,00,55,00,73,00,65,00,72,00,73,00,5c,\
00,42,00,69,00,6c,00,6c,00,20,00,50,00,69,00,65,00,72,00,63,00,65,00,00,00
"Flags"=dword:00000000
"State"=dword:00000000
"Sid"=hex:01,05,00,00,00,00,00,05,15,00,00,00,0b,64,66,90,86,ba,14,47,be,52,fe,\
3c,e9,03,00,00
"Migrated"=hex:00,7e,3a,4e,63,72,d1,01
"ProfileAttemptedProfileDownloadTimeLow"=dword:00000000
"ProfileAttemptedProfileDownloadTimeHigh"=dword:00000000
"ProfileLoadTimeLow"=dword:00000000
"ProfileLoadTimeHigh"=dword:00000000
"RefCount"=dword:00000007
"RunLogonScriptSync"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415]
"ProfileImagePath"=hex(2):43,00,3a,00,5c,00,55,00,73,00,65,00,72,00,73,00,5c,\
00,44,00,65,00,66,00,61,00,75,00,6c,00,74,00,41,00,70,00,70,00,50,00,6f,00,\
6f,00,6c,00,00,00
"Flags"=dword:00000001
"State"=dword:00000000
"Sid"=hex:01,06,00,00,00,00,00,05,52,00,00,00,e2,9c,36,b3,13,8f,48,19,ec,09,0a,\
68,2f,26,61,2f,5f,d1,b2,ee
"Migrated"=hex:00,65,d6,4d,63,72,d1,01
"ProfileAttemptedProfileDownloadTimeLow"=dword:00000000
"ProfileAttemptedProfileDownloadTimeHigh"=dword:00000000
"ProfileLoadTimeLow"=dword:00000000
"ProfileLoadTimeHigh"=dword:00000000
"RefCount"=dword:00000000

---------------------------------------------------------------------------------------------------------

(Fixlog.txt from FRST.EXE)

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Bill Pierce (2016-03-14 21:33:06) Run:4
Running from C:\Users\Bill Pierce\Desktop
Loaded Profiles: Bill Pierce (Available Profiles: Bill Pierce & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CustomCLSID: HKU\S-1-5-21-2422629387-1192540806-1023300286-1001_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2422629387-1192540806-1023300286-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> no filepath
Task: {0F125446-098F-4DF5-B7C2-975232AACE29} - System32\Tasks\{8B819B5F-817A-43A4-BEE5-F32E5DDB3E1F} => pcalua.exe -a "C:\Users\Bill Pierce\AppData\Local\Temp\Temp1_usr_1091.zip\usr_1091.exe"
C:\Users\Bill Pierce\AppData\Local\Temp\Temp1_usr_1091.zip
Task: {14E9AABE-B7BB-4351-8965-74D75B3F3BC7} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> No File <==== ATTENTION
Task: {366AF46E-DE50-45AF-84AD-5CFC373A5225} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {3C439C16-3F70-4C71-B28A-BEA1A6CA910E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {3C4B07DB-31DF-4692-B600-1F587BAEED70} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {57B92CF9-9535-4B01-933B-32DDE3772DB4} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {6450C84F-D400-4D78-B2F4-EE59AC009F90} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
C:\Program Files (x86)\Lavasoft
Task: {6EFA9CCA-9094-4CA1-976B-B33D0D79E421} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {8BE04E13-EF55-40AE-A168-91987050E623} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {9C79680C-F13B-44EC-9DC9-154E6502147C} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {9CD34859-FA68-445E-A34F-7DD54E8A0032} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {AF59BBCA-09EB-4B31-A980-B4CD899B408F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {C9184FC5-D399-4D5C-8AB5-59E60903AD47} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {E832B1ED-8E03-463D-A84B-746ED13ABA6A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {EEFF69B9-FD2F-41A9-A5A9-9DF857FAA6B5} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:792D4CF1 [340]
AlternateDataStreams: C:\ProgramData\TEMP:D287FACF [137]
AlternateDataStreams: C:\ProgramData\TEMP:D3A96964 [184]
HKU\S-1-5-21-2422629387-1192540806-1023300286-1001\Software\Classes\.exe: => <===== ATTENTION

*****************

"HKU\S-1-5-21-2422629387-1192540806-1023300286-1001_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}" => key removed successfully
"HKU\S-1-5-21-2422629387-1192540806-1023300286-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0F125446-098F-4DF5-B7C2-975232AACE29}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0F125446-098F-4DF5-B7C2-975232AACE29}" => key removed successfully
C:\WINDOWS\System32\Tasks\{8B819B5F-817A-43A4-BEE5-F32E5DDB3E1F} => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8B819B5F-817A-43A4-BEE5-F32E5DDB3E1F}" => key removed successfully
"C:\Users\Bill Pierce\AppData\Local\Temp\Temp1_usr_1091.zip" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{14E9AABE-B7BB-4351-8965-74D75B3F3BC7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{14E9AABE-B7BB-4351-8965-74D75B3F3BC7}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Check for updates => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{366AF46E-DE50-45AF-84AD-5CFC373A5225}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{366AF46E-DE50-45AF-84AD-5CFC373A5225}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3C439C16-3F70-4C71-B28A-BEA1A6CA910E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C439C16-3F70-4C71-B28A-BEA1A6CA910E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3C4B07DB-31DF-4692-B600-1F587BAEED70}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C4B07DB-31DF-4692-B600-1F587BAEED70}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{57B92CF9-9535-4B01-933B-32DDE3772DB4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{57B92CF9-9535-4B01-933B-32DDE3772DB4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6450C84F-D400-4D78-B2F4-EE59AC009F90}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6450C84F-D400-4D78-B2F4-EE59AC009F90}" => key removed successfully
C:\WINDOWS\System32\Tasks\Ad-Aware Update (Weekly) => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ad-Aware Update (Weekly)" => key removed successfully
C:\Program Files (x86)\Lavasoft => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6EFA9CCA-9094-4CA1-976B-B33D0D79E421}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6EFA9CCA-9094-4CA1-976B-B33D0D79E421}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8BE04E13-EF55-40AE-A168-91987050E623}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8BE04E13-EF55-40AE-A168-91987050E623}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9C79680C-F13B-44EC-9DC9-154E6502147C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C79680C-F13B-44EC-9DC9-154E6502147C}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9CD34859-FA68-445E-A34F-7DD54E8A0032}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9CD34859-FA68-445E-A34F-7DD54E8A0032}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AF59BBCA-09EB-4B31-A980-B4CD899B408F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF59BBCA-09EB-4B31-A980-B4CD899B408F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C9184FC5-D399-4D5C-8AB5-59E60903AD47}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9184FC5-D399-4D5C-8AB5-59E60903AD47}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E832B1ED-8E03-463D-A84B-746ED13ABA6A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E832B1ED-8E03-463D-A84B-746ED13ABA6A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EEFF69B9-FD2F-41A9-A5A9-9DF857FAA6B5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EEFF69B9-FD2F-41A9-A5A9-9DF857FAA6B5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"C:\ProgramData\TEMP" => ":792D4CF1" ADS not found.
"C:\ProgramData\TEMP" => ":D287FACF" ADS not found.
"C:\ProgramData\TEMP" => ":D3A96964" ADS not found.
"HKU\S-1-5-21-2422629387-1192540806-1023300286-1001\Software\Classes\.exe" => key removed successfully

==== End of Fixlog 21:33:07 ====

-----------------------------------------------------------------------------------

(Zoek-results.txt)

Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Bill Pierce on Mon 03/14/2016 at 21:43:58.91.
Microsoft Windows 10 Pro 10.0.10586 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Bill Pierce\Desktop\zoek.exe [Scan all users] [Checkboxes used]

==== System Restore Info ======================

3/14/2016 9:47:23 PM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\Users\Bill Pierce\AppData\Local\PeerDistRepub deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2422629387-1192540806-1023300286-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} deleted successfully
HKEY_USERS\S-1-5-21-2422629387-1192540806-1023300286-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A1250473-E1B2-40D4-870D-6A0F76DB9A88} deleted successfully
HKEY_USERS\S-1-5-21-2422629387-1192540806-1023300286-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BA97184B-3F36-46EE-B759-8EBF44FC3845} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Running Processes ======================

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\Stardock\ModernMix\MMixSrv.exe
C:\Program Files (x86)\Stardock\Start10\Start10Srv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe
C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
C:\MSI\Smart Utilities\SuperRAIDSvc.exe
C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe
C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\NS.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe
C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
C:\Program Files (x86)\PhoneTray\PhoneTrayService.exe
C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\NS.exe
C:\Program Files (x86)\Stardock\ModernMix\MMIX_32.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
C:\Program Files (x86)\DoNotTrackMe\AbineAutoUpdate.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Users\Bill Pierce\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\PhoneTray\PhoneTray.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe
C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe
C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe
C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe
C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\MSI\Live Update\Live Update.exe
C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE
C:\Program Files (x86)\Microsoft Office\Root\Office16\MsoSync.exe
C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe
C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\XtuService.exe
C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
C:\Program Files (x86)\DoNotTrackMe\5.5.1930\AbineService.exe
C:\Users\Bill Pierce\Desktop\zoek.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

==== Deleting Services ======================

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Real Alternative deleted
C:\windows\SysNative\Tasks\Microsoft_Hardware_Launch_rundll32_exe deleted
C:\PROGRA~2\Yahoo! deleted
C:\extensions.ini deleted
C:\found.002 deleted
C:\PROGRA~3\Yahoo! deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
"C:\WINDOWS\Installer\643ac.msi" deleted

==== System Specs ======================

Windows: Windows Version 6.2 (Build 9200)
Memory (RAM): 8136 MB
CPU Info: Intel® Core™ i3-4130 CPU @ 3.40GHz
CPU Speed: 3406.3 MHz
Sound Card: Speakers (Realtek High Definiti |
Display Adapters: NVIDIA GeForce 9800 GT | NVIDIA GeForce 9800 GT
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1600 X 1200 - 32 bit
Network: Network Present
Network Adapters: BlackBerry Virtual Private Network | Realtek PCIe GBE Family Controller | VMLite Host-Only Ethernet Adapter
CD / DVD Drives: 2x (E: | F: | ) E: SONY DVD RW DRU-V200S | F: SONY DVD RW DRU-V200S
Ports: COM4 | COM5 | COM9 LPT1
Mouse: 4 Button Wheel Mouse Present
Hard Disks: C: 931.0GB | D: 232.9GB | H: 223.5GB
Hard Disks - Free: C: 530.5GB | D: 144.3GB | H: 180.6GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 07/21/14 | ALASKA - 1072009
Time Zone: Eastern Standard Time
Motherboard *: MSI Z87-G41 PC Mate(MS-7850)
Country: United States
Language: ENU

==== System Specs (Software) ======================

Default Browser: Google Chrome 49.0.2623.87
Internet Explorer Version: 11.162.10586.0
Google Chrome version: 49.0.2623.87
Adobe Reader version: 15.10.20056.167417
Sun Java version: 1.8.0_73 (32-bit)
Sun Java version: 1.8.0_73 (64-bit)

==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====
2016-03-13 11:47:31 E5C5FD3F73B34C59E44F748090DBFF1D 1068702453 ----a-w- C:\WINDOWS\MEMORY.DMP
2016-03-01 14:42:37 65A9495A436F5402BC1C467E1B926C27 283648 ----a-w- C:\WINDOWS\winhlp32.exe
2016-02-28 22:46:15 95D730526EF81792CD6848D8D10FAA1C 4502352 ----a-w- C:\WINDOWS\explorer.exe
2016-02-28 19:57:59 B4A74F08D7D404561300735AD52FC0BE 67584 --s-a-w- C:\WINDOWS\bootstat.dat
2016-02-17 14:58:12 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\WINDOWS\exctrlst.INI
====== C:\Users\BILLPI~1\AppData\Local\Temp ====
====== Java Cache =====
====== C:\WINDOWS\SysWOW64 =====
2016-03-12 23:06:19 B9966F800D2A3A1522B1825077785C40 1692840 ----a-w- C:\WINDOWS\SysWOW64\muachost.exe
2016-03-11 12:41:37 EE6798A9CB8C6A7013E5025F3E23F3EF 829944 ----a-w- C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-03-11 12:41:37 034C3CAD569027AC18B2DF73C0586A27 176632 ----a-w- C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-08 18:46:38 4B9DE8EAA2E16C34E018749F325BAEFF 949248 ----a-w- C:\WINDOWS\SysWOW64\Unistore.dll
2016-03-08 18:46:38 2BECAD7E55AB723F361254477270ED2F 1707520 ----a-w- C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-03-08 18:46:32 D641F5B6C115C334FD990827979028F3 18677760 ----a-w- C:\WINDOWS\SysWOW64\edgehtml.dll
2016-03-08 18:46:32 00CE414BA74B576960B559C8C2674106 19339776 ----a-w- C:\WINDOWS\SysWOW64\mshtml.dll
2016-03-08 18:46:29 780795062541AF34415CCCE4072FBBB8 12586496 ----a-w- C:\WINDOWS\SysWOW64\wmp.dll
2016-03-08 18:46:22 C97B5BEADC79FFC5DAF1C9011CAE796B 5242496 ----a-w- C:\WINDOWS\SysWOW64\windows.storage.dll
2016-03-08 18:46:22 856AD15FD2D187EA8435564A135C85C0 228352 ----a-w- C:\WINDOWS\SysWOW64\deviceaccess.dll
2016-03-08 18:46:22 05B81C404A34101E1DC17C0D9A67EA32 5321728 ----a-w- C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-03-08 18:46:21 AA20E6BCDC5A617F4333EE5EEE3CC79E 5661696 ----a-w- C:\WINDOWS\SysWOW64\Chakra.dll
2016-03-08 18:46:18 2D0C2AB110A51895D9D1E875201013DE 1557768 ----a-w- C:\WINDOWS\SysWOW64\KernelBase.dll
2016-03-08 18:46:17 AD1B282BDE4A19D7CE2D405409DBB8D0 1497088 ----a-w- C:\WINDOWS\SysWOW64\WMPDMC.exe
2016-03-08 18:46:17 A34EDEA5F401143A0190642EABA28518 709688 ----a-w- C:\WINDOWS\SysWOW64\mfsvr.dll
2016-03-08 18:46:16 EB5DBA11B7C79B28A759AF12F03A17BB 769536 ----a-w- C:\WINDOWS\SysWOW64\ContactApis.dll
2016-03-08 18:46:16 DB6C9645A16676FDE0D730CB05D8F6E1 1443328 ----a-w- C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-03-08 18:46:16 CA57FE09C1255009C9AC1462B7D7264D 957608 ----a-w- C:\WINDOWS\SysWOW64\ole32.dll
2016-03-08 18:46:16 C012CE3AB0120D01C75EDBB869AC463E 523752 ----a-w- C:\WINDOWS\SysWOW64\dxgi.dll
2016-03-08 18:46:16 B073C14F8B76DF8652415488C22F10A1 670928 ----a-w- C:\WINDOWS\SysWOW64\mfds.dll
2016-03-08 18:46:16 A8EF9AEDACF24908E12E910BF3977DC9 703840 ----a-w- C:\WINDOWS\SysWOW64\WWAHost.exe
2016-03-08 18:46:16 952D6065F133D9525B399E6274CFE027 793600 ----a-w- C:\WINDOWS\SysWOW64\SRH.dll
2016-03-08 18:46:16 620737C11CD32E03299E0B60BC896230 552960 ----a-w- C:\WINDOWS\SysWOW64\AppointmentApis.dll
2016-03-08 18:46:15 EC21FC40C74206DAB19F1A8F9132EFAB 890368 ----a-w- C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-03-08 18:46:15 C406A5FDC8A1ECF2A9632F302B7D0EC3 294752 ----a-w- C:\WINDOWS\SysWOW64\msv1_0.dll
2016-03-08 18:46:15 9B60985A87BA2FED9F57DA30F191098E 315904 ----a-w- C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2016-03-08 18:46:15 4D2E3D6BC01E7A5E9C6F9AFDBFAF98BB 220064 ----a-w- C:\WINDOWS\SysWOW64\sqmapi.dll
2016-03-08 18:46:15 38EE252AD45EB7D6834F718B9487D3F9 538736 ----a-w- C:\WINDOWS\SysWOW64\wer.dll
2016-03-08 18:46:14 DD73501C379ABF585DC7CC1765BE8E2E 303104 ----a-w- C:\WINDOWS\SysWOW64\atmfd.dll
2016-03-08 18:46:14 D1817C1F148C21EC4403186D731DF042 540752 ----a-w- C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-03-08 18:46:14 AC42505CBCEE5825BB2695C34E43B1D0 184832 ----a-w- C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2016-03-08 18:46:14 65D0043F608A12AF75ED37A65AFB906B 342528 ----a-w- C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-03-08 18:46:14 5A212173FC0622865F409B16ED77C9DF 98304 ----a-w- C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2016-03-08 18:46:14 56315A6A6598E701BB0A5F506DA6143E 200704 ----a-w- C:\WINDOWS\SysWOW64\cemapi.dll
2016-03-08 18:46:14 4591BC3EC5FD8336642F8B94EABD4D4F 187744 ----a-w- C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-03-08 18:46:14 395F9E50709FAE503C339047207E46CF 540160 ----a-w- C:\WINDOWS\SysWOW64\ChatApis.dll
2016-03-08 18:46:14 2C84609F09FD003FA955567D395EEA8A 575488 ----a-w- C:\WINDOWS\SysWOW64\EmailApis.dll
2016-03-08 18:46:14 160CC95D34D62B6A72F9E4E3EE52EBCC 369664 ----a-w- C:\WINDOWS\SysWOW64\FirewallAPI.dll
2016-03-08 18:46:13 B315EB17077EF082A79922D4EA47DBF4 163328 ----a-w- C:\WINDOWS\SysWOW64\fwbase.dll
2016-03-08 18:46:13 8CE4D365EF60DA0A098757371DD43752 88576 ----a-w- C:\WINDOWS\SysWOW64\olepro32.dll
2016-03-08 18:46:13 3547D79A60007624BFEBAFCAE158E992 169984 ----a-w- C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2016-03-08 18:46:13 05B15BD9C92BE52F35A2295B22C5D892 168448 ----a-w- C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2016-03-08 18:46:12 E34395496B11CF5C8C5B6D2E438BFA43 18944 ----a-w- C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll
2016-03-08 18:46:12 97E96ABEBCB6CF556406781C47C5282A 78848 ----a-w- C:\WINDOWS\SysWOW64\asycfilt.dll
2016-03-08 18:46:12 7A2A3BAAA05C8124D95B2915E904F900 141664 ----a-w- C:\WINDOWS\SysWOW64\wermgr.exe
2016-03-08 18:46:12 43AE8C9F7D031AB3DBEADA4C17D8C682 150528 ----a-w- C:\WINDOWS\SysWOW64\VCardParser.dll
2016-03-08 18:46:12 3B1F2F6F89F3F4ED75C5FADDB2E7CFE1 56320 ----a-w- C:\WINDOWS\SysWOW64\POSyncServices.dll
2016-03-08 18:46:12 259517866C369BCC5990292BCB57E709 223744 ----a-w- C:\WINDOWS\SysWOW64\ExSMime.dll
2016-03-08 18:46:12 242708810A22D373904539EDF39FFAD1 196608 ----a-w- C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2016-03-08 18:46:12 15E75D27F0C67A7A21D5A514601F0E5A 135168 ----a-w- C:\WINDOWS\SysWOW64\AppxSip.dll
2016-03-08 18:46:11 CA2EA5401563387162E61444AE15AF59 53248 ----a-w- C:\WINDOWS\SysWOW64\profext.dll
2016-03-08 18:46:11 93B7ED5F44D9C3FB0A74C059E1B9E68B 89088 ----a-w- C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2016-03-08 18:46:11 75B5C1588D3703F44004D3EB2BD358AD 129024 ----a-w- C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2016-03-08 18:46:11 1AEBF2230422716D8CE1BEBCBAE961D3 48128 ----a-w- C:\WINDOWS\SysWOW64\PimIndexMaintenanceClient.dll
2016-03-08 18:46:10 EBD26D676238C0B3938AFF925043576F 394752 ----a-w- C:\WINDOWS\SysWOW64\werui.dll
2016-03-08 18:46:10 9DEB4C56FAAB147839BF68B6C28A38FC 164864 ----a-w- C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2016-03-08 18:46:10 978D6640C869D7FA4FCDD877E4A5C2C7 93696 ----a-w- C:\WINDOWS\SysWOW64\fontsub.dll
2016-03-08 18:46:10 7734BD0E9C8ED7DC48F559A67D0A79F4 20480 ----a-w- C:\WINDOWS\SysWOW64\wfapigp.dll
2016-03-08 18:46:10 6FA3485DB4DE58EE9E73597CAC493AB4 37376 ----a-w- C:\WINDOWS\SysWOW64\atmlib.dll
2016-03-08 18:46:10 39E7BAB659A6AB4419A908E578BE7029 56320 ----a-w- C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll
2016-03-08 18:46:10 392434472351B2DA0499AEC962E988CE 37888 ----a-w- C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll
2016-03-08 18:46:10 31657EDEEA6039E71C708BDA61AB62D5 37888 ----a-w- C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll
2016-03-01 19:26:58 C23A52581FEA6CD49A49160BFA794BF7 6952088 ----a-w- C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-03-01 19:26:40 0C60922D59461C8D1B0A2AA3CF493438 21124344 ----a-w- C:\WINDOWS\SysWOW64\shell32.dll
2016-03-01 19:26:29 7BB6C35792323E4761AC6624E2D42397 12125696 ----a-w- C:\WINDOWS\SysWOW64\ieframe.dll
2016-03-01 19:26:28 76B9CA3DF18D9E116051652EB4CD2FF2 9919488 ----a-w- C:\WINDOWS\SysWOW64\twinui.dll
2016-03-01 19:26:23 C117F577BB0CC6545EA181FBB3FACE99 980352 ----a-w- C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2016-03-01 19:26:22 594B272EA8C34067CD74AAE90EFFBE88 1626624 ----a-w- C:\WINDOWS\SysWOW64\dwmcore.dll
2016-03-01 19:26:19 44F1D7984F8B7739EF7EF50DEC6B41B9 2229760 ----a-w- C:\WINDOWS\SysWOW64\wininet.dll
2016-03-01 19:26:17 B65549A1CDB2C827AD022A3F35994FCF 2180136 ----a-w- C:\WINDOWS\SysWOW64\mfcore.dll
2016-03-01 19:26:17 888D41F5EFD6995491326C0DEEA2124A 713824 ----a-w- C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2016-03-01 19:26:15 A43688711B5DA91ED9FC159BB8F8AF14 646656 ----a-w- C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-03-01 19:26:13 CF342DCC0B8053DCABA7C5D30BE4B5C3 1500672 ----a-w- C:\WINDOWS\SysWOW64\urlmon.dll
2016-03-01 19:26:12 22269B90E92BECDEB3D67EBE1DDB378E 3666432 ----a-w- C:\WINDOWS\SysWOW64\jscript9.dll
2016-03-01 19:26:12 162CB5DE3BAB5A029E658180A2E0673A 2919320 ----a-w- C:\WINDOWS\SysWOW64\iertutil.dll
2016-03-01 19:26:10 CE9B87CDE4D7BCEA229D676720E28C6B 1859960 ----a-w- C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-03-01 19:26:10 6DFDAD2B0EA3385069276DF547F4CAC8 2186864 ----a-w- C:\WINDOWS\SysWOW64\d3d11.dll
2016-03-01 19:26:10 5D676C1C350EA4976B888804444932CE 2061312 ----a-w- C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-03-01 19:26:09 E83DA16178E4E97B572900803183419D 1542816 ----a-w- C:\WINDOWS\SysWOW64\ntdll.dll
2016-03-01 19:26:08 7F0A9630C78E3783680CC9620C4E09C0 6740992 ----a-w- C:\WINDOWS\SysWOW64\mstscax.dll
2016-03-01 19:26:07 C9B1E5A2FE0C7BF75B8B751311331EB4 2604032 ----a-w- C:\WINDOWS\SysWOW64\CertEnroll.dll
2016-03-01 19:26:07 0C39C1CC2ABC5D88D586EA0D86E79EEE 2793472 ----a-w- C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-03-01 19:26:06 5A98CF000F5202776E4A58438AB2E070 4412928 ----a-w- C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-03-01 19:26:05 FC90756CB632C0E4AC0D6A60AF2DF9AD 585216 ----a-w- C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2016-03-01 19:26:05 49CF99392314B7CAD65DE8A05ABFE30D 882720 ----a-w- C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-03-01 19:26:02 AF209F751EB761084CEFE2CF10E1CE8D 895080 ----a-w- C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2016-03-01 19:26:01 B014F98BEE810D5BF9F8C1C75F0EAD92 489984 ----a-w- C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-03-01 19:26:01 8BD7A79F9A8FF011B89A61C8AC796988 502112 ----a-w- C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-03-01 19:26:00 1ECA3CCBC61038D780FC179C9CB5F0CA 1944576 ----a-w- C:\WINDOWS\SysWOW64\InputService.dll
2016-03-01 19:25:58 C8F351BE29CEA63BC5EE5A175576B7F3 1105920 ----a-w- C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2016-03-01 19:25:57 F40196C743D54C56C7C2CCDD6FDE262E 572272 ----a-w- C:\WINDOWS\SysWOW64\taskschd.dll
2016-03-01 19:25:57 8C2E49ACD2A820A3FA7C598B811F3803 450912 ----a-w- C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-03-01 19:25:57 6DA0B412C0DD9DDB5382527488A5AD2E 237056 ----a-w- C:\WINDOWS\SysWOW64\thumbcache.dll
2016-03-01 19:25:56 E43400F37F8F0FA9281FEB64E3D7F72B 754176 ----a-w- C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-03-01 19:25:56 463DA1563BB9C1849527967BA80C1810 287712 ----a-w- C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2016-03-01 19:25:55 FABAF2C5E74BA9ADC07D28BB03F5C32A 349696 ----a-w- C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-03-01 19:25:54 E3C2853C8F2EED113646F07D62D08C9E 503296 ----a-w- C:\WINDOWS\SysWOW64\SettingSync.dll
2016-03-01 19:25:53 A7583A49B0F4A91E5B2E154C3582DF82 420928 ----a-w- C:\WINDOWS\SysWOW64\msvproc.dll
2016-03-01 19:25:52 964DE3052B6A869EFBC86930DD51E8BD 379392 ----a-w- C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-03-01 19:25:50 3BFCD46B7D67D0B137BD54C2BE644C4A 161280 ----a-w- C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-03-01 19:25:50 3249EA75874EE3DD3FCBA141656DF210 713728 ----a-w- C:\WINDOWS\SysWOW64\netlogon.dll
2016-03-01 19:25:49 A19A2DDCC69FF16B5FB68AD4F02B564A 480256 ----a-w- C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2016-03-01 19:25:49 550ECFF3C3808065169BFEA6C2B7837C 400896 ----a-w- C:\WINDOWS\SysWOW64\winspool.drv
2016-03-01 19:25:48 C86784A6F08E733BE19D62C82182FA7D 266752 ----a-w- C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2016-03-01 19:25:48 100E983F59F3BF3A3F8BFA327CF9B438 157184 ----a-w- C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2016-03-01 19:25:47 42248856CC8A2AE6642B5D1B170EAB35 450560 ----a-w- C:\WINDOWS\SysWOW64\SyncController.dll
2016-03-01 19:25:45 053E2D136DB8A4743E4C40D5D979834B 200704 ----a-w- C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-03-01 19:25:42 F7447D7EDE2E9F4FEC87143F5CC021F5 65536 ----a-w- C:\WINDOWS\SysWOW64\wininetlui.dll
2016-03-01 19:25:42 D8DA5B9D54225B46242011154C9E417A 133632 ----a-w- C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-03-01 19:25:42 64B0C2833EB2501DAE37C0A9700BF48F 45568 ----a-w- C:\WINDOWS\SysWOW64\jsproxy.dll
2016-03-01 19:25:41 9DB69A637142A6C72DF22706CF2F6F7B 31744 ----a-w- C:\WINDOWS\SysWOW64\TimeBrokerClient.dll
2016-03-01 19:25:41 88D538838692B2D66514301CCB37B4E7 83456 ----a-w- C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-03-01 19:25:41 197948552BE23DACBEF10ECC8168FD11 29696 ----a-w- C:\WINDOWS\SysWOW64\LaunchWinApp.exe
====== C:\WINDOWS\SysWOW64\drivers =====
====== C:\WINDOWS\Sysnative =====
2016-03-08 18:46:38 CB902A15DD21B363FECA5DCCF34F5C57 1224704 ----a-w- C:\WINDOWS\Sysnative\Unistore.dll
2016-03-08 18:46:38 3ED081A1F371E63BC6DA0327E1E51D22 22376960 ----a-w- C:\WINDOWS\Sysnative\edgehtml.dll
2016-03-08 18:46:37 83012CF88DF6EC835B2308941B47CA8A 7474528 ----a-w- C:\WINDOWS\Sysnative\ntoskrnl.exe
2016-03-08 18:46:37 722FA682ED9EA8B85FA843A5C8F39E61 2273792 ----a-w- C:\WINDOWS\Sysnative\wuaueng.dll
2016-03-08 18:46:37 6855984AA46D2452A7C518787E1F2643 1996288 ----a-w- C:\WINDOWS\Sysnative\ActiveSyncProvider.dll
2016-03-08 18:46:35 32509061F29DA432B62336A4462ADEBF 3593216 ----a-w- C:\WINDOWS\Sysnative\win32kfull.sys
2016-03-08 18:46:33 7C6B51E0233814D401905289AFD27BC5 1390592 ----a-w- C:\WINDOWS\Sysnative\win32kbase.sys
2016-03-08 18:46:33 408E62A03168C0016B986C80ECFD088C 24600576 ----a-w- C:\WINDOWS\Sysnative\mshtml.dll
2016-03-08 18:46:31 6E04BBE242E2889B37300C4DF5CE1126 3449168 ----a-w- C:\WINDOWS\Sysnative\WSService.dll
2016-03-08 18:46:30 9CB84B6398F10BCF0CE357F2C7B6056D 286720 ----a-w- C:\WINDOWS\Sysnative\deviceaccess.dll
2016-03-08 18:46:30 3E80E2B0C0010154CC504DC51BE21968 14252544 ----a-w- C:\WINDOWS\Sysnative\wmp.dll
2016-03-08 18:46:27 797497201A406D6CFDB72FE0545F990C 6972416 ----a-w- C:\WINDOWS\Sysnative\Windows.Data.Pdf.dll
2016-03-08 18:46:24 EB850DDF36D7462F1ADC1B6A329CE266 7835648 ----a-w- C:\WINDOWS\Sysnative\Chakra.dll
2016-03-08 18:46:24 597AA6F5B21B1B15C87982FAFD1555EE 6607080 ----a-w- C:\WINDOWS\Sysnative\windows.storage.dll
2016-03-08 18:46:19 E4AFFF129D51A779B75164CB6D077FC1 1831936 ----a-w- C:\WINDOWS\Sysnative\AppXDeploymentExtensions.dll
2016-03-08 18:46:19 6F9775D843AA4595A3F60A60829B11A9 1098752 ----a-w- C:\WINDOWS\Sysnative\dosvc.dll
2016-03-08 18:46:17 D169A4C1EDA2F63545628420014F2FE3 808800 ----a-w- C:\WINDOWS\Sysnative\WWAHost.exe
2016-03-08 18:46:17 96BAB1499995B85B91C312BA5114CA03 1322248 ----a-w- C:\WINDOWS\Sysnative\ole32.dll
2016-03-08 18:46:17 92F74BF86088520654BD5636A69E37F1 848168 ----a-w- C:\WINDOWS\Sysnative\mfsvr.dll
2016-03-08 18:46:17 39D5E08E69BFC5CBFA94EE09656D6427 1713664 ----a-w- C:\WINDOWS\Sysnative\SRHInproc.dll
2016-03-08 18:46:17 21098276051C6BEBBA7C8EB79AAF4E22 938496 ----a-w- C:\WINDOWS\Sysnative\ContactApis.dll
2016-03-08 18:46:17 15D174719872A30F2FDD6B5B1B8BA5D9 1613664 ----a-w- C:\WINDOWS\Sysnative\diagtrack.dll
2016-03-08 18:46:17 0088614FE67298E6996AD19B05AE90C7 1997328 ----a-w- C:\WINDOWS\Sysnative\KernelBase.dll
2016-03-08 18:46:16 C78D43083400B8FAE408FEB1E99F9DA8 1847808 ----a-w- C:\WINDOWS\Sysnative\WMPDMC.exe
2016-03-08 18:46:16 BAEFEFB04D7F9A554C029FBA52A02BB8 652392 ----a-w- C:\WINDOWS\Sysnative\dxgi.dll
2016-03-08 18:46:16 45FDB4ACF680DF92D6510F77E7FF3E7F 713568 ----a-w- C:\WINDOWS\Sysnative\invagent.dll
2016-03-08 18:46:16 3932940E0DB7A31B00A415F6B3D3E242 700416 ----a-w- C:\WINDOWS\Sysnative\AppointmentApis.dll
2016-03-08 18:46:15 F7526C133AC265F283012E9CD751F873 625000 ----a-w- C:\WINDOWS\Sysnative\ClipSVC.dll
2016-03-08 18:46:15 96B060E7FDDD6E2902282C12C3BFD6AE 630632 ----a-w- C:\WINDOWS\Sysnative\fontdrvhost.exe
2016-03-08 18:46:15 8465AF051B7C887C0D163AB939FDF570 358752 ----a-w- C:\WINDOWS\Sysnative\msv1_0.dll
2016-03-08 18:46:15 751F5B6AF16546162E06211AF1FC2979 794888 ----a-w- C:\WINDOWS\Sysnative\mfds.dll
2016-03-08 18:46:15 6D31FB3E4263749BD994B3895322D799 982016 ----a-w- C:\WINDOWS\Sysnative\AppxPackaging.dll
2016-03-08 18:46:15 68B34C3558BEE0F6B822FA603E9AE441 258280 ----a-w- C:\WINDOWS\Sysnative\sqmapi.dll
2016-03-08 18:46:15 56027D21265759F4EADD0555E7915D9A 957952 ----a-w- C:\WINDOWS\Sysnative\SRH.dll
2016-03-08 18:46:15 4098813724BDAC23A74DD6E75CA360CC 450560 ----a-w- C:\WINDOWS\Sysnative\Windows.Internal.Bluetooth.dll
2016-03-08 18:46:15 333F190DFAE2E1EE500234B78ADDA297 640472 ----a-w- C:\WINDOWS\Sysnative\wer.dll
2016-03-08 18:46:14 F01ADB9BD13B60B6AB9538447F901921 365568 ----a-w- C:\WINDOWS\Sysnative\atmfd.dll
2016-03-08 18:46:14 CD8C4364BC6040C0226638EF37E13CBB 161280 ----a-w- C:\WINDOWS\Sysnative\CallHistoryClient.dll
2016-03-08 18:46:14 B8CBDF64077D764D26E6E0255270B7BF 224256 ----a-w- C:\WINDOWS\Sysnative\PackageStateRoaming.dll
2016-03-08 18:46:14 7185B16516478DF0061C2561C1B072CE 228352 ----a-w- C:\WINDOWS\Sysnative\wsqmcons.exe
2016-03-08 18:46:14 61C99C1A4BB5EE14563ED321A859ACB6 726528 ----a-w- C:\WINDOWS\Sysnative\ChatApis.dll
2016-03-08 18:46:14 5D88798FC34BB61C74256CDD66BDD205 318976 ----a-w- C:\WINDOWS\Sysnative\domgmt.dll
2016-03-08 18:46:14 553F19DC6F3F73545CB17FCD7A8AE37B 870912 ----a-w- C:\WINDOWS\Sysnative\MPSSVC.dll
2016-03-08 18:46:14 497EB340D13433E8FE53625103E0C2D0 146432 ----a-w- C:\WINDOWS\Sysnative\AuthBroker.dll
2016-03-08 18:46:14 47323DE2A684895004CE63EC66FB4AB4 401408 ----a-w- C:\WINDOWS\Sysnative\sharemediacpl.dll
2016-03-08 18:46:14 46D84D62993CEB88542EFA438F4D6E82 167936 ----a-w- C:\WINDOWS\Sysnative\dafBth.dll
2016-03-08 18:46:14 3DF25A56F18D2AB4CF58C1300C8CD323 2158592 ----a-w- C:\WINDOWS\Sysnative\AppXDeploymentServer.dll
2016-03-08 18:46:14 3CE8EBC0B1A74A7AC639C5FAFC549CCA 436736 ----a-w- C:\WINDOWS\Sysnative\AppXDeploymentClient.dll
2016-03-08 18:46:14 2BCCAEB08EAF8C5D6BD024B3F020D0EA 790528 ----a-w- C:\WINDOWS\Sysnative\EmailApis.dll
2016-03-08 18:46:14 215C9C65601378F56BEECDECBD1EF4AE 216416 ----a-w- C:\WINDOWS\Sysnative\AppxAllUserStore.dll
2016-03-08 18:46:14 1D00BBEEE33FA7F64A8CBFF471968CB0 195072 ----a-w- C:\WINDOWS\Sysnative\VCardParser.dll
2016-03-08 18:46:13 F66EEB5365413D4B968C5B51D25F88B8 141560 ----a-w- C:\WINDOWS\Sysnative\AuthHost.exe
2016-03-08 18:46:13 DD57E9F1482E1A9BD2514F6D017DF58A 258560 ----a-w- C:\WINDOWS\Sysnative\UserDataAccountApis.dll
2016-03-08 18:46:13 907B65AD953EA159B573A0BCC82F6DB0 243712 ----a-w- C:\WINDOWS\Sysnative\cemapi.dll
2016-03-08 18:46:13 5B50521452D87A439A87B1EAEBC138C7 208896 ----a-w- C:\WINDOWS\Sysnative\storewuauth.dll
2016-03-08 18:46:13 4C3A93515CA70A7017CBA3A6A95CF080 121856 ----a-w- C:\WINDOWS\Sysnative\AppointmentActivation.dll
2016-03-08 18:46:13 04F7878E7017105AB782353231561749 252928 ----a-w- C:\WINDOWS\Sysnative\PimIndexMaintenance.dll
2016-03-08 18:46:12 FBC8C56814642A7CA88ACBCA8DD1121F 145408 ----a-w- C:\WINDOWS\Sysnative\dssvc.dll
2016-03-08 18:46:12 EEA1E99FBC7D91A1A271012F2B4567BB 60416 ----a-w- C:\WINDOWS\Sysnative\PimIndexMaintenanceClient.dll
2016-03-08 18:46:12 E78793375E53690605E4441078CCBF84 87552 ----a-w- C:\WINDOWS\Sysnative\AppxSysprep.dll
2016-03-08 18:46:12 E432FCF8572682126C3362AA856DC4AE 221184 ----a-w- C:\WINDOWS\Sysnative\PhoneCallHistoryApis.dll
2016-03-08 18:46:12 DEFF4C7B937F60923980D4BB7D1724B8 274944 ----a-w- C:\WINDOWS\Sysnative\ExSMime.dll
2016-03-08 18:46:12 AFAF7063071A1124985A63382B2BC34C 161792 ----a-w- C:\WINDOWS\Sysnative\AppxSip.dll
2016-03-08 18:46:12 A249C98D869623F1AF0DB4BCFFF6D2A8 68096 ----a-w- C:\WINDOWS\Sysnative\UserDataPlatformHelperUtil.dll
2016-03-08 18:46:12 98112F9B965646D338896FD7B13BB32E 1173344 ----a-w- C:\WINDOWS\Sysnative\aeinv.dll
2016-03-08 18:46:12 95D2BD6AC94FB337AF69F8AFE056BEBE 147808 ----a-w- C:\WINDOWS\Sysnative\wermgr.exe
2016-03-08 18:46:12 77B2F9C522467B1FC8770028D09534DB 91648 ----a-w- C:\WINDOWS\Sysnative\asycfilt.dll
2016-03-08 18:46:12 5548D83C60E37CBB1B451A1108D4142C 513888 ----a-w- C:\WINDOWS\Sysnative\devinv.dll
2016-03-08 18:46:11 EBD07BD20B5E0E92A398566EF8720F79 31232 ----a-w- C:\WINDOWS\Sysnative\seclogon.dll
2016-03-08 18:46:11 E9B10E704AD5B1BA5E531809C89A085B 93184 ----a-w- C:\WINDOWS\Sysnative\wpninprc.dll
2016-03-08 18:46:11 E1D8055043DF089DB8ADB67C21DF2CC4 70656 ----a-w- C:\WINDOWS\Sysnative\POSyncServices.dll
2016-03-08 18:46:11 DD877B48C28AB34197AD88902971B81D 45056 ----a-w- C:\WINDOWS\Sysnative\UserDataLanguageUtil.dll
2016-03-08 18:46:11 B6877446C93D3110E56C90CF13CBEC89 45568 ----a-w- C:\WINDOWS\Sysnative\UserDataTypeHelperUtil.dll
2016-03-08 18:46:11 AA97AC06BFA15DA23C7C9C145A226C2D 25600 ----a-w- C:\WINDOWS\Sysnative\wfapigp.dll
2016-03-08 18:46:11 9AE80C03EA83537F17B286ECBBA13D43 184320 ----a-w- C:\WINDOWS\Sysnative\fwbase.dll
2016-03-08 18:46:11 70BA4CAAC5D621DCE88082DA0B1FF014 23552 ----a-w- C:\WINDOWS\Sysnative\ExtrasXmlParser.dll
2016-03-08 18:46:11 6A5290128257BC733107E7819648CA76 526336 ----a-w- C:\WINDOWS\Sysnative\FirewallAPI.dll
2016-03-08 18:46:11 3F8466CC13D1F614C8FAC24B1C030D59 214528 ----a-w- C:\WINDOWS\Sysnative\Windows.Devices.Scanners.dll
2016-03-08 18:46:11 020AD2DA67F206DC160053F88454A0D4 111616 ----a-w- C:\WINDOWS\Sysnative\UserDataTimeUtil.dll
2016-03-08 18:46:10 F6B9E6CB351D86A0C318B37E14B97656 196608 ----a-w- C:\WINDOWS\Sysnative\fwpolicyiomgr.dll
2016-03-08 18:46:10 BF0B4D43097A7FEFE3F7F9EEC13C31FB 764928 ----a-w- C:\WINDOWS\Sysnative\Chakradiag.dll
2016-03-08 18:46:10 BE8C62B0B7BBA8F1152A6A7FCF248404 915456 ----a-w- C:\WINDOWS\Sysnative\configurationclient.dll
2016-03-08 18:46:10 B37F21B4C25BF10605A196791F93E324 360448 ----a-w- C:\WINDOWS\Sysnative\vaultsvc.dll
2016-03-08 18:46:10 A74CEC306AB99D74559F7075EDB60A9B 451584 ----a-w- C:\WINDOWS\Sysnative\werui.dll
2016-03-08 18:46:10 703430E9FFF072334B247B5E88428331 288768 ----a-w- C:\WINDOWS\Sysnative\vaultcli.dll
2016-03-08 18:46:10 52623F9ED4D00357F3874DD31BB232FD 45568 ----a-w- C:\WINDOWS\Sysnative\atmlib.dll
2016-03-08 18:46:10 2C8130AFF9C3F0E99DE4B52A0A187CB3 118272 ----a-w- C:\WINDOWS\Sysnative\fontsub.dll
2016-03-08 18:46:10 2771EBB565F5C121E66060B173991D4D 1490432 ----a-w- C:\WINDOWS\Sysnative\UserDataService.dll
2016-03-08 18:46:10 0FEE16BB03B1A97A70121165E7414903 67584 ----a-w- C:\WINDOWS\Sysnative\profext.dll
2016-03-08 18:46:10 023338E1DA5B6E5C2EFC7E5ADA7929C5 685568 ----a-w- C:\WINDOWS\Sysnative\scapi.dll
2016-03-08 14:31:23 5614386D4CFDF9E56F355C45BEEBC976 12872 ----a-w- C:\WINDOWS\Sysnative\bootdelete.exe
2016-03-01 19:26:57 2DDEA2BEDD3169F483C9BE610ADFE8B1 8705672 ----a-w- C:\WINDOWS\Sysnative\Windows.Media.Protection.PlayReady.dll
2016-03-01 19:26:50 F3FE9C939D684607118E306B98CEBBBC 22564328 ----a-w- C:\WINDOWS\Sysnative\shell32.dll
2016-03-01 19:26:37 043051E7D39381BC1DCA5B25236BBA72 11545600 ----a-w- C:\WINDOWS\Sysnative\twinui.dll
2016-03-01 19:26:31 54E585CFCD208E460A70D1356CD489BE 13382656 ----a-w- C:\WINDOWS\Sysnative\ieframe.dll
2016-03-01 19:26:30 C62ACC8B1B1136464583F871EBB4ACE1 1946624 ----a-w- C:\WINDOWS\Sysnative\dwmcore.dll
2016-03-01 19:26:24 6807A6D971AA7A26245397ADDFE3B5D8 2755584 ----a-w- C:\WINDOWS\Sysnative\wininet.dll
2016-03-01 19:26:23 218CEC10714AF029BF4D8BCE600AD1DA 819648 ----a-w- C:\WINDOWS\Sysnative\mfmpeg2srcsnk.dll
2016-03-01 19:26:22 40D666AEFB8775F25AA403EDB5D2414E 4894208 ----a-w- C:\WINDOWS\Sysnative\jscript9.dll
2016-03-01 19:26:21 BD70B866034C1366D74CCBB5CA97395E 2544264 ----a-w- C:\WINDOWS\Sysnative\mfcore.dll
2016-03-01 19:26:21 8CDC28FB78253481353A882FA3139FBB 2654872 ----a-w- C:\WINDOWS\Sysnative\CoreUIComponents.dll
2016-03-01 19:26:20 EB05F5368F8BBF75157B87FD1F689167 2581504 ----a-w- C:\WINDOWS\Sysnative\MFMediaEngine.dll
2016-03-01 19:26:19 50007CDB0F9801A7186F3E81D3377D12 2773096 ----a-w- C:\WINDOWS\Sysnative\d3d11.dll
2016-03-01 19:26:18 A407435633C74CB1D6911DC05A90D939 2912256 ----a-w- C:\WINDOWS\Sysnative\CertEnroll.dll
2016-03-01 19:26:18 9610CE53A9ED0789C8B669A5F86008F7 1054208 ----a-w- C:\WINDOWS\Sysnative\audiosrv.dll
2016-03-01 19:26:17 DAB53783AD08864E873A6B7B874D1783 3671888 ----a-w- C:\WINDOWS\Sysnative\iertutil.dll
2016-03-01 19:26:16 FA7FE5ECB4E0103F132BB00E526E67EF 852480 ----a-w- C:\WINDOWS\Sysnative\Windows.ApplicationModel.Store.dll
2016-03-01 19:26:16 EA195B8BC11C1CDB313CFD456EFFA0E9 997376 ----a-w- C:\WINDOWS\Sysnative\schedsvc.dll
2016-03-01 19:26:16 D79FFE2219AE3BA3B871BA2D39B16519 1152328 ----a-w- C:\WINDOWS\Sysnative\mfasfsrcsnk.dll
2016-03-01 19:26:16 7118498F6E48758A2EF5A7D1982E2B62 1139712 ----a-w- C:\WINDOWS\Sysnative\XblGameSave.dll
2016-03-01 19:26:15 FF0F6AAD313DCD878D2ECF1BA0B32478 2624512 ----a-w- C:\WINDOWS\Sysnative\InputService.dll
2016-03-01 19:26:15 9A3D731707AC0059E0ACBD4E8CDF46E6 1731584 ----a-w- C:\WINDOWS\Sysnative\urlmon.dll
2016-03-01 19:26:15 91038CB7820CFB27E7C9D10320307301 1390080 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.Shell.dll
2016-03-01 19:26:13 7489ACBF86C3774E7EF0DC8C7616B07E 641536 ----a-w- C:\WINDOWS\Sysnative\enterprisecsps.dll
2016-03-01 19:26:13 405A419F4CDAC3C18F91FEDBD146C0A8 948736 ----a-w- C:\WINDOWS\Sysnative\XblAuthManager.dll
2016-03-01 19:26:13 2989A5B700D1C706ED496CCA75DCFA67 7533568 ----a-w- C:\WINDOWS\Sysnative\mstscax.dll
2016-03-01 19:26:11 63F861960D2EA541831072D88E08EABA 3425792 ----a-w- C:\WINDOWS\Sysnative\Windows.Media.dll
2016-03-01 19:26:10 5B5F518D6487FDCC9C40A74D3C72B8EE 828928 ----a-w- C:\WINDOWS\Sysnative\Windows.AccountsControl.dll
2016-03-01 19:26:09 E7588419770BDDB510741F734D290E27 1318912 ----a-w- C:\WINDOWS\Sysnative\wifinetworkmanager.dll
2016-03-01 19:26:09 5C6B3AFF685A17163315276E86CE173E 696160 ----a-w- C:\WINDOWS\Sysnative\NetSetupEngine.dll
2016-03-01 19:26:08 5CBB046266CD7CD1593354C93BCDBE91 870400 ----a-w- C:\WINDOWS\Sysnative\modernexecserver.dll
2016-03-01 19:26:08 2985697A74DE409D53C6ACD2CD30FDAA 1818696 ----a-w- C:\WINDOWS\Sysnative\ntdll.dll
2016-03-01 19:26:07 669F733F85FEBE6F7438C66CBF7FD3FD 1062480 ----a-w- C:\WINDOWS\Sysnative\mfmp4srcsnk.dll
2016-03-01 19:26:06 FEBBA212353E4FA90C6164AA970B772F 536256 ----a-w- C:\WINDOWS\Sysnative\AudioSes.dll
2016-03-01 19:26:06 F0D97E9816795E1AAA17396ABD2660C4 4827136 ----a-w- C:\WINDOWS\Sysnative\ExplorerFrame.dll
2016-03-01 19:26:06 C64B693DF26EB7BFF25F9BAD8B54D571 649216 ----a-w- C:\WINDOWS\Sysnative\ngcsvc.dll
2016-03-01 19:26:05 F07301C282AA222C33F8C28B4F545275 591872 ----a-w- C:\WINDOWS\Sysnative\SmsRouterSvc.dll
2016-03-01 19:26:05 417D1526811D9646A7E8779209F11361 1213440 ----a-w- C:\WINDOWS\Sysnative\wwansvc.dll
2016-03-01 19:26:04 C9BFE1D6420BFADB249162039C321F63 1131520 ----a-w- C:\WINDOWS\Sysnative\Windows.Media.Audio.dll
2016-03-01 19:26:04 350CFCC870E30BEE151F3DFB83BD0178 1017032 ----a-w- C:\WINDOWS\Sysnative\mfsrcsnk.dll
2016-03-01 19:26:04 1C8474EF741ABA77E53BE94DE8E89D26 990720 ----a-w- C:\WINDOWS\Sysnative\SettingSyncCore.dll
2016-03-01 19:26:03 A80237F337639402450C5F6CE9B75C94 474624 ----a-w- C:\WINDOWS\Sysnative\NetSetupShim.dll
2016-03-01 19:26:02 717FDDACE38C314CA5A517E12162CC6D 216576 ----a-w- C:\WINDOWS\Sysnative\QuickActionsDataModel.dll
2016-03-01 19:26:02 48E90F12346EE70764CEE435826ABD31 493568 ----a-w- C:\WINDOWS\Sysnative\mfmkvsrcsnk.dll
2016-03-01 19:26:01 69B6B69C95E1FBDC796F5B2019A8B24D 791744 ----a-w- C:\WINDOWS\Sysnative\generaltel.dll
2016-03-01 19:26:01 186BAF9C9F422E6B784E4C990585E2E3 673792 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.dll
2016-03-01 19:26:00 FF07BE14ED82E218C3EEE7C986118A2E 307712 ----a-w- C:\WINDOWS\Sysnative\usbmon.dll
2016-03-01 19:26:00 E9A0D466F6D8EC349DB526146618BCB6 606720 ----a-w- C:\WINDOWS\Sysnative\wcmsvc.dll
2016-03-01 19:26:00 D12D3DD397A35EF06CDF41C1A9E3EE45 613376 ----a-w- C:\WINDOWS\Sysnative\SettingSync.dll
2016-03-01 19:26:00 9BE5ECE2F17B3BEDE6FDE1175BD23266 376536 ----a-w- C:\WINDOWS\Sysnative\Windows.Media.MediaControl.dll
2016-03-01 19:26:00 7E81E3E0D7F83BFE3C3975020B6C7F12 163840 ----a-w- C:\WINDOWS\Sysnative\TimeBrokerServer.dll
2016-03-01 19:26:00 6817CD1A33EB94CDE8FBBCB7E3C4E469 1317640 ----a-w- C:\WINDOWS\Sysnative\winload.efi
2016-03-01 19:26:00 557496EE056CEF8D1D569D2663BC701F 988160 ----a-w- C:\WINDOWS\Sysnative\SharedStartModel.dll
2016-03-01 19:25:59 9C4C3EB6A2371A2038E2BB3A9D54CDE0 498448 ----a-w- C:\WINDOWS\Sysnative\MFCaptureEngine.dll
2016-03-01 19:25:59 8EC4F381818F8A073DEC52C6D1ED9C76 86016 ----a-w- C:\WINDOWS\Sysnative\DeviceEnroller.exe
2016-03-01 19:25:59 6E0BFE7FAFAC7B5D0C13062D5884B135 369912 ----a-w- C:\WINDOWS\Sysnative\audiodg.exe
2016-03-01 19:25:59 453740989239803FE363FF8B40EA2E08 2295808 ----a-w- C:\WINDOWS\Sysnative\wlansvc.dll
2016-03-01 19:25:59 29C0CB42B16F323AB8003A73B7E81DD5 1141504 ----a-w- C:\WINDOWS\Sysnative\winload.exe
2016-03-01 19:25:58 A9073B21B807C28A5A2246BB1440E823 1030416 ----a-w- C:\WINDOWS\Sysnative\winresume.efi
2016-03-01 19:25:58 5125BB69518578E5EDC4117BABF2A687 874968 ----a-w- C:\WINDOWS\Sysnative\winresume.exe
2016-03-01 19:25:57 8AF0CBE3FC6129C42D7A2A73B681F226 1118208 ----a-w- C:\WINDOWS\Sysnative\localspl.dll
2016-03-01 19:25:56 EA30B6E587862DF15E35525C60CCAFA9 838144 ----a-w- C:\WINDOWS\Sysnative\uDWM.dll
2016-03-01 19:25:56 D20C52607024BD08A88CF1CA6B339C9B 517632 ----a-w- C:\WINDOWS\Sysnative\winspool.drv
2016-03-01 19:25:56 6E76BB89EED6C2BD7B1E7B5F9A1C41F0 320000 ----a-w- C:\WINDOWS\Sysnative\MSFlacDecoder.dll
2016-03-01 19:25:56 42BF7FA295F453618104B5A50BEE105B 275456 ----a-w- C:\WINDOWS\Sysnative\AudioEndpointBuilder.dll
2016-03-01 19:25:55 9972A886D911234F833A265D5D641D30 587776 ----a-w- C:\WINDOWS\Sysnative\bisrv.dll
2016-03-01 19:25:55 7890990143812A452858058BBD52149F 297472 ----a-w- C:\WINDOWS\Sysnative\thumbcache.dll
2016-03-01 19:25:55 28343B7C30E6AF073B02288EB579D984 476728 ----a-w- C:\WINDOWS\Sysnative\msvproc.dll
2016-03-01 19:25:54 BEF109D45139E2646C116DD9B6E53E3C 847360 ----a-w- C:\WINDOWS\Sysnative\netlogon.dll
2016-03-01 19:25:54 9953FA89A4E3BC33296DAFB1ACFDC62F 617984 ----a-w- C:\WINDOWS\Sysnative\StorSvc.dll
2016-03-01 19:25:54 7C20F3EC0BA5ACB8ED40CDEF41B0AC56 779384 ----a-w- C:\WINDOWS\Sysnative\taskschd.dll
2016-03-01 19:25:54 3D58D04A9269CE21B61960544A05573D 204288 ----a-w- C:\WINDOWS\Sysnative\NetSetupSvc.dll
2016-03-01 19:25:53 468D29ECE0AD7700B790A20FA2765313 408120 ----a-w- C:\WINDOWS\Sysnative\AUDIOKSE.dll
2016-03-01 19:25:52 EAB4B1DD5E18EE57853ACD0156AE92E6 199168 ----a-w- C:\WINDOWS\Sysnative\InstallAgent.exe
2016-03-01 19:25:52 D1241DFC397FA8CCFB4BB4B63AAD31AC 755712 ----a-w- C:\WINDOWS\Sysnative\spoolsv.exe
2016-03-01 19:25:52 B174232356859EBB0CF8FA950119DA1E 159232 ----a-w- C:\WINDOWS\Sysnative\DeviceCensus.exe
2016-03-01 19:25:52 A34D9229F8D3A7164247213C9A283DB0 189952 ----a-w- C:\WINDOWS\Sysnative\WiFiDisplay.dll
2016-03-01 19:25:52 6072C7DB85FD3FE8D308EE44865C04DE 305664 ----a-w- C:\WINDOWS\Sysnative\wifiprofilessettinghandler.dll
2016-03-01 19:25:52 28CFFDB411375B2BBB0EBF295ABAEF29 382464 ----a-w- C:\WINDOWS\Sysnative\wuuhext.dll
2016-03-01 19:25:51 F8083C536BEDE61AFB4069D8A8C16DA7 456704 ----a-w- C:\WINDOWS\Sysnative\ipnathlp.dll
2016-03-01 19:25:51 BC767AD01E4DAFD08C21D5D07CC290C9 567808 ----a-w- C:\WINDOWS\Sysnative\MCRecvSrc.dll
2016-03-01 19:25:51 3EEB5260D4321F7F124955E1D228FDF2 274944 ----a-w- C:\WINDOWS\Sysnative\DisplayManager.dll
2016-03-01 19:25:50 C3F15E167CB84E2E6027AF17D49D5904 372224 ----a-w- C:\WINDOWS\Sysnative\MDEServer.exe
2016-03-01 19:25:49 E0932D924DA7C363F40E5B90DC9D2669 129536 ----a-w- C:\WINDOWS\Sysnative\flvprophandler.dll
2016-03-01 19:25:48 FB2FBCF8AD0DF4F8A50B1639F0256D83 555520 ----a-w- C:\WINDOWS\Sysnative\SyncController.dll
2016-03-01 19:25:48 F9B6E75F16F92CB79F68DA3ABCB576E0 989536 ----a-w- C:\WINDOWS\Sysnative\SecConfig.efi
2016-03-01 19:25:48 610D0502400BDAFD4BB8EA10713234C7 74240 ----a-w- C:\WINDOWS\Sysnative\SMSRouter.dll
2016-03-01 19:25:47 C3D11EE0D07D6CAF9F8D4073B9F5579E 557056 ----a-w- C:\WINDOWS\Sysnative\PsmServiceExtHost.dll
2016-03-01 19:25:47 B58CE40AC84F1B068A2004400E68245B 87040 ----a-w- C:\WINDOWS\Sysnative\MDMAppInstaller.exe
2016-03-01 19:25:47 6CA51117CDDB89DB6AE9F196B01C3491 389992 ----a-w- C:\WINDOWS\Sysnative\wlanapi.dll
2016-03-01 19:25:46 7BD715D15060E0B6E4AF222CA7120BD1 69632 ----a-w- C:\WINDOWS\Sysnative\EnterpriseDesktopAppMgmtCSP.dll
2016-03-01 19:25:46 2362BCA98EAF8CE0487664467F720861 178176 ----a-w- C:\WINDOWS\Sysnative\psmsrv.dll
2016-03-01 19:25:45 53AC4B2658807691D2A485EE0F8A50E9 463360 ----a-w- C:\WINDOWS\Sysnative\wlansec.dll
2016-03-01 19:25:44 D4170CA7268AEDE7DE43EE54D7C8F639 256512 ----a-w- C:\WINDOWS\Sysnative\accountaccessor.dll
2016-03-01 19:25:44 C6856D20BE1DB90407C9154B0EC319B9 77824 ----a-w- C:\WINDOWS\Sysnative\provpackageapidll.dll
2016-03-01 19:25:44 2E165E1CF278FC2B4959B825642A595B 558080 ----a-w- C:\WINDOWS\Sysnative\MBMediaManager.dll
2016-03-01 19:25:44 1D445E497D7BE9566D51BD60CA8B8CE7 175616 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.Core.TextInput.dll
2016-03-01 19:25:44 09918925526BC0B5B823CF1A2473D909 412672 ----a-w- C:\WINDOWS\Sysnative\wlanmsm.dll
2016-03-01 19:25:44 04BB77409644685810DBD63D86F5720E 99328 ----a-w- C:\WINDOWS\Sysnative\ngckeyenum.dll
2016-03-01 19:25:43 A78E76034D230AFE6B74B57BAF8C8BF2 27648 ----a-w- C:\WINDOWS\Sysnative\WiFiConfigSP.dll
2016-03-01 19:25:43 9822B613AEB1CF24E05EFEE748160637 25088 ----a-w- C:\WINDOWS\Sysnative\irmon.dll
2016-03-01 19:25:43 0ED8556CB47EC7689D0046791F3427AE 26112 ----a-w- C:\WINDOWS\Sysnative\wlansvcpal.dll
2016-03-01 19:25:42 DAFECF80513C6E6892BBEBB48D555A31 115712 ----a-w- C:\WINDOWS\Sysnative\srpapi.dll
2016-03-01 19:25:42 84ADBF35DAF6404148AE85973BE26D59 48640 ----a-w- C:\WINDOWS\Sysnative\wfdprov.dll
2016-03-01 19:25:42 80021DC2AF64B92F3FA8935C0D5C81D7 69632 ----a-w- C:\WINDOWS\Sysnative\wininetlui.dll
2016-03-01 19:25:42 20E6B1B1F23615B5CF21AC3CE0A2E227 52224 ----a-w- C:\WINDOWS\Sysnative\jsproxy.dll
2016-03-01 19:25:41 FF1FF1A83425C77D1CAFF9EC7AFA8C1F 108544 ----a-w- C:\WINDOWS\Sysnative\InputLocaleManager.dll
2016-03-01 19:25:41 F2232A78D975E8F1B99DAC4873CBDC89 414720 ----a-w- C:\WINDOWS\Sysnative\bcastdvr.exe
2016-03-01 19:25:41 AE46FC3FC01DA2DC876D75776F5943B0 86528 ----a-w- C:\WINDOWS\Sysnative\AppCapture.dll
2016-03-01 19:25:41 1A0945D67F0499600E7B43A69210EC5B 41984 ----a-w- C:\WINDOWS\Sysnative\TimeBrokerClient.dll
2016-03-01 19:25:41 0D7BB44BFFFA4E153F4EA1E05522D2C3 37376 ----a-w- C:\WINDOWS\Sysnative\LaunchWinApp.exe
====== C:\WINDOWS\Sysnative\drivers =====
2016-03-08 18:46:19 F45665E77D11F3C1552EDBEAD1559DC8 1997152 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgkrnl.sys
2016-03-08 18:46:16 33190E86460C4FF7382848187463DC28 576864 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgmms2.sys
2016-03-08 18:46:14 64D4F5DE44B64B8284BADE5819B5195A 394080 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgmms1.sys
2016-03-08 18:46:12 8949F77132A4F8F3BA17C6727099F002 127840 ----a-w- C:\WINDOWS\Sysnative\drivers\USBSTOR.SYS
2016-03-02 21:21:09 EBEE2CD97C1CEBB8CA53FBFECFF328E9 8214 ----a-w- C:\WINDOWS\Sysnative\drivers\SYMEVENT64x86.CAT
2016-03-02 21:21:09 6DF8F618B93C821630C9BAA8DA3FAAAF 111344 ----a-w- C:\WINDOWS\Sysnative\drivers\SYMEVENT64x86.SYS
2016-03-02 21:21:09 43687EBC193F837182769BEA27427142 855 ----a-w- C:\WINDOWS\Sysnative\drivers\SYMEVENT64x86.INF
2016-03-01 19:26:05 58BFFEF692A47FCE3FAAEDBC8F3DCBBB 2152288 ----a-w- C:\WINDOWS\Sysnative\drivers\ntfs.sys
2016-03-01 19:25:57 70165A0A2653FB8AFDE3D85000727F29 277856 ----a-w- C:\WINDOWS\Sysnative\drivers\sdbus.sys
2016-03-01 19:25:56 A4411C522D41707D5BCA817A5BB9E30B 114688 ----a-w- C:\WINDOWS\Sysnative\drivers\bridge.sys
2016-03-01 19:25:53 F871CE85AF64D81A9CB6C361CF797144 185184 ----a-w- C:\WINDOWS\Sysnative\drivers\dumpsd.sys
2016-03-01 19:25:53 DBACD4E4FE191D0CE7C624ACA389535E 29696 ----a-w- C:\WINDOWS\Sysnative\drivers\xinputhid.sys
2016-03-01 19:25:50 F279536122B83FD0D8E158AA753E1B7C 238592 ----a-w- C:\WINDOWS\Sysnative\drivers\xboxgip.sys
2016-03-01 19:25:50 0B3B0C1D86050355676640488FA897D3 430944 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxsmb.sys
2016-03-01 19:25:48 EDDB0D726DBECDFC1DBCC6DB464E5A13 146272 ----a-w- C:\WINDOWS\Sysnative\drivers\appid.sys
2016-03-01 19:25:48 469441BAE3FF8A16826FC62C51EF5E18 563552 ----a-w- C:\WINDOWS\Sysnative\drivers\acpi.sys
2016-03-01 19:25:45 B7E1CAA9429E4C3E7E01CB35B97E1536 534368 ----a-w- C:\WINDOWS\Sysnative\drivers\USBHUB3.SYS
2016-03-01 19:25:43 1A490555FD330CA2764D89191177C867 285696 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxsmb10.sys
2016-03-01 19:25:42 E3C82823B22463BC38AA4F8ADA852624 104960 ----a-w- C:\WINDOWS\Sysnative\drivers\rasl2tp.sys
2016-02-28 22:46:22 91D3F2A6253EF83EFBD7903028F58C4D 118624 ----a-w- C:\WINDOWS\Sysnative\drivers\tdx.sys
2016-02-28 22:46:18 70148EFA9A562E7185B75BBE7D376BF7 578912 ----a-w- C:\WINDOWS\Sysnative\drivers\afd.sys
2016-02-28 22:46:15 EF536C54AB9281FDC4E83B07279FCFC4 35680 ----a-w- C:\WINDOWS\Sysnative\drivers\wimmount.sys
2016-02-28 22:46:15 DBBACE77DDE8CCFD85B37B114965C385 147968 ----a-w- C:\WINDOWS\Sysnative\drivers\rmcast.sys
2016-02-28 22:46:15 BF6CA7EA5ECD6CF72D3D76652A9B8280 144384 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxdav.sys
2016-02-28 22:46:15 318E816717431D3C23DC82779900C744 1089880 ----a-w- C:\WINDOWS\Sysnative\drivers\http.sys
2016-02-28 22:46:09 F259A45D6B555B14CC8365AA6BC8DC20 67072 ----a-w- C:\WINDOWS\Sysnative\drivers\usbser.sys
2016-02-28 22:46:09 DE6D7DC78D956928F59F7415A0F41E13 95072 ----a-w- C:\WINDOWS\Sysnative\drivers\sdstor.sys
2016-02-28 22:46:09 C24C27FDF93B85A4EFCF25F830253AA2 117248 ----a-w- C:\WINDOWS\Sysnative\drivers\capimg.sys
2016-02-28 22:46:09 A1105260EEEE3DBD8D38FD054B22BD00 604928 ----a-w- C:\WINDOWS\Sysnative\drivers\cng.sys
2016-02-28 22:46:09 7D8B9214692C4D0F1646215D9984E19A 161632 ----a-w- C:\WINDOWS\Sysnative\drivers\ksecpkg.sys
2016-02-28 20:01:35 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\WINDOWS\Sysnative\drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2016-02-28 20:01:31 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\WINDOWS\Sysnative\drivers\Msft_User_WpdFs_01_11_00.Wdf
====== C:\WINDOWS\Tasks ======
2016-03-13 11:38:09 4F2F826AACF6BB867E6CE704B2CE8652 306 ----a-w- C:\WINDOWS\Tasks\NUSchedule.job
2016-03-11 12:38:33 -------- d-----w- C:\WINDOWS\Sysnative\Tasks\Apple
2016-03-03 14:23:07 DA9613F02C9A65DE29308B308004496C 354 ----a-w- C:\WINDOWS\Tasks\SpeedDiskSchedule.job
2016-03-03 14:23:07 5ABFCA914868949B28FE0DA5BB5F4BCD 2942 ----a-w- C:\WINDOWS\Sysnative\Tasks\SpeedDiskSchedule
2016-03-03 14:14:22 CD2F9CEE2340B7CAA8CF789702365A6D 2930 ----a-w- C:\WINDOWS\Sysnative\Tasks\NUSchedule
2016-03-03 14:13:19 809E512DB2A44838A2820B70BBC76589 312 ----a-w- C:\WINDOWS\Tasks\NUAutoUpdate.job
2016-03-03 14:13:19 27C3D4B86D0818C551B69CD65C9FA9B9 2588 ----a-w- C:\WINDOWS\Sysnative\Tasks\NUAutoUpdate
2016-03-01 04:44:59 -------- d-----w- C:\WINDOWS\Sysnative\Tasks\Remediation
2016-02-28 23:05:57 E6AD8BE880C4CB4D083BA4F10504EB3C 3266 ----a-w- C:\WINDOWS\Sysnative\Tasks\SidebarExecute
2016-02-17 22:23:16 85A6C5E36CA728CD7386560A441CDB27 214 ----a-w- C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
2016-03-12 15:41:31 -------- d-----w- C:\Program Files\Microsoft Office 15
2016-03-01 04:44:45 -------- d-----w- C:\Program Files\Common Files\AV
2016-02-28 22:35:11 -------- d-----w- C:\Program Files\Reference Assemblies
2016-02-28 22:35:11 -------- d-----w- C:\Program Files\MSBuild
2016-02-28 22:35:11 -------- d-----w- C:\Program Files\Hyper-V
2016-02-28 20:08:25 -------- d-----w- C:\Program Files\Common Files\SpeechEngines
2016-02-28 20:02:12 -------- d-----w- C:\Program Files\LSI SoftModem
2016-02-28 20:01:47 -------- d-----w- C:\Program Files\NVIDIA Corporation
2016-02-28 20:01:38 -------- d-----w- C:\Program Files\Realtek
======= C:\PROGRA~2 =====
2016-03-11 12:38:33 -------- d-----w- C:\PROGRA~2\Apple Software Update
2016-03-07 04:23:33 -------- d-----w- C:\PROGRA~2\AdwCleaner
2016-02-29 22:29:19 -------- d-----w- C:\PROGRA~2\WinCDEmu
2016-02-28 22:35:11 -------- d-----w- C:\PROGRA~2\Reference Assemblies
2016-02-28 22:35:11 -------- d-----w- C:\PROGRA~2\MSBuild
2016-02-28 20:08:33 -------- d-----w- C:\PROGRA~2\COMMON~1\SpeechEngines
2016-02-28 20:02:02 -------- d--h--w- C:\PROGRA~2\Uninstall Information
2016-02-17 14:53:15 -------- d-----w- C:\PROGRA~2\Resource Kit
======= C: =====
2016-03-14 23:41:05 5CCEF53112BC12D0432A5607D8AF679A 26880 ------w- C:\bootsqm.dat
2016-03-12 23:06:19 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\RAMDiskImage.img
====== C:\Users\Bill Pierce\AppData\Roaming ======
2016-03-14 23:27:34 -------- d-----w- C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\NVIDIA Corporation
2016-03-12 23:07:17 D2EEF90D9E63B2A73D68863DE6873E0B 2740472 ----a-w- C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\FontCache3.0.0.0.dat
2016-03-12 23:06:16 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\PeerDistRepub
2016-03-11 12:56:59 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\CrashDumps
2016-03-10 22:58:51 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Programs
2016-03-08 14:34:14 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Garmin_Ltd._or_its_subsid
2016-03-01 00:28:42 -------- d-----w- C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\CrashDumps
2016-02-29 23:02:01 -------- d-----w- C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\DataSharing
2016-02-28 22:37:52 -------- d-----w- C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft
2016-02-28 20:26:58 -------- d-----w- C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Packages
2016-02-28 20:14:23 -------- d-----w- C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools
2016-02-28 20:14:23 -------- d-----w- C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility
2016-02-28 20:14:23 -------- d-----w- C:\Users\Default\AppData\Local\Microsoft Help
2016-02-28 20:14:23 -------- d-----w- C:\Users\Default\AppData\Local\Google
2016-02-28 20:14:23 -------- d-----w- C:\Users\Default\AppData\Local\Garmin_Ltd._or_its_subsid
2016-02-28 20:14:23 -------- d-----w- C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools
2016-02-28 20:14:23 -------- d-----w- C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility
2016-02-28 20:14:23 -------- d-----w- C:\Users\Default User\AppData\Local\Microsoft Help
2016-02-28 20:14:23 -------- d-----w- C:\Users\Default User\AppData\Local\Google
2016-02-28 20:14:23 -------- d-----w- C:\Users\Default User\AppData\Local\Garmin_Ltd._or_its_subsid
2016-02-28 20:05:00 -------- d-s---r- C:\Users\Bill Pierce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2016-02-28 20:05:00 -------- d-----w- C:\Users\Bill Pierce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2016-02-28 20:05:00 -------- d-----w- C:\Users\Bill Pierce\AppData\Roaming
2016-02-28 20:05:00 -------- d-----w- C:\Users\Bill Pierce\AppData\Local\Temp
2016-02-28 20:05:00 -------- d-----w- C:\Users\Bill Pierce\AppData\Local\Microsoft
2016-02-28 20:05:00 -------- d-----w- C:\Users\Bill Pierce\AppData\Local
2016-02-28 20:05:00 -------- d-----r- C:\Users\Bill Pierce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2016-02-28 20:05:00 -------- d-----r- C:\Users\Bill Pierce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2016-02-28 20:05:00 -------- d-----r- C:\Users\Bill Pierce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2016-02-28 20:05:00 -------- d-----r- C:\Users\Bill Pierce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
2016-02-28 20:04:59 -------- d-s---r- C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2016-02-28 20:04:59 -------- d-----w- C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2016-02-28 20:04:59 -------- d-----w- C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
2016-02-28 20:04:59 -------- d-----w- C:\Users\DefaultAppPool\AppData\Roaming
2016-02-28 20:04:59 -------- d-----w- C:\Users\DefaultAppPool\AppData\Local\Temp
2016-02-28 20:04:59 -------- d-----w- C:\Users\DefaultAppPool\AppData\Local\Microsoft
2016-02-28 20:04:59 -------- d-----w- C:\Users\DefaultAppPool\AppData\Local
2016-02-28 20:04:59 -------- d-----r- C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2016-02-28 20:04:59 -------- d-----r- C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2016-02-28 20:04:59 -------- d-----r- C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2016-02-28 20:02:01 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft
2016-02-28 19:57:21 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\FontCache
2016-02-28 19:57:03 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\AppData\Roaming
2016-02-28 19:57:03 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp
2016-02-28 19:57:00 -------- d-----w- C:\WINDOWS\serviceprofiles\networkservice\AppData\Roaming
2016-02-28 19:57:00 -------- d-----w- C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp
2016-02-28 19:57:00 -------- d-----w- C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Microsoft
2016-02-28 19:57:00 -------- d-----w- C:\WINDOWS\serviceprofiles\networkservice\AppData\Local
====== C:\Users\Bill Pierce ======
2016-03-15 01:18:20 6D272ABA820931B6B5A08372169DB43D 4194304 ----a-w- C:\WINDOWS\serviceprofiles\networkservice\msmqlog.bin
2016-03-15 01:18:06 8E1B08222F20E45A3E8DB04C569F9CB7 8 --sha-r- C:\ProgramData\ntuser.pol
2016-03-15 00:55:12 F928314309BE54280F3D294CE6A2A9CA 196608 ----a-w- C:\WINDOWS\serviceprofiles\networkservice\msmqlog.bak
2016-03-13 20:31:07 D9D59BD0D90893F9AE9F875B30A382AE 2374144 ----a-w- C:\Users\Bill Pierce\Desktop\FRST64.exe
2016-03-12 15:51:30 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2016-03-08 13:45:14 DC53456D60B2FF018598866EE1863E82 1524224 ----a-w- C:\Users\Bill Pierce\Desktop\adwcleaner_5.101.exe
2016-03-07 05:06:34 -------- d-----w- C:\ProgramData\HitmanPro
2016-03-07 05:05:11 E5F94A882F851044354B70ABA84C9A5E 11441744 ----a-w- C:\Users\Bill Pierce\Desktop\HitmanPro_x64.exe
2016-03-07 04:36:05 3B6D06A4B6DE4298C3D4294AEA10A737 1609216 ----a-w- C:\Users\Bill Pierce\Desktop\JRT.exe
2016-02-29 22:29:19 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinCDEmu
2016-02-29 17:19:46 6FC234AD3752E1267B34FB12BCD6718B 20 --sh--w- C:\Users\DefaultAppPool\ntuser.ini
2016-02-28 20:34:49 6FC234AD3752E1267B34FB12BCD6718B 20 --sh--w- C:\Users\Bill Pierce\ntuser.ini
2016-02-28 20:05:00 -------- d--h--w- C:\Users\Bill Pierce\AppData
2016-02-28 20:04:59 -------- d--h--w- C:\Users\DefaultAppPool\AppData
2016-02-28 20:02:10 -------- d-----w- C:\ProgramData\NVIDIA
2016-02-28 20:01:54 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2016-02-28 19:57:24 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\winhttp
2016-02-28 19:57:03 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\Saved Games
2016-02-28 19:57:03 -------- d-----r- C:\WINDOWS\serviceprofiles\Localservice\Videos
2016-02-28 19:57:03 -------- d-----r- C:\WINDOWS\serviceprofiles\Localservice\Pictures
2016-02-28 19:57:03 -------- d-----r- C:\WINDOWS\serviceprofiles\Localservice\Music
2016-02-28 19:57:03 -------- d-----r- C:\WINDOWS\serviceprofiles\Localservice\Links
2016-02-28 19:57:03 -------- d-----r- C:\WINDOWS\serviceprofiles\Localservice\Favorites
2016-02-28 19:57:03 -------- d-----r- C:\WINDOWS\serviceprofiles\Localservice\Downloads
2016-02-28 19:57:03 -------- d-----r- C:\WINDOWS\serviceprofiles\Localservice\Documents
2016-02-28 19:57:03 -------- d-----r- C:\WINDOWS\serviceprofiles\Localservice\Desktop
2016-02-28 19:57:00 -------- d--h--w- C:\WINDOWS\serviceprofiles\networkservice\AppData
2016-02-28 19:57:00 -------- d-----w- C:\WINDOWS\serviceprofiles\networkservice\Saved Games
2016-02-28 19:57:00 -------- d-----r- C:\WINDOWS\serviceprofiles\networkservice\Videos
2016-02-28 19:57:00 -------- d-----r- C:\WINDOWS\serviceprofiles\networkservice\Pictures
2016-02-28 19:57:00 -------- d-----r- C:\WINDOWS\serviceprofiles\networkservice\Music
2016-02-28 19:57:00 -------- d-----r- C:\WINDOWS\serviceprofiles\networkservice\Links
2016-02-28 19:57:00 -------- d-----r- C:\WINDOWS\serviceprofiles\networkservice\Favorites
2016-02-28 19:57:00 -------- d-----r- C:\WINDOWS\serviceprofiles\networkservice\Downloads
2016-02-28 19:57:00 -------- d-----r- C:\WINDOWS\serviceprofiles\networkservice\Documents
2016-02-28 19:57:00 -------- d-----r- C:\WINDOWS\serviceprofiles\networkservice\Desktop
2016-02-17 21:04:29 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox

====== C: exe-files ==
2016-03-15 00:41:36 8CE935AB9FF75A3C13CEDA95C0BE684B 7749208 ----a-w- C:\Program Files (x86)\Google\Update\Install\{B42F9380-30B9-4394-BB8D-E1676F00F3F8}\49.0.2623.87_48.0.2564.116_chrome_updater.exe
2016-03-15 00:41:36 5384A2BB879F3C47E768D44AEFF2A6FA 7749208 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\49.0.2623.87\49.0.2623.87_48.0.2564.116_chrome_updater.exe
2016-03-12 23:06:19 C859A41F3156DAF993E09B42E029F8F9 596944 ----a-w- C:\Program Files (x86)\MSI\Command Center\SuperIO\MSISuperIOService.exe
2016-03-12 23:06:19 BA21611E07FFC6DF2C7B02B68AA130E9 2073040 ----a-w- C:\Program Files (x86)\MSI\Command Center\SMBus\MSISMBService.exe
2016-03-12 23:06:19 960D6CD2EEDD5B02EE65A0D74D347590 528384 ---ha-w- C:\MSI\Command Center\function.exe
2016-03-12 23:06:18 C681DF4C68A65E6C1FC4D669585F45C4 587264 ----a-w- C:\Program Files (x86)\MSI\Command Center\MSI_RAMDisk\SetupRAMDisk\MSI_RAMDrive_Installer.exe
2016-03-12 23:06:18 C2F468BB0FB7FFFCCE30B33248B2614B 270336 ----a-w- C:\Program Files (x86)\MSI\Command Center\DDR\SCEWIN.exe
2016-03-12 23:06:18 B83D1640ED91839BC001E35982F2DDC1 4162512 ----a-w- C:\Program Files (x86)\MSI\Command Center\CPU\MSICPUService.exe
2016-03-12 23:06:18 B4CE329FBBC00C93AD9F2430863E3435 2825168 ----a-w- C:\Program Files (x86)\MSI\Command Center\CPU\CPU_Ratio\CPU_Ratio.exe
2016-03-12 23:06:18 A9C576BBDE5529B00977574DEE59CE96 1641984 ----a-w- C:\Program Files (x86)\MSI\Command Center\MSI_RAMDisk\MSIRAMImage.exe
2016-03-12 23:06:18 7FD7989AFA55523F07C46850054F6D7B 2620368 ----a-w- C:\Program Files (x86)\MSI\Command Center\ClockGen\CPU_Frequency\CPU_Frequency.exe
2016-03-12 23:06:18 6EEFC263A879F2743AD6AE88942EF2E9 2312144 ----a-w- C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe
2016-03-12 23:06:18 4DA3E744CCAE3F0C7FEE41D9540D235C 1393256 ----a-w- C:\Program Files (x86)\MSI\Command Center\ClockGen\SetupICCS_11.exe
2016-03-12 23:06:18 4D822C9D466FE861CEA760FCDE89B99C 1359872 ----a-w- C:\Program Files (x86)\MSI\Command Center\ClockGen\SetupICCS_8.exe
2016-03-12 23:06:18 4CFCF8CADF6E2DCEA8ABE6F58D73FF5F 1396736 ----a-w- C:\Program Files (x86)\MSI\Command Center\ClockGen\SetupICCS_9.exe
2016-03-12 23:06:18 412DB5522F67C9C5652C9542CE792F7D 438256 ----a-w- C:\Program Files (x86)\MSI\Command Center\MSI_RAMDisk\MSIRAMDrive.exe
2016-03-12 23:06:18 33787200288C9021633D23A6299D3ABE 15360 ----a-w- C:\Program Files (x86)\MSI\Command Center\MSI_RAMDisk\Devcon\HH_Lib.exe
2016-03-12 23:06:18 2632D38B75A32B9E3ADCFDB3546091F0 349696 ----a-w- C:\Program Files (x86)\MSI\Command Center\DDR\SCEWIN_64.exe
2016-03-12 23:06:17 ADCE79260743C057CA89AC697AECBD67 4162512 ----a-w- C:\Program Files (x86)\MSI\Command Center\ClockGen\MSIClockService.exe
2016-03-12 23:06:17 677D9A310C4E2C77A91B243FA63832F5 1144304 ----a-w- C:\Program Files (x86)\MSI\Command Center\RemoteMedia.exe
2016-03-12 23:06:17 54E39FA9D2D250E5239F4AFF8BD8EC6D 2013648 ----a-w- C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe
2016-03-12 23:06:17 4548B8B49F955A69B3055F23C32AFB79 1299920 ----a-w- C:\Program Files (x86)\MSI\Command Center\MSICCRS.exe
2016-03-12 23:06:17 37D896D2395AD8FE1180DDB221FA914A 2200872 ----a-w- C:\Program Files (x86)\MSI\Command Center\MSICommService.exe
2016-03-12 23:06:17 328BE44BA194579206F8524701F7D661 830416 ----a-w- C:\Program Files (x86)\MSI\Command Center\StartCommandCenter.exe
2016-03-12 23:06:17 1E8A0EB93C9F759B1DB294A464E07458 3583952 ----a-w- C:\Program Files (x86)\MSI\Command Center\MSISaveLoadAP.exe
2016-03-12 23:06:16 CB0ACD99F798900B5621E6FD68A2DC4B 1323984 ----a-w- C:\Program Files (x86)\MSI\Command Center\CC_LoadingPage.exe
2016-03-12 23:06:16 9D5B193BB3ED7E2CCAD94413B8B7AADC 2614736 ----a-w- C:\Program Files (x86)\MSI\Command Center\unins001.exe
2016-03-12 23:06:16 431BBB0E5DF1D5105E239D8978A863C8 23113168 ----a-w- C:\Program Files (x86)\MSI\Command Center\CommandCenter.exe
2016-03-12 23:06:09 FC0927CA1030D287994D08443E47B208 2247848 ----a-w- C:\MSI\LiveUpdate\DL_FILE\Command_Center_1.0.1.11\CommandCenter.exe
2016-03-12 23:06:09 931A562DF620BEF0C477A59177E2B300 24100088 ----a-w- C:\MSI\LiveUpdate\DL_FILE\Command_Center_1.0.1.11\Real\Command Center.exe
2016-03-12 23:06:05 12EF2A3AE305B766DAAB96B0AD3D8330 24658489 ----a-w- C:\Users\Bill Pierce\AppData\Local\Microsoft\Windows\INetCache\IE\W31RAHIK\SUtility[1].exe
2016-03-12 23:06:05 12EF2A3AE305B766DAAB96B0AD3D8330 24658489 ----a-w- C:\MSI\LiveUpdate\DL_FILE\Command_Center_1.0.1.11.exe
2016-03-12 15:49:28 F0D70969A782A5962B73D79E3B292D34 624832 ----a-w- C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\MSOICONS.EXE
2016-03-12 15:49:28 69085C08E300E8072E1D9679F17B1A88 212176 ----a-w- C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Source Engine\OSE.EXE
2016-03-12 15:49:28 210E590B9B404FF1FC3DCECAD9DC6AFB 223936 ----a-w- C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\MSOXMLED.EXE
2016-03-12 15:49:16 43E2C2EBAF0263B622381479A75A6556 5896392 ----a-w- C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CMigrate.exe
2016-03-12 15:49:15 3C283C1BFA1D88C2D4D52148CE62A7C7 543360 ----a-w- C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\EQUATION\eqnedt32.exe
2016-03-12 15:49:15 35E0DE89508711C36B26C04C07BED45B 954136 ----a-w- C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\DW\DW20.EXE
2016-03-12 15:49:14 FE9C0029E1AF26350D9985D00520E5C8 5132888 ----a-w- C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
2016-03-12 15:49:13 A4184962B84867C434598E60D5AF7EAC 232640 ----a-w- C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE
2016-03-12 15:49:11 98765F0061ED1FFC3C917F8103C161D3 8671944 ----a-w- C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\CMigrate.exe
2016-03-12 15:49:10 E20C9ACDF76AC362441B2403CF7AF1E3 3695808 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\XLICONS.EXE
2016-03-12 15:49:10 8F105A0AE746C2DD5C06D9F862846EAA 3025600 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\WORDICON.EXE
2016-03-12 15:48:50 C45704DC7EDE50ADAF7D6CAEB3C3839C 754880 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\protocolhandler.exe
2016-03-12 15:48:50 5279D1F7D2215050E079A8EBC2C75EC8 3519680 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\PPTICO.EXE
2016-03-12 15:48:49 778B454D6F7CFA21C3EB184F4DED752F 10306248 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\PDFREFLOW.EXE
2016-03-12 15:48:16 68E8DF09DF65AEB35C72EF11409AED74 3758272 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\ACCICONS.EXE
2016-03-12 15:48:13 E94CD6FC12C22C975DAED6AA7ABD1663 7217832 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Integration\OneDriveSetup.exe
2016-03-12 15:46:57 6BF1E01D0F0D8185C7B79B4A160E76BD 28440 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe
2016-03-12 15:46:53 BCCB1A14EC6AF92C8F898DEAD987F2D9 121544 ----a-w- C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE
2016-03-12 15:46:45 32EF697F8D7A70C168242B91AC6D081B 185544 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSREC.EXE
2016-03-12 15:46:44 2585720580E9BC94E742390B8CDF0DF0 104672 ----a-w- C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\110\SQLDumper.exe
2016-03-12 15:46:36 11EE3194BA7FC17F83A1B42E70F20868 49864 ----a-w- C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\AppSharingHookController64.exe
2016-03-12 15:46:35 CBDC9928D90CEB97F04164B6C9AE77C2 28928 ----a-w- C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Smart Tag\SmartTagInstall.exe
2016-03-12 15:46:31 66A233B917E3DB91C9EA9E0BAC446224 28440 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe
2016-03-12 15:46:11 6C0CAF6FE044BDBDE8331BE43ADB22BD 53504 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Flattener\Flattener.exe
2016-03-12 15:46:06 24D26A809A506B3F00B32B3719212613 28440 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe
2016-03-12 15:45:58 BF824128D33DCE31323F8D2E75267071 193864 ----a-w- C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\DW\DWTRIG20.EXE
2016-03-12 15:45:57 E0B39B35FD0EDAD26164C6DFB30F0B90 192704 ----a-w- C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\MSOSQM.EXE
2016-03-12 15:45:49 098D62C5E89A1D34A8623967CED8B3A7 296160 ----a-w- C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\FLTLDR.EXE
2016-03-12 15:45:46 3C1221DA7A133758F6F359D797A8A530 105160 ----a-w- C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\MSOHTMED.EXE
2016-03-12 15:45:34 64B9304B0B1594735B9D0CC8B00CFC46 203464 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\IEContentService.exe
2016-03-12 15:45:33 F089E6A25FFCEA8DCC6A5132DCD4BCCD 4418760 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\GRAPH.EXE
2016-03-12 15:45:29 6040F3157CAA19C578CE2E654B481D4C 705216 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\MSQRY32.EXE
2016-03-12 15:45:28 9FF0563534FDFAFB63AC69D1838FAD34 576704 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\ORGCHART.EXE
2016-03-12 15:45:28 80A091ACE0FD2375434D5BCD902540F6 468168 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSYNC.EXE
2016-03-12 15:45:28 4069735EC9F79F3828A65A5911A0A3DA 26010304 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\excelcnv.exe
2016-03-12 15:45:28 39E1673664BA6DC3A4EDF6043AA86269 1036992 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\misc.exe
2016-03-12 15:45:27 498E0C31384522410A60905821C6CC53 57544 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\SCANPST.EXE
2016-03-12 15:44:26 F11A6A959F22C721BEBA64DD7FF356A1 135360 ----a-w- C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe
2016-03-12 15:44:26 6CB32EB02ED15F2F6C2BE73D9DF62D2D 375488 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\SELFCERT.EXE
2016-03-12 15:44:26 1AEB5B6F2C6F17D3EB4F889355144C18 775368 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\FIRSTRUN.EXE
2016-03-12 15:44:26 093EB97E2C37F71584AC1D342DA8565E 38080 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\Wordconv.exe
2016-03-12 15:44:19 DDEA393135A3E6B70A6766EC4B072BD9 389832 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\CLVIEW.EXE
2016-03-12 15:44:19 CEA1F0F6803408F2299AD51EA201B395 89800 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\MSOHTMED.EXE
2016-03-12 15:44:19 12E46656013EDA0DD09E344E13974845 112840 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\NAMECONTROLSERVER.EXE
2016-03-12 15:44:15 F951681FCA586B35F0EBA6BD00FF1067 66760 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\SETLANG.EXE
2016-03-12 15:44:15 E1B6119239B82760F1145CB5F212CC9A 178376 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\CNFNOT32.EXE
2016-03-12 15:44:15 53CBE7347D14A2F2C20435E7D6F57948 532680 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\MSOUC.EXE
2016-03-12 15:44:15 2A6F6C6AABC8CADF1FDC43243718A591 317632 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\VPREVIEW.EXE
2016-03-12 15:44:02 2D69BA046A7A9BE4DE88B66DF3023AFF 25590472 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
2016-03-12 15:42:59 FEF06C17BE6ED367489EBDF9B90BE0A6 2469664 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe
2016-03-12 15:42:56 E2112E22C8BF7682854DC410F4FD6EBC 215768 ----a-w- C:\Program Files (x86)\Microsoft Office\root\client\AppVDllSurrogate32.exe
2016-03-12 15:42:56 880D5A036FD18756A46C04C03B4987BE 378528 ----a-w- C:\Program Files (x86)\Microsoft Office\root\client\AppVLP.exe
2016-03-12 15:42:56 5304413D853D4B6893A362B43340E66B 255192 ----a-w- C:\Program Files (x86)\Microsoft Office\root\client\AppVDllSurrogate64.exe
2016-03-12 15:42:51 9DC1F6511CC2D5C38B51DCB569380B52 15771328 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\MSACCESS.EXE
2016-03-12 15:42:40 35024F4F99B2F2AA9E9062B1CB4E2BC7 1697992 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
2016-03-12 15:42:40 0672C91380F8B577DE228B81F97A6959 171200 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
2016-03-12 15:42:27 E5EEC07B7DC0938F1F5C565CB7CC8480 1859784 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE
2016-03-12 15:42:08 BD6E05F097F7E8ABF60C2C647D750DE7 1937096 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
2016-03-12 15:42:07 C2AD64598A12DF49F32D40A12E30C91F 10659008 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\MSPUB.EXE
2016-03-12 15:42:06 A7DFBAD29CDDC47FFFBDA65E9DA19251 29826752 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
2016-03-12 15:41:36 ED6222ED5D1DC69B5CE1953F0B02CD85 325320 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\PerfBoost.exe
2016-03-12 15:41:31 19D6D09AD95C70F6C0DC5D105C5DEDEA 1158984 ----a-w- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
2016-03-12 15:41:31 19D6D09AD95C70F6C0DC5D105C5DEDEA 1158984 ----a-w- C:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe
2016-03-12 15:41:30 CFF08B13771FA59F3010248EAF3F38C6 6128392 ----a-w- C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
2016-03-12 15:41:30 B4146989F503516551069FC9E82A1CF2 358616 ----a-w- C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe
2016-03-12 15:41:30 893D039EC9AFC269057F5664515CCA75 2804976 ----a-w- C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
2016-03-12 15:41:30 64327F3E0BA663BAF2F9DF3BEE215520 263896 ----a-w- C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
2016-03-12 15:41:30 19D6D09AD95C70F6C0DC5D105C5DEDEA 1158984 ----a-w- C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe
2016-03-12 15:41:29 015BF5FFF559B32EA2F372546A0BB942 2053848 ----a-w- C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe
2016-03-11 12:30:31 61F488AC3053DEB2AADB6A34DEBC8876 551104 ----a-w- C:\Users\Bill Pierce\AppData\Local\Microsoft\OneDrive\OneDrive.exe
2016-03-11 12:30:19 E4D26B91BBDC51ADF460F371323AECD1 8076992 ----a-w- C:\Users\Bill Pierce\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe
2016-03-11 12:30:19 E4D26B91BBDC51ADF460F371323AECD1 8076992 ----a-w- C:\Users\Bill Pierce\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\OneDriveSetup.exe
2016-03-11 12:30:12 092405FB2D6BC20668BEA02647FE2393 164040 ----a-w- C:\Users\Bill Pierce\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileSyncConfig.exe
2016-03-11 12:30:11 1E9D2587344160BB2AF16C503F062868 171712 ----a-w- C:\Users\Bill Pierce\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe
2016-03-08 18:46:16 09D8EBC01776C2D117918993EDDC19B2 1474560 ----a-w- C:\Program Files\Windows Media Player\wmpnetwk.exe
=== C: other files ==
2016-03-15 01:27:26 FDB4193D896D1D905C51DFBE5E7A0FE8 1167841 ----a-w- C:\Users\Bill Pierce\Desktop\MiniRegTool.zip
2016-03-15 00:46:04 301657E2669B4C76979A15F801CC2ADF 114 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-2422629387-1192540806-1023300286-1001\$IAAEWX0.zip
2016-03-15 00:45:24 A658F5A9CB2C6A606D30C3DD909EDD60 146 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-2422629387-1192540806-1023300286-1001\$IYYLEIC.zip
2016-03-15 00:35:33 65543A86C0A531EFB844187447450DBD 791679 ----a-w- C:\Users\Bill Pierce\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\INetCache\JHP713I8\MSCasualGames[1].zip
2016-03-15 00:35:33 4877B64A5B0462A280CFF1644367D3E0 811895 ----a-w- C:\Users\Bill Pierce\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\INetCache\HKGDUUYD\Worlds[1].zip
2016-03-15 00:35:32 4378AF1A81F709B223583885A6E6DA21 2887 ----a-w- C:\Users\Bill Pierce\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\INetCache\JHP713I8\manifest[1].zip
2016-03-14 17:25:13 AADCC437BA904DAFD38BC20ACB538757 104351 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-2422629387-1192540806-1023300286-1001\$RYYLEIC.zip
2016-03-14 14:56:07 6C5DAD12D4FD5080CF402BFAFC00EF87 1313446 ----a-w- C:\Users\Bill Pierce\Desktop\MiniRegTool64.zip
2016-03-13 21:27:35 85B786F8B813E28D0758B9064038514E 58686 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-2422629387-1192540806-1023300286-1001\$RAAEWX0.zip
2016-03-12 23:06:19 FC6374C8A1A4D1CD4DBB644B058A493B 7680 ----a-w- C:\Program Files (x86)\MSI\Command Center\SuperIO\NTIOLib.sys
2016-03-12 23:06:19 DD04CD3DE0C19BEDE84E9C95A86B3CA8 13368 ----a-w- C:\Program Files (x86)\MSI\Command Center\SuperIO\NTIOLib_X64.sys
2016-03-12 23:06:19 6D97EE5B3300D0F7FA359F2712834C40 13328 ---ha-w- C:\MSI\Command Center\NTIOLib_X64.sys
2016-03-12 23:06:19 6513DE630EBC5B90B8B791BB8443B08B 7680 ---ha-w- C:\MSI\Command Center\NTIOLib.sys
2016-03-12 23:06:19 4D8BD30621E6472173CEB6D3A0CC74B6 7680 ----a-w- C:\Program Files (x86)\MSI\Command Center\SMBus\NTIOLib.sys
2016-03-12 23:06:19 3DBF69F935EA48571EA6B0F5A2878896 13368 ----a-w- C:\Program Files (x86)\MSI\Command Center\SMBus\NTIOLib_X64.sys
2016-03-12 23:06:18 F89829197DE61A7A11EE1A028A3CC4C4 7680 ----a-w- C:\Program Files (x86)\MSI\Command Center\CPU\CPU_Ratio\NTIOLib.sys
2016-03-12 23:06:18 F0B8286D7F69936C74A570C627CA2A8F 7680 ----a-w- C:\Program Files (x86)\MSI\Command Center\ClockGen\NTIOLib.sys
2016-03-12 23:06:18 E9A30EDEF1105B8A64218F892B2E56ED 13368 ----a-w- C:\Program Files (x86)\MSI\Command Center\CPU\NTIOLib_X64.sys
2016-03-12 23:06:18 D5875A08355961EB8B0F55A068DA1522 7680 ----a-w- C:\Program Files (x86)\MSI\Command Center\ClockGen\CPU_Frequency\NTIOLib.sys
2016-03-12 23:06:18 CB9096B4F57408EBCE620D038D203F79 7680 ----a-w- C:\Program Files (x86)\MSI\Command Center\CPU\NTIOLib.sys
2016-03-12 23:06:18 C098F8AEB67EEB2262DBF681690A9306 15984 ----a-w- C:\Program Files (x86)\MSI\Command Center\DDR\amifldrv64.sys
2016-03-12 23:06:18 B623BC8789955011962B3C0FE3A2DDE8 12528 ----a-w- C:\Program Files (x86)\MSI\Command Center\DDR\amifldrv32.sys
2016-03-12 23:06:18 95E4C7B0384DA89DCE8EA6F31C3613D9 13368 ----a-w- C:\Program Files (x86)\MSI\Command Center\ClockGen\NTIOLib_X64.sys
2016-03-12 23:06:18 72FD7D3EE332E17AFB0154582AE49D8C 7680 ----a-w- C:\Program Files (x86)\MSI\Command Center\DDR\NTIOLib.sys
2016-03-12 23:06:18 6CCE5BB9C8C2A8293DF2D3B1897941A2 13368 ----a-w- C:\Program Files (x86)\MSI\Command Center\DDR\NTIOLib_X64.sys
2016-03-12 23:06:18 68DDE686D6999AD2E5D182B20403240B 13368 ----a-w- C:\Program Files (x86)\MSI\Command Center\CPU\CPU_Ratio\NTIOLib_X64.sys
2016-03-12 23:06:18 63E333D64A8716E1AE59F914CB686AE8 13368 ----a-w- C:\Program Files (x86)\MSI\Command Center\ClockGen\CPU_Frequency\NTIOLib_X64.sys
2016-03-12 23:06:17 A711E6AB17802FABF2E69E0CD57C54CD 13368 ----a-w- C:\Program Files (x86)\MSI\Command Center\NTIOLib_X64.sys
2016-03-12 23:06:17 6EA9E908ED1025BDC6775B44CEE1C89A 7680 ----a-w- C:\Program Files (x86)\MSI\Command Center\NTIOLib.sys
2016-03-12 23:06:17 3F8BCE2A2A63CFA53EF6D74F403BBB5D 117 ----a-w- C:\Program Files (x86)\MSI\Command Center\delete.bat
2016-03-11 12:30:11 8CF4163521FDB8E53482003C7EFA7121 5850 ----a-w- C:\Users\Bill Pierce\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\CollectOneDriveLogs.bat
2016-03-08 18:46:35 32509061F29DA432B62336A4462ADEBF 3593216 ----a-w- C:\Windows\System32\win32kfull.sys
2016-03-08 18:46:33 7C6B51E0233814D401905289AFD27BC5 1390592 ----a-w- C:\Windows\System32\win32kbase.sys
2016-03-08 18:46:19 F45665E77D11F3C1552EDBEAD1559DC8 1997152 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2016-03-08 18:46:16 33190E86460C4FF7382848187463DC28 576864 ----a-w- C:\Windows\System32\drivers\dxgmms2.sys
2016-03-08 18:46:14 64D4F5DE44B64B8284BADE5819B5195A 394080 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2016-03-08 18:46:12 8949F77132A4F8F3BA17C6727099F002 127840 ----a-w- C:\Windows\System32\drivers\USBSTOR.SYS

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup"

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup"

[HKEY_USERS\S-1-5-21-2422629387-1192540806-1023300286-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
"Akamai NetSession Interface"="C:\Users\Bill Pierce\AppData\Local\Akamai\netsession_win.exe"
"OneDrive"="C:\Users\Bill Pierce\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background"
"GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2422629387-1192540806-1023300286-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall C:\Users\Bill Pierce\AppData\Local\Microsoft\OneDrive\17.3.6301.0127_1\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Bill Pierce\AppData\Local\Microsoft\OneDrive\17.3.6301.0127_1\amd64"
"Uninstall C:\Users\Bill Pierce\AppData\Local\Microsoft\OneDrive\17.3.6301.0127_1"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Bill Pierce\AppData\Local\Microsoft\OneDrive\17.3.6301.0127_1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RIMBBLaunchAgent.exe"="C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe"
"RIM PeerManager"="C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe"
"Sound Blaster Cinema"="C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe /r"
"UpdReg"="C:\Windows\UpdReg.EXE"
"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe"
"Dropbox"="C:\Program Files (x86)\Dropbox\Client\Dropbox.exe /systemstartup"
"SSDMonitor"="C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe"
"Fast Boot"="C:\Program Files (x86)\MSI\Fast Boot\StartFastBoot.exe"
"Super Charger"="C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe"
"TP-LINK USB Printer Controller"="C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe -mini"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"Live Update"="C:\Program Files (x86)\MSI\Live Update\Live Update.exe /REMINDER"
"Command Center"="C:\Program Files (x86)\MSI\Command Center\StartCommandCenter.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AbineAutoUpdate"="C:\Program Files (x86)\DoNotTrackMe\AbineAutoUpdate.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
"Akamai NetSession Interface"="C:\Users\Bill Pierce\AppData\Local\Akamai\netsession_win.exe"
"OneDrive"="C:\Users\Bill Pierce\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background"
"GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall C:\Users\Bill Pierce\AppData\Local\Microsoft\OneDrive\17.3.6301.0127_1\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Bill Pierce\AppData\Local\Microsoft\OneDrive\17.3.6301.0127_1\amd64"
"Uninstall C:\Users\Bill Pierce\AppData\Local\Microsoft\OneDrive\17.3.6301.0127_1"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Bill Pierce\AppData\Local\Microsoft\OneDrive\17.3.6301.0127_1"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s"
"NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"ShadowPlay"="C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart"
"MBCfg64"="C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"WrtMon.exe"="C:\WINDOWS\system32\spool\drivers\x64\3\WrtMon.exe"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
"hkey"="HKLM"
"item"="Adobe ARM"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AutoShutdownManager]
"hkey"="HKLM"
"item"="AutoShutdownManager"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AutoStartNPSAgent]
"hkey"="HKCU"
"item"="AutoStartNPSAgent"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CallControl 4.7]
"command"="\"C:\\PROGRAM FILES (X86)\\FAXTALK COMMUNICATOR\\FTCtrl32.exe\" /autoload"
"hkey"="HKLM"
"item"="CallControl 4.7"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CanonMyPrinter]
"command"="C:\\Program Files\\Canon\\MyPrinter\\BJMyPrt.exe /logon"
"hkey"="HKLM"
"item"="CanonMyPrinter"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Display]
"command"="C:\\Program Files (x86)\\APC\\APC PowerChute Personal Edition\\DataCollectionLauncher.exe"
"hkey"="HKLM"
"item"="Display"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update]
"hkey"="HKCU"
"item"="Google Update"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IntelliPoint]
"command"="\"c:\\Program Files\\Microsoft Mouse and Keyboard Center\\ipoint.exe\""
"hkey"="HKLM"
"item"="IntelliPoint"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IntelliType Pro]
"command"="\"c:\\Program Files\\Microsoft Mouse and Keyboard Center\\itype.exe\""
"hkey"="HKLM"
"item"="IntelliType Pro"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Messenger (Yahoo!)]
"hkey"="HKCU"
"item"="Messenger (Yahoo!)"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSC]
"hkey"="HKLM"
"item"="MSC"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NVIDIA nTune]
"command"="\"C:\\Program Files (x86)\\NVIDIA Corporation\\nTune\\nTuneCmd.exe\" clear"
"hkey"="HKCU"
"item"="NVIDIA nTune"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NVRaidService]
"command"="C:\\Program Files\\NVIDIA Corporation\\Raid\\nvraidservice.exe"
"hkey"="HKLM"
"item"="NVRaidService"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PhoneTray]
"hkey"="HKLM"
"item"="PhoneTray"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SDTray]
"hkey"="HKLM"
"item"="SDTray"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sidebar]
"command"="C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun"
"hkey"="HKCU"
"item"="Sidebar"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""
"hkey"="HKLM"
"item"="SunJavaUpdateSched"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TomTomHOME.exe]
"command"="\"C:\\Program Files (x86)\\TomTom HOME 2\\TomTomHOMERunner.exe\" -s"
"hkey"="HKCU"
"item"="TomTomHOME.exe"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Windows Mobile Device Center]
"command"="%windir%\\WindowsMobile\\wmdc.exe"
"hkey"="HKLM"
"item"="Windows Mobile Device Center"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^APC UPS Status.lnk]
"backup"="C:\\Windows\\pss\\APC UPS Status.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\Program Files (x86)\\APC\\APC PowerChute Personal Edition\\Display.exe"
"item"="APC UPS Status"
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\APC UPS Status.lnk"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Vista Caller-ID.lnk]
"backup"="C:\\Windows\\pss\\Vista Caller-ID.lnkCommon Startup"
"backupExtension"="Common Startup"
"command"="C:\\Windows\\Installer\\{08F63326-636E-4C3E-9F4D-747912C04224}\\_B71CE2DFEBBD8853801A9F.exe"
"item"="Vista Caller-ID"
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Vista Caller-ID.lnk"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeFlashPlayerUpdateSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\DiskDoctorService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\ForceWare Intelligent Application Manager (IAM)]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdate1c9e5f5de612b20]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdatem]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gusvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\MsMpSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\nSvcIp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\nTuneService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\nvUpdatusService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SDScannerService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SDUpdateService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SDWSCService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\ServiceLayer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SolidWorks Licensing Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SpeedDiskService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Stereo Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Symantec RemoteAssist]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\TomTomHOMEService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\UpdateCenterService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Viewpoint Manager Service]

==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\CreateExplorerShellUnelevatedTask.job --a-------- C:\WINDOWS\explorer.exe [02/28/2016 06:46 PM]
C:\WINDOWS\tasks\DropboxUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [07/03/2015 10:17 AM]
C:\WINDOWS\tasks\DropboxUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [07/03/2015 10:17 AM]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [08/29/2015 04:50 AM]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [08/29/2015 04:50 AM]
C:\WINDOWS\tasks\NUAutoUpdate.job --a-------- C:\Program Files (x86)\Symantec\Norton Utilities 16\SULauncher.exe [08/14/2015 11:05 PM]
C:\WINDOWS\tasks\NUSchedule.job --a-------- C:\Program Files (x86)\Symantec\Norton Utilities 16\nu.exe [08/14/2015 11:05 PM]
C:\WINDOWS\tasks\RtlNetworkGenieVistaStart.job --a-------- C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe [04/23/2014 10:45 PM]
C:\WINDOWS\tasks\SpeedDiskSchedule.job --a-------- C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\ScheduledDefrag.exe [09/29/2012 10:50 PM]

==== Other Scheduled Tasks ======================

"C:\WINDOWS\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\WINDOWS\SysNative\tasks\DropboxUpdateTaskMachineCore" [C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe]
"C:\WINDOWS\SysNative\tasks\DropboxUpdateTaskMachineUA" [C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GarminUpdaterTask" [C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\WSCStub.exe"]
"C:\WINDOWS\SysNative\tasks\NUAutoUpdate" [C:\Program Files (x86)\Symantec\Norton Utilities 16\SULauncher.exe]
"C:\WINDOWS\SysNative\tasks\NUSchedule" [C:\Program Files (x86)\Symantec\Norton Utilities 16\nu.exe]
"C:\WINDOWS\SysNative\tasks\RtlNetworkGenieVistaStart" [C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe]
"C:\WINDOWS\SysNative\tasks\SidebarExecute" [C:\Program Files (x86)\Windows Sidebar\sidebar.exe]
"C:\WINDOWS\SysNative\tasks\SpeedDiskSchedule" [C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\ScheduledDefrag.exe]
"C:\WINDOWS\SysNative\tasks\USER_ESRV_SVC_WILLAMETTE" ["C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs"]
"C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{4F5BA495-7B5F-4090-8115-48E648263666}" [C:\WINDOWS\system32\msfeedssync.exe]
"C:\WINDOWS\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\WINDOWS\SysNative\tasks\Intel\Intel Telemetry 2 (x86)" [C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe]
"C:\WINDOWS\SysNative\tasks\Norton Security\Norton Autofix" [C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\SymErr.exe]
"C:\WINDOWS\SysNative\tasks\Norton Security\Norton Error Analyzer" [C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\SymErr.exe]
"C:\WINDOWS\SysNative\tasks\Norton Security\Norton Error Processor" [C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\SymErr.exe]
"C:\WINDOWS\SysNative\tasks\Remediation\AntimalwareMigrationTask" ["C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe"]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{C1A2A613-35F1-4FCF-B27F-2840527B6556}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.5.15\coFFAddon" [03/02/2016 05:41 PM]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{C1A2A613-35F1-4FCF-B27F-2840527B6556}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.5.15\coFFAddon" [03/02/2016 05:41 PM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\BILLPI~1\AppData\Roaming\TomTom\HOME\Profiles\eas76yx3.default
- Map status indicator - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com
- TomTom HOME default theme - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com
- Emulator - %ProfilePath%\extensions\Navcore.9.430.890926@tomtom.com
- Emulator - %ProfilePath%\extensions\Navcore.9.475.1074274@tomtom.com
- Emulator - %ProfilePath%\extensions\Navcore.9.510.1234792@tomtom.com
- Emulator - %ProfilePath%\extensions\Navcore.9.520.1234792@tomtom.com

==== Firefox Plugins ======================

==== Chromium Look ======================

Google Chrome Version: 46.0.2490.86

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
cjabmdjcfcfdmffimndhafhblfmpjdpe - C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\Exts\Chrome.crx[02/21/2016 02:41 AM]
iikflkcanblccfahdhdonehdalibjnif - No path found[]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[01/08/2016 11:47 AM]

Google Docs - Bill Pierce\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Bill Pierce\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Bill Pierce\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
selector is not a valid CSS selector - Bill Pierce\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
Norton Security Toolbar - Bill Pierce\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe
Google Search - Bill Pierce\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Blur - Bill Pierce\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd
Google Docs Offline - Bill Pierce\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
Norton Identity Safe - Bill Pierce\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif
Norton Safe Search as default for Chrome - Bill Pierce\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl
Chrome Web Store Payments - Bill Pierce\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
pflmllfnnabikmfkkaddkoolinlfninn - Bill Pierce\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflmllfnnabikmfkkaddkoolinlfninn
Gmail - Bill Pierce\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
HKCU\SearchScopes "DefaultScope"="{C545710C-2BD9-47F8-A661-8AA552047308}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
HKCU\SearchScopes\{C545710C-2BD9-47F8-A661-8AA552047308} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\91E1C13E2D180C04EB04032A5AE4C972 deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E31C1E19-81D2-40C0-BE40-30A2A54E9C27} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\91E1C13E2D180C04EB04032A5AE4C972 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoShutdownManager deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhoneTray deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray deleted successfully

==== HijackThis Entries ======================

O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\coIEPlg.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Blur BHO - {C584D6D2-EF22-4C61-BF5B-0C7E723D836C} - C:\Program Files (x86)\DoNotTrackMe\5.5.1930\AbineBHO.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll
O2 - BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\coIEPlg.dll
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [RIM PeerManager] "C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe"
O4 - HKLM\..\Run: [Sound Blaster Cinema] "C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe
O4 - HKLM\..\Run: [Fast Boot] C:\Program Files (x86)\MSI\Fast Boot\StartFastBoot.exe
O4 - HKLM\..\Run: [Super Charger] C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe
O4 - HKLM\..\Run: [TP-LINK USB Printer Controller] C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe -mini
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Live Update] C:\Program Files (x86)\MSI\Live Update\Live Update.exe /REMINDER
O4 - HKLM\..\Run: [Command Center] C:\Program Files (x86)\MSI\Command Center\StartCommandCenter.exe
O4 - HKLM\..\RunOnce: [AbineAutoUpdate] "C:\Program Files (x86)\DoNotTrackMe\AbineAutoUpdate.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Bill Pierce\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Bill Pierce\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Bill Pierce\AppData\Local\Microsoft\OneDrive\17.3.6301.0127_1\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Bill Pierce\AppData\Local\Microsoft\OneDrive\17.3.6301.0127_1\amd64"
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Bill Pierce\AppData\Local\Microsoft\OneDrive\17.3.6301.0127_1] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Bill Pierce\AppData\Local\Microsoft\OneDrive\17.3.6301.0127_1"
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - Startup: Send to OneNote.lnk = C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
O4 - Global Startup: PhoneTray.lnk = C:\Program Files (x86)\PhoneTray\PhoneTray.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files (x86)\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files (x86)\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.time.gov
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/4.2.0.0/GarminAxControl_32.CAB
O16 - DPF: {01025D1C-BB03-4369-8344-732CD0DCCCF0} (NVIDIA GPU Reader Class) - http://www.geforce.com/services_toolkit/ShimGen/1.1.28.1/GPU_Reader.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://qtinstall.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://oas.support.microsoft.com/ActiveX/MSDcode.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} - http://chil.solidworks.com/htdocs/pdownload/edrawings/e2011sp03/cab//eModelsStandard.cab
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} (Symantec Configuration Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1350216267514
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.24.0.cab
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entjs.msn.com/client/msnmusax9302.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/TrueInstall.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{2537fcef-de02-4814-9783-4d7073d82a07}: NameServer = 199.85.126.10,199.85.127.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{cbe2ab92-4022-4e70-a852-48bcfddcaf7c}: NameServer = 24.226.1.93,24.226.1.94,24.226.10.193,24.226.10.194
O17 - HKLM\System\CS1\Services\Tcpip\..\{2537fcef-de02-4814-9783-4d7073d82a07}: NameServer = 199.85.126.10,199.85.127.10
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: BlackBerry Device Manager - BlackBerry Limited - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox Update Service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: Norton Disk Doctor Service (DiskDoctorService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Energy Server Service WILLAMETTE (ESRV_SVC_WILLAMETTE) - Unknown owner - C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Garmin Device Interaction Service - Garmin Ltd. or its subsidiaries - C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Google Update Service (gupdate1c9e5f5de612b20) (gupdate1c9e5f5de612b20) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Integrated Clock Controller Service - Intel® ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Stardock ModernMix (ModernMix) - Stardock Software, Inc - C:\Program Files (x86)\Stardock\ModernMix\MMixSrv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: MSI Command Center Clock Service (MSIClock_CC) - MSI - C:\Program Files (x86)\MSI\Command Center\ClockGen\MSIClockService.exe
O23 - Service: MSI Command Center Comm Service (MSICOMM_CC) - MSI - C:\Program Files (x86)\MSI\Command Center\MSICommService.exe
O23 - Service: MSI Command Center CPU Service (MSICPU_CC) - MSI - C:\Program Files (x86)\MSI\Command Center\CPU\MSICPUService.exe
O23 - Service: MSI Command Center control Service (MSICTL_CC) - MSI - C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe
O23 - Service: MSI Command Center DDR Service (MSIDDR_CC) - MSI - C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe
O23 - Service: MSI Command Center SMBus Service (MSISMB_CC) - MSI - C:\Program Files (x86)\MSI\Command Center\SMBus\MSISMBService.exe
O23 - Service: MSI Command Center SuperIO Service (MSISuperIO_CC) - MSI - C:\Program Files (x86)\MSI\Command Center\SuperIO\MSISuperIOService.exe
O23 - Service: MSI_FastBoot - MSI - C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe
O23 - Service: MSI Live Update Service (MSI_LiveUpdate_Service) - Micro-Star INT'L CO., LTD. - C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
O23 - Service: MSI_SuperCharger - MSI - C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe
O23 - Service: MSI_Trigger_Service - MICRO-STAR INTERNATIONAL CO., LTD. - C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\WINDOWS\system32\mqsvc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Norton Security (NS) - Symantec Corporation - C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\NS.exe
O23 - Service: Norton Safe Web Lite (NSL) - Unknown owner - C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe (file missing)
O23 - Service: Norton Utilities 16 Start Manager Service (NU16StartManagerSvc) - Unknown owner - C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: PhoneTray Service (PhoneTrayService) - Traysoft Inc. - C:\Program Files (x86)\PhoneTray\PhoneTrayService.exe
O23 - Service: RIM MDNS - Apple Inc. - C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
O23 - Service: BlackBerry Link Communication Manager (RIM Tunnel Service) - Research In Motion Limited - C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: Norton SpeedDisk Service (SpeedDiskService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Stardock Start10 (Start10) - Stardock Software, Inc - C:\Program Files (x86)\Stardock\Start10\Start10Srv.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SuperRAIDSvc - Micro-Star INT'L CO., LTD. - C:\MSI\Smart Utilities\SuperRAIDSvc.exe
O23 - Service: Intel® System Usage Report Service SystemUsageReportSvc_WILLAMETTE (SystemUsageReportSvc_WILLAMETTE) - Unknown owner - C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: User Energy Server Service WILLAMETTE (USER_ESRV_SVC_WILLAMETTE) - Unknown owner - C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: VMLiteService - VMLite, Inc. - C:\Program Files\VMLite\VMLite Workstation\VMLiteService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel® Extreme Tuning Utility Service (XTU3SERVICE) - Intel® Corporation - C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\XtuService.exe

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Bill Pierce\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Bill Pierce\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Bill Pierce\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Bill Pierce\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Default User\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Bill Pierce\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=347 folders=108 329310160 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\BILLPI~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Mon 03/14/2016 at 22:46:32.14 ======================

------------------------------------------------------------------------------------------------------

#6 Oh My!

Adware and Spyware and Malware.....

Malware Response Instructor
36,790 posts
OFFLINE

Gender:Male
Location:California
Local time:10:02 AM

Posted 15 March 2016 - 08:52 AM

Thank you. We will remove that file and remove Norton again using a different tool.

Please do this.

===================================================

Reversing Clean Boot State
--------------------

Press windows key + r on your keyboard at the same time
Type msconfig and press Enter
If you are prompted for an administrator password or for a confirmation, type the password, or provide confirmation
In the System Configuration Utility dialog box, click Normal Startup on the General tab
Click OK
When you are prompted, click Restart

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------

Press the Windows key + r on your keyboard at the same time. Type in notepad and press Enter
Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)

D:\Vision\ProOcr\disk1\SETUP.EXE
emptytemp:

Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

===================================================

Uninstalling Programs Using Revo Uninstaller Free

--------------------

I recommend uninstalling the below listed program(s) from your computer.

Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.

Please note there is a chance when you look for this program to uninstall through Revo it might not be listed because of a previous uninstall. If that is the case simply stop and let me know.

Please download and install Revo Uninstaller Free
Double click Revo Uninstaller to run it.
From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)

Norton Security (and any other Norton programs)

When prompted if you want to uninstall click Yes.
Be sure the Advanced option is selected then click Next.
The program will run, If prompted again click Yes
When the built-in uninstaller is finished click on Next
Once the program has searched for leftovers click Next.
Check the items in bold only on the list then click Delete. You may have to expand some folders by clicking the "+" mark.
When prompted click on Yes and then on Next.
Click on Select all then click Delete
When prompted select Yes then Next
Once done click Finish.
Reinstall Norton and check the performance

Fixlog
Norton?

Edited by Oh My!, 15 March 2016 - 08:53 AM.

#7 Bill Pierce

Topic Starter

Members
46 posts
OFFLINE

Gender:Male
Location:Burlington, Ontario
Local time:01:02 PM

Posted 15 March 2016 - 10:53 AM

Again, thank you very much.

Here's the information this time:

I ran FRST again with the script you supplied Just below is the pasted Fixlog.txt.

I ran the Revo Uninstaller and uninstalled all Norton products. Then I reinstalled Norton Security. The behavior remains the same: I cannot select exploit prevention without it automatically turning off both browser protection and exploit prevention 30-60 seconds later.

Is there something else yet to do?

-------------------------------------------------------------------------

(FRST fixlog.txt)

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Bill Pierce (2016-03-15 10:35:36) Run:5
Running from C:\Users\Bill Pierce\Desktop
Loaded Profiles: Bill Pierce (Available Profiles: Bill Pierce & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
D:\Vision\ProOcr\disk1\SETUP.EXE
emptytemp:

*****************

"D:\Vision\ProOcr\disk1\SETUP.EXE" => not found.
EmptyTemp: => 428.7 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 10:37:49 ====

--------------------------------------------------------------------------------

#8 Oh My!

Adware and Spyware and Malware.....

Malware Response Instructor
36,790 posts
OFFLINE

Gender:Male
Location:California
Local time:10:02 AM

Posted 15 March 2016 - 01:37 PM

Greetings,

You issue is not related to malware. It may be glitch with Norton and I see in previous versions there were similar problems.

The only other thing we can try is to take your computer back to a point prior to the Norton update and see if things change. You will have to think back to when that was.

Please do this if you would like to try that.

===================================================

Reverting to Previous System Restore Point - Windows 10

--------------------

Click the Windows Key + S at the same time
Type Recovery then Select Recovery Control Panel
Click Open System Restore
Select the Restore Point dated prior to the Norton Update
Click Next, then Finish
Allow the process to complete and your computer will reboot

Computer performance?

#9 Bill Pierce

Topic Starter

Members
46 posts
OFFLINE

Gender:Male
Location:Burlington, Ontario
Local time:01:02 PM

Posted 15 March 2016 - 02:30 PM

Thank you immensely for all of your assistance.

I was first upgraded (it was via LiveUpdate and not really my choice) to the latest version of Norton Security three weeks ago. As far as I'm concerned, that is too long ago to use System Restore, which in my mind is a worthwhile tool for rectifying errors that have occurred within a matter of days rather than weeks.

I was requested by Norton support to determine if there was a malware issue with my computer. With your very capable help, I have done my due diligence, and I believe we concur to the best of our abilities there is no infection.

I will now return to Norton support, report these conclusions, and place the ball back in their court, where it properly belongs.

Again, I greatly respect your efforts on my behalf.

#10 Oh My!

Adware and Spyware and Malware.....

Malware Response Instructor
36,790 posts
OFFLINE

Gender:Male
Location:California
Local time:10:02 AM

Posted 15 March 2016 - 08:12 PM

No problem,

You can always do a System Restore prior to the update and then undo that System Restore to return to where you are now. That may identify if the update is the problem. Up to you....

Good luck.

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and you may delete any programs or logs on your computer as a result of our efforts. If we used Emsisoft Emergency Kit just delete the icon on your desktop and the C:\EEK folder. For everything else you simply delete the log files or desktop icons.

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:

Simple and easy ways to keep your computer safe and secure on the Internet.

In addition, here are some more links you might find of interest:

CryptoPrevent and CryptoMonitor guard against CryptoLocker which encrypts your files making them inaccessible. <<< Very Important. For more information read the explanation by quietman7
Miekies' prevention suggestions
So How did I get infected?
Microsoft - 'Security at home'
Calendar of Updates: See which updates have been released.
How to backup your Data with Cobian Backup: because you never know when your harddisk might fail or your data gets corrupted (CryptoLocker)
osalt: Find (free) open source alternatives to known commercial software.

I will leave this topic open for just a brief period of time in case you have any further issues then it will be closed shortly thereafter.

Thank you for placing your trust in BleepingComputer. It was a pleasure serving you.

#11 Oh My!

Adware and Spyware and Malware.....

Malware Response Instructor
36,790 posts
OFFLINE

Gender:Male
Location:California
Local time:10:02 AM

Posted 16 March 2016 - 08:26 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.