Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

suspect husband of installing spyware


  • This topic is locked This topic is locked
5 replies to this topic

#1 zucchini_elle

zucchini_elle

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:58 AM

Posted 27 March 2016 - 11:13 PM

i'm getting divorced from my husband, garry, who i've shared a computer that had separate logon accounts.  in addition to our desktop computer (a dell xps 8700 running windows 10), i also have a dell inspiron laptop that he doesn't have an logon profile for, since it's only for my work, which is as a psychotherapist, so when i use either computer i often have a lot of private client files, in addition to my other normal everyday stuff.  the same thing applies to my (previously) shared accounts on my samsung galaxy 5 phone and my nook HD tablet, which runs on an android system...again, shared previously via credit card with the soon to be ex-husband, but everything has been password protected because of the nature of my work and the need for HIPAA compliance.  Anyway, the not yet ex made a comment that sounded to me like he was either accessing my email or my text messages somehow.  I know in the past he has used spyware (webwatcher that was put onto a laptop of an adolescent suspected of using drugs and possibly getting involved in making bombs, so the ex felt justified in the spying...it turned out yes to the drugs, no to the bombs!!)  anyway, i ran the scan and have attached it.  ANY help in determining if he may have installed spyware would be SO appreciated.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by elle__000 (administrator) on THEBEAST (27-03-2016 19:19:13)
Running from \\THEBEAST\Users\elle__000\Downloads
Loaded Profiles: UpdatusUser & elle__000 (Available Profiles: UpdatusUser & garry & elle__000)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
() C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
(DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avpui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\VzDetectAgent.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) \\THEBEAST\Users\elle__000\Downloads\FRST64.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2016-03-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2016-03-10] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-09] (Apple Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498720 2015-12-17] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [650784 2015-12-22] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863776 2015-12-22] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM-x32\...\Run: [GoPro Studio Importer] => C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe [3218184 2015-10-02] (GoPro)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065968 2015-07-23] (SEIKO EPSON CORPORATION)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
HKU\S-1-5-21-1821108024-536135805-927437847-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-21-1821108024-536135805-927437847-1006\...\Run: [CAHeadless] => C:\Program Files (x86)\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [1400224 2013-09-25] (Adobe Systems Incorporated)
HKU\S-1-5-21-1821108024-536135805-927437847-1006\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-11-30] (Apple Inc.)
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATILOE.EXE [297024 2015-01-16] (SEIKO EPSON CORPORATION)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\elle__000\AppData\Local\Microsoft\OneDrive\17.3.6302.0225_1\amd64\FileSyncShell64.dll [2016-03-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\elle__000\AppData\Local\Microsoft\OneDrive\17.3.6302.0225_1\amd64\FileSyncShell64.dll [2016-03-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\elle__000\AppData\Local\Microsoft\OneDrive\17.3.6302.0225_1\amd64\FileSyncShell64.dll [2016-03-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll [2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll [2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\elle__000\AppData\Local\Microsoft\OneDrive\17.3.6302.0225_1\FileSyncShell.dll [2016-03-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\elle__000\AppData\Local\Microsoft\OneDrive\17.3.6302.0225_1\FileSyncShell.dll [2016-03-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\elle__000\AppData\Local\Microsoft\OneDrive\17.3.6302.0225_1\FileSyncShell.dll [2016-03-19] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GoPro Importer.lnk [2015-05-08]
ShortcutTarget: GoPro Importer.lnk -> C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe (GoPro)
Startup: C:\Users\elle__000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2014-11-23]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{345c2950-0ee6-4f9a-b399-c97320099fbb}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{51798b00-8a07-4697-8c66-ff7e32f03dad}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com/?pc=DCJB
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-1821108024-536135805-927437847-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-1821108024-536135805-927437847-1006\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKU\S-1-5-21-1821108024-536135805-927437847-1006 -> DefaultScope {9111F517-0CA3-4746-8247-F4758CE337AC} URL = 
SearchScopes: HKU\S-1-5-21-1821108024-536135805-927437847-1006 -> {9111F517-0CA3-4746-8247-F4758CE337AC} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-13] (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2013-07-30] (Qualcomm®Atheros®)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2016-01-06] (AO Kaspersky Lab)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-13] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2016-01-05] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-20] (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2016-01-06] (AO Kaspersky Lab)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2016-01-05] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-20] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2016-01-06] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-20] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2016-01-06] (AO Kaspersky Lab)
DPF: HKLM-x32 {55A2C0CD-3DE8-4264-9637-A0B40B05714E} hxxps://col0-sec.mail.live.com/mail/MailMigrationCabFileHolder.aspx?n=229484524
DPF: HKLM-x32 {6A6E7E91-B6EB-46B5-A545-12B8EDDD261E} hxxps://a-sl1-app01.advancedmd.com/practicemanager/ppmdcontrols/amdscontrols50.cab
DPF: HKLM-x32 {9602B3CE-BC91-417D-B4FD-F6538C2ABB3B} hxxps://a-sl1-app01.advancedmd.com/practicemanager/ppmdcontrols/amdswscheck.cab
DPF: HKLM-x32 {CC99A86F-EA5D-414A-8231-7C3F1B10A644} hxxps://a-sl1-app01.advancedmd.com/practicemanager/ppmdcontrols/amdsaudio.cab
DPF: HKLM-x32 {EE8CEFA4-1F91-11D4-B31E-00C04F1D37E6} hxxps://a-sl1-app01.advancedmd.com/practicemanager/ppmdcontrols/ppmdvbdownload.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\elle__000\AppData\Roaming\Mozilla\Firefox\Profiles\c8417vtg.default
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-29] (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2016-01-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2016-01-05] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-04-06] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-11-11] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-11-11] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2016-02-27] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems)
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-01-14]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2015-11-22] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox [2016-02-29]
 
Chrome: 
=======
CHR Profile: C:\Users\elle__000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\elle__000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-08]
CHR Extension: (Google Drive) - C:\Users\elle__000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\elle__000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-04]
CHR Extension: (Google Search) - C:\Users\elle__000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-04]
CHR Extension: (Kaspersky Protection) - C:\Users\elle__000\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2016-01-07]
CHR Extension: (Adobe Acrobat) - C:\Users\elle__000\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-11-10]
CHR Extension: (Google Docs Offline) - C:\Users\elle__000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (FromDocToPDF) - C:\Users\elle__000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk [2016-03-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\elle__000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-10]
CHR Extension: (Gmail) - C:\Users\elle__000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-02]
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2015-12-17]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-25] (Adobe Systems Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe [194000 2016-01-06] (Kaspersky Lab ZAO)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2828016 2016-02-09] (Microsoft Corporation)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2571352 2016-01-05] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201816 2016-01-05] (Dell Inc.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [803856 2016-01-28] (Garmin Ltd. or its subsidiaries)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [368640 2014-08-13] (Verizon) [File not signed]
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-04] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-29] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2016-03-10] (Realtek Semiconductor)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-03-14] (Dell Inc.)
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] ()
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4318760 2016-03-10] (Qualcomm Atheros Communications, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-09-11] (Dell Computer Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70512 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [77728 2016-02-29] (AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [181640 2016-01-06] (AO Kaspersky Lab)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [227512 2016-01-06] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [927640 2016-02-29] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39608 2015-06-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [41656 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2016-01-06] (AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [87944 2016-01-06] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [102584 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
U5 NvStUSB; C:\Windows\System32\Drivers\NvStUSB.sys [451872 2013-11-11] (NVIDIA Corporation)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-27 19:19 - 2016-03-27 19:19 - 00029082 _____ C:\Users\elle__000\Downloads\FRST.txt
2016-03-27 19:18 - 2016-03-27 19:19 - 00000000 ____D C:\FRST
2016-03-27 19:18 - 2016-03-27 19:18 - 02374144 _____ (Farbar) C:\Users\elle__000\Downloads\FRST64.exe
2016-03-27 19:14 - 2016-03-27 19:17 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\elle__000\Downloads\spybot-2.4.exe
2016-03-27 17:55 - 2016-03-27 17:55 - 00000000 ___HD C:\OneDriveTemp
2016-03-24 09:17 - 2016-03-24 09:17 - 04655041 _____ C:\Users\elle__000\Downloads\Attachments_2016324.zip
2016-03-23 22:27 - 2016-03-23 22:27 - 00000000 ____D C:\Users\elle__000\AppData\Local\IsolatedStorage
2016-03-23 22:27 - 2016-03-23 22:27 - 00000000 ____D C:\Users\elle__000\AppData\Local\Intuit
2016-03-23 09:51 - 2016-03-23 09:51 - 00033747 _____ C:\Users\elle__000\Downloads\Radiology.TIF
2016-03-23 09:51 - 2016-03-23 09:51 - 00033747 _____ C:\Users\elle__000\Downloads\Radiology (1).TIF
2016-03-23 08:43 - 2016-03-23 08:43 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-03-22 20:43 - 2016-03-22 20:43 - 00000000 _____ C:\Users\garry\Downloads\activityi;src=4262823;type=Visit-;cat=Epson-;ord=4627883580786;~oref=http___www.epson.com_cgi-bin_Store_support_supDetail.js
2016-03-22 20:42 - 2016-03-22 20:42 - 00000000 _____ C:\Users\garry\Downloads\activityi;src=4262823;type=Visit-;cat=Epson-;ord=8979370314346;~oref=http___www.epson.com_cgi-bin_Store_support_supDetail.js
2016-03-22 17:03 - 2016-03-22 17:03 - 00115623 _____ C:\Users\garry\Downloads\lisa_default_160130.swf
2016-03-22 08:53 - 2016-03-22 08:53 - 01158434 _____ C:\Users\elle__000\Desktop\CA_12748944_Eleanor_Pew_Cigna_behavioral_Cont.pdf
2016-03-19 17:34 - 2016-03-19 17:34 - 00000000 ____D C:\Users\elle__000\AppData\Local\ActiveSync
2016-03-19 17:32 - 2016-03-19 17:32 - 00000020 ___SH C:\Users\elle__000\ntuser.ini
2016-03-19 17:02 - 2016-03-19 17:18 - 00017408 _____ C:\Users\garry\Documents\Assumption 3.xlsx
2016-03-19 16:55 - 2016-03-19 17:17 - 00017408 _____ C:\Users\garry\Documents\Assumption 2.xlsx
2016-03-19 16:20 - 2016-03-19 17:19 - 00016896 _____ C:\Users\garry\Documents\Assumption 1.xlsx
2016-03-19 12:23 - 2016-03-19 12:23 - 00185049 _____ C:\Users\garry\Downloads\confirmation (3).pdf
2016-03-19 12:23 - 2016-03-19 12:23 - 00156763 _____ C:\Users\garry\Downloads\confirmation (2).pdf
2016-03-19 11:26 - 2016-03-22 19:58 - 00000000 ___DC C:\WINDOWS\Panther
2016-03-19 11:24 - 2016-03-19 11:24 - 00000000 ____D C:\Users\garry\AppData\Local\ActiveSync
2016-03-19 11:23 - 2016-03-19 11:24 - 00000000 ____D C:\Windows.old
2016-03-19 11:23 - 2016-03-19 11:23 - 24600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 22376960 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 12586496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 09919488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 08705672 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 07533568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-03-19 11:23 - 2016-03-19 11:23 - 06972416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 06952088 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 06740992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 06607080 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 05661696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 05321728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 04827136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 04412928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-03-19 11:23 - 2016-03-19 11:23 - 03449168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 03425792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 02912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 02793472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 02773096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 02654872 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 02635264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 02581504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 02544264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 02186864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 02152288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-03-19 11:23 - 2016-03-19 11:23 - 02061312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 01997152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-03-19 11:23 - 2016-03-19 11:23 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 01859960 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 01847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2016-03-19 11:23 - 2016-03-19 11:23 - 01831936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 01818696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 01799168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 01613664 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 01497088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2016-03-19 11:23 - 2016-03-19 11:23 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 01390592 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-03-19 11:23 - 2016-03-19 11:23 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-03-19 11:23 - 2016-03-19 11:23 - 01224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 01152328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-03-19 11:23 - 2016-03-19 11:23 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSave.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-03-19 11:23 - 2016-03-19 11:23 - 01017032 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00997376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00990720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-03-19 11:23 - 2016-03-19 11:23 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00980352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-03-19 11:23 - 2016-03-19 11:23 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00915456 _____ (Microsoft Corporation) C:\WINDOWS\system32\configurationclient.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00895080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00882720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-03-19 11:23 - 2016-03-19 11:23 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00848168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00819648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-03-19 11:23 - 2016-03-19 11:23 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00791744 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00779384 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00769536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2016-03-19 11:23 - 2016-03-19 11:23 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00713824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00713728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-03-19 11:23 - 2016-03-19 11:23 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\scapi.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00652392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00640472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-03-19 11:23 - 2016-03-19 11:23 - 00625000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00591872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-03-19 11:23 - 2016-03-19 11:23 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00572272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00563552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2016-03-19 11:23 - 2016-03-19 11:23 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-03-19 11:23 - 2016-03-19 11:23 - 00540160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00538736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00534368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-03-19 11:23 - 2016-03-19 11:23 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00523752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2016-03-19 11:23 - 2016-03-19 11:23 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00493568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00476728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00450912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00430944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-03-19 11:23 - 2016-03-19 11:23 - 00420928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-03-19 11:23 - 2016-03-19 11:23 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2016-03-19 11:23 - 2016-03-19 11:23 - 00394752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00394080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-03-19 11:23 - 2016-03-19 11:23 - 00389992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00376536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2016-03-19 11:23 - 2016-03-19 11:23 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-03-19 11:23 - 2016-03-19 11:23 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00287712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-03-19 11:23 - 2016-03-19 11:23 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\cemapi.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-03-19 11:23 - 2016-03-19 11:23 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2016-03-19 11:23 - 2016-03-19 11:23 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00220064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqmapi.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuickActionsDataModel.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00216416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cemapi.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-03-19 11:23 - 2016-03-19 11:23 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00187744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwbase.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2016-03-19 11:23 - 2016-03-19 11:23 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerServer.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwbase.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-03-19 11:23 - 2016-03-19 11:23 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-03-19 11:23 - 2016-03-19 11:23 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2016-03-19 11:23 - 2016-03-19 11:23 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00146272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2016-03-19 11:23 - 2016-03-19 11:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00141664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2016-03-19 11:23 - 2016-03-19 11:23 - 00141560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2016-03-19 11:23 - 2016-03-19 11:23 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00127840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2016-03-19 11:23 - 2016-03-19 11:23 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2016-03-19 11:23 - 2016-03-19 11:23 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-03-19 11:23 - 2016-03-19 11:23 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2016-03-19 11:23 - 2016-03-19 11:23 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-03-19 11:23 - 2016-03-19 11:23 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-03-19 11:23 - 2016-03-19 11:23 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-03-19 11:23 - 2016-03-19 11:23 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\provpackageapidll.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\POSyncServices.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenanceClient.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\POSyncServices.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PimIndexMaintenanceClient.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTypeHelperUtil.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataLanguageUtil.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerClient.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-03-19 11:23 - 2016-03-19 11:23 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TimeBrokerClient.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-03-19 11:23 - 2016-03-19 11:23 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-03-19 11:23 - 2016-03-19 11:23 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\irmon.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExtrasXmlParser.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfapigp.dll
2016-03-19 11:23 - 2016-03-19 11:23 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll
2016-03-19 11:22 - 2016-03-19 11:22 - 00000020 ___SH C:\Users\garry\ntuser.ini
2016-03-19 11:19 - 2016-03-19 11:19 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-03-19 11:16 - 2016-03-19 11:16 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-03-19 11:16 - 2016-03-19 11:16 - 00000000 ____D C:\Program Files\MSBuild
2016-03-19 11:16 - 2016-03-19 11:16 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-03-19 11:16 - 2016-03-19 11:16 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-03-19 11:15 - 2016-03-19 11:15 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-03-19 11:15 - 2016-03-19 11:15 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-03-19 11:15 - 2016-03-19 11:15 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-03-19 11:15 - 2016-03-19 11:15 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-03-19 11:15 - 2015-10-23 18:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2016-03-19 11:15 - 2015-10-23 18:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-03-19 11:15 - 2015-10-23 18:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2016-03-19 11:15 - 2015-10-23 18:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2016-03-19 11:15 - 2015-10-23 18:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2016-03-19 11:15 - 2015-10-23 18:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-03-19 11:07 - 2016-03-19 11:07 - 00000000 _SHDL C:\Users\Default\My Documents
2016-03-19 11:07 - 2016-03-19 11:07 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2016-03-19 11:07 - 2016-03-19 11:07 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2016-03-19 11:07 - 2016-03-19 11:07 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2016-03-19 11:07 - 2016-03-19 11:07 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2016-03-19 11:07 - 2016-03-19 11:07 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2016-03-19 11:07 - 2016-03-19 11:07 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2016-03-19 10:51 - 2016-03-19 10:51 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2016-03-19 10:48 - 2016-03-19 10:48 - 00000937 _____ C:\WINDOWS\Tasks\EPSON XP-810 Series Update {AD4CBC54-5F56-4C86-8F8C-2CDDF0CB12CE}.job
2016-03-19 10:48 - 2016-03-19 10:48 - 00000751 _____ C:\WINDOWS\Tasks\EPSON XP-810 Series Invitation {AD4CBC54-5F56-4C86-8F8C-2CDDF0CB12CE}.job
2016-03-19 10:42 - 2016-03-19 10:42 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-03-19 10:42 - 2016-03-19 10:42 - 00000000 ____D C:\Users\Default\AppData\Roaming\Garmin
2016-03-19 10:42 - 2016-03-19 10:42 - 00000000 ____D C:\Users\Default\AppData\Roaming\Adobe
2016-03-19 10:42 - 2016-03-19 10:42 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2016-03-19 10:42 - 2016-03-19 10:42 - 00000000 ____D C:\Users\Default\AppData\Local\Garmin_Ltd._or_its_subsid
2016-03-19 10:42 - 2016-03-19 10:42 - 00000000 ____D C:\Users\Default\AppData\Local\Adobe
2016-03-19 10:42 - 2016-03-19 10:42 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Garmin
2016-03-19 10:42 - 2016-03-19 10:42 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Adobe
2016-03-19 10:42 - 2016-03-19 10:42 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2016-03-19 10:42 - 2016-03-19 10:42 - 00000000 ____D C:\Users\Default User\AppData\Local\Garmin_Ltd._or_its_subsid
2016-03-19 10:42 - 2016-03-19 10:42 - 00000000 ____D C:\Users\Default User\AppData\Local\Adobe
2016-03-19 10:36 - 2016-03-19 10:44 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2016-03-19 10:32 - 2016-03-20 09:26 - 00000000 ____D C:\Users\elle__000
2016-03-19 10:32 - 2016-03-19 17:20 - 00000000 ____D C:\Users\garry
2016-03-19 10:32 - 2016-03-19 10:54 - 00000000 ____D C:\Users\UpdatusUser
2016-03-19 10:32 - 2016-03-19 10:32 - 00000000 _SHDL C:\Users\UpdatusUser\My Documents
2016-03-19 10:32 - 2016-03-19 10:32 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\My Videos
2016-03-19 10:32 - 2016-03-19 10:32 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\My Pictures
2016-03-19 10:32 - 2016-03-19 10:32 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\My Music
2016-03-19 10:32 - 2016-03-19 10:32 - 00000000 _SHDL C:\Users\garry\My Documents
2016-03-19 10:32 - 2016-03-19 10:32 - 00000000 _SHDL C:\Users\garry\Documents\My Videos
2016-03-19 10:32 - 2016-03-19 10:32 - 00000000 _SHDL C:\Users\garry\Documents\My Pictures
2016-03-19 10:32 - 2016-03-19 10:32 - 00000000 _SHDL C:\Users\garry\Documents\My Music
2016-03-19 10:32 - 2016-03-19 10:32 - 00000000 _SHDL C:\Users\elle__000\My Documents
2016-03-19 10:32 - 2016-03-19 10:32 - 00000000 _SHDL C:\Users\elle__000\Documents\My Videos
2016-03-19 10:32 - 2016-03-19 10:32 - 00000000 _SHDL C:\Users\elle__000\Documents\My Pictures
2016-03-19 10:32 - 2016-03-19 10:32 - 00000000 _SHDL C:\Users\elle__000\Documents\My Music
2016-03-19 10:30 - 2016-03-22 19:59 - 00000000 ____D C:\ProgramData\NVIDIA
2016-03-19 10:30 - 2016-03-19 10:36 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-03-19 10:30 - 2015-08-06 17:24 - 06873904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-03-19 10:30 - 2015-08-06 17:24 - 03492984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-03-19 10:30 - 2015-08-06 17:24 - 02558768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-03-19 10:30 - 2015-08-06 17:24 - 01059960 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2016-03-19 10:30 - 2015-08-06 17:24 - 00937592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2016-03-19 10:30 - 2015-08-06 17:24 - 00385328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-03-19 10:30 - 2015-08-06 17:24 - 00075056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2016-03-19 10:30 - 2015-08-06 17:24 - 00062584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-03-19 10:30 - 2015-08-03 03:04 - 05133709 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-03-19 10:29 - 2016-03-19 10:36 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-03-19 10:29 - 2016-03-19 10:36 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-03-19 10:29 - 2016-03-19 10:29 - 01019725 _____ C:\WINDOWS\system32\Drivers\rtwavesskdy.dat
2016-03-19 10:29 - 2016-03-19 10:29 - 00463760 _____ C:\WINDOWS\system32\Drivers\rtwavesmapro.dat
2016-03-19 10:29 - 2016-03-19 10:29 - 00031095 _____ C:\WINDOWS\system32\Drivers\rtwavesEFX.dat
2016-03-19 10:29 - 2016-03-19 10:29 - 00019501 _____ C:\WINDOWS\system32\Drivers\rtwavesmaprocap.dat
2016-03-19 10:29 - 2016-03-19 10:29 - 00010945 _____ C:\WINDOWS\system32\Drivers\rtwavesMFX.dat
2016-03-19 10:29 - 2016-03-19 10:29 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2016-03-19 10:29 - 2016-03-19 10:29 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2016-03-19 10:29 - 2016-03-19 10:29 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2016-03-19 10:29 - 2016-03-19 10:29 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-03-19 10:29 - 2016-03-19 10:29 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2016-03-19 10:29 - 2016-03-19 10:29 - 00000000 ____D C:\Program Files\Realtek
2016-03-19 10:29 - 2016-03-19 10:29 - 00000000 ____D C:\Program Files\Common Files\logishrd
2016-03-19 10:29 - 2016-03-19 10:29 - 00000000 ____D C:\Program Files\Common Files\Atheros
2016-03-18 18:38 - 2016-03-18 18:44 - 00016896 _____ C:\Users\garry\Documents\El & Garry Earnings 1.xlsx
2016-03-18 15:32 - 2016-03-18 17:37 - 00016384 _____ C:\Users\garry\Documents\Payments for Mountain Creek.xlsx
2016-03-17 17:27 - 2016-03-17 17:27 - 00380675 _____ C:\Users\elle__000\Downloads\Limas, Angel benefit sheet 3-17-16.pdf
2016-03-17 09:15 - 2016-03-19 10:39 - 00000000 ____D C:\WINDOWS\SysWOW64\Log
2016-03-14 08:32 - 2016-03-14 17:57 - 00000000 ____D C:\Users\elle__000\Desktop\ok
2016-03-13 19:39 - 2016-03-13 19:39 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2016-03-13 19:39 - 2016-03-13 19:39 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-03-11 10:40 - 2016-03-11 10:40 - 00201422 _____ C:\Users\garry\Downloads\statement.pdf
2016-03-10 22:20 - 2016-03-10 22:20 - 00000000 ____D C:\Users\elle__000\AppData\Local\webkit
2016-03-10 22:07 - 2016-03-10 22:07 - 00000000 ____D C:\Users\elle__000\AppData\Roaming\Amazon
2016-03-10 21:58 - 2016-03-10 22:22 - 00000000 ____D C:\Users\elle__000\.kindle
2016-03-10 21:57 - 2016-03-19 10:34 - 00000000 ____D C:\Users\elle__000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2016-03-10 21:57 - 2016-03-10 22:22 - 00000000 ____D C:\Users\elle__000\AppData\Local\Kindle Previewer
2016-03-10 21:57 - 2016-03-10 21:57 - 00001113 _____ C:\Users\elle__000\Desktop\Kindle Kids' Book Creator.lnk
2016-03-10 21:57 - 2016-03-10 21:57 - 00000000 ____D C:\Users\elle__000\AppData\Local\KKBC
2016-03-10 21:56 - 2016-03-10 21:57 - 285399448 _____ (Amazon.com) C:\Users\elle__000\Downloads\KindleKidsBookCreatorInstaller.exe
2016-03-10 20:32 - 2016-03-10 20:32 - 72130584 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCORES64.dat
2016-03-10 20:32 - 2016-03-10 20:32 - 42740336 _____ C:\WINDOWS\system32\nvcompiler.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 37757752 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 30529136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 22983792 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 18385488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 16170864 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 16020584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 15762912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 14520136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 13285328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 13242880 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO3064.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 12982400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 12126952 _____ (Waves Audio Ltd.) C:\WINDOWS\SysWOW64\MaxxVoiceAPO30.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 11851912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 11151488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2016-03-10 20:32 - 2016-03-10 20:32 - 07181616 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 07104888 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 05804772 _____ C:\WINDOWS\system32\Drivers\rtvienna.dat
2016-03-10 20:32 - 2016-03-10 20:32 - 04518136 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2016-03-10 20:32 - 2016-03-10 20:32 - 04318760 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\athw10x.sys
2016-03-10 20:32 - 2016-03-10 20:32 - 03709056 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioMeters64.exe
2016-03-10 20:32 - 2016-03-10 20:32 - 03360576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 03309264 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 03269440 _____ (Fortemedia Corporation) C:\WINDOWS\system32\FMAPO64.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 02999808 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 02971736 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 02935544 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 02880873 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2016-03-10 20:32 - 2016-03-10 20:32 - 02719992 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2016-03-10 20:32 - 2016-03-10 20:32 - 02369848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 02172544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 02058880 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioEQ64.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 02001056 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBAPO264.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 01991784 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 01908336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435382.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 01804936 _____ (DTS) C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 01766136 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 01764432 _____ (Creative Technology Ltd.) C:\WINDOWS\SysWOW64\MBAPO232.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 01613720 _____ (DTS) C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 01569080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 01567856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435382.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 01530872 _____ (DTS) C:\WINDOWS\system32\DTSBoostDLL64.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 01416832 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO6064.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 01351176 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 01231248 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO5064.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 01183352 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO4064.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 01174088 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 01069696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 01061504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 01015608 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO2064.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 00999864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 00992056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 00985216 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 00930848 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBAPO64.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 00795912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 00784312 _____ (Creative Technology Ltd.) C:\WINDOWS\SysWOW64\MBAPO32.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 00759208 _____ (DTS) C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 00742536 _____ (DTS) C:\WINDOWS\system32\DTSSymmetryDLL64.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 00723232 _____ (DTS) C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 00693032 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO30.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 00692520 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVolumeSDAPO.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 00659872 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 00657304 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBTHX64.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 00641560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 00591640 _____ (Creative Technology Ltd.) C:\WINDOWS\SysWOW64\MBTHX32.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 00588120 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 00545824 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 00517464 _____ (DTS) C:\WINDOWS\system32\DTSNeoPCDLL64.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 00460440 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 00458016 _____ (DTS) C:\WINDOWS\system32\DTSLimiterDLL64.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 00453848 _____ (DTS) C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 00422432 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBWrp64.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 00416896 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 00399464 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 00393176 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 00372864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 00355496 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 00342280 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO20.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 00339136 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 00333288 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 00333288 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 00323648 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 00283928 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 00264968 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPO64.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 00264896 _____ (DTS) C:\WINDOWS\system32\DTSLFXAPO64.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 00263944 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPONS64.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 00232712 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 00225504 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 00220136 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 00212256 _____ (Waves Audio) C:\WINDOWS\system32\MaxxAudioVienna264.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 00206152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2016-03-10 20:32 - 2016-03-10 20:32 - 00187280 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 00185616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 00176480 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 00174632 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkXInterface64.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 00163992 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 00161952 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 00159544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 00144184 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 00137224 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 00131024 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 00128512 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAR64.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 00120720 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 00097976 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 00094168 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 00084048 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBppld64.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 00079296 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBPPCn64.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 00040264 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 00040064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvpciflt.sys
2016-03-10 20:32 - 2016-03-10 20:32 - 00032392 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2016-03-10 20:32 - 2016-03-10 20:32 - 00031976 _____ C:\WINDOWS\system32\nvinfo.pb
2016-03-08 09:52 - 2016-03-08 09:53 - 00000000 ____D C:\Users\elle__000\Desktop\animals
2016-03-07 21:35 - 2016-03-07 21:35 - 00000816 _____ C:\Users\elle__000\Documents\Downloads - Shortcut.lnk
2016-03-07 21:12 - 2016-03-07 21:12 - 00087351 _____ C:\Users\elle__000\Downloads\Arreguin, Julie  benefit sheet 3-7-16 (2).pdf
2016-03-07 21:12 - 2016-03-07 21:12 - 00087351 _____ C:\Users\elle__000\Downloads\Arreguin, Julie  benefit sheet 3-7-16 (1).pdf
2016-03-07 21:11 - 2016-03-07 21:11 - 00087351 _____ C:\Users\elle__000\Downloads\Arreguin, Julie  benefit sheet 3-7-16.pdf
2016-02-27 09:49 - 2016-02-27 09:49 - 00000870 _____ C:\Users\Public\Desktop\Print CD.lnk
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-27 19:05 - 2014-09-12 19:05 - 00000937 _____ C:\WINDOWS\Tasks\EPSON XP-810 Series Update {A3376D77-E02E-4481-9546-BC4481F0F86B}.job
2016-03-27 19:05 - 2014-09-12 19:05 - 00000751 _____ C:\WINDOWS\Tasks\EPSON XP-810 Series Invitation {A3376D77-E02E-4481-9546-BC4481F0F86B}.job
2016-03-27 19:04 - 2015-08-10 08:04 - 00000937 _____ C:\WINDOWS\Tasks\EPSON XP-810 Series Update {6CB505E2-8D5B-40C1-8FC6-6F7996475C7C}.job
2016-03-27 19:04 - 2015-08-10 08:04 - 00000751 _____ C:\WINDOWS\Tasks\EPSON XP-810 Series Invitation {6CB505E2-8D5B-40C1-8FC6-6F7996475C7C}.job
2016-03-27 18:38 - 2014-09-12 18:38 - 00000937 _____ C:\WINDOWS\Tasks\EPSON XP-810 Series Update {EDA07FBA-13F9-4826-A1D7-05867443CA83}.job
2016-03-27 18:38 - 2014-09-12 18:38 - 00000751 _____ C:\WINDOWS\Tasks\EPSON XP-810 Series Invitation {EDA07FBA-13F9-4826-A1D7-05867443CA83}.job
2016-03-27 18:35 - 2014-03-31 14:25 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-27 17:55 - 2015-05-07 20:38 - 00000000 ___RD C:\Users\elle__000\OneDrive
2016-03-27 17:55 - 2015-04-24 16:50 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-03-27 17:55 - 2014-03-31 14:25 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-26 21:29 - 2015-10-30 00:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-26 21:29 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-03-26 20:29 - 2015-10-30 00:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-26 20:26 - 2015-10-30 00:21 - 00000000 ____D C:\WINDOWS\INF
2016-03-26 20:26 - 2015-07-30 21:02 - 00881036 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-25 10:43 - 2014-03-30 15:55 - 03678816 _____ C:\Users\garry\Desktop\QDATA1OFXLOG.DAT
2016-03-25 10:43 - 2014-03-30 15:54 - 44646772 _____ C:\Users\garry\Desktop\QDATA1.QDF
2016-03-25 10:41 - 2014-04-05 17:36 - 00004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{AD121474-B5B1-47B4-8C63-954FF8AFC17C}
2016-03-25 10:41 - 2014-03-29 13:51 - 00000000 ____D C:\Users\garry\AppData\Local\Adobe
2016-03-24 17:35 - 2014-04-06 11:26 - 01687552 ___SH C:\Users\elle__000\Downloads\Thumbs.db
2016-03-24 12:05 - 2014-06-26 13:51 - 00000000 ____D C:\Users\elle__000\Desktop\unused stuff
2016-03-24 09:53 - 2015-05-25 09:27 - 00000132 _____ C:\Users\elle__000\AppData\Roaming\Adobe PNG Format CS5 Prefs
2016-03-24 09:21 - 2015-04-01 13:20 - 00000000 ____D C:\ProgramData\SupportAssistAgent
2016-03-24 08:49 - 2014-04-03 00:20 - 00000000 ____D C:\Users\elle__000\AppData\Local\Adobe
2016-03-24 08:48 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\appcompat
2016-03-23 22:27 - 2014-03-29 21:25 - 00000000 ____D C:\ProgramData\Intuit
2016-03-23 15:19 - 2016-02-15 16:00 - 00003560 _____ C:\WINDOWS\System32\Tasks\PCDEventLauncherTask
2016-03-23 08:25 - 2014-04-03 00:30 - 00004158 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A1C5ACE7-A895-42DD-8951-566456ED3F26}
2016-03-22 20:17 - 2014-03-30 20:19 - 00000000 ____D C:\Users\garry\Desktop\BACKUP
2016-03-22 19:59 - 2016-02-13 06:14 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-22 19:58 - 2015-10-29 23:28 - 08388608 ___SH C:\WINDOWS\system32\config\BBI
2016-03-22 07:48 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-03-19 17:51 - 2014-04-03 00:20 - 00000000 ____D C:\Users\elle__000\AppData\Local\Packages
2016-03-19 17:36 - 2015-08-03 12:39 - 00002417 _____ C:\Users\elle__000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-03-19 17:32 - 2016-02-13 06:20 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-03-19 11:47 - 2014-03-28 14:39 - 00000000 ____D C:\Users\garry\AppData\Local\Packages
2016-03-19 11:31 - 2015-07-30 21:56 - 00002405 _____ C:\Users\garry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-03-19 11:31 - 2015-05-08 17:49 - 00000000 ___RD C:\Users\garry\OneDrive
2016-03-19 11:26 - 2015-10-30 00:24 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-03-19 11:25 - 2014-04-06 17:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-03-19 11:23 - 2016-02-13 06:03 - 00000000 ____D C:\Program Files\Windows Journal
2016-03-19 11:23 - 2015-10-30 00:24 - 00000000 __RSD C:\WINDOWS\Media
2016-03-19 11:23 - 2015-10-30 00:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-03-19 11:23 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-03-19 11:23 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-03-19 11:23 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-03-19 11:23 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-03-19 11:23 - 2015-10-30 00:24 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-03-19 11:23 - 2015-10-30 00:24 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-03-19 11:23 - 2015-10-30 00:24 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-03-19 11:23 - 2015-10-30 00:24 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-03-19 11:23 - 2015-10-29 23:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-03-19 11:23 - 2015-10-29 23:28 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-03-19 11:07 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\rescache
2016-03-19 11:06 - 2015-07-30 20:17 - 00036198 _____ C:\WINDOWS\diagwrn.xml
2016-03-19 11:06 - 2015-07-30 20:17 - 00036198 _____ C:\WINDOWS\diagerr.xml
2016-03-19 11:00 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-03-19 11:00 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\Registration
2016-03-19 10:55 - 2016-02-15 16:00 - 00003810 _____ C:\WINDOWS\System32\Tasks\PCDoctorBackgroundMonitorTask
2016-03-19 10:55 - 2016-02-15 16:00 - 00003094 _____ C:\WINDOWS\System32\Tasks\PCDDataUploadTask
2016-03-19 10:55 - 2016-02-15 16:00 - 00002980 _____ C:\WINDOWS\System32\Tasks\SystemToolsDailyTest
2016-03-19 10:55 - 2015-08-10 08:04 - 00003488 _____ C:\WINDOWS\System32\Tasks\EPSON XP-810 Series Update {6CB505E2-8D5B-40C1-8FC6-6F7996475C7C}
2016-03-19 10:55 - 2015-08-10 08:04 - 00003310 _____ C:\WINDOWS\System32\Tasks\EPSON XP-810 Series Invitation {6CB505E2-8D5B-40C1-8FC6-6F7996475C7C}
2016-03-19 10:55 - 2015-07-30 21:07 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2016-03-19 10:55 - 2015-05-14 15:09 - 00002954 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-03-19 10:55 - 2015-04-01 13:21 - 00003278 _____ C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2016-03-19 10:55 - 2014-09-12 19:05 - 00003432 _____ C:\WINDOWS\System32\Tasks\EPSON XP-810 Series Update {A3376D77-E02E-4481-9546-BC4481F0F86B}
2016-03-19 10:55 - 2014-09-12 19:05 - 00003246 _____ C:\WINDOWS\System32\Tasks\EPSON XP-810 Series Invitation {A3376D77-E02E-4481-9546-BC4481F0F86B}
2016-03-19 10:55 - 2014-09-12 18:38 - 00003432 _____ C:\WINDOWS\System32\Tasks\EPSON XP-810 Series Update {EDA07FBA-13F9-4826-A1D7-05867443CA83}
2016-03-19 10:55 - 2014-09-12 18:38 - 00003246 _____ C:\WINDOWS\System32\Tasks\EPSON XP-810 Series Invitation {EDA07FBA-13F9-4826-A1D7-05867443CA83}
2016-03-19 10:55 - 2014-07-07 16:31 - 00002762 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-gpew1@outlook.com
2016-03-19 10:55 - 2014-04-04 13:34 - 00002762 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-elle_pew@yahoo.com
2016-03-19 10:55 - 2014-04-03 00:29 - 00002876 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1821108024-536135805-927437847-1006
2016-03-19 10:55 - 2014-03-31 15:05 - 00002702 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask
2016-03-19 10:55 - 2014-03-31 14:25 - 00003436 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-03-19 10:55 - 2014-03-31 14:25 - 00003212 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-03-19 10:55 - 2014-03-30 18:31 - 00003064 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{895D373A-EAE8-41E2-B134-F8E2D0C104BB}
2016-03-19 10:55 - 2014-03-30 18:26 - 00002936 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1821108024-536135805-927437847-1005
2016-03-19 10:55 - 2014-03-29 20:09 - 00002210 _____ C:\WINDOWS\System32\Tasks\{7013C30E-F732-4471-AB50-FCA4A5AB5A79}
2016-03-19 10:55 - 2014-03-28 14:45 - 00002936 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1821108024-536135805-927437847-1002
2016-03-19 10:55 - 2014-03-25 19:30 - 00002534 _____ C:\WINDOWS\System32\Tasks\CLVDLauncher
2016-03-19 10:55 - 2014-03-25 19:30 - 00002534 _____ C:\WINDOWS\System32\Tasks\CLMLSvc_P2G8
2016-03-19 10:55 - 2014-03-25 19:27 - 00002552 _____ C:\WINDOWS\System32\Tasks\PocketCloudUpdater
2016-03-19 10:55 - 2014-03-25 19:27 - 00002428 _____ C:\WINDOWS\System32\Tasks\PocketCloudVirtualChannel
2016-03-19 10:55 - 2014-03-25 19:27 - 00002326 _____ C:\WINDOWS\System32\Tasks\PocketCloud
2016-03-19 10:55 - 2014-03-25 19:23 - 00003254 _____ C:\WINDOWS\System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d
2016-03-19 10:55 - 2014-03-25 19:23 - 00002876 _____ C:\WINDOWS\System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon
2016-03-19 10:54 - 2015-10-30 00:24 - 00000000 __RHD C:\Users\Public\Libraries
2016-03-19 10:51 - 2014-03-25 19:23 - 00879220 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2016-03-19 10:45 - 2016-02-13 06:11 - 00443720 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-03-19 10:44 - 2016-02-03 17:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2016-03-19 10:44 - 2016-01-06 14:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2016-03-19 10:44 - 2016-01-05 15:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-03-19 10:44 - 2015-12-30 09:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2016-03-19 10:44 - 2015-12-19 23:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-03-19 10:44 - 2015-10-30 00:24 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-03-19 10:44 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-03-19 10:44 - 2015-10-30 00:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-03-19 10:44 - 2015-10-29 23:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-03-19 10:44 - 2015-10-22 13:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoPro
2016-03-19 10:44 - 2015-07-06 08:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-03-19 10:44 - 2015-06-21 16:07 - 00000000 ____D C:\Users\garry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2016-03-19 10:44 - 2014-12-31 11:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VzDownloadManager
2016-03-19 10:44 - 2014-12-31 11:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vz In-Home Agent
2016-03-19 10:44 - 2014-10-30 16:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-03-19 10:44 - 2014-09-12 18:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2016-03-19 10:44 - 2014-09-12 18:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2016-03-19 10:44 - 2014-06-23 12:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nikon Message Center 2
2016-03-19 10:44 - 2014-06-23 12:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ViewNX 2
2016-03-19 10:44 - 2014-06-23 12:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Link to Nikon
2016-03-19 10:44 - 2014-06-11 20:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-03-19 10:44 - 2014-04-03 01:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallConverter
2016-03-19 10:44 - 2014-03-31 14:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-03-19 10:44 - 2014-03-29 21:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2014
2016-03-19 10:44 - 2014-03-28 22:43 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-03-19 10:44 - 2014-03-25 19:33 - 00000000 ____D C:\WINDOWS\en
2016-03-19 10:44 - 2014-03-25 19:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2016-03-19 10:44 - 2014-03-25 19:29 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Media Suite
2016-03-19 10:44 - 2014-03-25 19:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wyse
2016-03-19 10:44 - 2014-03-25 19:22 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2016-03-19 10:42 - 2015-07-10 02:05 - 00000000 ____D C:\Users\Default.migrated
2016-03-19 10:39 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-03-19 10:39 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2016-03-19 10:39 - 2014-03-25 19:23 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2016-03-19 10:39 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2016-03-19 10:39 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2016-03-19 10:36 - 2016-02-13 06:03 - 00000000 ____D C:\WINDOWS\ShellNew
2016-03-19 10:36 - 2015-10-30 00:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-03-19 10:36 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\InputMethod
2016-03-19 10:36 - 2015-10-30 00:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-03-19 10:36 - 2015-04-24 16:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonos
2016-03-19 10:36 - 2014-12-31 11:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verizon
2016-03-19 10:36 - 2014-03-28 14:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-03-19 10:36 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\ADFS
2016-03-19 10:35 - 2015-07-30 20:08 - 00000000 ___RD C:\Users\garry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2016-03-19 10:34 - 2015-07-28 10:50 - 00000000 ___RD C:\Users\elle__000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2016-03-19 10:32 - 2015-10-29 23:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-03-19 10:30 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\Help
2016-03-19 10:30 - 2014-03-25 19:37 - 00000000 ____D C:\Temp
2016-03-19 10:03 - 2016-02-13 07:21 - 00000000 ___HD C:\$WINDOWS.~BT
2016-03-18 18:50 - 2014-07-13 12:01 - 00016896 _____ C:\Users\garry\Documents\El & Garry Earnings.xlsx
2016-03-18 18:46 - 2014-07-13 13:09 - 00016896 _____ C:\Users\garry\Documents\Division of Assets.xlsx
2016-03-17 09:02 - 2014-03-29 21:26 - 00000000 ____D C:\Program Files (x86)\Quicken
2016-03-14 18:35 - 2014-03-31 14:25 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-13 19:39 - 2014-03-31 14:27 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-03-13 14:45 - 2014-03-30 15:45 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-03-09 16:00 - 2014-03-30 14:34 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-03-09 14:53 - 2014-03-30 14:34 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-03-09 14:51 - 2015-11-17 12:25 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-08 00:12 - 2015-10-30 00:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-03-08 00:12 - 2015-10-30 00:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-29 09:19 - 2014-12-13 18:21 - 00927640 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2016-02-29 09:19 - 2014-08-19 12:31 - 00077728 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\kldisk.sys
2016-02-27 09:49 - 2014-09-12 18:28 - 00000000 ____D C:\Program Files (x86)\EPSON Software
2016-02-27 09:49 - 2014-03-25 19:23 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-02-27 09:48 - 2014-09-12 18:27 - 00000000 ____D C:\Program Files (x86)\epson
 
==================== Files in the root of some directories =======
 
2015-01-05 11:17 - 2015-01-05 11:17 - 0000132 _____ () C:\Users\elle__000\AppData\Roaming\Adobe BMP Format CS5 Prefs
2015-05-25 09:27 - 2016-03-24 09:53 - 0000132 _____ () C:\Users\elle__000\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-06-23 12:25 - 2014-06-23 12:25 - 0000268 ___RH () C:\Users\elle__000\AppData\Roaming\Printers
2014-06-23 12:26 - 2014-06-23 12:26 - 0000268 ___RH () C:\Users\elle__000\AppData\Roaming\PrintingModule
2014-06-23 12:25 - 2014-06-23 12:25 - 0000268 ___RH () C:\Users\elle__000\AppData\Roaming\PrintsService
2014-04-10 12:51 - 2015-10-22 17:33 - 0001456 _____ () C:\Users\elle__000\AppData\Local\Adobe Save for Web 12.0 Prefs
2014-08-21 10:06 - 2015-11-08 14:45 - 0007618 _____ () C:\Users\elle__000\AppData\Local\Resmon.ResmonCfg
2014-06-10 20:38 - 2014-06-10 20:40 - 6696936 _____ (Dell                                                        ) C:\ProgramData\Dell Click 2 Fix+-64-bit-V2546.exe
2016-03-19 10:29 - 2016-03-19 10:29 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-07-17 11:59 - 2014-09-12 19:17 - 0006754 _____ () C:\ProgramData\hpzinstall.log
2014-06-23 12:26 - 2014-06-23 12:26 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2014-06-23 12:25 - 2014-09-10 18:04 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2014-06-23 12:25 - 2014-06-25 05:55 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT
2014-06-23 12:25 - 2014-06-23 12:25 - 0000268 ___RH () C:\ProgramData\Project Templates
2014-06-23 12:26 - 2014-06-23 12:26 - 0000268 ___RH () C:\ProgramData\Quartz Composer
2014-06-23 12:25 - 2014-06-23 12:25 - 0000268 ___RH () C:\ProgramData\Radio Sounds
2014-06-14 10:03 - 2014-06-14 10:03 - 0001350 _____ () C:\ProgramData\ResPntListUNI.txt
2014-06-23 12:25 - 2014-06-23 12:25 - 0000012 ___RH () C:\ProgramData\Sampler Files
2014-06-23 12:26 - 2014-06-23 12:26 - 0000012 ___RH () C:\ProgramData\Sci-Fi
2014-06-23 12:25 - 2014-06-23 12:25 - 0000012 ___RH () C:\ProgramData\Screen Savers
2014-06-10 20:42 - 2014-06-10 20:45 - 0000001 _____ () C:\ProgramData\SRTCTUacSts.txt
2014-03-25 19:32 - 2014-03-25 19:32 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-03-25 19:29 - 2014-03-25 19:30 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-03-25 19:30 - 2014-03-25 19:31 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2014-03-25 19:31 - 2014-03-25 19:32 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2014-03-25 19:29 - 2014-03-25 19:29 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
 
Files to move or delete:
====================
C:\ProgramData\Dell Click 2 Fix+-64-bit-V2546.exe
C:\Users\Downloads\AutoDetectPkg.exe
C:\Users\Downloads\CaddieSyncSetupE.exe
C:\Users\Downloads\CommunicatorPlugin_404.exe
C:\Users\Downloads\CxSetup.exe
C:\Users\Downloads\Driverwhiz.exe
C:\Users\Downloads\DVD-MA45_U044I.exe
C:\Users\Downloads\easy_duplicate_setup_laplinkinstall.exe
C:\Users\Downloads\Firefox Setup 4.0.exe
C:\Users\Downloads\Firefox_Setup [1].exe
C:\Users\Downloads\HPHDU.exe
C:\Users\Downloads\HPPDU.exe
C:\Users\Downloads\HPPSdr.exe
C:\Users\Downloads\install_flashplayer11x32au_mssa_aaa_aih.exe
C:\Users\Downloads\install_flashplayer11x32au_mssa_aih.exe
C:\Users\Downloads\install_flashplayer11x32_mssd_au_aih.exe
C:\Users\Downloads\kss12.0.1.117_3062.exe
C:\Users\Downloads\lldi_x32_pro.exe
C:\Users\Downloads\mobilego_full818_av.exe
C:\Users\Downloads\mp3rocket.exe
C:\Users\Downloads\MusicnotesSuite.exe
C:\Users\Downloads\pcmoveria_en(1).exe
C:\Users\Downloads\pcmoveria_en.exe
C:\Users\Downloads\Quicken_Premier_2012.exe
C:\Users\Downloads\Samsung_USB_Driver_for_Mobile_Phones_v1.5.14.0.exe
C:\Users\Downloads\Support-LogMeInRescue(1).exe
C:\Users\Downloads\Support-LogMeInRescue(2).exe
C:\Users\Downloads\Support-LogMeInRescue(3).exe
C:\Users\Downloads\Support-LogMeInRescue.exe
C:\Users\Downloads\USBDrivers_231.exe
C:\Users\Downloads\USB_DZMV5.EXE
C:\Users\Downloads\VzSpeedOptimizer100.exe
C:\Users\garry\MetricCollection.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-03-19 10:27
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,940 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:58 PM

Posted 28 March 2016 - 07:38 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===



Remove these programs in bold via the Control Panel > Programs > Programs and Features applet.
InstallConverter (x32 Version: 1.0 - InstallConverter) Hidden
InstallConverter bundle uninstaller (HKLM-x32\...\InstallConverter bundle uninstaller) (Version: 2.0.0.5 - InstallConverter)

Read about it.
http://www.shouldiremoveit.com/InstallConverter-bundle-uninstaller-116418-program.aspx
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
CHR Extension: (FromDocToPDF) - C:\Users\elle__000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk [2016-03-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\elle__000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-10]
Task: {00C58F75-34A6-4641-85EC-38223B855120} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {180D41FE-8B1A-40A6-B216-4E055C12284A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {48B2D39C-D370-4134-9292-A328ED326F3A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {5485392C-EBD4-4162-8E24-2669F1CC5F1D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {54DC1684-A72F-4D97-9352-C0C64B7BD4F0} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {57402F55-64EF-4FAD-98B5-A70A493A84C6} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {57826AC7-7F27-4CBD-9263-D42B03E1139C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {61390A81-EB20-4EB4-88FA-E8DD91248551} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {7B453161-5176-4062-9F08-E164DF1AE58A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {E2A588EE-68FD-4A39-BF31-78A17FD50CD1} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {FA61338A-DE1B-40C8-9C0F-C357CDDFAC89} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
C:\Users\elle__000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk
C:\Users\elle__000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===


Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If still present after the update you can remove the old version(s) of Java via the Control Panel > Programs and Features applet.
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)

No malicious tools found on this computer.

For you ease of mind you may consider running the on-line scan.

Run an online scan with Eset (easiest with Internet Explorer): http://www.eset.com/onlinescan/
To shorten the scanning time disable your antivirus program while scanning.

Select Enable detection of potentially unwanted applications.
Click Advanced Settings.

Select:
Scan Archives
Scan for potentially unsafe applications
Enable Anti-Stealth Technology


Click Start.

When the scan is finished, click on List of found threats and then Export to text file. Copy the content of the text file and paste its content in your reply.

This may take awhile, run it when you know you will not need the computer for an hour or two.
<<<>>>

#3 zucchini_elle

zucchini_elle
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:58 AM

Posted 29 March 2016 - 05:48 AM

Hi, thank you so much for your help on this...computer stuff really boggles my mind.  Here are the results of the fixlist from Farbar, and after that, there is a log of a few items that the ESET scan found.  i truly appreciate your time and assistance so much!   ~ elle
 
Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by elle__000 (2016-03-29 00:14:22) Run:1
Running from \\THEBEAST\Users\elle__000\Downloads
Loaded Profiles: UpdatusUser & elle__000 (Available Profiles: UpdatusUser & garry & elle__000)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
CHR Extension: (FromDocToPDF) - C:\Users\elle__000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk [2016-03-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\elle__000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-10]
Task: {00C58F75-34A6-4641-85EC-38223B855120} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {180D41FE-8B1A-40A6-B216-4E055C12284A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {48B2D39C-D370-4134-9292-A328ED326F3A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {5485392C-EBD4-4162-8E24-2669F1CC5F1D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {54DC1684-A72F-4D97-9352-C0C64B7BD4F0} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {57402F55-64EF-4FAD-98B5-A70A493A84C6} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {57826AC7-7F27-4CBD-9263-D42B03E1139C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {61390A81-EB20-4EB4-88FA-E8DD91248551} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {7B453161-5176-4062-9F08-E164DF1AE58A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {E2A588EE-68FD-4A39-BF31-78A17FD50CD1} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {FA61338A-DE1B-40C8-9C0F-C357CDDFAC89} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
C:\Users\elle__000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk
C:\Users\elle__000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
 
End
*****************
 
Error: (0) Failed to create a restore point.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
C:\Users\elle__000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk => moved successfully
C:\Users\elle__000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{00C58F75-34A6-4641-85EC-38223B855120}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00C58F75-34A6-4641-85EC-38223B855120}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{180D41FE-8B1A-40A6-B216-4E055C12284A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{180D41FE-8B1A-40A6-B216-4E055C12284A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{48B2D39C-D370-4134-9292-A328ED326F3A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{48B2D39C-D370-4134-9292-A328ED326F3A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5485392C-EBD4-4162-8E24-2669F1CC5F1D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5485392C-EBD4-4162-8E24-2669F1CC5F1D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{54DC1684-A72F-4D97-9352-C0C64B7BD4F0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54DC1684-A72F-4D97-9352-C0C64B7BD4F0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{57402F55-64EF-4FAD-98B5-A70A493A84C6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{57402F55-64EF-4FAD-98B5-A70A493A84C6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{57826AC7-7F27-4CBD-9263-D42B03E1139C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{57826AC7-7F27-4CBD-9263-D42B03E1139C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{61390A81-EB20-4EB4-88FA-E8DD91248551}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{61390A81-EB20-4EB4-88FA-E8DD91248551}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7B453161-5176-4062-9F08-E164DF1AE58A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B453161-5176-4062-9F08-E164DF1AE58A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E2A588EE-68FD-4A39-BF31-78A17FD50CD1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E2A588EE-68FD-4A39-BF31-78A17FD50CD1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA61338A-DE1B-40C8-9C0F-C357CDDFAC89}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA61338A-DE1B-40C8-9C0F-C357CDDFAC89}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"C:\Users\elle__000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk" => not found.
"C:\Users\elle__000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found.
EmptyTemp: => 1.5 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 00:16:41 ====
 
and the ESET log results...
 
C:\Temp\InstallFilter64.msi multiple threats
C:\Users\Downloads\mp3rocket.exe Win32/Somoto.F potentially unwanted application
C:\Users\garry\AppData\Local\Microsoft\Windows\FileHistory\Data\2095\C\Users\garry\Downloads\mp3rocket.exe Win32/Somoto.F potentially unwanted application
C:\Users\garry\Downloads\mp3rocket.exe Win32/Somoto.F potentially unwanted application


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,940 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:58 PM

Posted 29 March 2016 - 07:34 AM

Just delete the file in bold.

C:\Temp\InstallFilter64.msi multiple threats
C:\Users\Downloads\mp3rocket.exe Win32/Somoto.F potentially unwanted application
C:\Users\garry\AppData\Local\Microsoft\Windows\FileHistory\Data\2095\C\Users\garry\Downloads\mp3rocket.exe Win32/Somoto.F potentially unwanted application
C:\Users\garry\Downloads\mp3rocket.exe Win32/Somoto.F potentially unwanted application

===

Everything else looks good.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#5 zucchini_elle

zucchini_elle
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:58 AM

Posted 30 March 2016 - 12:27 PM

thank you so much for your help



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,940 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:58 PM

Posted 05 April 2016 - 08:31 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users