Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

gameo and chromium? restricted win 10 account


  • This topic is locked This topic is locked
23 replies to this topic

#1 gregbsens

gregbsens

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 19 April 2016 - 01:32 PM

I am running windows 10 on a Lenovo x64 i5.

 

4 users.  One admin (me) and 3 regular users.

 

One of the regular users became infected downloading an add-on for technic an application wrapper for minecraft.  I guess part of it during the install also added some randomware/malware, etc.  I don't know that the add-on itself was bad. 

 

Anyway, I'm frustrated because I have anti-virus and the users are using limited accounts.

 

At first the issue was just limited to the one account.  However after running Malwarebytes Anti-malware now chrome doesn't work.  Which then leads me to wonder, Chromium?  I think I saw that program installed on his profile, but not mine.

 

frst files attached.

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:01 AM

Posted 19 April 2016 - 04:15 PM

Hello gregbsens and Welcome to the BleepingComputer. :welcome:  
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
 

 

McAfee Firewall (Enabled)

Windows Firewall (Enabled)

Please Windows Firewall  Disable.

==================================================

heres_3xpxvmr

heres_yeigb7

Do you know these users?

===================================================================================

Please do the following.
 
Scan with Zemana AntiMalware Free:

  • Turn off the real time scanner of any existing antivirus and firewall programs while performing scan
  • Please download and install Zemana AntiMalware Free
  • Double-click software shortcut on the desktop and follow the prompts to install the program .
  • If an update is available, click the Update now button.
  • At the end Click Settings > Advanced > ''I have read the warning an wish to proceed anyway'' Click
  • Auto Launch > Untick the box next
  • Scan type > Smart scan (Default)
  • Close all open files, folders and browsers
  • Click scan now ''Run as Administrator'' and a threat Scan will begin.
  • When the scan is complete, Press report and send me report.
  • Please PC restart now.

======================================================================
How is the PC running now and any issue ?  Still continues problems ? All browser, homepage, search engine and check please. Let me know.
 
Have a nice day.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 gregbsens

gregbsens
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 21 April 2016 - 07:07 PM

sorry for the delay.  I did not have the right notification settings.  they should be right now.

 

I have disabled both the antivirus and the firewall.

 

Both users

heres_3xpxvmr

heres_yeigb7

are on this pc. 

 

After disabling the antivirus and firewall I ran FRST again but it only produced the FRST.txt file.  Here it is.

 

===========================================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-04-2016
Ran by Greg (administrator) on ZION (21-04-2016 18:49:54)
Running from C:\Users\Greg\Desktop
Loaded Profiles: Greg (Available Profiles: Greg & heres & heres_yeigb7 & heres_3xpxvmr & MsDtsServer110 & MSSQLServerOLAPService & ReportServer & MSSQLFDLauncher & SQLSERVERAGENT & MSSQLSERVER)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Tablet Driver) C:\Windows\System32\drivers\WTSrv.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Lenovo Group Limited) C:\Program Files\lenovo\iMController\Service\Lenovo.Modern.ImController.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.9.656.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\msoia.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Graphic Tablet Company Shenzhen) C:\Program Files\TabletDriver\TabletDriver.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
(Lenovo Group Limited) C:\Program Files\lenovo\iMController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
(Lenovo Group Limited) C:\Program Files\lenovo\iMController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
(Lenovo Group Limited) C:\Program Files\lenovo\iMController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
(Lenovo Group Limited) C:\Program Files\lenovo\iMController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
(Lenovo Group Limited) C:\Program Files\lenovo\iMController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [TabletDriver] => C:\Program Files\TabletDriver\TabletDriver.exe [1157344 2015-07-09] (Graphic Tablet Company Shenzhen)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2014-11-19] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [WTClient] => C:\WINDOWS\SysWOW64\WTClient.exe [41280 2014-01-12] (Tablet Driver)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKU\S-1-5-21-2331855821-715679923-1060298032-1001\...\Run: [GoogleChromeAutoLaunch_9CCDD43624CF0A67FCB8D07A1D3BBB05] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [874648 2016-04-06] (Google Inc.)
HKU\S-1-5-21-2331855821-715679923-1060298032-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50670720 2016-03-01] (Skype Technologies S.A.)
HKU\S-1-5-21-2331855821-715679923-1060298032-1001\...\RunOnce: [Uninstall C:\Users\Greg\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Greg\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-21-2331855821-715679923-1060298032-1001\...\RunOnce: [Uninstall C:\Users\Greg\AppData\Local\Microsoft\OneDrive\17.3.6302.0225] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Greg\AppData\Local\Microsoft\OneDrive\17.3.6302.0225"
Startup: C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2015-10-17]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\heres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2015-10-22]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
GroupPolicyUsers\S-1-5-21-2331855821-715679923-1060298032-1006\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2331855821-715679923-1060298032-1005\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2331855821-715679923-1060298032-1004\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{b927441f-d0f8-4648-aaec-6cc2e1517c95}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{d0c93f98-47e6-493d-ae08-b0cf2efde859}: [DhcpNameServer] 192.168.1.1 0.0.0.0

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2331855821-715679923-1060298032-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2016-04-03] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-04-03] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-04-03] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-09-03] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-04-03] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2016-03-29] (Sun Microsystems, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-04-12] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-04-12] (McAfee, Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-03] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-04-03] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-03] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-04-03] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-03] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-04-03] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-03] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-04-03] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-04-12] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-04-12] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2016-03-31] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-03-31] (McAfee, Inc.)

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-03-31] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-04-03] (Microsoft Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2016-03-29] (Sun Microsystems, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-03-31] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-04-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-04-03] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2016-04-21]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2016-04-21] [not signed]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.gamestop.com/","hxxps://www.google.com/","hxxps://support.google.com/","hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=C211US0D20151206&p={searchTerms}
CHR DefaultSearchKeyword: Default -> McAfee
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-29]
CHR Extension: (Google Docs) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-29]
CHR Extension: (Google Drive) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-12]
CHR Extension: (Google Cast) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-04-17]
CHR Extension: (Google Search) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-08]
CHR Extension: (Google Sheets) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-29]
CHR Extension: (SiteAdvisor) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-07-29]
CHR Extension: (Highlight to Search) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\floipahigmmkfhkoapmnijnlnboniglg [2015-07-29]
CHR Extension: (GoToMeeting Pro Screensharing) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcgikpombjkodabhbdalkcdhmllafipp [2015-12-06]
CHR Extension: (Google Docs Offline) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-17]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2015-07-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-17]
CHR Extension: (Gmail) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-29]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-04-17]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-04-17]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 0236501461281084mcinstcleanup; C:\WINDOWS\TEMP\023650~1.EXE [883024 2015-05-04] (McAfee, Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2823920 2016-03-20] (Microsoft Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [370064 2015-09-02] (Intel Corporation)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [36808 2016-01-29] (Lenovo Group Limited)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [163592 2016-04-12] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [889704 2016-03-31] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.656.0\McCSPServiceHost.exe [1709096 2016-03-14] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [718248 2016-03-07] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [234192 2016-01-25] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-02-19] (McAfee, Inc.)
R3 mfevtp; C:\WINDOWS\system32\mfevtps.exe [279488 2016-01-25] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1037048 2016-03-15] (McAfee, Inc.)
S3 MsDtsServer110; C:\Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe [218200 2012-02-11] (Microsoft Corporation)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
S3 MSSQLFDLauncher; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [49752 2012-02-11] (Microsoft Corporation)
S3 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [191064 2012-02-11] (Microsoft Corporation)
S3 MSSQLServerOLAPService; C:\Program Files\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\bin\msmdsrv.exe [61538904 2012-02-11] (Microsoft Corporation)
S3 ose64; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [243232 2016-03-19] (Microsoft Corporation) [File not signed]
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [896456 2016-03-02] (Intel Security, Inc.)
S3 ReportServer; C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2348632 2012-02-11] (Microsoft Corporation)
S3 SQL Server Distributed Replay Client; C:\Program Files (x86)\Microsoft SQL Server\110\Tools\DReplayClient\DReplayClient.exe [137304 2012-02-11] (Microsoft Corporation)
S3 SQL Server Distributed Replay Controller; C:\Program Files (x86)\Microsoft SQL Server\110\Tools\DReplayController\DReplayController.exe [342104 2012-02-11] (Microsoft Corporation)
S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-11] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcmsmbsp; C:\Windows\System32\drivers\bcmsmbsp.sys [54048 2015-10-02] (Broadcom Corporation.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [79248 2016-01-29] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [84824 2016-03-16] (McAfee, Inc.)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [193336 2015-09-02] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [422184 2016-01-29] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351656 2016-01-29] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [83608 2016-01-29] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496368 2016-01-29] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [847608 2016-01-29] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [543488 2016-02-10] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2016-02-10] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [45728 2016-03-15] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [245096 2016-01-29] (McAfee, Inc.)
S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
S1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [117768 2015-10-02] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [146584 2015-10-02] (Oracle Corporation)
R3 vmulti; C:\Windows\System32\drivers\vmulti.sys [10752 2014-09-17] (Windows ® Win 7 DDK provider)
S3 vpnva; C:\Windows\System32\drivers\vpnva64-6.sys [52592 2014-11-19] (Cisco Systems, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-21 18:28 - 2016-04-21 18:28 - 00000000 ___HD C:\OneDriveTemp
2016-04-19 13:30 - 2016-04-21 18:49 - 00023220 _____ C:\Users\Greg\Desktop\FRST.txt
2016-04-19 13:29 - 2016-04-19 13:29 - 02375680 _____ (Farbar) C:\Users\Greg\Downloads\FRST64.exe
2016-04-19 13:29 - 2016-04-19 13:29 - 02375680 _____ (Farbar) C:\Users\Greg\Desktop\FRST64.exe
2016-04-19 13:23 - 2016-04-21 18:49 - 00000000 ____D C:\FRST
2016-04-17 15:37 - 2016-04-21 18:26 - 00004020 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2016-04-12 14:49 - 2016-04-01 22:14 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-04-12 14:49 - 2016-03-29 05:20 - 07474016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-04-12 14:49 - 2016-03-29 05:20 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-12 14:49 - 2016-03-29 05:18 - 02152280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-04-12 14:49 - 2016-03-29 04:56 - 01297752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-04-12 14:49 - 2016-03-29 04:37 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-04-12 14:49 - 2016-03-29 04:11 - 00605440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-04-12 14:49 - 2016-03-29 03:41 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-04-12 14:49 - 2016-03-29 03:06 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-04-12 14:49 - 2016-03-29 03:02 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-04-12 14:49 - 2016-03-29 03:01 - 00541304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-04-12 14:49 - 2016-03-29 02:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-04-12 14:49 - 2016-03-29 02:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-04-12 14:49 - 2016-03-29 02:46 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-04-12 14:49 - 2016-03-29 02:36 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-04-12 14:49 - 2016-03-29 02:20 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-04-12 14:49 - 2016-03-29 02:19 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-04-12 14:49 - 2016-03-29 02:15 - 01714688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-04-12 14:49 - 2016-03-29 02:15 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-04-12 14:49 - 2016-03-29 02:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-04-12 14:49 - 2016-03-29 02:12 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-04-12 14:49 - 2016-03-29 02:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-04-12 14:49 - 2016-03-29 02:07 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-04-12 14:49 - 2016-03-29 02:02 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-04-12 14:49 - 2016-03-29 02:02 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-04-12 14:49 - 2016-03-29 02:00 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-04-12 14:49 - 2016-03-29 01:42 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-04-12 14:49 - 2016-03-29 01:37 - 01444352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-04-12 14:49 - 2016-03-29 01:37 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-04-12 14:49 - 2016-03-29 01:37 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-04-12 14:49 - 2016-03-29 01:32 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-04-12 14:49 - 2016-03-29 01:31 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-04-12 14:49 - 2016-03-29 01:31 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-04-12 14:49 - 2016-03-29 01:28 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-04-12 14:49 - 2016-03-29 01:27 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-04-12 14:49 - 2016-03-29 01:26 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-04-12 14:49 - 2016-03-29 01:19 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-04-12 14:49 - 2016-03-29 01:05 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-04-12 14:49 - 2016-03-29 01:05 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-04-12 14:49 - 2016-03-29 01:02 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-04-12 14:49 - 2016-03-29 01:01 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-04-12 14:49 - 2016-03-29 00:58 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-04-12 14:49 - 2016-03-29 00:56 - 16985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-04-12 14:49 - 2016-03-29 00:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-04-12 14:49 - 2016-03-29 00:51 - 22378496 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-04-12 14:49 - 2016-03-29 00:51 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-04-12 14:49 - 2016-03-29 00:49 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-04-12 14:49 - 2016-03-29 00:43 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-04-12 14:49 - 2016-03-29 00:41 - 24602112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-04-12 14:49 - 2016-03-29 00:41 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-04-12 14:49 - 2016-03-29 00:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-04-12 14:49 - 2016-03-29 00:38 - 18673664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-04-12 14:49 - 2016-03-29 00:38 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-04-12 14:49 - 2016-03-29 00:37 - 19340800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-04-12 14:49 - 2016-03-29 00:27 - 07836160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-04-12 14:49 - 2016-03-29 00:27 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-04-12 14:48 - 2016-04-01 23:13 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-04-12 14:48 - 2016-04-01 23:10 - 00770640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2016-04-12 14:48 - 2016-04-01 23:10 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-04-12 14:48 - 2016-04-01 23:10 - 00374008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-04-12 14:48 - 2016-04-01 22:30 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-04-12 14:48 - 2016-04-01 22:29 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-04-12 14:48 - 2016-04-01 22:29 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-04-12 14:48 - 2016-04-01 22:26 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-04-12 14:48 - 2016-04-01 22:25 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2016-04-12 14:48 - 2016-04-01 22:25 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2016-04-12 14:48 - 2016-04-01 22:23 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-04-12 14:48 - 2016-04-01 22:23 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-04-12 14:48 - 2016-04-01 22:21 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-04-12 14:48 - 2016-04-01 22:19 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-04-12 14:48 - 2016-04-01 22:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-04-12 14:48 - 2016-04-01 22:15 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-04-12 14:48 - 2016-04-01 22:09 - 01832448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-04-12 14:48 - 2016-04-01 22:08 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-04-12 14:48 - 2016-04-01 22:07 - 03575296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-04-12 14:48 - 2016-04-01 22:07 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-04-12 14:48 - 2016-04-01 22:03 - 04774912 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-04-12 14:48 - 2016-04-01 22:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-04-12 14:48 - 2016-03-29 05:23 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-04-12 14:48 - 2016-03-29 05:22 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-04-12 14:48 - 2016-03-29 05:22 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-04-12 14:48 - 2016-03-29 05:20 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-04-12 14:48 - 2016-03-29 05:20 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-04-12 14:48 - 2016-03-29 05:15 - 00100232 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2016-04-12 14:48 - 2016-03-29 05:11 - 00686976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-04-12 14:48 - 2016-03-29 05:05 - 01152864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-04-12 14:48 - 2016-03-29 05:02 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-04-12 14:48 - 2016-03-29 05:02 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-04-12 14:48 - 2016-03-29 04:28 - 00696664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-04-12 14:48 - 2016-03-29 04:28 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-04-12 14:48 - 2016-03-29 04:28 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-04-12 14:48 - 2016-03-29 04:25 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-04-12 14:48 - 2016-03-29 04:25 - 00058400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-04-12 14:48 - 2016-03-29 04:19 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-04-12 14:48 - 2016-03-29 04:18 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-04-12 14:48 - 2016-03-29 04:17 - 00300104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-04-12 14:48 - 2016-03-29 04:13 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-04-12 14:48 - 2016-03-29 04:11 - 00074424 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2016-04-12 14:48 - 2016-03-29 04:10 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
2016-04-12 14:48 - 2016-03-29 04:09 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
2016-04-12 14:48 - 2016-03-29 04:08 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-04-12 14:48 - 2016-03-29 04:08 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2016-04-12 14:48 - 2016-03-29 04:07 - 00081144 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
2016-04-12 14:48 - 2016-03-29 03:44 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-04-12 14:48 - 2016-03-29 03:44 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-04-12 14:48 - 2016-03-29 03:41 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-04-12 14:48 - 2016-03-29 03:32 - 00253088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-04-12 14:48 - 2016-03-29 03:26 - 02403680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-04-12 14:48 - 2016-03-29 03:26 - 01089888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-04-12 14:48 - 2016-03-29 03:26 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll
2016-04-12 14:48 - 2016-03-29 03:25 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll
2016-04-12 14:48 - 2016-03-29 03:24 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-04-12 14:48 - 2016-03-29 03:23 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll
2016-04-12 14:48 - 2016-03-29 03:21 - 00378208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2016-04-12 14:48 - 2016-03-29 03:17 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-04-12 14:48 - 2016-03-29 03:16 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-04-12 14:48 - 2016-03-29 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2016-04-12 14:48 - 2016-03-29 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2016-04-12 14:48 - 2016-03-29 03:07 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-04-12 14:48 - 2016-03-29 03:07 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2016-04-12 14:48 - 2016-03-29 03:07 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll
2016-04-12 14:48 - 2016-03-29 03:06 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacchooks.dll
2016-04-12 14:48 - 2016-03-29 03:00 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-04-12 14:48 - 2016-03-29 03:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2016-04-12 14:48 - 2016-03-29 03:00 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-04-12 14:48 - 2016-03-29 02:59 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2016-04-12 14:48 - 2016-03-29 02:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-04-12 14:48 - 2016-03-29 02:57 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-04-12 14:48 - 2016-03-29 02:57 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-04-12 14:48 - 2016-03-29 02:57 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
2016-04-12 14:48 - 2016-03-29 02:55 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-04-12 14:48 - 2016-03-29 02:55 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
2016-04-12 14:48 - 2016-03-29 02:55 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2016-04-12 14:48 - 2016-03-29 02:54 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-04-12 14:48 - 2016-03-29 02:53 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2016-04-12 14:48 - 2016-03-29 02:52 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2016-04-12 14:48 - 2016-03-29 02:51 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-04-12 14:48 - 2016-03-29 02:51 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-04-12 14:48 - 2016-03-29 02:50 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2016-04-12 14:48 - 2016-03-29 02:50 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-04-12 14:48 - 2016-03-29 02:50 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-04-12 14:48 - 2016-03-29 02:50 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-04-12 14:48 - 2016-03-29 02:50 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2016-04-12 14:48 - 2016-03-29 02:49 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-04-12 14:48 - 2016-03-29 02:48 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2016-04-12 14:48 - 2016-03-29 02:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-04-12 14:48 - 2016-03-29 02:46 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2016-04-12 14:48 - 2016-03-29 02:44 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2016-04-12 14:48 - 2016-03-29 02:42 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-04-12 14:48 - 2016-03-29 02:39 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-04-12 14:48 - 2016-03-29 02:38 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-04-12 14:48 - 2016-03-29 02:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-04-12 14:48 - 2016-03-29 02:36 - 00530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2016-04-12 14:48 - 2016-03-29 02:35 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2016-04-12 14:48 - 2016-03-29 02:35 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2016-04-12 14:48 - 2016-03-29 02:34 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-04-12 14:48 - 2016-03-29 02:34 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-04-12 14:48 - 2016-03-29 02:34 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2016-04-12 14:48 - 2016-03-29 02:34 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2016-04-12 14:48 - 2016-03-29 02:33 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2016-04-12 14:48 - 2016-03-29 02:32 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-04-12 14:48 - 2016-03-29 02:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-04-12 14:48 - 2016-03-29 02:30 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-04-12 14:48 - 2016-03-29 02:30 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-04-12 14:48 - 2016-03-29 02:28 - 00460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-04-12 14:48 - 2016-03-29 02:27 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-04-12 14:48 - 2016-03-29 02:26 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-04-12 14:48 - 2016-03-29 02:23 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2016-04-12 14:48 - 2016-03-29 02:23 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-04-12 14:48 - 2016-03-29 02:23 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-04-12 14:48 - 2016-03-29 02:22 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2016-04-12 14:48 - 2016-03-29 02:21 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-12 14:48 - 2016-03-29 02:20 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2016-04-12 14:48 - 2016-03-29 02:20 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2016-04-12 14:48 - 2016-03-29 02:20 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsdchngr.dll
2016-04-12 14:48 - 2016-03-29 02:19 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-04-12 14:48 - 2016-03-29 02:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacchooks.dll
2016-04-12 14:48 - 2016-03-29 02:18 - 00676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2016-04-12 14:48 - 2016-03-29 02:17 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-04-12 14:48 - 2016-03-29 02:17 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2016-04-12 14:48 - 2016-03-29 02:17 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-04-12 14:48 - 2016-03-29 02:16 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-04-12 14:48 - 2016-03-29 02:16 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-04-12 14:48 - 2016-03-29 02:14 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-04-12 14:48 - 2016-03-29 02:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-04-12 14:48 - 2016-03-29 02:12 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-04-12 14:48 - 2016-03-29 02:11 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-04-12 14:48 - 2016-03-29 02:11 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2016-04-12 14:48 - 2016-03-29 02:11 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-04-12 14:48 - 2016-03-29 02:11 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-04-12 14:48 - 2016-03-29 02:11 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-04-12 14:48 - 2016-03-29 02:11 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll
2016-04-12 14:48 - 2016-03-29 02:10 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-04-12 14:48 - 2016-03-29 02:10 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-04-12 14:48 - 2016-03-29 02:09 - 01239552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2016-04-12 14:48 - 2016-03-29 02:09 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-04-12 14:48 - 2016-03-29 02:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2016-04-12 14:48 - 2016-03-29 02:08 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-04-12 14:48 - 2016-03-29 02:08 - 00841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-04-12 14:48 - 2016-03-29 02:08 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-04-12 14:48 - 2016-03-29 02:07 - 01902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-04-12 14:48 - 2016-03-29 02:06 - 01575936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-04-12 14:48 - 2016-03-29 02:06 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-04-12 14:48 - 2016-03-29 02:06 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2016-04-12 14:48 - 2016-03-29 02:05 - 01395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-04-12 14:48 - 2016-03-29 02:05 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2016-04-12 14:48 - 2016-03-29 02:04 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2016-04-12 14:48 - 2016-03-29 02:03 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-04-12 14:48 - 2016-03-29 02:02 - 01211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-04-12 14:48 - 2016-03-29 02:00 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-04-12 14:48 - 2016-03-29 02:00 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-04-12 14:48 - 2016-03-29 02:00 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-04-12 14:48 - 2016-03-29 01:59 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-04-12 14:48 - 2016-03-29 01:59 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2016-04-12 14:48 - 2016-03-29 01:59 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-04-12 14:48 - 2016-03-29 01:56 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-04-12 14:48 - 2016-03-29 01:56 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-04-12 14:48 - 2016-03-29 01:55 - 01052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2016-04-12 14:48 - 2016-03-29 01:53 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2016-04-12 14:48 - 2016-03-29 01:53 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2016-04-12 14:48 - 2016-03-29 01:52 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-04-12 14:48 - 2016-03-29 01:52 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2016-04-12 14:48 - 2016-03-29 01:49 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2016-04-12 14:48 - 2016-03-29 01:48 - 00346624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-04-12 14:48 - 2016-03-29 01:44 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-04-12 14:48 - 2016-03-29 01:43 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AccountsRt.dll
2016-04-12 14:48 - 2016-03-29 01:42 - 01410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-04-12 14:48 - 2016-03-29 01:42 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-12 14:48 - 2016-03-29 01:41 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2016-04-12 14:48 - 2016-03-29 01:40 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2016-04-12 14:48 - 2016-03-29 01:39 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2016-04-12 14:48 - 2016-03-29 01:39 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2016-04-12 14:48 - 2016-03-29 01:39 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-04-12 14:48 - 2016-03-29 01:38 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-04-12 14:48 - 2016-03-29 01:36 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-04-12 14:48 - 2016-03-29 01:36 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-04-12 14:48 - 2016-03-29 01:35 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-04-12 14:48 - 2016-03-29 01:34 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-04-12 14:48 - 2016-03-29 01:34 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-04-12 14:48 - 2016-03-29 01:34 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2016-04-12 14:48 - 2016-03-29 01:34 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-04-12 14:48 - 2016-03-29 01:32 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-04-12 14:48 - 2016-03-29 01:32 - 01098240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-04-12 14:48 - 2016-03-29 01:32 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2016-04-12 14:48 - 2016-03-29 01:32 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-04-12 14:48 - 2016-03-29 01:32 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-04-12 14:48 - 2016-03-29 01:32 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-04-12 14:48 - 2016-03-29 01:32 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2016-04-12 14:48 - 2016-03-29 01:31 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-04-12 14:48 - 2016-03-29 01:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-04-12 14:48 - 2016-03-29 01:30 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-04-12 14:48 - 2016-03-29 01:29 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-04-12 14:48 - 2016-03-29 01:29 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-04-12 14:48 - 2016-03-29 01:28 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-04-12 14:48 - 2016-03-29 01:27 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-04-12 14:48 - 2016-03-29 01:27 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-04-12 14:48 - 2016-03-29 01:27 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-04-12 14:48 - 2016-03-29 01:27 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-04-12 14:48 - 2016-03-29 01:23 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2016-04-12 14:48 - 2016-03-29 01:22 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-04-12 14:48 - 2016-03-29 01:17 - 00765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-04-12 14:48 - 2016-03-29 01:14 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2016-04-12 14:48 - 2016-03-29 01:13 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2016-04-12 14:48 - 2016-03-29 01:10 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-04-12 14:48 - 2016-03-29 01:06 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-04-12 14:48 - 2016-03-29 01:05 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-04-12 14:48 - 2016-03-29 01:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-04-12 14:48 - 2016-03-29 01:05 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-04-12 14:48 - 2016-03-29 01:05 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-04-12 14:48 - 2016-03-29 01:04 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-04-12 14:48 - 2016-03-29 01:04 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-04-12 14:48 - 2016-03-29 01:01 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-04-12 14:48 - 2016-03-29 01:00 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-04-12 14:48 - 2016-03-29 00:45 - 03078144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-04-12 14:48 - 2016-03-29 00:45 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2016-04-12 14:48 - 2016-03-29 00:43 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-04-12 14:48 - 2016-03-29 00:36 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-04-12 14:48 - 2016-03-29 00:35 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2016-04-12 14:48 - 2016-03-29 00:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2016-04-12 14:48 - 2016-03-29 00:27 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-04-12 14:48 - 2016-03-29 00:26 - 00958976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-04-12 14:48 - 2016-03-29 00:26 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-04-12 14:48 - 2016-03-29 00:25 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2016-04-12 14:48 - 2016-03-29 00:25 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-04-12 14:48 - 2016-03-29 00:21 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-04-12 13:27 - 2016-04-17 15:36 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-12 13:26 - 2016-04-12 13:26 - 22851472 _____ (Malwarebytes ) C:\Users\Greg\Downloads\mbam-setup-bc.1878-2.2.1.1043.exe
2016-04-12 13:26 - 2016-04-12 13:26 - 00001171 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-12 13:26 - 2016-04-12 13:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-12 13:26 - 2016-04-12 13:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-04-12 13:26 - 2016-04-12 13:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-12 13:26 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-04-12 13:26 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-04-12 13:26 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-04-12 13:23 - 2016-04-12 13:23 - 00003398 _____ C:\WINDOWS\System32\Tasks\{BC289B0C-2416-4FEB-BB53-17A6C77AF812}
2016-04-03 11:38 - 2016-04-03 11:38 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-03-29 16:33 - 2016-03-29 16:33 - 00472808 _____ (Sun Microsystems, Inc.) C:\WINDOWS\SysWOW64\deployJava1.dll
2016-03-29 16:33 - 2016-03-29 16:33 - 00157472 _____ (Sun Microsystems, Inc.) C:\WINDOWS\SysWOW64\javaws.exe
2016-03-29 16:33 - 2016-03-29 16:33 - 00145184 _____ (Sun Microsystems, Inc.) C:\WINDOWS\SysWOW64\javaw.exe
2016-03-29 16:33 - 2016-03-29 16:33 - 00145184 _____ (Sun Microsystems, Inc.) C:\WINDOWS\SysWOW64\java.exe
2016-03-29 16:33 - 2016-03-29 16:33 - 00000000 ____D C:\ProgramData\Sun
2016-03-29 16:33 - 2016-03-29 16:33 - 00000000 ____D C:\Program Files (x86)\Java
2016-03-29 16:32 - 2016-03-29 16:32 - 16897824 _____ (Sun Microsystems, Inc.) C:\Users\heres_yeigb7\Downloads\jre-6u27-windows-i586.exe
2016-03-28 18:14 - 2016-03-28 18:14 - 00322690 _____ C:\Users\heres_3xpxvmr\Downloads\Parents-The_Word_Masters_Card_Game_Instructions.pdf
2016-03-28 18:13 - 2016-03-28 18:13 - 00293695 _____ C:\Users\heres_3xpxvmr\Downloads\Parents-Suggested_Activities_for_Vocabulary_Cards.pdf
2016-03-28 18:13 - 2016-03-28 18:13 - 00285520 _____ C:\Users\heres_3xpxvmr\Downloads\Parents-Suggested_Activities_for_Word_Family_Cards.pdf
2016-03-28 18:13 - 2016-03-28 18:13 - 00285520 _____ C:\Users\heres_3xpxvmr\Downloads\Parents-Suggested_Activities_for_Word_Family_Cards (1).pdf
2016-03-28 18:00 - 2016-03-28 18:00 - 00520007 _____ C:\Users\heres_3xpxvmr\Downloads\Parents-Lessons-PP_12_14_Sequencing (1).pdf
2016-03-28 17:57 - 2016-03-28 17:57 - 00595432 _____ C:\Users\heres_3xpxvmr\Downloads\Parents-Lessons-PP_12_14_Making_Predictions (1).pdf
2016-03-28 17:54 - 2016-03-28 17:54 - 02436453 _____ C:\Users\heres_3xpxvmr\Downloads\BLM Books-Visit_Yellowstone.pdf
2016-03-28 17:54 - 2016-03-28 17:54 - 02394377 _____ C:\Users\heres_3xpxvmr\Downloads\Cycle 14 Books-Visit Yellowstone (1).pdf
2016-03-28 17:38 - 2016-03-28 17:38 - 02490699 _____ C:\Users\heres_3xpxvmr\Downloads\BLM Books-Race_For_The_Moon (1).pdf
2016-03-28 16:27 - 2016-03-28 16:27 - 00000000 ____D C:\Users\heres_3xpxvmr\AppData\Roaming\Notepad++

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-21 18:45 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-21 18:38 - 2016-01-22 04:25 - 00000000 ____D C:\Users\heres_yeigb7
2016-04-21 18:37 - 2016-01-22 04:23 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-04-21 18:37 - 2015-09-03 17:37 - 00000000 __SHD C:\Users\heres_yeigb7\IntelGraphicsProfiles
2016-04-21 18:37 - 2015-07-29 21:05 - 00000902 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-21 18:34 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-21 18:30 - 2015-12-06 19:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2016-04-21 18:30 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
2016-04-21 18:30 - 2015-08-04 19:45 - 01063672 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-21 18:30 - 2015-07-29 21:05 - 00000906 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-21 18:28 - 2015-12-06 19:40 - 00000000 __RSD C:\Users\Greg\Documents\McAfee Vaults
2016-04-21 18:28 - 2015-08-23 14:09 - 00000000 ____D C:\Users\Greg\AppData\Roaming\Skype
2016-04-21 18:28 - 2015-08-07 10:46 - 00002394 _____ C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-04-21 18:28 - 2015-07-29 17:29 - 00000000 __RDO C:\Users\Greg\SkyDrive
2016-04-21 18:27 - 2015-07-29 19:18 - 00000000 __SHD C:\Users\Greg\IntelGraphicsProfiles
2016-04-21 18:24 - 2015-12-06 19:37 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-04-21 18:23 - 2016-01-22 04:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-21 18:22 - 2015-10-30 01:28 - 01048576 ___SH C:\WINDOWS\system32\config\BBI
2016-04-21 03:18 - 2016-02-18 17:40 - 00000300 _____ C:\WINDOWS\Tasks\UpdateTask.job
2016-04-21 03:17 - 2015-07-29 21:05 - 00004142 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A4910C18-AEFA-4CBD-82DB-71CE49ACD823}
2016-04-19 13:45 - 2015-10-30 01:28 - 00008192 ___SH C:\WINDOWS\system32\config\ELAM
2016-04-17 18:16 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\rescache
2016-04-17 15:55 - 2015-07-29 17:27 - 00000000 ____D C:\Users\Greg\AppData\Local\Packages
2016-04-17 15:45 - 2015-07-29 21:07 - 00000000 ____D C:\ProgramData\McAfee
2016-04-17 15:44 - 2015-12-06 19:36 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-04-17 15:43 - 2015-10-30 02:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-04-17 15:42 - 2015-12-06 19:39 - 00003122 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2016-04-17 15:42 - 2015-07-29 21:09 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2016-04-17 15:32 - 2016-01-22 04:25 - 00000000 ____D C:\Users\Greg
2016-04-12 19:47 - 2016-01-22 04:19 - 00333088 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-12 19:45 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-04-12 19:45 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-04-12 19:45 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-04-12 19:45 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-04-12 18:48 - 2015-09-03 17:40 - 00000000 __RSD C:\Users\heres_yeigb7\Documents\McAfee Vaults
2016-04-12 17:05 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-12 17:03 - 2015-07-29 17:52 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-12 16:58 - 2015-07-29 17:52 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-12 16:40 - 2016-01-06 10:04 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-04-12 16:40 - 2015-08-23 14:09 - 00000000 ____D C:\ProgramData\Skype
2016-04-12 14:11 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\SystemApps
2016-04-12 13:49 - 2016-01-22 04:26 - 00000000 ____D C:\Users\heres_3xpxvmr
2016-04-12 13:49 - 2016-01-22 04:25 - 00000000 ____D C:\Users\heres
2016-04-12 13:33 - 2015-07-29 21:05 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-12 13:33 - 2015-07-29 21:05 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-06 13:32 - 2015-10-30 02:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-04-06 13:32 - 2015-10-30 02:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-03 11:38 - 2015-10-30 02:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-04-03 11:38 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-04-03 11:36 - 2015-11-05 14:58 - 00000000 ____D C:\Program Files\Microsoft Office
2016-03-29 17:04 - 2015-08-21 22:16 - 00000000 ___RD C:\Users\heres_3xpxvmr\OneDrive
2016-03-29 17:04 - 2015-08-11 20:25 - 00000000 ___RD C:\Users\heres\OneDrive
2016-03-29 16:44 - 2015-12-17 13:45 - 00001143 _____ C:\Users\heres_yeigb7\Desktop\nativelog.txt
2016-03-29 16:36 - 2015-09-06 15:53 - 00000000 ____D C:\Users\heres_yeigb7\AppData\Roaming\.minecraft
2016-03-29 16:22 - 2015-09-03 17:37 - 00000000 ____D C:\Users\heres_yeigb7\AppData\Local\Packages
2016-03-29 15:06 - 2015-08-11 20:25 - 00000000 __RSD C:\Users\heres\Documents\McAfee Vaults
2016-03-29 15:05 - 2015-08-11 20:22 - 00000000 __SHD C:\Users\heres\IntelGraphicsProfiles
2016-03-29 14:38 - 2015-10-21 16:32 - 00004160 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C1F0C2A3-C810-49F5-854D-FFC142A29FDB}
2016-03-29 07:32 - 2015-08-21 22:15 - 00000000 __SHD C:\Users\heres_3xpxvmr\IntelGraphicsProfiles
2016-03-29 07:32 - 2015-08-21 22:15 - 00000000 __RSD C:\Users\heres_3xpxvmr\Documents\McAfee Vaults
2016-03-28 18:14 - 2016-02-16 21:28 - 00000000 ____D C:\Program Files (x86)\istation

==================== Files in the root of some directories =======

2016-01-29 18:05 - 2016-01-29 18:05 - 0007626 _____ () C:\Users\Greg\AppData\Local\Resmon.ResmonCfg
2016-01-22 04:23 - 2016-01-22 04:23 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\heres_3xpxvmr\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\heres_yeigb7\AppData\Local\Temp\jansi-64-1130120991910054978.dll
C:\Users\heres_yeigb7\AppData\Local\Temp\jansi-64-1668858295041799502.dll
C:\Users\heres_yeigb7\AppData\Local\Temp\jansi-64-1681979673571303545.dll
C:\Users\heres_yeigb7\AppData\Local\Temp\jansi-64-2015801249387494703.dll
C:\Users\heres_yeigb7\AppData\Local\Temp\jansi-64-2646251359903989869.dll
C:\Users\heres_yeigb7\AppData\Local\Temp\jansi-64-426312345832316055.dll
C:\Users\heres_yeigb7\AppData\Local\Temp\jansi-64-4398426683774344019.dll
C:\Users\heres_yeigb7\AppData\Local\Temp\jansi-64-5357240478730748430.dll
C:\Users\heres_yeigb7\AppData\Local\Temp\jansi-64-5778452632405658353.dll
C:\Users\heres_yeigb7\AppData\Local\Temp\jansi-64-7251268532331749603.dll
C:\Users\heres_yeigb7\AppData\Local\Temp\jansi-64-7766569324946626159.dll
C:\Users\heres_yeigb7\AppData\Local\Temp\jansi-64-7885909645240311161.dll
C:\Users\heres_yeigb7\AppData\Local\Temp\jansi-64-995485179080347411.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-04-17 15:57

==================== End of FRST.txt ============================

 

 

once the scan is complete I will post the report.



#4 gregbsens

gregbsens
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 21 April 2016 - 07:22 PM

I'm sorry.  It posted 3 things.  I clicked on next thinking it would give me a file and instead the program fixed it.  I cannot paste the one line in the quarantine log.

 

I will do my best to type it out.

 

Quarantine log:

 

c:\Users\heres_yeigb7\AppData\Local\{D745E119-F3ED-8DA1-9E75-A849BA1D54D1}\uninstall.exe, Heur:Malicious/Generic, 4/21/2016 - 7:13:07 PM



#5 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:01 AM

Posted 22 April 2016 - 08:24 PM

Hello again,

gameo and chromium? restricted win 10 account

Is your problem still continues ?

=========================================

Addition.txt is created by default from the first run of FRST, can you check inside this folder: C:\FRST\Logs I need to see that log before we progress. If no Addition log inside the Logs folder run FRST scan one more time, ensure "Addition" is checked in the optional scan box...

Attached Images

Ashampoo_Snap_20140927_13h17m38s_001_Far

 

 

 

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#6 gregbsens

gregbsens
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 23 April 2016 - 07:56 PM

Yes it is still a problem.  I logged into my son's profile and it is still happening.

 

well I can't paste an image of the web page of gameoapp.com that opens when my son logs in.  I also opened task manager while logged in as him and it shows chromium there as well  (assuming that is an issue). It doesn't impact my profile right now.

 

 

Ok, running FRST worked this time.

 

Here is the FRST.txt file.

 

===========================================================================

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-04-2016
Ran by Greg (administrator) on ZION (23-04-2016 19:45:27)
Running from C:\Users\Greg\Desktop
Loaded Profiles: Greg (Available Profiles: Greg & heres & heres_yeigb7 & heres_3xpxvmr & MsDtsServer110 & MSSQLServerOLAPService & ReportServer & MSSQLFDLauncher & SQLSERVERAGENT & MSSQLSERVER)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Tablet Driver) C:\Windows\System32\drivers\WTSrv.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Lenovo Group Limited) C:\Program Files\lenovo\iMController\Service\Lenovo.Modern.ImController.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.9.656.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\msoia.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Graphic Tablet Company Shenzhen) C:\Program Files\TabletDriver\TabletDriver.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\MSOSYNC.EXE
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
(Lenovo Group Limited) C:\Program Files\lenovo\iMController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [TabletDriver] => C:\Program Files\TabletDriver\TabletDriver.exe [1157344 2015-07-09] (Graphic Tablet Company Shenzhen)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [12866288 2016-04-08] (Zemana Ltd.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2014-11-19] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [WTClient] => C:\WINDOWS\SysWOW64\WTClient.exe [41280 2014-01-12] (Tablet Driver)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKU\S-1-5-21-2331855821-715679923-1060298032-1001\...\Run: [GoogleChromeAutoLaunch_9CCDD43624CF0A67FCB8D07A1D3BBB05] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [874648 2016-04-06] (Google Inc.)
HKU\S-1-5-21-2331855821-715679923-1060298032-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50670720 2016-03-01] (Skype Technologies S.A.)
Startup: C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2015-10-17]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\heres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2015-10-22]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
GroupPolicyUsers\S-1-5-21-2331855821-715679923-1060298032-1006\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2331855821-715679923-1060298032-1005\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2331855821-715679923-1060298032-1004\User: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{b927441f-d0f8-4648-aaec-6cc2e1517c95}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{d0c93f98-47e6-493d-ae08-b0cf2efde859}: [DhcpNameServer] 192.168.1.1 0.0.0.0
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2331855821-715679923-1060298032-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2016-04-21] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-04-03] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-04-21] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-09-03] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-04-03] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2016-03-29] (Sun Microsystems, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-04-20] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-04-20] (McAfee, Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-03] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-04-03] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-03] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-04-03] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-03] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-04-03] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-03] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-04-03] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-04-20] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-04-20] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2016-03-31] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-03-31] (McAfee, Inc.)
 
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-03-31] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-04-03] (Microsoft Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2016-03-29] (Sun Microsystems, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-03-31] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-04-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-04-03] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2016-04-21]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2016-04-21] [not signed]
 
Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=C211US0D20151206&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-29]
CHR Extension: (Google Docs) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-29]
CHR Extension: (Google Drive) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-12]
CHR Extension: (Google Cast) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-04-17]
CHR Extension: (Google Search) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-08]
CHR Extension: (Google Sheets) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-29]
CHR Extension: (SiteAdvisor) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-07-29]
CHR Extension: (GoToMeeting Pro Screensharing) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcgikpombjkodabhbdalkcdhmllafipp [2015-12-06]
CHR Extension: (Google Docs Offline) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-17]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2015-07-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-17]
CHR Extension: (Gmail) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-29]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-04-21]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-04-21]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2838768 2016-04-03] (Microsoft Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [370064 2015-09-02] (Intel Corporation)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [36808 2016-01-29] (Lenovo Group Limited)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [163592 2016-04-20] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [889704 2016-03-31] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.656.0\McCSPServiceHost.exe [1709096 2016-03-14] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [718248 2016-03-07] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [234192 2016-01-25] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-02-19] (McAfee, Inc.)
R3 mfevtp; C:\WINDOWS\system32\mfevtps.exe [279488 2016-01-25] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1037048 2016-03-15] (McAfee, Inc.)
S3 MsDtsServer110; C:\Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe [218200 2012-02-11] (Microsoft Corporation)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
S3 MSSQLFDLauncher; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [49752 2012-02-11] (Microsoft Corporation)
S3 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [191064 2012-02-11] (Microsoft Corporation)
S3 MSSQLServerOLAPService; C:\Program Files\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\bin\msmdsrv.exe [61538904 2012-02-11] (Microsoft Corporation)
S3 ose64; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [242720 2016-04-02] (Microsoft Corporation) [File not signed]
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [896456 2016-03-02] (Intel Security, Inc.)
S3 ReportServer; C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2348632 2012-02-11] (Microsoft Corporation)
S3 SQL Server Distributed Replay Client; C:\Program Files (x86)\Microsoft SQL Server\110\Tools\DReplayClient\DReplayClient.exe [137304 2012-02-11] (Microsoft Corporation)
S3 SQL Server Distributed Replay Controller; C:\Program Files (x86)\Microsoft SQL Server\110\Tools\DReplayController\DReplayController.exe [342104 2012-02-11] (Microsoft Corporation)
S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-11] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [12866288 2016-04-08] (Zemana Ltd.)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 bcmsmbsp; C:\Windows\System32\drivers\bcmsmbsp.sys [54048 2015-10-02] (Broadcom Corporation.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [79248 2016-01-29] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [84824 2016-03-16] (McAfee, Inc.)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [193336 2015-09-02] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [422184 2016-01-29] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351656 2016-01-29] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [83608 2016-01-29] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496368 2016-01-29] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [847608 2016-01-29] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [543488 2016-02-10] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2016-02-10] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [45728 2016-03-15] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [245096 2016-01-29] (McAfee, Inc.)
S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
S1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [117768 2015-10-02] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [146584 2015-10-02] (Oracle Corporation)
R3 vmulti; C:\Windows\System32\drivers\vmulti.sys [10752 2014-09-17] (Windows ® Win 7 DDK provider)
S3 vpnva; C:\Windows\System32\drivers\vpnva64-6.sys [52592 2014-11-19] (Cisco Systems, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [247464 2016-04-21] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [247464 2016-04-21] (Zemana Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-23 19:38 - 2016-04-23 19:38 - 00000000 ____D C:\Users\heres_yeigb7\AppData\Local\Zemana
2016-04-23 19:36 - 2016-04-23 19:36 - 00000000 ___HD C:\OneDriveTemp
2016-04-21 19:14 - 2016-04-21 19:14 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-04-21 19:02 - 2016-04-21 19:02 - 00004208 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2016-04-21 18:53 - 2016-04-23 19:44 - 00037330 _____ C:\WINDOWS\ZAM.krnl.trace
2016-04-21 18:53 - 2016-04-23 19:40 - 00026077 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2016-04-21 18:53 - 2016-04-21 18:53 - 05252032 _____ ( ) C:\Users\Greg\Desktop\Zemana.AntiMalware.Setup.exe
2016-04-21 18:53 - 2016-04-21 18:53 - 00247464 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2016-04-21 18:53 - 2016-04-21 18:53 - 00247464 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2016-04-21 18:53 - 2016-04-21 18:53 - 00001217 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2016-04-21 18:53 - 2016-04-21 18:53 - 00000000 ____D C:\Users\Greg\AppData\Local\Zemana
2016-04-21 18:53 - 2016-04-21 18:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2016-04-21 18:53 - 2016-04-21 18:53 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-04-19 13:30 - 2016-04-23 19:45 - 00023089 _____ C:\Users\Greg\Desktop\FRST.txt
2016-04-19 13:29 - 2016-04-19 13:29 - 02375680 _____ (Farbar) C:\Users\Greg\Downloads\FRST64.exe
2016-04-19 13:29 - 2016-04-19 13:29 - 02375680 _____ (Farbar) C:\Users\Greg\Desktop\FRST64.exe
2016-04-19 13:23 - 2016-04-23 19:45 - 00000000 ____D C:\FRST
2016-04-17 15:37 - 2016-04-23 19:37 - 00004020 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2016-04-12 14:49 - 2016-04-01 22:14 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-04-12 14:49 - 2016-03-29 05:20 - 07474016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-04-12 14:49 - 2016-03-29 05:20 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-12 14:49 - 2016-03-29 05:18 - 02152280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-04-12 14:49 - 2016-03-29 04:56 - 01297752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-04-12 14:49 - 2016-03-29 04:37 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-04-12 14:49 - 2016-03-29 04:11 - 00605440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-04-12 14:49 - 2016-03-29 03:41 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-04-12 14:49 - 2016-03-29 03:06 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-04-12 14:49 - 2016-03-29 03:02 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-04-12 14:49 - 2016-03-29 03:01 - 00541304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-04-12 14:49 - 2016-03-29 02:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-04-12 14:49 - 2016-03-29 02:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-04-12 14:49 - 2016-03-29 02:46 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-04-12 14:49 - 2016-03-29 02:36 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-04-12 14:49 - 2016-03-29 02:20 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-04-12 14:49 - 2016-03-29 02:19 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-04-12 14:49 - 2016-03-29 02:15 - 01714688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-04-12 14:49 - 2016-03-29 02:15 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-04-12 14:49 - 2016-03-29 02:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-04-12 14:49 - 2016-03-29 02:12 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-04-12 14:49 - 2016-03-29 02:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-04-12 14:49 - 2016-03-29 02:07 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-04-12 14:49 - 2016-03-29 02:02 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-04-12 14:49 - 2016-03-29 02:02 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-04-12 14:49 - 2016-03-29 02:00 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-04-12 14:49 - 2016-03-29 01:42 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-04-12 14:49 - 2016-03-29 01:37 - 01444352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-04-12 14:49 - 2016-03-29 01:37 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-04-12 14:49 - 2016-03-29 01:37 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-04-12 14:49 - 2016-03-29 01:32 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-04-12 14:49 - 2016-03-29 01:31 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-04-12 14:49 - 2016-03-29 01:31 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-04-12 14:49 - 2016-03-29 01:28 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-04-12 14:49 - 2016-03-29 01:27 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-04-12 14:49 - 2016-03-29 01:26 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-04-12 14:49 - 2016-03-29 01:19 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-04-12 14:49 - 2016-03-29 01:05 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-04-12 14:49 - 2016-03-29 01:05 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-04-12 14:49 - 2016-03-29 01:02 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-04-12 14:49 - 2016-03-29 01:01 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-04-12 14:49 - 2016-03-29 00:58 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-04-12 14:49 - 2016-03-29 00:56 - 16985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-04-12 14:49 - 2016-03-29 00:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-04-12 14:49 - 2016-03-29 00:51 - 22378496 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-04-12 14:49 - 2016-03-29 00:51 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-04-12 14:49 - 2016-03-29 00:49 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-04-12 14:49 - 2016-03-29 00:43 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-04-12 14:49 - 2016-03-29 00:41 - 24602112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-04-12 14:49 - 2016-03-29 00:41 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-04-12 14:49 - 2016-03-29 00:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-04-12 14:49 - 2016-03-29 00:38 - 18673664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-04-12 14:49 - 2016-03-29 00:38 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-04-12 14:49 - 2016-03-29 00:37 - 19340800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-04-12 14:49 - 2016-03-29 00:27 - 07836160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-04-12 14:49 - 2016-03-29 00:27 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-04-12 14:48 - 2016-04-01 23:13 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-04-12 14:48 - 2016-04-01 23:10 - 00770640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2016-04-12 14:48 - 2016-04-01 23:10 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-04-12 14:48 - 2016-04-01 23:10 - 00374008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-04-12 14:48 - 2016-04-01 22:30 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-04-12 14:48 - 2016-04-01 22:29 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-04-12 14:48 - 2016-04-01 22:29 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-04-12 14:48 - 2016-04-01 22:26 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-04-12 14:48 - 2016-04-01 22:25 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2016-04-12 14:48 - 2016-04-01 22:25 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2016-04-12 14:48 - 2016-04-01 22:23 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-04-12 14:48 - 2016-04-01 22:23 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-04-12 14:48 - 2016-04-01 22:21 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-04-12 14:48 - 2016-04-01 22:19 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-04-12 14:48 - 2016-04-01 22:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-04-12 14:48 - 2016-04-01 22:15 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-04-12 14:48 - 2016-04-01 22:09 - 01832448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-04-12 14:48 - 2016-04-01 22:08 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-04-12 14:48 - 2016-04-01 22:07 - 03575296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-04-12 14:48 - 2016-04-01 22:07 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-04-12 14:48 - 2016-04-01 22:03 - 04774912 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-04-12 14:48 - 2016-04-01 22:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-04-12 14:48 - 2016-03-29 05:23 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-04-12 14:48 - 2016-03-29 05:22 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-04-12 14:48 - 2016-03-29 05:22 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-04-12 14:48 - 2016-03-29 05:20 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-04-12 14:48 - 2016-03-29 05:20 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-04-12 14:48 - 2016-03-29 05:15 - 00100232 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2016-04-12 14:48 - 2016-03-29 05:11 - 00686976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-04-12 14:48 - 2016-03-29 05:05 - 01152864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-04-12 14:48 - 2016-03-29 05:02 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-04-12 14:48 - 2016-03-29 05:02 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-04-12 14:48 - 2016-03-29 04:28 - 00696664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-04-12 14:48 - 2016-03-29 04:28 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-04-12 14:48 - 2016-03-29 04:28 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-04-12 14:48 - 2016-03-29 04:25 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-04-12 14:48 - 2016-03-29 04:25 - 00058400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-04-12 14:48 - 2016-03-29 04:19 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-04-12 14:48 - 2016-03-29 04:18 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-04-12 14:48 - 2016-03-29 04:17 - 00300104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-04-12 14:48 - 2016-03-29 04:13 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-04-12 14:48 - 2016-03-29 04:11 - 00074424 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2016-04-12 14:48 - 2016-03-29 04:10 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
2016-04-12 14:48 - 2016-03-29 04:09 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
2016-04-12 14:48 - 2016-03-29 04:08 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-04-12 14:48 - 2016-03-29 04:08 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2016-04-12 14:48 - 2016-03-29 04:07 - 00081144 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
2016-04-12 14:48 - 2016-03-29 03:44 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-04-12 14:48 - 2016-03-29 03:44 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-04-12 14:48 - 2016-03-29 03:41 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-04-12 14:48 - 2016-03-29 03:32 - 00253088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-04-12 14:48 - 2016-03-29 03:26 - 02403680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-04-12 14:48 - 2016-03-29 03:26 - 01089888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-04-12 14:48 - 2016-03-29 03:26 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll
2016-04-12 14:48 - 2016-03-29 03:25 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll
2016-04-12 14:48 - 2016-03-29 03:24 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-04-12 14:48 - 2016-03-29 03:23 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll
2016-04-12 14:48 - 2016-03-29 03:21 - 00378208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2016-04-12 14:48 - 2016-03-29 03:17 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-04-12 14:48 - 2016-03-29 03:16 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-04-12 14:48 - 2016-03-29 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2016-04-12 14:48 - 2016-03-29 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2016-04-12 14:48 - 2016-03-29 03:07 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-04-12 14:48 - 2016-03-29 03:07 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2016-04-12 14:48 - 2016-03-29 03:07 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll
2016-04-12 14:48 - 2016-03-29 03:06 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacchooks.dll
2016-04-12 14:48 - 2016-03-29 03:00 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-04-12 14:48 - 2016-03-29 03:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2016-04-12 14:48 - 2016-03-29 03:00 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-04-12 14:48 - 2016-03-29 02:59 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2016-04-12 14:48 - 2016-03-29 02:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-04-12 14:48 - 2016-03-29 02:57 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-04-12 14:48 - 2016-03-29 02:57 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-04-12 14:48 - 2016-03-29 02:57 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
2016-04-12 14:48 - 2016-03-29 02:55 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-04-12 14:48 - 2016-03-29 02:55 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
2016-04-12 14:48 - 2016-03-29 02:55 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2016-04-12 14:48 - 2016-03-29 02:54 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-04-12 14:48 - 2016-03-29 02:53 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2016-04-12 14:48 - 2016-03-29 02:52 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2016-04-12 14:48 - 2016-03-29 02:51 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-04-12 14:48 - 2016-03-29 02:51 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-04-12 14:48 - 2016-03-29 02:50 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2016-04-12 14:48 - 2016-03-29 02:50 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-04-12 14:48 - 2016-03-29 02:50 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-04-12 14:48 - 2016-03-29 02:50 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-04-12 14:48 - 2016-03-29 02:50 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2016-04-12 14:48 - 2016-03-29 02:49 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-04-12 14:48 - 2016-03-29 02:48 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2016-04-12 14:48 - 2016-03-29 02:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-04-12 14:48 - 2016-03-29 02:46 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2016-04-12 14:48 - 2016-03-29 02:44 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2016-04-12 14:48 - 2016-03-29 02:42 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-04-12 14:48 - 2016-03-29 02:39 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-04-12 14:48 - 2016-03-29 02:38 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-04-12 14:48 - 2016-03-29 02:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-04-12 14:48 - 2016-03-29 02:36 - 00530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2016-04-12 14:48 - 2016-03-29 02:35 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2016-04-12 14:48 - 2016-03-29 02:35 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2016-04-12 14:48 - 2016-03-29 02:34 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-04-12 14:48 - 2016-03-29 02:34 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-04-12 14:48 - 2016-03-29 02:34 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2016-04-12 14:48 - 2016-03-29 02:34 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2016-04-12 14:48 - 2016-03-29 02:33 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2016-04-12 14:48 - 2016-03-29 02:32 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-04-12 14:48 - 2016-03-29 02:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-04-12 14:48 - 2016-03-29 02:30 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-04-12 14:48 - 2016-03-29 02:30 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-04-12 14:48 - 2016-03-29 02:28 - 00460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-04-12 14:48 - 2016-03-29 02:27 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-04-12 14:48 - 2016-03-29 02:26 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-04-12 14:48 - 2016-03-29 02:23 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2016-04-12 14:48 - 2016-03-29 02:23 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-04-12 14:48 - 2016-03-29 02:23 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-04-12 14:48 - 2016-03-29 02:22 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2016-04-12 14:48 - 2016-03-29 02:21 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-12 14:48 - 2016-03-29 02:20 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2016-04-12 14:48 - 2016-03-29 02:20 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2016-04-12 14:48 - 2016-03-29 02:20 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsdchngr.dll
2016-04-12 14:48 - 2016-03-29 02:19 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-04-12 14:48 - 2016-03-29 02:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacchooks.dll
2016-04-12 14:48 - 2016-03-29 02:18 - 00676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2016-04-12 14:48 - 2016-03-29 02:17 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-04-12 14:48 - 2016-03-29 02:17 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2016-04-12 14:48 - 2016-03-29 02:17 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-04-12 14:48 - 2016-03-29 02:16 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-04-12 14:48 - 2016-03-29 02:16 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-04-12 14:48 - 2016-03-29 02:14 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-04-12 14:48 - 2016-03-29 02:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-04-12 14:48 - 2016-03-29 02:12 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-04-12 14:48 - 2016-03-29 02:11 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-04-12 14:48 - 2016-03-29 02:11 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2016-04-12 14:48 - 2016-03-29 02:11 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-04-12 14:48 - 2016-03-29 02:11 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-04-12 14:48 - 2016-03-29 02:11 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-04-12 14:48 - 2016-03-29 02:11 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll
2016-04-12 14:48 - 2016-03-29 02:10 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-04-12 14:48 - 2016-03-29 02:10 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-04-12 14:48 - 2016-03-29 02:09 - 01239552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2016-04-12 14:48 - 2016-03-29 02:09 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-04-12 14:48 - 2016-03-29 02:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2016-04-12 14:48 - 2016-03-29 02:08 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-04-12 14:48 - 2016-03-29 02:08 - 00841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-04-12 14:48 - 2016-03-29 02:08 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-04-12 14:48 - 2016-03-29 02:07 - 01902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-04-12 14:48 - 2016-03-29 02:06 - 01575936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-04-12 14:48 - 2016-03-29 02:06 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-04-12 14:48 - 2016-03-29 02:06 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2016-04-12 14:48 - 2016-03-29 02:05 - 01395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-04-12 14:48 - 2016-03-29 02:05 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2016-04-12 14:48 - 2016-03-29 02:04 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2016-04-12 14:48 - 2016-03-29 02:03 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-04-12 14:48 - 2016-03-29 02:02 - 01211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-04-12 14:48 - 2016-03-29 02:00 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-04-12 14:48 - 2016-03-29 02:00 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-04-12 14:48 - 2016-03-29 02:00 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-04-12 14:48 - 2016-03-29 01:59 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-04-12 14:48 - 2016-03-29 01:59 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2016-04-12 14:48 - 2016-03-29 01:59 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-04-12 14:48 - 2016-03-29 01:56 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-04-12 14:48 - 2016-03-29 01:56 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-04-12 14:48 - 2016-03-29 01:55 - 01052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2016-04-12 14:48 - 2016-03-29 01:53 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2016-04-12 14:48 - 2016-03-29 01:53 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2016-04-12 14:48 - 2016-03-29 01:52 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-04-12 14:48 - 2016-03-29 01:52 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2016-04-12 14:48 - 2016-03-29 01:49 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2016-04-12 14:48 - 2016-03-29 01:48 - 00346624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-04-12 14:48 - 2016-03-29 01:44 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-04-12 14:48 - 2016-03-29 01:43 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AccountsRt.dll
2016-04-12 14:48 - 2016-03-29 01:42 - 01410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-04-12 14:48 - 2016-03-29 01:42 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-12 14:48 - 2016-03-29 01:41 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2016-04-12 14:48 - 2016-03-29 01:40 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2016-04-12 14:48 - 2016-03-29 01:39 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2016-04-12 14:48 - 2016-03-29 01:39 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2016-04-12 14:48 - 2016-03-29 01:39 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-04-12 14:48 - 2016-03-29 01:38 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-04-12 14:48 - 2016-03-29 01:36 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-04-12 14:48 - 2016-03-29 01:36 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-04-12 14:48 - 2016-03-29 01:35 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-04-12 14:48 - 2016-03-29 01:34 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-04-12 14:48 - 2016-03-29 01:34 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-04-12 14:48 - 2016-03-29 01:34 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2016-04-12 14:48 - 2016-03-29 01:34 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-04-12 14:48 - 2016-03-29 01:32 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-04-12 14:48 - 2016-03-29 01:32 - 01098240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-04-12 14:48 - 2016-03-29 01:32 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2016-04-12 14:48 - 2016-03-29 01:32 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-04-12 14:48 - 2016-03-29 01:32 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-04-12 14:48 - 2016-03-29 01:32 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-04-12 14:48 - 2016-03-29 01:32 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2016-04-12 14:48 - 2016-03-29 01:31 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-04-12 14:48 - 2016-03-29 01:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-04-12 14:48 - 2016-03-29 01:30 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-04-12 14:48 - 2016-03-29 01:29 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-04-12 14:48 - 2016-03-29 01:29 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-04-12 14:48 - 2016-03-29 01:28 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-04-12 14:48 - 2016-03-29 01:27 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-04-12 14:48 - 2016-03-29 01:27 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-04-12 14:48 - 2016-03-29 01:27 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-04-12 14:48 - 2016-03-29 01:27 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-04-12 14:48 - 2016-03-29 01:23 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2016-04-12 14:48 - 2016-03-29 01:22 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-04-12 14:48 - 2016-03-29 01:17 - 00765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-04-12 14:48 - 2016-03-29 01:14 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2016-04-12 14:48 - 2016-03-29 01:13 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2016-04-12 14:48 - 2016-03-29 01:10 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-04-12 14:48 - 2016-03-29 01:06 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-04-12 14:48 - 2016-03-29 01:05 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-04-12 14:48 - 2016-03-29 01:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-04-12 14:48 - 2016-03-29 01:05 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-04-12 14:48 - 2016-03-29 01:05 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-04-12 14:48 - 2016-03-29 01:04 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-04-12 14:48 - 2016-03-29 01:04 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-04-12 14:48 - 2016-03-29 01:01 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-04-12 14:48 - 2016-03-29 01:00 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-04-12 14:48 - 2016-03-29 00:45 - 03078144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-04-12 14:48 - 2016-03-29 00:45 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2016-04-12 14:48 - 2016-03-29 00:43 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-04-12 14:48 - 2016-03-29 00:36 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-04-12 14:48 - 2016-03-29 00:35 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2016-04-12 14:48 - 2016-03-29 00:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2016-04-12 14:48 - 2016-03-29 00:27 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-04-12 14:48 - 2016-03-29 00:26 - 00958976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-04-12 14:48 - 2016-03-29 00:26 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-04-12 14:48 - 2016-03-29 00:25 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2016-04-12 14:48 - 2016-03-29 00:25 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-04-12 14:48 - 2016-03-29 00:21 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-04-12 13:27 - 2016-04-17 15:36 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-12 13:26 - 2016-04-12 13:26 - 22851472 _____ (Malwarebytes ) C:\Users\Greg\Downloads\mbam-setup-bc.1878-2.2.1.1043.exe
2016-04-12 13:26 - 2016-04-12 13:26 - 00001171 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-12 13:26 - 2016-04-12 13:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-12 13:26 - 2016-04-12 13:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-04-12 13:26 - 2016-04-12 13:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-12 13:26 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-04-12 13:26 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-04-12 13:26 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-04-12 13:23 - 2016-04-12 13:23 - 00003398 _____ C:\WINDOWS\System32\Tasks\{BC289B0C-2416-4FEB-BB53-17A6C77AF812}
2016-03-29 16:33 - 2016-03-29 16:33 - 00472808 _____ (Sun Microsystems, Inc.) C:\WINDOWS\SysWOW64\deployJava1.dll
2016-03-29 16:33 - 2016-03-29 16:33 - 00157472 _____ (Sun Microsystems, Inc.) C:\WINDOWS\SysWOW64\javaws.exe
2016-03-29 16:33 - 2016-03-29 16:33 - 00145184 _____ (Sun Microsystems, Inc.) C:\WINDOWS\SysWOW64\javaw.exe
2016-03-29 16:33 - 2016-03-29 16:33 - 00145184 _____ (Sun Microsystems, Inc.) C:\WINDOWS\SysWOW64\java.exe
2016-03-29 16:33 - 2016-03-29 16:33 - 00000000 ____D C:\ProgramData\Sun
2016-03-29 16:33 - 2016-03-29 16:33 - 00000000 ____D C:\Program Files (x86)\Java
2016-03-29 16:32 - 2016-03-29 16:32 - 16897824 _____ (Sun Microsystems, Inc.) C:\Users\heres_yeigb7\Downloads\jre-6u27-windows-i586.exe
2016-03-28 18:14 - 2016-03-28 18:14 - 00322690 _____ C:\Users\heres_3xpxvmr\Downloads\Parents-The_Word_Masters_Card_Game_Instructions.pdf
2016-03-28 18:13 - 2016-03-28 18:13 - 00293695 _____ C:\Users\heres_3xpxvmr\Downloads\Parents-Suggested_Activities_for_Vocabulary_Cards.pdf
2016-03-28 18:13 - 2016-03-28 18:13 - 00285520 _____ C:\Users\heres_3xpxvmr\Downloads\Parents-Suggested_Activities_for_Word_Family_Cards.pdf
2016-03-28 18:13 - 2016-03-28 18:13 - 00285520 _____ C:\Users\heres_3xpxvmr\Downloads\Parents-Suggested_Activities_for_Word_Family_Cards (1).pdf
2016-03-28 18:00 - 2016-03-28 18:00 - 00520007 _____ C:\Users\heres_3xpxvmr\Downloads\Parents-Lessons-PP_12_14_Sequencing (1).pdf
2016-03-28 17:57 - 2016-03-28 17:57 - 00595432 _____ C:\Users\heres_3xpxvmr\Downloads\Parents-Lessons-PP_12_14_Making_Predictions (1).pdf
2016-03-28 17:54 - 2016-03-28 17:54 - 02436453 _____ C:\Users\heres_3xpxvmr\Downloads\BLM Books-Visit_Yellowstone.pdf
2016-03-28 17:54 - 2016-03-28 17:54 - 02394377 _____ C:\Users\heres_3xpxvmr\Downloads\Cycle 14 Books-Visit Yellowstone (1).pdf
2016-03-28 17:38 - 2016-03-28 17:38 - 02490699 _____ C:\Users\heres_3xpxvmr\Downloads\BLM Books-Race_For_The_Moon (1).pdf
2016-03-28 16:27 - 2016-03-28 16:27 - 00000000 ____D C:\Users\heres_3xpxvmr\AppData\Roaming\Notepad++
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-23 19:45 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-23 19:44 - 2016-01-22 04:25 - 00000000 ____D C:\Users\heres_yeigb7
2016-04-23 19:41 - 2015-12-06 19:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2016-04-23 19:39 - 2015-09-03 17:40 - 00000000 __RSD C:\Users\heres_yeigb7\Documents\McAfee Vaults
2016-04-23 19:39 - 2015-09-03 17:39 - 00002418 _____ C:\Users\heres_yeigb7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-04-23 19:39 - 2015-09-03 17:39 - 00000000 ___RD C:\Users\heres_yeigb7\OneDrive
2016-04-23 19:38 - 2016-01-22 04:23 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-04-23 19:38 - 2015-09-03 17:37 - 00000000 __SHD C:\Users\heres_yeigb7\IntelGraphicsProfiles
2016-04-23 19:38 - 2015-07-29 21:05 - 00000902 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-23 19:37 - 2015-07-29 21:05 - 00004142 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A4910C18-AEFA-4CBD-82DB-71CE49ACD823}
2016-04-23 19:36 - 2015-12-06 19:40 - 00000000 __RSD C:\Users\Greg\Documents\McAfee Vaults
2016-04-23 19:36 - 2015-08-23 14:09 - 00000000 ____D C:\Users\Greg\AppData\Roaming\Skype
2016-04-23 19:36 - 2015-07-29 17:29 - 00000000 __RDO C:\Users\Greg\SkyDrive
2016-04-23 19:35 - 2015-07-29 19:18 - 00000000 __SHD C:\Users\Greg\IntelGraphicsProfiles
2016-04-21 21:30 - 2015-07-29 21:05 - 00000906 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-21 21:18 - 2016-02-18 17:40 - 00000300 _____ C:\WINDOWS\Tasks\UpdateTask.job
2016-04-21 19:27 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
2016-04-21 19:27 - 2015-08-04 19:45 - 01063672 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-21 19:23 - 2016-01-22 04:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-21 19:23 - 2015-12-06 19:37 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-04-21 19:23 - 2015-10-30 01:28 - 00008192 ___SH C:\WINDOWS\system32\config\ELAM
2016-04-21 19:22 - 2016-02-18 17:39 - 00000000 ____D C:\Users\heres_yeigb7\AppData\Local\{D745E119-F3ED-8DA1-9E75-A849BA1D54D1}
2016-04-21 19:22 - 2015-10-30 01:28 - 01048576 ___SH C:\WINDOWS\system32\config\BBI
2016-04-21 19:15 - 2015-10-30 02:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-04-21 19:14 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-04-21 19:12 - 2015-11-05 14:58 - 00000000 ____D C:\Program Files\Microsoft Office
2016-04-21 18:34 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-21 18:28 - 2015-08-07 10:46 - 00002394 _____ C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-04-17 18:16 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\rescache
2016-04-17 15:55 - 2015-07-29 17:27 - 00000000 ____D C:\Users\Greg\AppData\Local\Packages
2016-04-17 15:45 - 2015-07-29 21:07 - 00000000 ____D C:\ProgramData\McAfee
2016-04-17 15:44 - 2015-12-06 19:36 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-04-17 15:43 - 2015-10-30 02:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-04-17 15:42 - 2015-12-06 19:39 - 00003122 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2016-04-17 15:42 - 2015-07-29 21:09 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2016-04-17 15:32 - 2016-01-22 04:25 - 00000000 ____D C:\Users\Greg
2016-04-12 19:47 - 2016-01-22 04:19 - 00333088 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-12 19:45 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-04-12 19:45 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-04-12 19:45 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-04-12 19:45 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-04-12 17:05 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-12 17:03 - 2015-07-29 17:52 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-12 16:58 - 2015-07-29 17:52 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-12 16:40 - 2016-01-06 10:04 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-04-12 16:40 - 2015-08-23 14:09 - 00000000 ____D C:\ProgramData\Skype
2016-04-12 14:11 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\SystemApps
2016-04-12 13:49 - 2016-01-22 04:26 - 00000000 ____D C:\Users\heres_3xpxvmr
2016-04-12 13:49 - 2016-01-22 04:25 - 00000000 ____D C:\Users\heres
2016-04-12 13:33 - 2015-07-29 21:05 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-12 13:33 - 2015-07-29 21:05 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-06 13:32 - 2015-10-30 02:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-04-06 13:32 - 2015-10-30 02:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-29 17:04 - 2015-08-21 22:16 - 00000000 ___RD C:\Users\heres_3xpxvmr\OneDrive
2016-03-29 17:04 - 2015-08-11 20:25 - 00000000 ___RD C:\Users\heres\OneDrive
2016-03-29 16:44 - 2015-12-17 13:45 - 00001143 _____ C:\Users\heres_yeigb7\Desktop\nativelog.txt
2016-03-29 16:36 - 2015-09-06 15:53 - 00000000 ____D C:\Users\heres_yeigb7\AppData\Roaming\.minecraft
2016-03-29 16:22 - 2015-09-03 17:37 - 00000000 ____D C:\Users\heres_yeigb7\AppData\Local\Packages
2016-03-29 15:06 - 2015-08-11 20:25 - 00000000 __RSD C:\Users\heres\Documents\McAfee Vaults
2016-03-29 15:05 - 2015-08-11 20:22 - 00000000 __SHD C:\Users\heres\IntelGraphicsProfiles
2016-03-29 14:38 - 2015-10-21 16:32 - 00004160 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C1F0C2A3-C810-49F5-854D-FFC142A29FDB}
2016-03-29 07:32 - 2015-08-21 22:15 - 00000000 __SHD C:\Users\heres_3xpxvmr\IntelGraphicsProfiles
2016-03-29 07:32 - 2015-08-21 22:15 - 00000000 __RSD C:\Users\heres_3xpxvmr\Documents\McAfee Vaults
2016-03-28 18:14 - 2016-02-16 21:28 - 00000000 ____D C:\Program Files (x86)\istation
 
==================== Files in the root of some directories =======
 
2016-01-29 18:05 - 2016-01-29 18:05 - 0007626 _____ () C:\Users\Greg\AppData\Local\Resmon.ResmonCfg
2016-01-22 04:23 - 2016-01-22 04:23 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\heres_3xpxvmr\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\heres_yeigb7\AppData\Local\Temp\jansi-64-1130120991910054978.dll
C:\Users\heres_yeigb7\AppData\Local\Temp\jansi-64-1668858295041799502.dll
C:\Users\heres_yeigb7\AppData\Local\Temp\jansi-64-1681979673571303545.dll
C:\Users\heres_yeigb7\AppData\Local\Temp\jansi-64-2015801249387494703.dll
C:\Users\heres_yeigb7\AppData\Local\Temp\jansi-64-2646251359903989869.dll
C:\Users\heres_yeigb7\AppData\Local\Temp\jansi-64-426312345832316055.dll
C:\Users\heres_yeigb7\AppData\Local\Temp\jansi-64-4398426683774344019.dll
C:\Users\heres_yeigb7\AppData\Local\Temp\jansi-64-5357240478730748430.dll
C:\Users\heres_yeigb7\AppData\Local\Temp\jansi-64-5778452632405658353.dll
C:\Users\heres_yeigb7\AppData\Local\Temp\jansi-64-7251268532331749603.dll
C:\Users\heres_yeigb7\AppData\Local\Temp\jansi-64-7766569324946626159.dll
C:\Users\heres_yeigb7\AppData\Local\Temp\jansi-64-7885909645240311161.dll
C:\Users\heres_yeigb7\AppData\Local\Temp\jansi-64-995485179080347411.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-04-17 15:57
 
==================== End of FRST.txt ============================
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Addition.txt
 
==============================================================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-04-2016
Ran by Greg (2016-04-23 19:46:22)
Running from C:\Users\Greg\Desktop
Windows 10 Pro Version 1511 (X64) (2016-01-22 09:52:25)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2331855821-715679923-1060298032-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2331855821-715679923-1060298032-503 - Limited - Disabled)
Greg (S-1-5-21-2331855821-715679923-1060298032-1001 - Administrator - Enabled) => C:\Users\Greg
Guest (S-1-5-21-2331855821-715679923-1060298032-501 - Limited - Disabled)
heres (S-1-5-21-2331855821-715679923-1060298032-1004 - Limited - Enabled) => C:\Users\heres
heres_3xpxvmr (S-1-5-21-2331855821-715679923-1060298032-1006 - Limited - Enabled) => C:\Users\heres_3xpxvmr
heres_yeigb7 (S-1-5-21-2331855821-715679923-1060298032-1005 - Limited - Enabled) => C:\Users\heres_yeigb7
HomeGroupUser$ (S-1-5-21-2331855821-715679923-1060298032-1003 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.06073 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.06073 - Cisco Systems, Inc.) Hidden
Evernote v. 5.9.1 (HKLM-x32\...\{5EA1DED0-5285-11E5-8AA1-0050569584E9}) (Version: 5.9.1.8742 - Evernote Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4248 - Intel Corporation)
Java™ 6 Update 27 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216027FF}) (Version: 6.0.270 - Oracle)
Lenovo System Interface Foundation (HKLM\...\{C2E5CA37-C862-4A69-AC6D-24F450A20C16}) (Version: 1.0.054.00 - Lenovo)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.189 - McAfee, Inc.)
McAfee® Total Protection (HKLM-x32\...\MSC) (Version: 14.0.8185 - McAfee, Inc.)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.6769.2017 - Microsoft Corporation)
Microsoft Report Viewer 2012 Runtime (HKLM-x32\...\{9CCE40CE-A9E6-4916-8729-B008558EEF3F}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM\...\{A007BD05-ECFD-4F64-89F6-7E95F91F0DFB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Policies  (HKLM-x32\...\{DC487E40-046E-42A9-9C7C-5D2B1A7EB211}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{8CB0713F-CFE0-445D-BCB2-538465860E1A}) (Version: 11.1.3128.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM\...\{CC8B009A-98C9-497F-99AF-CEBE35D8C0CF}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Data Tools – Database Projects – Web installer entry point (HKLM-x32\...\{F3BBC56F-2282-4464-952F-A89772181F30}) (Version: 10.3.20116.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Integrated) - ENU (HKLM-x32\...\{012D26C3-E12A-3BDA-8ECE-DF14E721A507}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications Design-Time 3.0 (HKLM-x32\...\{5A03C202-08B4-3F1D-9A60-A4F53EF1B636}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications x64 Runtime 3.0 (HKLM\...\{F14401A9-F0A0-33CC-8444-F60823A60DEB}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications x86 Runtime 3.0 (HKLM-x32\...\{191A6F65-6878-398D-A272-EF011B80F371}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.0.2100.60 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.3 - Notepad++ Team)
Office 16 Click-to-Run Extensibility Component (Version: 16.0.6729.1014 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6729.1014 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.6729.1014 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 5.0.6 (HKLM\...\{D09FC154-2747-4BC8-838E-B2EC414C4F6A}) (Version: 5.0.6 - Oracle Corporation)
paint.net (HKLM\...\{DF3A46D9-67B3-44B2-9D01-25C8BA772C8A}) (Version: 4.0.6 - dotPDN LLC)
Prerequisites for SSDT  (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Skype™ 7.21 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.21.100 - Skype Technologies S.A.)
SQL Server 2012 Analysis Services (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 BI Development Studio (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Client Tools (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Common Files (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Data quality client (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Data quality service (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Distributed Replay (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Documentation Components (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Full text search (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Integration Services (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Management Studio (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Master Data Services (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Reporting Services (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 SQL Data Quality Common (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2012 (HKLM-x32\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.0.2100.60 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
Tablet Driver V7.0 (HKLM-x32\...\TabletDriver) (Version:  - )
TAP-Windows 9.21.0 (HKLM\...\TAP-Windows) (Version: 9.21.0 - )
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
The Imagination Station (remove only) (HKLM-x32\...\The Imagination Station) (Version:  - )
UninstallTabletDeviceDriver (HKLM\...\{39089688-F09E-4DAD-8C80-647D3DF68630}_is1) (Version: 11.0.0.4 - Huion Animation)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
Windows Driver Package - Graphics Tablet (WinUsb) USBDevice  (04/10/2014 8.33.30.0) (HKLM\...\142118DF51345EA02D2B1583E102C8FB95FD6D52) (Version: 04/10/2014 8.33.30.0 - Graphics Tablet)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.20.140 - Zemana Ltd.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2331855821-715679923-1060298032-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Greg\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0113EE30-2B00-408F-B695-ACB69EB9DD22} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {014874D3-E46E-41BA-9AF2-146D3190BB8B} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-02-16] (McAfee, Inc.)
Task: {047DA303-D624-4E1F-803C-8B53B235F672} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-29] (Google Inc.)
Task: {09EE8893-59DE-41AD-9F0E-1D4F4F33C529} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {10C92690-540D-43BD-BF07-E36BA3D4E912} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {12D1C548-4085-447C-9A4A-FF8F17C902AF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {1A355738-7B3C-41B2-97CA-5852BD6270DE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-04-03] (Microsoft Corporation)
Task: {204AABD3-2072-49D7-AD2A-755A25AFA143} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-04-03] (Microsoft Corporation)
Task: {2A6D92C2-8A38-4B91-9233-9ABDC10B0FA1} - System32\Tasks\{BC289B0C-2416-4FEB-BB53-17A6C77AF812} => pcalua.exe -a C:\Users\heres_yeigb7\AppData\Local\{D745E119-F3ED-8DA1-9E75-A849BA1D54D1}\uninstall.exe -c /Uninstall /s /noun /DelSelfDir
Task: {2B7A12F0-B383-43A5-A52C-25883008D9A9} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => control iMControllerService 128
Task: {50DEDC1F-483D-47E2-B11E-32FC87CDCBBE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-29] (Google Inc.)
Task: {55EBD4C9-8787-49EF-B573-7C762B71EE12} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-04-03] (Microsoft Corporation)
Task: {588400F9-0928-4448-AACD-FA82D027BDAE} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {69620BF9-3A6D-43B7-A365-F21D5152DD5E} - \gameo_update -> No File <==== ATTENTION
Task: {6DCFEAE6-56A6-424E-8C59-46D7FCBFD19B} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {957B2353-58E5-4539-BAC8-856907C7B0D9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {9CAAD3A7-72C2-42D1-8AAE-54FB84B9A926} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {A4EA7D22-3670-40B2-98B6-1873EFE56E44} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_TVSUUpdateTask => reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler  /v start /t reg_dword /d 1 /f /reg:32
Task: {A6393228-87BB-4F19-B91C-8AD2854B925A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-04-12] (Microsoft Corporation)
Task: {B01C9495-BAA7-4595-B2AB-CBE661069FF5} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-02-16] (McAfee, Inc.)
Task: {B32B4B74-CF43-44A2-BD8F-C744AFA1CCE0} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {B39A9914-84DE-4425-A67C-C21A2AC4A100} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {B66A17DC-E8D9-4C44-83AB-0844CB66CA4B} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-04-03] (Microsoft Corporation)
Task: {BB88FCAD-5BC8-421D-BF1D-A63314F18148} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {BC76BAAE-2583-4B6B-9F83-9366129A7405} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {BFF63DAE-E614-4B8C-9BEA-FA0B1C45249C} - \UpdateTask -> No File <==== ATTENTION
Task: {C7292D0A-106A-49F2-A878-D199C537EA2F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {D9D5236D-08CA-49E6-B452-F9E2BE5B6CF9} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2016-03-10] (McAfee, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\UpdateTask.job => 
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\Greg\Seraph\Downloads\whs\Start Stop Oracle.lnk -> C:\Users\Greg\Documents\Master\scritpts\Maint\Oracle.bat (No File)
Shortcut: C:\Users\Greg\Seraph\Downloads\whs\vm_ss.lnk -> C:\Users\Greg\Documents\Master\scritpts\vmware\vm_ss.bat (No File)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-11-08 17:56 - 2015-08-18 06:52 - 00020240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\TeamViewer_PrintProcessor.dll
2015-11-05 14:58 - 2016-04-03 04:34 - 00172224 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2016-04-12 14:49 - 2016-03-29 05:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-12 14:49 - 2016-03-29 05:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-04-21 18:27 - 2016-04-21 18:27 - 00959176 _____ () C:\Users\Greg\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\ClientTelemetry.dll
2016-03-15 17:18 - 2016-04-21 18:46 - 08919232 _____ () C:\Program Files\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2016-04-12 14:48 - 2016-04-01 21:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-23 09:26 - 2015-12-06 23:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-04-12 14:48 - 2016-04-01 22:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-04-12 14:48 - 2016-04-01 22:03 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-04-12 14:48 - 2016-04-01 22:00 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-04-12 14:49 - 2016-04-01 21:59 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-04-12 14:49 - 2016-04-01 22:02 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-09-02 17:30 - 2015-09-02 17:30 - 00415120 _____ () C:\WINDOWS\system32\igfxTray.exe
2015-10-30 02:18 - 2015-10-30 02:18 - 00218456 _____ () c:\windows\system32\WerEtw.dll
2016-04-19 12:57 - 2016-04-19 12:57 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2014-11-19 10:36 - 2014-11-19 10:36 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2016-04-21 18:27 - 2016-04-21 18:27 - 00679624 _____ () C:\Users\Greg\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\ClientTelemetry.dll
2015-09-03 15:45 - 2015-09-03 15:45 - 00439304 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2015-09-03 15:45 - 2015-09-03 15:45 - 00321032 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2016-04-19 12:57 - 2016-04-19 12:57 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 12:57 - 2016-04-19 12:57 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-04-12 13:33 - 2016-04-06 05:04 - 01675928 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\libglesv2.dll
2016-04-12 13:33 - 2016-04-06 05:04 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2015-08-18 20:58 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2331855821-715679923-1060298032-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Greg\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\{f0cfe65c-3f60-4698-89ba-0a952266ecce}.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows"
HKU\S-1-5-21-2331855821-715679923-1060298032-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_9CCDD43624CF0A67FCB8D07A1D3BBB05"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{1CF02EE4-F171-40F9-B3B8-74CA1DD74842}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{002EF48D-D245-4001-8F2B-8B51DD476FE0}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{C151C8D1-62A1-4DEE-927B-5ECF1FF7E776}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{87813C4C-B060-4647-B586-FEB267C853FE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{30501B71-C34E-43F7-87E4-441634101448}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{002B7EB5-7911-4F70-B1B2-1481201D3966}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{366CAA0C-B60B-47AF-BE45-F2FDAC32BFAD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [UDP Query User{9469BCE9-CBCE-434D-9033-792A60AA2AEA}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{E5DC3E9C-C2BE-4ABF-AE91-13CCCEF047C4}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{5BDDDC53-6835-4078-BC91-FDEF14132E7C}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{FA6761D9-DACD-412F-BFB5-2F7EB20D1AC9}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{9DA70615-A6BB-4C18-A1D0-726A38B65468}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{64C2D23A-6746-4F89-A789-9B04075C9AD4}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{C7B2C100-6750-48F2-BD1B-7710008A7CB1}] => (Allow) C:\Program Files (x86)\istation\IStation.exe
FirewallRules: [{AC90E0C9-6025-4C36-AAC8-7E782F2341D4}] => (Allow) C:\Program Files (x86)\istation\IStation.exe
FirewallRules: [{7B02C647-ED9B-48F6-BEAA-5C90146F5FFC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
29-03-2016 16:33:11 Installed Java™ 6 Update 27
12-04-2016 14:41:45 Scheduled Checkpoint
21-04-2016 20:05:35 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/23/2016 07:44:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: igfxEM.exe, version: 6.15.10.4248, time stamp: 0x55c14755
Faulting module name: igfxDI.dll, version: 6.15.10.4248, time stamp: 0x55c146e4
Exception code: 0xc000041d
Fault offset: 0x0000000000010d6b
Faulting process id: 0x228c
Faulting application start time: 0xigfxEM.exe0
Faulting application path: igfxEM.exe1
Faulting module path: igfxEM.exe2
Report Id: igfxEM.exe3
Faulting package full name: igfxEM.exe4
Faulting package-relative application ID: igfxEM.exe5
 
Error: (04/23/2016 07:44:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: igfxEM.exe, version: 6.15.10.4248, time stamp: 0x55c14755
Faulting module name: igfxDI.dll, version: 6.15.10.4248, time stamp: 0x55c146e4
Exception code: 0xc0000005
Fault offset: 0x0000000000010d6b
Faulting process id: 0x228c
Faulting application start time: 0xigfxEM.exe0
Faulting application path: igfxEM.exe1
Faulting module path: igfxEM.exe2
Report Id: igfxEM.exe3
Faulting package full name: igfxEM.exe4
Faulting package-relative application ID: igfxEM.exe5
 
Error: (04/23/2016 07:43:18 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ZION)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024891 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/23/2016 07:40:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: McUICnt.exe, version: 7.0.8093.0, time stamp: 0x56e118f5
Faulting module name: ntdll.dll, version: 10.0.10586.122, time stamp: 0x56cbf9dd
Exception code: 0xc000000d
Fault offset: 0x00000000000f5670
Faulting process id: 0x3528
Faulting application start time: 0xMcUICnt.exe0
Faulting application path: McUICnt.exe1
Faulting module path: McUICnt.exe2
Report Id: McUICnt.exe3
Faulting package full name: McUICnt.exe4
Faulting package-relative application ID: McUICnt.exe5
 
Error: (04/23/2016 07:38:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Lenovo.Modern.ImController.PluginHost.exe, version: 1.0.72.0, time stamp: 0x56aaf746
Faulting module name: KERNELBASE.dll, version: 10.0.10586.162, time stamp: 0x56cd55ab
Exception code: 0xe0434352
Fault offset: 0x000bdad8
Faulting process id: 0x2c8c
Faulting application start time: 0xLenovo.Modern.ImController.PluginHost.exe0
Faulting application path: Lenovo.Modern.ImController.PluginHost.exe1
Faulting module path: Lenovo.Modern.ImController.PluginHost.exe2
Report Id: Lenovo.Modern.ImController.PluginHost.exe3
Faulting package full name: Lenovo.Modern.ImController.PluginHost.exe4
Faulting package-relative application ID: Lenovo.Modern.ImController.PluginHost.exe5
 
Error: (04/23/2016 07:38:37 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Lenovo.Modern.ImController.PluginHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.BadImageFormatException
   at LenovoAudioPlugin.AudioAccess.RunCustomMonitor(IntPtr, IntPtr, System.String, Int32)
   at LenovoAudioPlugin.AudioAccess+<>c.<RespondToEventAsync>b__13_0()
   at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart()
 
Error: (04/23/2016 07:35:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Lenovo.Modern.ImController.PluginHost.exe, version: 1.0.72.0, time stamp: 0x56aaf746
Faulting module name: KERNELBASE.dll, version: 10.0.10586.162, time stamp: 0x56cd55ab
Exception code: 0xe0434352
Fault offset: 0x000bdad8
Faulting process id: 0x1b48
Faulting application start time: 0xLenovo.Modern.ImController.PluginHost.exe0
Faulting application path: Lenovo.Modern.ImController.PluginHost.exe1
Faulting module path: Lenovo.Modern.ImController.PluginHost.exe2
Report Id: Lenovo.Modern.ImController.PluginHost.exe3
Faulting package full name: Lenovo.Modern.ImController.PluginHost.exe4
Faulting package-relative application ID: Lenovo.Modern.ImController.PluginHost.exe5
 
Error: (04/23/2016 07:35:35 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Lenovo.Modern.ImController.PluginHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.BadImageFormatException
   at LenovoAudioPlugin.AudioAccess.RunCustomMonitor(IntPtr, IntPtr, System.String, Int32)
   at LenovoAudioPlugin.AudioAccess+<>c.<RespondToEventAsync>b__13_0()
   at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart()
 
Error: (04/21/2016 08:05:48 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (04/21/2016 06:38:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: igfxEM.exe, version: 6.15.10.4248, time stamp: 0x55c14755
Faulting module name: igfxDI.dll, version: 6.15.10.4248, time stamp: 0x55c146e4
Exception code: 0xc000041d
Fault offset: 0x0000000000010d6b
Faulting process id: 0x23a4
Faulting application start time: 0xigfxEM.exe0
Faulting application path: igfxEM.exe1
Faulting module path: igfxEM.exe2
Report Id: igfxEM.exe3
Faulting package full name: igfxEM.exe4
Faulting package-relative application ID: igfxEM.exe5
 
 
System errors:
=============
Error: (04/23/2016 07:44:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_3833402 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (04/23/2016 07:44:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_3833402 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (04/23/2016 07:44:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_3833402 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (04/23/2016 07:44:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_3833402 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (04/23/2016 07:44:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (04/23/2016 07:43:18 PM) (Source: DCOM) (EventID: 10016) (User: ZION)
Description: application-specificLocalActivationCortanaUI.AppXjxtspbn4351hrtx8tc95e89kaz3h2f1f.mcaUnavailableZIONGregS-1-5-21-2331855821-715679923-1060298032-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (04/23/2016 07:41:37 PM) (Source: DCOM) (EventID: 10016) (User: ZION)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}ZIONGregS-1-5-21-2331855821-715679923-1060298032-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (04/23/2016 07:40:44 PM) (Source: DCOM) (EventID: 10016) (User: ZION)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}ZIONGregS-1-5-21-2331855821-715679923-1060298032-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (04/23/2016 07:40:33 PM) (Source: DCOM) (EventID: 10016) (User: ZION)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}ZIONGregS-1-5-21-2331855821-715679923-1060298032-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (04/23/2016 07:40:24 PM) (Source: DCOM) (EventID: 10016) (User: ZION)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}ZIONGregS-1-5-21-2331855821-715679923-1060298032-1001LocalHost (Using LRPC)UnavailableUnavailable
 
 
CodeIntegrity:
===================================
  Date: 2016-04-21 19:14:14.964
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-04-19 12:56:18.990
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-04-12 19:48:57.744
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-04-03 11:37:53.065
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-28 16:52:33.197
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-15 17:19:59.669
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-14 19:53:11.647
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-13 20:10:30.926
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-10 03:33:43.285
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-02 03:35:10.192
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4440 CPU @ 3.10GHz
Percentage of memory in use: 24%
Total physical RAM: 16298.36 MB
Available physical RAM: 12234.83 MB
Total Virtual: 17322.36 MB
Available Virtual: 13112.99 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:905.25 GB) (Free:590.64 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 6CC225C2)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#7 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:01 AM

Posted 24 April 2016 - 04:05 PM

Hi again

Windows Firewall is enabled.

Previously also i said, but still windows Firewall is enabled. Please disable do.

================================================================================

Step 1:

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

start
Task: {0113EE30-2B00-408F-B695-ACB69EB9DD22} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {09EE8893-59DE-41AD-9F0E-1D4F4F33C529} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {10C92690-540D-43BD-BF07-E36BA3D4E912} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {12D1C548-4085-447C-9A4A-FF8F17C902AF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {2A6D92C2-8A38-4B91-9233-9ABDC10B0FA1} - System32\Tasks\{BC289B0C-2416-4FEB-BB53-17A6C77AF812} => pcalua.exe -a C:\Users\heres_yeigb7\AppData\Local\{D745E119-F3ED-8DA1-9E75-A849BA1D54D1}\uninstall.exe -c /Uninstall /s /noun /DelSelfDir
Task: {588400F9-0928-4448-AACD-FA82D027BDAE} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {69620BF9-3A6D-43B7-A365-F21D5152DD5E} - \gameo_update -> No File <==== ATTENTION
Task: {957B2353-58E5-4539-BAC8-856907C7B0D9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {9CAAD3A7-72C2-42D1-8AAE-54FB84B9A926} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {B39A9914-84DE-4425-A67C-C21A2AC4A100} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {BB88FCAD-5BC8-421D-BF1D-A63314F18148} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {BC76BAAE-2583-4B6B-9F83-9366129A7405} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {BFF63DAE-E614-4B8C-9BEA-FA0B1C45249C} - \UpdateTask -> No File <==== ATTENTION
Task: {C7292D0A-106A-49F2-A878-D199C537EA2F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\UpdateTask.job =>
Shortcut: C:\Users\Greg\Seraph\Downloads\whs\Start Stop Oracle.lnk -> C:\Users\Greg\Documents\Master\scritpts\Maint\Oracle.bat (No File)
Shortcut: C:\Users\Greg\Seraph\Downloads\whs\vm_ss.lnk -> C:\Users\Greg\Documents\Master\scritpts\vmware\vm_ss.bat (No File)
GroupPolicyUsers\S-1-5-21-2331855821-715679923-1060298032-1006\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2331855821-715679923-1060298032-1005\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2331855821-715679923-1060298032-1004\User: Restriction <======= ATTENTION
C:\Users\UserName\AppData\Local\Chromium\Application\50.0.2631.0\49.0.2581.0.manifest
C:\Users\UserName\AppData\Local\Chromium\Application\50.0.2631.0\49.0.2582.0.manifest
C:\Users\UserName\AppData\Local\Chromium\Application\50.0.2631.0\49.0.2583.0.manifest
C:\Users\UserName\AppData\Local\Chromium\Application\50.0.2631.0\49.0.2584.0.manifest
HKEY_CURRENT_USER\Software\Chromium
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Chromium
HKEY_LOCAL_MACHINE\Software\Clients\StartMenuInternet\Chromium.LKEVR6THFDJYPALXGIKHGOXOIE
HKEY_CLASSES_ROOT\ChromiumHTM.LKEVR6THFDJYPALXGIKHGOXOIE\DefaultIcon\
HKEY_CLASSES_ROOT\ChromiumHTM.LKEVR6THFDJYPALXGIKHGOXOIE\shell\open\command\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Chromium\DisplayIcon
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Chromium\DisplayName
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2016-03-29] (Sun Microsystems, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=C211US0D20151206&p={searchTerms}
2016-03-29 16:32 - 2016-03-29 16:32 - 16897824 _____ (Sun Microsystems, Inc.) C:\Users\heres_yeigb7\Downloads\jre-6u27-windows-i586.exe
2016-01-22 04:23 - 2016-01-22 04:23 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
C:\Users\heres_yeigb7\AppData\Local\Temp
C:\Users\heres_3xpxvmr\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\heres_yeigb7\AppData\Local\Temp\jansi-64-1130120991910054978.dll
C:\Users\heres_yeigb7\AppData\Local\Temp\jansi-64-1668858295041799502.dll
C:\Users\heres_yeigb7\AppData\Local\Temp\jansi-64-1681979673571303545.dll
C:\Users\heres_yeigb7\AppData\Local\Temp\jansi-64-2015801249387494703.dll
C:\Users\heres_yeigb7\AppData\Local\Temp\jansi-64-2646251359903989869.dll
C:\Users\heres_yeigb7\AppData\Local\Temp\jansi-64-426312345832316055.dll
C:\Users\heres_yeigb7\AppData\Local\Temp\jansi-64-4398426683774344019.dll
C:\Users\heres_yeigb7\AppData\Local\Temp\jansi-64-5357240478730748430.dll
C:\Users\heres_yeigb7\AppData\Local\Temp\jansi-64-5778452632405658353.dll
C:\Users\heres_yeigb7\AppData\Local\Temp\jansi-64-7251268532331749603.dll
C:\Users\heres_yeigb7\AppData\Local\Temp\jansi-64-7766569324946626159.dll
C:\Users\heres_yeigb7\AppData\Local\Temp\jansi-64-7885909645240311161.dll
C:\Users\heres_yeigb7\AppData\Local\Temp\jansi-64-995485179080347411.dll
CMD: ipconfig /flushdns
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ip reset
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: netsh winsock reset
EmptyTemp:
Reboot:

Close Notepad.

NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system to restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.

 

Step 2:
 Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete or Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 3:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#8 gregbsens

gregbsens
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 26 April 2016 - 02:04 PM

shoot, sorry about the firewall.  Should I run frst again?

 

 

Here are the files you asked for.  

 

 

fixlog.txt

===================================================================

Fix result of Farbar Recovery Scan Tool (x64) Version:18-04-2016
Ran by Greg (2016-04-26 12:49:09) Run:1
Running from C:\Users\Greg\Desktop
Loaded Profiles: Greg (Available Profiles: Greg & heres & heres_yeigb7 & heres_3xpxvmr & MsDtsServer110 & MSSQLServerOLAPService & ReportServer & MSSQLFDLauncher & SQLSERVERAGENT & MSSQLSERVER)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
Task: {0113EE30-2B00-408F-B695-ACB69EB9DD22} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {09EE8893-59DE-41AD-9F0E-1D4F4F33C529} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {10C92690-540D-43BD-BF07-E36BA3D4E912} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {12D1C548-4085-447C-9A4A-FF8F17C902AF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {2A6D92C2-8A38-4B91-9233-9ABDC10B0FA1} - System32\Tasks\{BC289B0C-2416-4FEB-BB53-17A6C77AF812} => pcalua.exe -a C:\Users\heres_yeigb7\AppData\Local\{D745E119-F3ED-8DA1-9E75-A849BA1D54D1}\uninstall.exe -c /Uninstall /s /noun /DelSelfDir
Task: {588400F9-0928-4448-AACD-FA82D027BDAE} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {69620BF9-3A6D-43B7-A365-F21D5152DD5E} - \gameo_update -> No File <==== ATTENTION
Task: {957B2353-58E5-4539-BAC8-856907C7B0D9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {9CAAD3A7-72C2-42D1-8AAE-54FB84B9A926} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {B39A9914-84DE-4425-A67C-C21A2AC4A100} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {BB88FCAD-5BC8-421D-BF1D-A63314F18148} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {BC76BAAE-2583-4B6B-9F83-9366129A7405} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {BFF63DAE-E614-4B8C-9BEA-FA0B1C45249C} - \UpdateTask -> No File <==== ATTENTION
Task: {C7292D0A-106A-49F2-A878-D199C537EA2F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\UpdateTask.job =>
Shortcut: C:\Users\Greg\Seraph\Downloads\whs\Start Stop Oracle.lnk -> C:\Users\Greg\Documents\Master\scritpts\Maint\Oracle.bat (No File)
Shortcut: C:\Users\Greg\Seraph\Downloads\whs\vm_ss.lnk -> C:\Users\Greg\Documents\Master\scritpts\vmware\vm_ss.bat (No File)
GroupPolicyUsers\S-1-5-21-2331855821-715679923-1060298032-1006\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2331855821-715679923-1060298032-1005\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2331855821-715679923-1060298032-1004\User: Restriction <======= ATTENTION
C:\Users\UserName\AppData\Local\Chromium\Application\50.0.2631.0\49.0.2581.0.manifest
C:\Users\UserName\AppData\Local\Chromium\Application\50.0.2631.0\49.0.2582.0.manifest
C:\Users\UserName\AppData\Local\Chromium\Application\50.0.2631.0\49.0.2583.0.manifest
C:\Users\UserName\AppData\Local\Chromium\Application\50.0.2631.0\49.0.2584.0.manifest
HKEY_CURRENT_USER\Software\Chromium
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Chromium
HKEY_LOCAL_MACHINE\Software\Clients\StartMenuInternet\Chromium.LKEVR6THFDJYPALXGIKHGOXOIE
HKEY_CLASSES_ROOT\ChromiumHTM.LKEVR6THFDJYPALXGIKHGOXOIE\DefaultIcon\
HKEY_CLASSES_ROOT\ChromiumHTM.LKEVR6THFDJYPALXGIKHGOXOIE\shell\open\command\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Chromium\DisplayIcon
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Chromium\DisplayName
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2016-03-29] (Sun Microsystems, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=C211US0D20151206&p={searchTerms}
2016-03-29 16:32 - 2016-03-29 16:32 - 16897824 _____ (Sun Microsystems, Inc.) C:\Users\heres_yeigb7\Downloads\jre-6u27-windows-i586.exe
2016-01-22 04:23 - 2016-01-22 04:23 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
C:\Users\heres_yeigb7\AppData\Local\Temp
C:\Users\heres_3xpxvmr\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\heres_yeigb7\AppData\Local\Temp\jansi-64-1130120991910054978.dll
C:\Users\heres_yeigb7\AppData\Local\Temp\jansi-64-1668858295041799502.dll
C:\Users\heres_yeigb7\AppData\Local\Temp\jansi-64-1681979673571303545.dll
C:\Users\heres_yeigb7\AppData\Local\Temp\jansi-64-2015801249387494703.dll
C:\Users\heres_yeigb7\AppData\Local\Temp\jansi-64-2646251359903989869.dll
C:\Users\heres_yeigb7\AppData\Local\Temp\jansi-64-426312345832316055.dll
C:\Users\heres_yeigb7\AppData\Local\Temp\jansi-64-4398426683774344019.dll
C:\Users\heres_yeigb7\AppData\Local\Temp\jansi-64-5357240478730748430.dll
C:\Users\heres_yeigb7\AppData\Local\Temp\jansi-64-5778452632405658353.dll
C:\Users\heres_yeigb7\AppData\Local\Temp\jansi-64-7251268532331749603.dll
C:\Users\heres_yeigb7\AppData\Local\Temp\jansi-64-7766569324946626159.dll
C:\Users\heres_yeigb7\AppData\Local\Temp\jansi-64-7885909645240311161.dll
C:\Users\heres_yeigb7\AppData\Local\Temp\jansi-64-995485179080347411.dll
CMD: ipconfig /flushdns
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ip reset
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: netsh winsock reset
EmptyTemp:
Reboot:
*****************
 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0113EE30-2B00-408F-B695-ACB69EB9DD22}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0113EE30-2B00-408F-B695-ACB69EB9DD22}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{09EE8893-59DE-41AD-9F0E-1D4F4F33C529}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09EE8893-59DE-41AD-9F0E-1D4F4F33C529}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{10C92690-540D-43BD-BF07-E36BA3D4E912}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10C92690-540D-43BD-BF07-E36BA3D4E912}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{12D1C548-4085-447C-9A4A-FF8F17C902AF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{12D1C548-4085-447C-9A4A-FF8F17C902AF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2A6D92C2-8A38-4B91-9233-9ABDC10B0FA1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A6D92C2-8A38-4B91-9233-9ABDC10B0FA1}" => key removed successfully
C:\WINDOWS\System32\Tasks\{BC289B0C-2416-4FEB-BB53-17A6C77AF812} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BC289B0C-2416-4FEB-BB53-17A6C77AF812}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{588400F9-0928-4448-AACD-FA82D027BDAE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{588400F9-0928-4448-AACD-FA82D027BDAE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{69620BF9-3A6D-43B7-A365-F21D5152DD5E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69620BF9-3A6D-43B7-A365-F21D5152DD5E}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\gameo_update => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{957B2353-58E5-4539-BAC8-856907C7B0D9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{957B2353-58E5-4539-BAC8-856907C7B0D9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9CAAD3A7-72C2-42D1-8AAE-54FB84B9A926}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9CAAD3A7-72C2-42D1-8AAE-54FB84B9A926}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B39A9914-84DE-4425-A67C-C21A2AC4A100}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B39A9914-84DE-4425-A67C-C21A2AC4A100}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BB88FCAD-5BC8-421D-BF1D-A63314F18148}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB88FCAD-5BC8-421D-BF1D-A63314F18148}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BC76BAAE-2583-4B6B-9F83-9366129A7405}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC76BAAE-2583-4B6B-9F83-9366129A7405}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BFF63DAE-E614-4B8C-9BEA-FA0B1C45249C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BFF63DAE-E614-4B8C-9BEA-FA0B1C45249C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdateTask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C7292D0A-106A-49F2-A878-D199C537EA2F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C7292D0A-106A-49F2-A878-D199C537EA2F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
Task: C:\WINDOWS\Tasks\UpdateTask.job => => not found.
Shortcut: C:\Users\Greg\Seraph\Downloads\whs\Start Stop Oracle.lnk -> C:\Users\Greg\Documents\Master\scritpts\Maint\Oracle.bat (No File) => Error: No automatic fix found for this entry.
Shortcut: C:\Users\Greg\Seraph\Downloads\whs\vm_ss.lnk -> C:\Users\Greg\Documents\Master\scritpts\vmware\vm_ss.bat (No File) => Error: No automatic fix found for this entry.
C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-2331855821-715679923-1060298032-1006\User => moved successfully
C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-2331855821-715679923-1060298032-1005\User => moved successfully
C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-2331855821-715679923-1060298032-1004\User => moved successfully
"C:\Users\UserName\AppData\Local\Chromium\Application\50.0.2631.0\49.0.2581.0.manifest" => not found.
"C:\Users\UserName\AppData\Local\Chromium\Application\50.0.2631.0\49.0.2582.0.manifest" => not found.
"C:\Users\UserName\AppData\Local\Chromium\Application\50.0.2631.0\49.0.2583.0.manifest" => not found.
"C:\Users\UserName\AppData\Local\Chromium\Application\50.0.2631.0\49.0.2584.0.manifest" => not found.
HKEY_CURRENT_USER\Software\Chromium => Error: No automatic fix found for this entry.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Chromium => Error: No automatic fix found for this entry.
HKEY_LOCAL_MACHINE\Software\Clients\StartMenuInternet\Chromium.LKEVR6THFDJYPALXGIKHGOXOIE => Error: No automatic fix found for this entry.
HKEY_CLASSES_ROOT\ChromiumHTM.LKEVR6THFDJYPALXGIKHGOXOIE\DefaultIcon\ => Error: No automatic fix found for this entry.
HKEY_CLASSES_ROOT\ChromiumHTM.LKEVR6THFDJYPALXGIKHGOXOIE\shell\open\command\ => Error: No automatic fix found for this entry.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Chromium\DisplayIcon => Error: No automatic fix found for this entry.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Chromium\DisplayName => Error: No automatic fix found for this entry.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin" => key removed successfully
C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll => not found.
Chrome DefaultSearchURL => removed successfully
C:\Users\heres_yeigb7\Downloads\jre-6u27-windows-i586.exe => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
C:\Users\heres_yeigb7\AppData\Local\Temp => moved successfully
C:\Users\heres_3xpxvmr\AppData\Local\Temp\jre-8u73-windows-au.exe => moved successfully
"C:\Users\heres_yeigb7\AppData\Local\Temp\jansi-64-1130120991910054978.dll" => not found.
"C:\Users\heres_yeigb7\AppData\Local\Temp\jansi-64-1668858295041799502.dll" => not found.
"C:\Users\heres_yeigb7\AppData\Local\Temp\jansi-64-1681979673571303545.dll" => not found.
"C:\Users\heres_yeigb7\AppData\Local\Temp\jansi-64-2015801249387494703.dll" => not found.
"C:\Users\heres_yeigb7\AppData\Local\Temp\jansi-64-2646251359903989869.dll" => not found.
"C:\Users\heres_yeigb7\AppData\Local\Temp\jansi-64-426312345832316055.dll" => not found.
"C:\Users\heres_yeigb7\AppData\Local\Temp\jansi-64-4398426683774344019.dll" => not found.
"C:\Users\heres_yeigb7\AppData\Local\Temp\jansi-64-5357240478730748430.dll" => not found.
"C:\Users\heres_yeigb7\AppData\Local\Temp\jansi-64-5778452632405658353.dll" => not found.
"C:\Users\heres_yeigb7\AppData\Local\Temp\jansi-64-7251268532331749603.dll" => not found.
"C:\Users\heres_yeigb7\AppData\Local\Temp\jansi-64-7766569324946626159.dll" => not found.
"C:\Users\heres_yeigb7\AppData\Local\Temp\jansi-64-7885909645240311161.dll" => not found.
"C:\Users\heres_yeigb7\AppData\Local\Temp\jansi-64-995485179080347411.dll" => not found.
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  ipconfig /release =========
 
 
Windows IP Configuration
 
No operation can be performed on Ethernet while it has its media disconnected.
No operation can be performed on Local Area Connection* 2 while it has its media disconnected.
No operation can be performed on Ethernet 2 while it has its media disconnected.
No operation can be performed on Ethernet 4 while it has its media disconnected.
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Local Area Connection* 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Ethernet adapter Ethernet 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::48c9:41db:3e7f:d98a%11
   Default Gateway . . . . . . . . . : fe80::c6e9:84ff:feed:a70%11
 
Ethernet adapter Ethernet 4:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:24cd:2b8a:bb8b:7eb7
   Link-local IPv6 Address . . . . . : fe80::24cd:2b8a:bb8b:7eb7%9
   Default Gateway . . . . . . . . . : ::
 
========= End of CMD: =========
 
 
=========  ipconfig /renew =========
 
 
Windows IP Configuration
 
No operation can be performed on Ethernet while it has its media disconnected.
No operation can be performed on Local Area Connection* 2 while it has its media disconnected.
No operation can be performed on Ethernet 2 while it has its media disconnected.
No operation can be performed on Ethernet 4 while it has its media disconnected.
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Local Area Connection* 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Ethernet adapter Ethernet 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::48c9:41db:3e7f:d98a%11
   IPv4 Address. . . . . . . . . . . : 192.168.1.116
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : fe80::c6e9:84ff:feed:a70%11
                                       192.168.1.1
 
Ethernet adapter Ethernet 4:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter isatap.{D0C93F98-47E6-493D-AE08-B0CF2EFDE859}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:24cd:2b8a:bb8b:7eb7
   Link-local IPv6 Address . . . . . : fe80::24cd:2b8a:bb8b:7eb7%9
   Default Gateway . . . . . . . . . : ::
 
========= End of CMD: =========
 
 
=========  netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh int ip reset =========
 
Resetting Global, OK!
Resetting Interface, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv4 reset =========
 
Resetting , failed.
Access is denied.
 
There's no user specified settings to be reset.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv6 reset =========
 
Resetting Interface, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  netsh winsock reset =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
EmptyTemp: => 606.1 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 12:49:56 ====
 
 
 
C:\AdwCleaner[S1].txt
==========================================================================
# AdwCleaner v5.113 - Logfile created 26/04/2016 at 13:41:49
# Updated 24/04/2016 by Xplode
# Database : 2016-04-24.3 [Server]
# Operating system : Windows 10 Pro  (X64)
# Username : Greg - ZION
# Running from : C:\Users\Greg\Downloads\adwcleaner_5.113.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
File Found : C:\Users\heres_yeigb7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url
File Found : C:\Users\heres_yeigb7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_terraria.en.softonic.com_0.localstorage
File Found : C:\Users\heres_yeigb7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_terraria.en.softonic.com_0.localstorage-journal
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
Task Found : updateTask
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
 
*************************
 
C:\AdwCleaner\AdwCleaner[S1].txt - [1020 bytes] - [26/04/2016 13:41:49]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1093 bytes] ##########
 
 
 
JRT.txt
======================================================================
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.5 (04.20.2016)
Operating System: Windows 10 Pro x64 
Ran by Greg (Administrator) on Tue 04/26/2016 at 13:56:09.83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 0 
 
 
 
 
Registry: 1 
 
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_9CCDD43624CF0A67FCB8D07A1D3BBB05 (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 04/26/2016 at 13:57:36.11
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#9 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:01 AM

Posted 26 April 2016 - 02:19 PM

Hi gregbsens,
 
Did you do a remove with the Adwcleaner

 

Step 1:

  • Temporarily disable your Antivirus protection - if you don't know how to do that, please consult the article below.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

  • Please download ZOEK and save it to your desktop (preferred version is the *.exe one - upper left corner).

http://hijackthis.nl/smeenk/

  • Attached to this message you will find a file called zoekscript

txt.gif  zoekscript.txt   188bytes   19 downloads

  • Download it too and save to your desktop - _it needs to be in the same location as the ZOEK tool
  • Drag zoekscript file and drop it onto ZOEK icon - this should launch the program:
  • The scan may take a while and may need a reboot.
  • Upon completion a file zoek-results should appear.
  • Attach it for my review.

Step 2:

  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program
  • Once the update is completed click the Back button
  • Click on 2. Scan (not Quick Scan or Smart Scan)
  • Click Yes to detect Potentially Unwanted Programs (PUPs)
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Attach the report to your reply
  • Close the program then click Close

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#10 gregbsens

gregbsens
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 26 April 2016 - 02:28 PM

Ok after doing all of those things I looked and the chromium app still existed.  So before the restart I went and renamed the folder "Chromium" to "Malware_Chromium"

 

C:\Users\heres_yeigb7\AppData\Local\Malware_Chromium

 

Then the executable in the application directory from chrome.exe to "malware_chrome.exxe"

 

After the restart the profile no longer tries to auto launch the chrome browser to gameo.  However when lauching Chrome it still opens to us.search.



#11 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:01 AM

Posted 26 April 2016 - 02:52 PM

Perfekt, now Zoekscript and Emsisoft run please.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#12 gregbsens

gregbsens
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 26 April 2016 - 03:43 PM

Hopefully this will fix the us.search issue.  :)

 

 

Here are the results.  

 

 
Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Greg on Tue 04/26/2016 at 14:32:41.70.
Microsoft Windows 10 Pro 10.0.10586  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Greg\Desktop\zoek (1).exe    [Scan all users]   [Quick Scan] [Auto Clean]
 
==== System Restore Info ======================
 
4/26/2016 2:34:14 PM Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\PROGRA~2\COMMON~1\Merge Modules deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\Users\MsDtsServer110\AppData\LocalLow deleted successfully
C:\Users\MSSQLFDLauncher\AppData\LocalLow deleted successfully
C:\Users\MSSQLSERVER\AppData\LocalLow deleted successfully
C:\Users\MSSQLServerOLAPService\AppData\LocalLow deleted successfully
C:\Users\Greg\AppData\Local\ActiveSync deleted successfully
C:\Users\Greg\AppData\Local\NetworkTiles deleted successfully
C:\Users\Greg\AppData\Local\PackageStaging deleted successfully
C:\Users\Greg\AppData\Local\PeerDistRepub deleted successfully
C:\Users\Greg\AppData\Local\Skype deleted successfully
C:\Users\Greg\AppData\Local\VirtualStore deleted successfully
C:\Users\heres\AppData\Local\ActiveSync deleted successfully
C:\Users\heres\AppData\Local\NetworkTiles deleted successfully
C:\Users\heres\AppData\Local\PackageStaging deleted successfully
C:\Users\heres\AppData\Local\VirtualStore deleted successfully
C:\Users\heres_3xpxvmr\AppData\Local\ActiveSync deleted successfully
C:\Users\heres_3xpxvmr\AppData\Local\NetworkTiles deleted successfully
C:\Users\heres_3xpxvmr\AppData\Local\PackageStaging deleted successfully
C:\Users\heres_yeigb7\AppData\Local\ActiveSync deleted successfully
C:\Users\heres_yeigb7\AppData\Local\NetworkTiles deleted successfully
C:\Users\heres_yeigb7\AppData\Local\OfficeBSCache-MyComputer deleted successfully
C:\Users\heres_yeigb7\AppData\Local\PackageStaging deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~3\Package Cache deleted
C:\Users\heres_yeigb7\AppData\Local\{D745E119-F3ED-8DA1-9E75-A849BA1D54D1} deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
 
==== Files Recently Created / Modified ======================
 
====== C:\WINDOWS ====
2016-04-21 23:53:40 FD12E427F848C67FB93317C7ED225831 33606 ----a-w- C:\WINDOWS\ZAM.krnl.trace
2016-04-21 23:53:39 A8C920F773C59782FD036208F2BFF081 3789 ----a-w- C:\WINDOWS\ZAM_Guard.krnl.trace
====== C:\Users\Greg\AppData\Local\Temp ====
====== Java Cache =====
2016-04-17 20:57:04 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Greg\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-6bd5dafe
====== C:\WINDOWS\SysWOW64 =====
2016-04-12 19:49:26 E07F85C08C025B08F25150E60CB69B44 37376 ----a-w- C:\WINDOWS\SysWOW64\atmlib.dll
2016-04-12 19:49:26 529ADF562993ACA4B8AB43847F42F9B0 18673664 ----a-w- C:\WINDOWS\SysWOW64\edgehtml.dll
2016-04-12 19:49:26 49A21B514FC10B2D55499D58DC78E862 45568 ----a-w- C:\WINDOWS\SysWOW64\jsproxy.dll
2016-04-12 19:49:25 C31E805C9AD3DBEA0A75337312967E77 792064 ----a-w- C:\WINDOWS\SysWOW64\kerberos.dll
2016-04-12 19:49:25 B4102814D9B1D1FC6C39869D7F224E12 303104 ----a-w- C:\WINDOWS\SysWOW64\atmfd.dll
2016-04-12 19:49:25 2BFF4D19D7FC686C150879A2FD5BAE77 2229760 ----a-w- C:\WINDOWS\SysWOW64\wininet.dll
2016-04-12 19:49:24 FD639F1372389D7C5990663D6A100CFE 541304 ----a-w- C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-04-12 19:49:24 D5BF10F0C309C82820813A7190CE1F5F 65536 ----a-w- C:\WINDOWS\SysWOW64\wininetlui.dll
2016-04-12 19:49:24 51A5FD6E5EF1E9A2C63C615F238961F9 1500672 ----a-w- C:\WINDOWS\SysWOW64\urlmon.dll
2016-04-12 19:49:24 17998B6098C06B8FAA32890D6E1F7A58 19340800 ----a-w- C:\WINDOWS\SysWOW64\mshtml.dll
2016-04-12 19:49:23 F172B5FDEACA0C57A4892208F617AB91 12125184 ----a-w- C:\WINDOWS\SysWOW64\ieframe.dll
2016-04-12 19:49:21 D28C3C4AAB51D00FD6EFA07F6DCC1CBA 1862008 ----a-w- C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-04-12 19:49:11 C57E960CD2C7F64AE0295DF0423FE071 1444352 ----a-w- C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-04-12 19:49:11 B74C5FA6221607F864C62090F74FDB80 799744 ----a-w- C:\WINDOWS\SysWOW64\SRH.dll
2016-04-12 19:49:09 3D74763FFF3EF03D8CC9233B5A0EBBB2 13018624 ----a-w- C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-04-12 19:49:08 65930B7D5917CB0D76CAA51A46F3850B 9918976 ----a-w- C:\WINDOWS\SysWOW64\twinui.dll
2016-04-12 19:49:07 408AF8141C4A44BC120F4204F8F79A75 1944576 ----a-w- C:\WINDOWS\SysWOW64\InputService.dll
2016-04-12 19:49:05 0822CB125008CFCA3DFB52C9DF118273 5662208 ----a-w- C:\WINDOWS\SysWOW64\Chakra.dll
2016-04-12 19:49:02 287FAD133D3E5F47DB367B86DC523631 2798080 ----a-w- C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-04-12 19:49:02 15C9692077BA7E20D64E34AE6210B438 5202944 ----a-w- C:\WINDOWS\SysWOW64\BingMaps.dll
2016-04-12 19:48:59 265DB46FE368D8F701A74976D3823ADC 986976 ----a-w- C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-04-12 19:48:58 4B6F30BA21606440EC91852F15B296A9 1626624 ----a-w- C:\WINDOWS\SysWOW64\dwmcore.dll
2016-04-12 19:48:57 CC2F923F02D8EB36D0C442CE709B6CD9 1139712 ----a-w- C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-04-12 19:48:56 402A33FCE08200518FB0012A6BF2E966 2722816 ----a-w- C:\WINDOWS\SysWOW64\esent.dll
2016-04-12 19:48:55 395AC69CCD9E2D590775AA6ADD2AE1D2 649728 ----a-w- C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-04-12 19:48:54 127D1DD4E7385AB56A32D72CF948DB9B 711680 ----a-w- C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-04-12 19:48:53 2C313D0D6CAF3467664058F15742CC98 354304 ----a-w- C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-04-12 19:48:51 52A1E3042711C59E316936C9EDE560F8 502104 ----a-w- C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-04-12 19:48:50 E46FCEC3EAC209AFCDB2825386E51423 415232 ----a-w- C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-04-12 19:48:49 D57F7D9FB771CA0B434E975F76413430 1072128 ----a-w- C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2016-04-12 19:48:49 4135F625D8F20D76FB29F86FE7A4CC48 93696 ----a-w- C:\WINDOWS\SysWOW64\fontsub.dll
2016-04-12 19:48:48 B8AC85F66A12455FB3F2FDB916B1C679 498176 ----a-w- C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-04-12 19:48:48 B71A99EC3D8818A6662A6A9D26FE5807 346624 ----a-w- C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-04-12 19:48:48 70128BC69D515F2D38577D2438861424 133632 ----a-w- C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-04-12 19:48:47 BED401741C226F05FCD2C2678F9E9F14 350720 ----a-w- C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-04-12 19:48:47 B1D8636E375413D57B50BDE20CA5E710 358400 ----a-w- C:\WINDOWS\SysWOW64\AccountsRt.dll
2016-04-12 19:48:47 897906025BD3616BF9C30A3979A73DEE 712704 ----a-w- C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2016-04-12 19:48:46 88E6A274B44C66EDBD26F2BA9E0ACE8F 253088 ----a-w- C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-04-12 19:48:46 6D062C6E2C47B3DCDE8F4C3FDB634DEE 83456 ----a-w- C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-04-12 19:48:44 FEB304F6F577D923E390F5D6BE7DF870 800768 ----a-w- C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-04-12 19:48:44 C31BB8559C52E389B82A4B533C2FB39A 764928 ----a-w- C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-04-12 19:48:44 3ABE2040F4F9BDDD008EC5D4713D5ABE 294752 ----a-w- C:\WINDOWS\SysWOW64\msv1_0.dll
2016-04-12 19:48:39 CA3C908B5C24293F1F1FB89301D63F16 1588224 ----a-w- C:\WINDOWS\SysWOW64\msxml3.dll
2016-04-12 19:48:39 594D1C58958A1F980336964B643784F3 3671040 ----a-w- C:\WINDOWS\SysWOW64\msi.dll
2016-04-12 19:48:38 64229C17CFE9262689EAE3E852D3975F 296488 ----a-w- C:\WINDOWS\SysWOW64\policymanager.dll
2016-04-12 19:48:38 1F19665881A6167CC9E31A42C1F98AC3 638464 ----a-w- C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-04-12 19:48:37 F29EDA4FE119EBF4881C9BA9AE7B27E7 84832 ----a-w- C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-04-12 19:48:37 CC68ABFB0AA40F62E7BD740101A0C92B 1117184 ----a-w- C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-04-12 19:48:37 0BF6FDE72035DDC32FAF24344853B80B 777728 ----a-w- C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2016-04-12 19:48:36 7C557ABB26C2B2D930AA005FF6A8C025 592384 ----a-w- C:\WINDOWS\SysWOW64\Windows.Web.dll
2016-04-12 19:48:36 6A7ACABAE92C837F5C1330188EAE36AE 535080 ----a-w- C:\WINDOWS\SysWOW64\dnsapi.dll
2016-04-12 19:48:36 2C0BBF7FC5526D7285BEAD239895C473 682496 ----a-w- C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2016-04-12 19:48:35 ACE2B02BA07DF7F13F59D07F7A38AA18 161792 ----a-w- C:\WINDOWS\SysWOW64\msorcl32.dll
2016-04-12 19:48:35 2BDB397DC5EC7D3186358F7F2388A009 59904 ----a-w- C:\WINDOWS\SysWOW64\MosStorage.dll
2016-04-12 19:48:34 7C7CC816CEEB07022EBCC6B779B16E1D 521728 ----a-w- C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-04-12 19:48:31 C122D52ED9662F09EC2650B010544468 73872 ----a-w- C:\WINDOWS\SysWOW64\srvcli.dll
2016-04-12 19:48:31 7D276C5DF303462091092C3311027D30 129024 ----a-w- C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2016-04-12 19:48:30 D1600085065675F98F41A01DCD03AA6E 854528 ----a-w- C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2016-04-12 19:48:30 B9378EA1892974391D15D54E57056130 151040 ----a-w- C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-04-12 19:48:30 6C2B2CA75F486449921ED10A39DB9799 69744 ----a-w- C:\WINDOWS\SysWOW64\netapi32.dll
2016-04-12 19:48:29 C5F501F481234D821457CA3A270BFCE7 83968 ----a-w- C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-04-12 19:48:29 B65D241B81A010B6A78CCEEA900CCFC0 56320 ----a-w- C:\WINDOWS\SysWOW64\wkscli.dll
2016-04-12 19:48:29 8D9CB9BB31AC17112D75456E928C3839 103936 ----a-w- C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2016-04-12 19:48:29 35B0826C3EF8A0E16DF4F4A8D30246C7 705536 ----a-w- C:\WINDOWS\SysWOW64\wuapi.dll
2016-04-12 19:48:28 7D51637A2E604113F1A4E96FF3F2727C 51128 ----a-w- C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-04-12 19:48:27 AD1EC1102124182624F1224768FFAE96 564224 ----a-w- C:\WINDOWS\SysWOW64\WSDApi.dll
2016-04-12 19:48:27 1A341701906986F1865766C6849269FC 323072 ----a-w- C:\WINDOWS\SysWOW64\oleacc.dll
2016-04-12 19:48:26 6920DEFBFA38033B2438ED9760231C12 219648 ----a-w- C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-04-12 19:48:26 5E52C817BCF919CF11CD523A2EC4A456 638464 ----a-w- C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-04-12 19:48:24 92B98A16E41005D74CF7B2EF28AB1FCF 26112 ----a-w- C:\WINDOWS\SysWOW64\wsdchngr.dll
2016-04-12 19:48:23 F0D9C0E953ACE5E5B8D3DD799B089B00 306176 ----a-w- C:\WINDOWS\SysWOW64\ieproxy.dll
2016-04-12 19:48:23 B4643C990D071EE99D9713336052F97B 193024 ----a-w- C:\WINDOWS\SysWOW64\credprovhost.dll
2016-04-12 19:48:23 806D3A66BBC91F7F2B4FCC337C13EFAE 239104 ----a-w- C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2016-04-12 19:48:22 3EB91A44E6BCD05CA257E113FCA1DA0C 43520 ----a-w- C:\WINDOWS\SysWOW64\browcli.dll
2016-04-12 19:48:21 E9B121C13C171C28E8AF4871B52AABA0 450560 ----a-w- C:\WINDOWS\SysWOW64\SyncController.dll
2016-04-12 19:48:20 F297B1F54D3FF42732C89C738AEC041F 141824 ----a-w- C:\WINDOWS\SysWOW64\easwrt.dll
2016-04-12 19:48:18 EAF904785CA7849C66F6DC2EF0A0E0E7 22528 ----a-w- C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2016-04-12 19:48:18 9A9CDAB4049BDB383C5CA8746F44E4CB 269824 ----a-w- C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-04-12 19:48:18 2E947792E9B1C738E33FD5794B1650F9 30208 ----a-w- C:\WINDOWS\SysWOW64\tbauth.dll
2016-04-12 19:48:17 DBC451C2509141BFA9F851004A5DF99B 2193408 ----a-w- C:\WINDOWS\SysWOW64\actxprxy.dll
2016-04-12 19:48:17 144B4EDF56E0D48C501F4AAEE5E032B0 6297088 ----a-w- C:\WINDOWS\SysWOW64\mos.dll
2016-04-12 19:48:16 E793B893135F3B6942B6230D45E27610 61440 ----a-w- C:\WINDOWS\SysWOW64\samlib.dll
2016-04-12 19:48:16 BF769A5BEA8E50F12264746D30D57C6F 52736 ----a-w- C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2016-04-12 19:48:16 979CCB709243FE7B0E75E9CDCCF8C9A8 784896 ----a-w- C:\WINDOWS\SysWOW64\NMAA.dll
2016-04-12 19:48:16 96BFB1E4B3F38D999E418D286BE45BFB 118272 ----a-w- C:\WINDOWS\SysWOW64\mtxoci.dll
2016-04-12 19:48:16 91ED19257EAA98C1C95A7E5F0FF07FF0 10240 ----a-w- C:\WINDOWS\SysWOW64\oleacchooks.dll
2016-04-12 19:48:16 2823A28AB08EE9DCE85436C700799D66 80384 ----a-w- C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2016-04-12 19:48:15 DDD613E502D30A6E2E407F3280521311 87040 ----a-w- C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-04-12 19:48:15 BC5D8155DBA7DC0E4F92430701C19901 161280 ----a-w- C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-04-12 19:48:14 C9D7861D1C984E1997A3778A97DD1AF9 162816 ----a-w- C:\WINDOWS\SysWOW64\MTF.dll
====== C:\WINDOWS\SysWOW64\drivers =====
====== C:\WINDOWS\Sysnative =====
2016-04-12 19:49:25 7A0E065E46156F9288AE32B1E0399247 52224 ----a-w- C:\WINDOWS\Sysnative\jsproxy.dll
2016-04-12 19:49:24 E2B2525EF375D716E0DE6FE8F3ADCEDB 365568 ----a-w- C:\WINDOWS\Sysnative\atmfd.dll
2016-04-12 19:49:23 AE6A68A065D4C26AF4BEFAA53623B266 2755584 ----a-w- C:\WINDOWS\Sysnative\wininet.dll
2016-04-12 19:49:23 4025493B778984A65B1A310864C4F08C 970752 ----a-w- C:\WINDOWS\Sysnative\kerberos.dll
2016-04-12 19:49:22 F7391A45172C10D8B79A239CDD8BA88B 209408 ----a-w- C:\WINDOWS\Sysnative\storewuauth.dll
2016-04-12 19:49:22 CD885F960066DDD538CD1BBD509A0EC0 69632 ----a-w- C:\WINDOWS\Sysnative\wininetlui.dll
2016-04-12 19:49:22 60C04811AC0BB0BFC5E00D293B8F4464 630632 ----a-w- C:\WINDOWS\Sysnative\fontdrvhost.exe
2016-04-12 19:49:22 0F85790D9E32FA0B8798AECBBEF6F5F4 1731584 ----a-w- C:\WINDOWS\Sysnative\urlmon.dll
2016-04-12 19:49:21 B21B08D436D2B9E7D280FCF9BCBB5DDE 22378496 ----a-w- C:\WINDOWS\Sysnative\edgehtml.dll
2016-04-12 19:49:20 A6A8B92FBADFA793794C0EEFA77941C3 13382656 ----a-w- C:\WINDOWS\Sysnative\ieframe.dll
2016-04-12 19:49:20 7F7591CCC146EC7D9EB77C1277D605F4 1213440 ----a-w- C:\WINDOWS\Sysnative\wwansvc.dll
2016-04-12 19:49:20 14D75B31BA6A28F4A46D7432B48C26B3 45568 ----a-w- C:\WINDOWS\Sysnative\atmlib.dll
2016-04-12 19:49:19 A2B2198B126C8BB489585994A453B064 7474016 ----a-w- C:\WINDOWS\Sysnative\ntoskrnl.exe
2016-04-12 19:49:19 5417FA7098B9A1F5A6EECB198A7B4BFC 3592704 ----a-w- C:\WINDOWS\Sysnative\win32kfull.sys
2016-04-12 19:49:19 3D0DE8170ECCEC20CBF205D79C535BA1 2275328 ----a-w- C:\WINDOWS\Sysnative\wuaueng.dll
2016-04-12 19:49:18 DBADA23940BA56E3D96762C961145654 24602112 ----a-w- C:\WINDOWS\Sysnative\mshtml.dll
2016-04-12 19:49:18 92FB4032354D2074DA0DC9E70D8305B1 1388032 ----a-w- C:\WINDOWS\Sysnative\lsasrv.dll
2016-04-12 19:49:18 703F15FBAEA94F88FD5E12EFA94A0F7E 2656952 ----a-w- C:\WINDOWS\Sysnative\CoreUIComponents.dll
2016-04-12 19:49:11 6870232D80480DA4FF1FBE3373FCA06E 965632 ----a-w- C:\WINDOWS\Sysnative\SRH.dll
2016-04-12 19:49:11 2F9B478546FC00827CB269BAD949D98B 16985600 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.Xaml.dll
2016-04-12 19:49:11 290D24F50396B379338790B8E8D1C503 1714688 ----a-w- C:\WINDOWS\Sysnative\SRHInproc.dll
2016-04-12 19:49:08 2291CACFF9BE4252C2D39D1A6D27B4E4 11545600 ----a-w- C:\WINDOWS\Sysnative\twinui.dll
2016-04-12 19:49:07 99D5C132D5085DACBFF909C3AAF832AC 2624512 ----a-w- C:\WINDOWS\Sysnative\InputService.dll
2016-04-12 19:49:07 775B118277B9A81BF9B23AA386A9196D 7836160 ----a-w- C:\WINDOWS\Sysnative\Chakra.dll
2016-04-12 19:49:07 04EDE78320552097AC7EB3CE69A4A0BD 118272 ----a-w- C:\WINDOWS\Sysnative\fontsub.dll
2016-04-12 19:49:05 F8FAB3E1281FB937DB1C8109842A9534 3994624 ----a-w- C:\WINDOWS\Sysnative\SettingsHandlers_nt.dll
2016-04-12 19:49:04 32F3BA2C4849ED727508C021F999E147 3428864 ----a-w- C:\WINDOWS\Sysnative\Windows.Media.dll
2016-04-12 19:49:01 5DFAF8BE5A3CABAABF6795BC09EB7876 948736 ----a-w- C:\WINDOWS\Sysnative\XblAuthManager.dll
2016-04-12 19:49:00 D0CCDC8D0D00DA363F9D87C2E9A803EF 1297752 ----a-w- C:\WINDOWS\Sysnative\LicenseManager.dll
2016-04-12 19:49:00 5276C6CCA158FD73D20642C6A7A507E7 1946112 ----a-w- C:\WINDOWS\Sysnative\dwmcore.dll
2016-04-12 19:48:59 BE7D6EA3650F1C25076335A9C1F3D59B 1098240 ----a-w- C:\WINDOWS\Sysnative\dosvc.dll
2016-04-12 19:48:59 93E597D2B5C653E94680E8B8E1C59B36 641536 ----a-w- C:\WINDOWS\Sysnative\enterprisecsps.dll
2016-04-12 19:48:59 92840BF0817C457BB011220BA21BAE9B 1832448 ----a-w- C:\WINDOWS\Sysnative\AppXDeploymentExtensions.dll
2016-04-12 19:48:59 0C015924C6DA5368E6B102CC597AC640 1390080 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.Shell.dll
2016-04-12 19:48:58 B471A4DA6F8DFF957B6F109FA182C366 3575296 ----a-w- C:\WINDOWS\Sysnative\SystemSettingsThresholdAdminFlowUI.dll
2016-04-12 19:48:58 2F844EBBB6BAA883BDDC472C44B738AE 1388544 ----a-w- C:\WINDOWS\Sysnative\win32kbase.sys
2016-04-12 19:48:58 2A2C0983B6FE62F02E7183335B1F5C20 1054208 ----a-w- C:\WINDOWS\Sysnative\audiosrv.dll
2016-04-12 19:48:57 EFA3EFE172FDA2EE7C3F64F17277181C 7199232 ----a-w- C:\WINDOWS\Sysnative\BingMaps.dll
2016-04-12 19:48:57 DB0C2721BE0E21EAA0C4C70B07F481DE 3078144 ----a-w- C:\WINDOWS\Sysnative\esent.dll
2016-04-12 19:48:56 E8A201E7ACF39359D99EEDD3D059E5AC 1395712 ----a-w- C:\WINDOWS\Sysnative\UIAutomationCore.dll
2016-04-12 19:48:56 D8F3E820C39808C00A687AED554D23C0 859136 ----a-w- C:\WINDOWS\Sysnative\Windows.ApplicationModel.Store.dll
2016-04-12 19:48:55 F99D8BF6ACA4728C9E285BD161C22BCB 938496 ----a-w- C:\WINDOWS\Sysnative\MapControlCore.dll
2016-04-12 19:48:55 E5421101B84007FBC3D11501A6887F42 471552 ----a-w- C:\WINDOWS\Sysnative\NetSetupShim.dll
2016-04-12 19:48:55 9065EB3B7E982A5370790BF729EDBBA7 696664 ----a-w- C:\WINDOWS\Sysnative\NetSetupEngine.dll
2016-04-12 19:48:55 49FDB6B2E192AD639F09EF90C32A0395 852480 ----a-w- C:\WINDOWS\Sysnative\MapsStore.dll
2016-04-12 19:48:55 42C6780C909074A1879F8BBA34920FE6 988160 ----a-w- C:\WINDOWS\Sysnative\SharedStartModel.dll
2016-04-12 19:48:54 C59CF7385D070450643D61C8ADEFFE3C 958976 ----a-w- C:\WINDOWS\Sysnative\RemoteNaturalLanguage.dll
2016-04-12 19:48:54 BFE2669F7B0EB1EBAF587490E9E591AA 630272 ----a-w- C:\WINDOWS\Sysnative\PhoneProviders.dll
2016-04-12 19:48:54 0F3C165B71F8140F50A1DB5DE3E6D695 2158592 ----a-w- C:\WINDOWS\Sysnative\AppXDeploymentServer.dll
2016-04-12 19:48:53 EF953237B34D1468B81A6AB260A3C524 1317640 ----a-w- C:\WINDOWS\Sysnative\winload.efi
2016-04-12 19:48:53 92291BFE95AD37CF486BD3E4B31F746B 1141504 ----a-w- C:\WINDOWS\Sysnative\winload.exe
2016-04-12 19:48:53 77981E6F98F4A8743D3AEB1A8AF4DE09 108544 ----a-w- C:\WINDOWS\Sysnative\InputLocaleManager.dll
2016-04-12 19:48:53 492FB85E61768950CDD27C87AED6E8FA 587776 ----a-w- C:\WINDOWS\Sysnative\bisrv.dll
2016-04-12 19:48:53 1BF000CFA56FD272B4ECAC167CDF6A8F 1211904 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.Cred.dll
2016-04-12 19:48:52 C1C169EFA8E5E30A0A521C0409CAC153 874968 ----a-w- C:\WINDOWS\Sysnative\winresume.exe
2016-04-12 19:48:52 518A992A6700A86A47F79388F91737C0 1090048 ----a-w- C:\WINDOWS\Sysnative\RDXService.dll
2016-04-12 19:48:52 258BCD1FE978849EDB02D131FD1F7893 989536 ----a-w- C:\WINDOWS\Sysnative\SecConfig.efi
2016-04-12 19:48:51 B0236F0FB7402381A50F2EBF031C49CF 1030416 ----a-w- C:\WINDOWS\Sysnative\winresume.efi
2016-04-12 19:48:50 6A0745D04DFB6E37A6D0FEE339A0B742 556032 ----a-w- C:\WINDOWS\Sysnative\PsmServiceExtHost.dll
2016-04-12 19:48:50 62300878366762EABAC7834543964A6E 498688 ----a-w- C:\WINDOWS\Sysnative\tileobjserver.dll
2016-04-12 19:48:50 46E51F35566F8B73540D56EAA0A97E46 175616 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.Core.TextInput.dll
2016-04-12 19:48:50 0271B5C23A375E008C34024088D0F396 1575936 ----a-w- C:\WINDOWS\Sysnative\Windows.Media.Speech.dll
2016-04-12 19:48:49 834D1648124F0F2729462BF79DB0C2CD 369912 ----a-w- C:\WINDOWS\Sysnative\audiodg.exe
2016-04-12 19:48:49 45D26646E3AD737E5DE3DB91CCCE7DBA 339968 ----a-w- C:\WINDOWS\Sysnative\SensorService.dll
2016-04-12 19:48:49 3F4C879B631C77878B42F89990518F72 460288 ----a-w- C:\WINDOWS\Sysnative\MapConfiguration.dll
2016-04-12 19:48:49 1AE232355968BBCA3787B5B35DCA0FD0 550912 ----a-w- C:\WINDOWS\Sysnative\StoreAgent.dll
2016-04-12 19:48:48 85EE46E85C3E76809BC454A50564ECD6 418304 ----a-w- C:\WINDOWS\Sysnative\dmenrollengine.dll
2016-04-12 19:48:48 7ED9629564A44BF0ECAEDEDE7B1BC1FF 988160 ----a-w- C:\WINDOWS\Sysnative\NMAA.dll
2016-04-12 19:48:48 728146F5877FD08DE65B21817ABB19A8 765952 ----a-w- C:\WINDOWS\Sysnative\fveapi.dll
2016-04-12 19:48:48 1F3D69B0AE210874DDC300C3EF1C9CCD 438784 ----a-w- C:\WINDOWS\Sysnative\AccountsRt.dll
2016-04-12 19:48:47 E5C3042B68D4EA89B3C52E150E553DA0 617984 ----a-w- C:\WINDOWS\Sysnative\StorSvc.dll
2016-04-12 19:48:47 C5DEEC4F7ED591D1E322899ADC4EE45F 207360 ----a-w- C:\WINDOWS\Sysnative\NetSetupSvc.dll
2016-04-12 19:48:47 281C61D772D6F267FEABDF71E38C621C 821760 ----a-w- C:\WINDOWS\Sysnative\TokenBroker.dll
2016-04-12 19:48:47 1E1631970DDFD63EDD4483D33E18EC89 300104 ----a-w- C:\WINDOWS\Sysnative\LockAppHost.exe
2016-04-12 19:48:46 D842C2B65E77C13273B626317A5BC5C4 555520 ----a-w- C:\WINDOWS\Sysnative\SyncController.dll
2016-04-12 19:48:46 B7C13F4BE0263F3A8303404A96F4246D 358752 ----a-w- C:\WINDOWS\Sysnative\msv1_0.dll
2016-04-12 19:48:46 8790833B243AB6DD22A1F86FFB26B689 1052160 ----a-w- C:\WINDOWS\Sysnative\MsSpellCheckingFacility.dll
2016-04-12 19:48:46 3C994D13A234D0E33D592CDF55F09B01 628736 ----a-w- C:\WINDOWS\Sysnative\MessagingDataModel2.dll
2016-04-12 19:48:46 167176E3A8B095C2E807D27CBE6AB0D3 1902592 ----a-w- C:\WINDOWS\Sysnative\msxml3.dll
2016-04-12 19:48:45 C1FD242DB2679B7E8F9D54955131A603 1056256 ----a-w- C:\WINDOWS\Sysnative\JpMapControl.dll
2016-04-12 19:48:45 87F0EA669FB37C03207A8870C3B91174 1410560 ----a-w- C:\WINDOWS\Sysnative\Windows.Web.Http.dll
2016-04-12 19:48:45 7ECAE31725C1DC35CC448FA8D0EA09D9 324608 ----a-w- C:\WINDOWS\Sysnative\RDXTaskFactory.dll
2016-04-12 19:48:44 335995302980B83CA6B1974A84AC6009 730344 ----a-w- C:\WINDOWS\Sysnative\Windows.Internal.Shell.Broker.dll
2016-04-12 19:48:43 AB3F697651DDAE1C424C9B2412EFBB59 1239552 ----a-w- C:\WINDOWS\Sysnative\Windows.Devices.Bluetooth.dll
2016-04-12 19:48:43 82A4EFF3567A00EAAA5929C64C42F22D 269824 ----a-w- C:\WINDOWS\Sysnative\moshostcore.dll
2016-04-12 19:48:40 F374C27099807E99A156953F8416D34A 361472 ----a-w- C:\WINDOWS\Sysnative\bdesvc.dll
2016-04-12 19:48:40 DB2911201B4AAC79AF712C5551F0C41D 688640 ----a-w- C:\WINDOWS\Sysnative\Windows.Networking.Connectivity.dll
2016-04-12 19:48:40 8024D7BDD26E9C1280B8B6D605488179 848896 ----a-w- C:\WINDOWS\Sysnative\wuapi.dll
2016-04-12 19:48:39 E15D10FA246ADC4DC59B93C13F417AA3 440320 ----a-w- C:\WINDOWS\Sysnative\CredProvDataModel.dll
2016-04-12 19:48:39 AC71C0A77ED618382D5422C6AB1747E4 169472 ----a-w- C:\WINDOWS\Sysnative\mdmmigrator.dll
2016-04-12 19:48:39 5CB565C1A0A30D76D7B099EEF9654297 256000 ----a-w- C:\WINDOWS\Sysnative\accountaccessor.dll
2016-04-12 19:48:39 4C5D035670EB045123DCF87EE2FDB33B 162816 ----a-w- C:\WINDOWS\Sysnative\enrollmentapi.dll
2016-04-12 19:48:38 B82C04128A96A05139F9F58ED07D0DB2 3351040 ----a-w- C:\WINDOWS\Sysnative\msi.dll
2016-04-12 19:48:38 9A3E17CDB177913C2A111C80F3D0DBB4 686976 ----a-w- C:\WINDOWS\Sysnative\dnsapi.dll
2016-04-12 19:48:38 51449675B00C62F970B497A2FBF1BC46 787456 ----a-w- C:\WINDOWS\Sysnative\Windows.Web.dll
2016-04-12 19:48:37 5066575F39AEECAA7A9E03C0FA007A90 881664 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.Input.Inking.dll
2016-04-12 19:48:37 2F0FA6F60BC9A971BFBF31D1D2C8AF08 167936 ----a-w- C:\WINDOWS\Sysnative\dafBth.dll
2016-04-12 19:48:37 03416DA86664FF2141A5820868B0B9B1 88576 ----a-w- C:\WINDOWS\Sysnative\AppxSysprep.dll
2016-04-12 19:48:36 D3406F98BD98633780820C5EDBA9A5B4 166400 ----a-w- C:\WINDOWS\Sysnative\AboveLockAppHost.dll
2016-04-12 19:48:36 C8B840675B83DC8A257B075BFE5F9357 261376 ----a-w- C:\WINDOWS\Sysnative\LsaIso.exe
2016-04-12 19:48:36 B232CE503C6666873E7B9E4BA769C524 92160 ----a-w- C:\WINDOWS\Sysnative\policymanagerprecheck.dll
2016-04-12 19:48:36 AA5E227F977D03198227E09804394A24 127488 ----a-w- C:\WINDOWS\Sysnative\VEDataLayerHelpers.dll
2016-04-12 19:48:36 7E0078F1EFEB6F8F47CF85C1D73C7EBC 328192 ----a-w- C:\WINDOWS\Sysnative\profsvc.dll
2016-04-12 19:48:36 542C143FA639E4F488005E889C8A9CFD 74752 ----a-w- C:\WINDOWS\Sysnative\MosStorage.dll
2016-04-12 19:48:33 FDBDA93BA9CD3B78060705B41BFCF92D 288256 ----a-w- C:\WINDOWS\Sysnative\fveui.dll
2016-04-12 19:48:33 F432ACF44EABBE3EB98F613E1573DA6F 334736 ----a-w- C:\WINDOWS\Sysnative\policymanager.dll
2016-04-12 19:48:33 CFF6A3799F83060D3FF538564E4264CA 374008 ----a-w- C:\WINDOWS\Sysnative\SystemSettingsAdminFlows.exe
2016-04-12 19:48:33 AF13258A6E8FD57CE0B9C6BEDCDF80CB 144896 ----a-w- C:\WINDOWS\Sysnative\Windows.Media.Devices.dll
2016-04-12 19:48:33 9FDAC1F65E074C1CF12C3E80BD5195E4 176640 ----a-w- C:\WINDOWS\Sysnative\mdmregistration.dll
2016-04-12 19:48:33 24146738C422814EEB2A98FF1FC5C6E1 338432 ----a-w- C:\WINDOWS\Sysnative\ncbservice.dll
2016-04-12 19:48:33 21045DC8C67DA8600529FED2A6F90D6A 848896 ----a-w- C:\WINDOWS\Sysnative\samsrv.dll
2016-04-12 19:48:32 DF0321E30FD7D00BC8178FC58550B8C0 115040 ----a-w- C:\WINDOWS\Sysnative\NetSetupApi.dll
2016-04-12 19:48:32 A6969BAD3166EDA1C79988DD782A87CF 888320 ----a-w- C:\WINDOWS\Sysnative\Windows.Networking.dll
2016-04-12 19:48:32 11C782F631D915895E56FC1CD8214E51 100232 ----a-w- C:\WINDOWS\Sysnative\omadmapi.dll
2016-04-12 19:48:30 B3B3BF36976D72C06C2D3524AC040643 81144 ----a-w- C:\WINDOWS\Sysnative\netapi32.dll
2016-04-12 19:48:30 2804ACDD73835F051CE71DA4DB25337D 110584 ----a-w- C:\WINDOWS\Sysnative\srvcli.dll
2016-04-12 19:48:29 CFF415024C353DA284731CB72FE3F8FF 770640 ----a-w- C:\WINDOWS\Sysnative\iuilp.dll
2016-04-12 19:48:29 998015F786B2B9EE029FB556393CF848 78040 ----a-w- C:\WINDOWS\Sysnative\wkscli.dll
2016-04-12 19:48:28 E34A89A196F45473D61CCDAB193293D1 119808 ----a-w- C:\WINDOWS\Sysnative\BitLockerDeviceEncryption.exe
2016-04-12 19:48:28 AEBD5FCFBFF0294A2D87048D4F5417CB 74424 ----a-w- C:\WINDOWS\Sysnative\easinvoker.exe
2016-04-12 19:48:28 0C8955B4BB1E9D588B4B62D0BD2E5E78 411648 ----a-w- C:\WINDOWS\Sysnative\oleacc.dll
2016-04-12 19:48:27 DA4F2FBA02ADB65797953219ABEF0C44 58400 ----a-w- C:\WINDOWS\Sysnative\SensorsNativeApi.dll
2016-04-12 19:48:27 6758ABE6A73AE709A6C74F121C666CC1 841216 ----a-w- C:\WINDOWS\Sysnative\win32spl.dll
2016-04-12 19:48:27 4BE54893EC2A3B26140DF44E7B6D4E99 230400 ----a-w- C:\WINDOWS\Sysnative\DAFWSD.dll
2016-04-12 19:48:27 3385A5D97C974EA03D6E17E97830F340 686592 ----a-w- C:\WINDOWS\Sysnative\ieproxy.dll
2016-04-12 19:48:26 E5E09ABD5171EB8622821059D8757F43 239616 ----a-w- C:\WINDOWS\Sysnative\credprovhost.dll
2016-04-12 19:48:26 95A03F67830FDCB950E70261128D540D 957952 ----a-w- C:\WINDOWS\Sysnative\IKEEXT.DLL
2016-04-12 19:48:26 5839A317C25F70979433E0905DFABB1B 284672 ----a-w- C:\WINDOWS\Sysnative\dnsrslvr.dll
2016-04-12 19:48:26 12D83590FEF1C8C28DBF3323C61E831A 31232 ----a-w- C:\WINDOWS\Sysnative\wsdchngr.dll
2016-04-12 19:48:24 F40C5151476B066A4061E67DFA641657 128512 ----a-w- C:\WINDOWS\Sysnative\dmcsps.dll
2016-04-12 19:48:24 B8293D5BCBCE179870AAB09CCF21B120 151040 ----a-w- C:\WINDOWS\Sysnative\VEStoreEventHandlers.dll
2016-04-12 19:48:24 A2902A998C3A8A049D26235A75DBE300 174592 ----a-w- C:\WINDOWS\Sysnative\easwrt.dll
2016-04-12 19:48:24 94612B9F7FC2B1A5C6D337C649B346F1 278528 ----a-w- C:\WINDOWS\Sysnative\NotificationObjFactory.dll
2016-04-12 19:48:24 81B78E1782DB1BA758FDA7B993C9FEB5 91136 ----a-w- C:\WINDOWS\Sysnative\browserbroker.dll
2016-04-12 19:48:24 722A68A4CC2BC8BC3C0B776B0711A3C9 285696 ----a-w- C:\WINDOWS\Sysnative\VEEventDispatcher.dll
2016-04-12 19:48:23 F5B8CC586CE9D6187F412B5DFE932468 33280 ----a-w- C:\WINDOWS\Sysnative\wuautoappupdate.dll
2016-04-12 19:48:23 56C238ACFE4CB020D3E38508249039EA 87040 ----a-w- C:\WINDOWS\Sysnative\tzautoupdate.dll
2016-04-12 19:48:23 38C87ECB57CB973AA5DA633B91778670 676352 ----a-w- C:\WINDOWS\Sysnative\WSDApi.dll
2016-04-12 19:48:22 F72F137EEFF89D0B5A2FB8867B4ACEED 402432 ----a-w- C:\WINDOWS\Sysnative\FWPUCLNT.DLL
2016-04-12 19:48:22 D22A2DEC01300ECEB41D22AB60B1E4B3 66048 ----a-w- C:\WINDOWS\Sysnative\OnDemandConnRouteHelper.dll
2016-04-12 19:48:22 82E25186617BA6C15010F0D47C705705 65536 ----a-w- C:\WINDOWS\Sysnative\basesrv.dll
2016-04-12 19:48:22 712AE16ED8FC7F2363F7EA1D8F6D546A 821248 ----a-w- C:\WINDOWS\Sysnative\fvewiz.dll
2016-04-12 19:48:22 7119946D6A8D221C65514267D9F4D520 4774912 ----a-w- C:\WINDOWS\Sysnative\actxprxy.dll
2016-04-12 19:48:21 F0BBBF8807D5725102A9EB06AEB9C1C5 58368 ----a-w- C:\WINDOWS\Sysnative\browcli.dll
2016-04-12 19:48:21 A617BE5E429A035A1CA8217C1B16F0BB 134656 ----a-w- C:\WINDOWS\Sysnative\browser.dll
2016-04-12 19:48:21 A15D9F32A84660FA62F9D27577B0F105 324608 ----a-w- C:\WINDOWS\Sysnative\fvecpl.dll
2016-04-12 19:48:21 8FFFDB163436D790369E39700B8A7DC1 27648 ----a-w- C:\WINDOWS\Sysnative\LicenseManagerShellext.exe
2016-04-12 19:48:20 594FDF2DB7568C73C282B282845E30CF 36352 ----a-w- C:\WINDOWS\Sysnative\tbauth.dll
2016-04-12 19:48:20 3F4461644840A3C5572DDC726C36BDF7 92160 ----a-w- C:\WINDOWS\Sysnative\SensorsNativeApi.V2.dll
2016-04-12 19:48:20 37F5E2385CB4D10AB42186974B9C241A 794112 ----a-w- C:\WINDOWS\Sysnative\BFE.DLL
2016-04-12 19:48:20 091D5AE5E663A66EE73B539AF7C32EC5 69632 ----a-w- C:\WINDOWS\Sysnative\fveskybackup.dll
2016-04-12 19:48:19 E083BE4900FCBB6BC42943438DCF2CAD 176128 ----a-w- C:\WINDOWS\Sysnative\SystemSettings.DeviceEncryptionHandlers.dll
2016-04-12 19:48:19 D9A795240A84C9E3DA78BC1B9E239FCF 95744 ----a-w- C:\WINDOWS\Sysnative\samlib.dll
2016-04-12 19:48:19 C10E0567A0C9541F839EC5B4758795DA 48128 ----a-w- C:\WINDOWS\Sysnative\wups.dll
2016-04-12 19:48:18 9BC40C5A140B5F380042E391CC95993F 66560 ----a-w- C:\WINDOWS\Sysnative\moshost.dll
2016-04-12 19:48:18 91F08041D932816D0D9607F68578A87E 34816 ----a-w- C:\WINDOWS\Sysnative\dmenterprisediagnostics.dll
2016-04-12 19:48:18 63939B50C5C103FA71A419BCEA5B1CF0 26112 ----a-w- C:\WINDOWS\Sysnative\TokenBrokerCookies.exe
2016-04-12 19:48:18 5300F190147040AECDA4F8D669B7D673 28672 ----a-w- C:\WINDOWS\Sysnative\mapsupdatetask.dll
2016-04-12 19:48:18 0D9E0BDCCCE10F07A7B66A61B27C1F71 116224 ----a-w- C:\WINDOWS\Sysnative\FontProvider.dll
2016-04-12 19:48:17 C3BB5D3E3DD24AC0BFA9223F2877F136 76800 ----a-w- C:\WINDOWS\Sysnative\NetCfgNotifyObjectHost.exe
2016-04-12 19:48:17 81D0BDE09DA9D13C4A5A47A8ADCE0993 120320 ----a-w- C:\WINDOWS\Sysnative\MapsBtSvc.dll
2016-04-12 19:48:17 727E03710FB2320AC0C114A9BF40AB40 7979008 ----a-w- C:\WINDOWS\Sysnative\mos.dll
2016-04-12 19:48:17 6B5963BC0C0074448A502FD19209D1BB 89088 ----a-w- C:\WINDOWS\Sysnative\MapsCSP.dll
2016-04-12 19:48:16 F4F6D943E788447DAE29DA217B6743E6 147456 ----a-w- C:\WINDOWS\Sysnative\mtxoci.dll
2016-04-12 19:48:16 CA24B0764C9DFE243D15A8708580673B 107520 ----a-w- C:\WINDOWS\Sysnative\BdeHdCfgLib.dll
2016-04-12 19:48:16 A4CA6FE3F02C6299EED8B7296DC902D6 12800 ----a-w- C:\WINDOWS\Sysnative\oleacchooks.dll
2016-04-12 19:48:16 5118193C56A2F8D07554395B78A6FDCC 223232 ----a-w- C:\WINDOWS\Sysnative\fveapibase.dll
2016-04-12 19:48:15 E95C204F9042223B355C4D04CE675D50 86528 ----a-w- C:\WINDOWS\Sysnative\AppCapture.dll
2016-04-12 19:48:15 E81A803BE3E7D49DE669FB8C30B18BA4 414720 ----a-w- C:\WINDOWS\Sysnative\bcastdvr.exe
2016-04-12 19:48:15 446882966C68D7EF2783E6B327421493 764928 ----a-w- C:\WINDOWS\Sysnative\Chakradiag.dll
2016-04-12 19:48:15 087FF4F0D29833949962F8EE60DA345E 199168 ----a-w- C:\WINDOWS\Sysnative\InstallAgent.exe
2016-04-12 19:48:14 AB416599057FFDC84E28BBB6DA69EADC 235008 ----a-w- C:\WINDOWS\Sysnative\MTF.dll
====== C:\WINDOWS\Sysnative\drivers =====
2016-04-21 23:53:34 97FB225914D1C3F29D38703A22AB494D 202656 ----a-w- C:\WINDOWS\Sysnative\drivers\zamguard64.sys
2016-04-12 19:49:22 19BD8A88AAC580592668B070AC0727D9 2152280 ----a-w- C:\WINDOWS\Sysnative\drivers\ntfs.sys
2016-04-12 19:49:00 3B866F8CB10719A5AF9E410B1B149714 605440 ----a-w- C:\WINDOWS\Sysnative\drivers\cng.sys
2016-04-12 19:48:48 63C3F74DC398A1C1A77E39DFB9C312CA 1089888 ----a-w- C:\WINDOWS\Sysnative\drivers\http.sys
2016-04-12 19:48:40 083A727D784009F9CCFB120C7841B7AF 2403680 ----a-w- C:\WINDOWS\Sysnative\drivers\tcpip.sys
2016-04-12 19:48:38 28B8E1C6CBCF9FFE2FABFF3160C26ADF 258912 ----a-w- C:\WINDOWS\Sysnative\drivers\ufx01000.sys
2016-04-12 19:48:36 9E9D58F5E1702955B2F4D62996F80E8E 378208 ----a-w- C:\WINDOWS\Sysnative\drivers\USBXHCI.SYS
2016-04-12 19:48:35 E582DA849A58524E645545FB68B6625D 1152864 ----a-w- C:\WINDOWS\Sysnative\drivers\ndis.sys
2016-04-12 19:48:33 DA0807D87A62D076C29C4E30F1E84F46 26112 ----a-w- C:\WINDOWS\Sysnative\drivers\xinputhid.sys
2016-04-12 19:48:33 935823F79CBEDB91637B63D37E3A5A36 148480 ----a-w- C:\WINDOWS\Sysnative\drivers\dfsc.sys
2016-04-12 19:48:29 B24408471C1BCB17FC44F5B47EA8DEA3 277856 ----a-w- C:\WINDOWS\Sysnative\drivers\sdbus.sys
2016-04-12 19:48:28 AA4CD20708B7E0412A5316D7E2875103 530432 ----a-w- C:\WINDOWS\Sysnative\drivers\nwifi.sys
2016-04-12 19:48:28 2BC2E99623119521EEF7910A11D0FDE0 694784 ----a-w- C:\WINDOWS\Sysnative\drivers\WdiWiFi.sys
2016-04-12 19:48:27 8359F776CA899E761852F2293B724EAE 185184 ----a-w- C:\WINDOWS\Sysnative\drivers\dumpsd.sys
2016-04-12 19:48:20 249A563C48DFD9E42A37587653E003BB 83968 ----a-w- C:\WINDOWS\Sysnative\drivers\serial.sys
2016-04-12 19:48:18 0731E8F4D8D3B8D3FD98A46A8ABFE0A0 333824 ----a-w- C:\WINDOWS\Sysnative\drivers\portcls.sys
2016-04-12 18:27:03 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\WINDOWS\Sysnative\drivers\MBAMSwissArmy.sys
2016-04-12 18:26:50 898415AC0B5F1D2A9A48ABCB68A6DC4B 65408 ----a-w- C:\WINDOWS\Sysnative\drivers\mwac.sys
2016-04-12 18:26:50 78BFF5425E044086E74E78650A359FBB 27008 ----a-w- C:\WINDOWS\Sysnative\drivers\mbam.sys
2016-04-12 18:26:50 1239597BAB7EED2BB16D035AF87E65D9 140672 ----a-w- C:\WINDOWS\Sysnative\drivers\mbamchameleon.sys
====== C:\WINDOWS\Tasks ======
2016-04-24 01:03:02 FC2191CF74B68D72A1CE4FA25CD981EF 214 ----a-w- C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
2016-04-22 00:14:50 -------- d---a-w- C:\Program Files\Common Files\DESIGNER
======= C:\PROGRA~2 =====
2016-04-21 23:53:33 -------- d---a-w- C:\PROGRA~2\Zemana AntiMalware
2016-04-12 21:40:55 -------- d---a-w- C:\PROGRA~2\COMMON~1\Skype
2016-03-29 21:33:48 -------- d-----w- C:\PROGRA~2\COMMON~1\Java
2016-03-29 21:33:36 -------- d-----w- C:\PROGRA~2\Java
======= C: =====
====== C:\Users\Greg\AppData\Roaming ======
2016-04-26 19:09:59 -------- d-----w- C:\Users\heres_yeigb7\AppData\Local\Programs
2016-04-26 19:09:41 -------- d-----w- C:\Users\heres_yeigb7\AppData\Local\Temp
2016-04-24 22:53:18 -------- d-----w- C:\Users\heres_yeigb7\AppData\Local\paint.net
2016-04-24 00:38:57 -------- d-----w- C:\Users\heres_yeigb7\AppData\Local\Zemana
2016-04-21 23:53:35 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Zemana
2016-04-21 23:53:25 -------- d-----w- C:\Users\Greg\AppData\Local\Zemana
====== C:\Users\Greg ======
2016-04-26 18:53:14 97C8BA65C76630E211AB685A42A27F9F 1610008 ----a-w- C:\Users\Greg\Downloads\JRT (1).exe
2016-04-26 18:52:46 64458AEFB3418EE74EA69CA3A4E2CFB1 3580480 ----a-w- C:\Users\Greg\Downloads\adwcleaner_5.113 (1).exe
2016-04-26 18:42:06 97C8BA65C76630E211AB685A42A27F9F 1610008 ----a-w- C:\Users\Greg\Downloads\JRT.exe
2016-04-26 18:38:47 64458AEFB3418EE74EA69CA3A4E2CFB1 3580480 ----a-w- C:\Users\Greg\Downloads\adwcleaner_5.113.exe
2016-04-21 23:53:14 4CD635310E1594169BF752A1AB1539CC 5252032 ----a-w- C:\Users\Greg\Desktop\Zemana.AntiMalware.Setup.exe
2016-04-19 18:29:40 25E53383060CADFD00E76DD2FA8AF4A1 2375680 ----a-w- C:\Users\Greg\Desktop\FRST64.exe
2016-04-19 18:29:21 25E53383060CADFD00E76DD2FA8AF4A1 2375680 ----a-w- C:\Users\Greg\Downloads\FRST64.exe
2016-03-29 21:33:48 -------- d-----w- C:\ProgramData\Sun
 
====== C: exe-files ==
2016-04-26 19:09:58 C64235C435A0A1A2129BD9EE3EA343E1 5543656 ----a-w- C:\Users\heres_yeigb7\AppData\Local\Zemana\Zemana AntiMalware\update_{A1F14E60-ADB3-4DE9-AD3A-2E9BA4DDE3B2}.exe
2016-04-26 18:53:14 97C8BA65C76630E211AB685A42A27F9F 1610008 ----a-w- C:\Users\Greg\Downloads\JRT (1).exe
2016-04-26 18:52:46 64458AEFB3418EE74EA69CA3A4E2CFB1 3580480 ----a-w- C:\Users\Greg\Downloads\adwcleaner_5.113 (1).exe
2016-04-26 18:42:09 BD59D8A4565D1D1AB3C7CF81948C8DBE 86840 ----a-w- C:\Users\Greg\AppData\Local\Temp\jrt\CreateRestorePoint.exe
2016-04-26 18:42:09 2F9C7FDA92C346CB5AA32091536AE0CB 43520 ----a-w- C:\Users\Greg\AppData\Local\Temp\jrt\nfo\nircmdc.exe
2016-04-26 18:42:06 97C8BA65C76630E211AB685A42A27F9F 1610008 ----a-w- C:\Users\Greg\Downloads\JRT.exe
2016-04-26 18:38:47 64458AEFB3418EE74EA69CA3A4E2CFB1 3580480 ----a-w- C:\Users\Greg\Downloads\adwcleaner_5.113.exe
2016-04-24 00:39:16 27C325E1EB78A41E767802D481C46EA0 8892608 ----a-w- C:\Users\heres_yeigb7\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe
2016-04-24 00:39:16 27C325E1EB78A41E767802D481C46EA0 8892608 ----a-w- C:\Users\heres_yeigb7\AppData\Local\Microsoft\OneDrive\17.3.6386.0412_1\OneDriveSetup.exe
2016-04-24 00:39:08 F75A4E3FDA266B6E4A9FC3075AE3D4C2 176840 ----a-w- C:\Users\heres_yeigb7\AppData\Local\Microsoft\OneDrive\17.3.6386.0412_1\FileCoAuth.exe
2016-04-24 00:39:08 AE03FFEAAB0963E119CD7AF8032FB054 493256 ----a-w- C:\Users\heres_yeigb7\AppData\Local\Microsoft\OneDrive\17.3.6386.0412_1\OneDriveStandaloneUpdater.exe
2016-04-24 00:39:08 7AA1222AA05D17D4A727E52786AE7572 178888 ----a-w- C:\Users\heres_yeigb7\AppData\Local\Microsoft\OneDrive\17.3.6386.0412_1\FileSyncConfig.exe
2016-04-21 23:53:14 4CD635310E1594169BF752A1AB1539CC 5252032 ----a-w- C:\Users\Greg\Desktop\Zemana.AntiMalware.Setup.exe
2016-04-21 23:37:57 27C325E1EB78A41E767802D481C46EA0 8892608 ----a-w- C:\Users\heres_yeigb7\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\OneDriveSetup.exe
2016-04-21 23:37:53 F9387D080BF8566354CDB0445AB8F87B 554176 ----a-w- C:\Users\heres_yeigb7\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\OneDrive.exe
2016-04-21 23:37:53 7AA1222AA05D17D4A727E52786AE7572 178888 ----a-w- C:\Users\heres_yeigb7\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileSyncConfig.exe
2016-04-21 23:37:52 F75A4E3FDA266B6E4A9FC3075AE3D4C2 176840 ----a-w- C:\Users\heres_yeigb7\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileCoAuth.exe
2016-04-21 23:37:52 AE03FFEAAB0963E119CD7AF8032FB054 493256 ----a-w- C:\Users\heres_yeigb7\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\OneDriveStandaloneUpdater.exe
2016-04-21 23:28:01 27C325E1EB78A41E767802D481C46EA0 8892608 ----a-w- C:\Users\Greg\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe
2016-04-21 23:28:01 27C325E1EB78A41E767802D481C46EA0 8892608 ----a-w- C:\Users\Greg\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\OneDriveSetup.exe
2016-04-21 23:27:55 F75A4E3FDA266B6E4A9FC3075AE3D4C2 176840 ----a-w- C:\Users\Greg\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileCoAuth.exe
2016-04-21 23:27:55 AE03FFEAAB0963E119CD7AF8032FB054 493256 ----a-w- C:\Users\Greg\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\OneDriveStandaloneUpdater.exe
2016-04-21 23:27:55 7AA1222AA05D17D4A727E52786AE7572 178888 ----a-w- C:\Users\Greg\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileSyncConfig.exe
2016-04-21 23:20:33 F4FF5B6ABB94537232B49ADDB8D87EE1 1581016 ----a-w- C:\Users\Greg\AppData\Local\Google\Chrome\User Data\SwReporter\6.48.4\software_reporter_tool.exe
=== C: other files ==
2016-04-26 18:42:09 D79AAFE5433EF01973FAB73AA8950C55 127371 ----a-w- C:\Users\Greg\AppData\Local\Temp\jrt\get.bat
2016-04-24 00:39:08 8CF4163521FDB8E53482003C7EFA7121 5850 ----a-w- C:\Users\heres_yeigb7\AppData\Local\Microsoft\OneDrive\17.3.6386.0412_1\CollectOneDriveLogs.bat
2016-04-21 23:53:34 97FB225914D1C3F29D38703A22AB494D 202656 ----a-w- C:\Windows\System32\drivers\zamguard64.sys
2016-04-21 23:37:52 8CF4163521FDB8E53482003C7EFA7121 5850 ----a-w- C:\Users\heres_yeigb7\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\CollectOneDriveLogs.bat
2016-04-21 23:27:55 8CF4163521FDB8E53482003C7EFA7121 5850 ----a-w- C:\Users\Greg\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\CollectOneDriveLogs.bat
 
==== Startup Registry Enabled ======================
 
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup"
 
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup"
 
[HKEY_USERS\S-1-5-21-2331855821-715679923-1060298032-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"="C:\Users\Greg\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cisco AnyConnect Secure Mobility Agent for Windows"="C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe -minimized"
"WTClient"="WTClient.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"="C:\Users\Greg\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
 
==== Startup Registry Enabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"RtHDVBg_LENOVO_MICPKEY"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /LENOVO_MICPKEY"
"TabletDriver"="C:\Program Files\TabletDriver\TabletDriver.exe -hide"
 
==== Task Scheduler Jobs ======================
 
C:\WINDOWS\tasks\CreateExplorerShellUnelevatedTask.job --a-------- C:\WINDOWS\explorer.exe [01/29/2016 01:57 AM]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- [Undetermined Task]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- [Undetermined Task]
 
==== Other Scheduled Tasks ======================
 
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse" [C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe]
"C:\WINDOWS\SysNative\tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse" [C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe]
"C:\WINDOWS\SysNative\tasks\McAfeeLogon" [C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exe]
"C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{A4910C18-AEFA-4CBD-82DB-71CE49ACD823}" [C:\Windows\system32\msfeedssync.exe]
"C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{C1F0C2A3-C810-49F5-854D-FFC142A29FDB}" [C:\WINDOWS\system32\msfeedssync.exe]
"C:\WINDOWS\SysNative\tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance" [sc]
"C:\WINDOWS\SysNative\tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_TVSUUpdateTask" [%windir%\System32\reg.exe]
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi" [04/21/2016 07:23 PM]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi" [04/21/2016 07:23 PM]
 
==== Chromium Look ======================
 
Google Chrome Version: 46.0.2490.86
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
fheoggkfdfchfphceeifdbepaooicaho - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx[04/20/2016 12:41 PM]
 
Google Slides - Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Cast - Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd
Google Search - Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
SiteAdvisor - Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho
GoToMeeting Pro Screensharing - Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcgikpombjkodabhbdalkcdhmllafipp
Google Docs Offline - Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
Cisco WebEx Extension - Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma
Chrome Web Store Payments - Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Slides - heres\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - heres\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - heres\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - heres\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - heres\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - heres\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
SiteAdvisor - heres\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho
Google Docs Offline - heres\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
Chrome Web Store Payments - heres\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - heres\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Slides - heres_3xpxvmr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - heres_3xpxvmr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - heres_3xpxvmr\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - heres_3xpxvmr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - heres_3xpxvmr\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - heres_3xpxvmr\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
SiteAdvisor - heres_3xpxvmr\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho
Google Docs Offline - heres_3xpxvmr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
Chrome Web Store Payments - heres_3xpxvmr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - heres_3xpxvmr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Slides - heres_yeigb7\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - heres_yeigb7\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - heres_yeigb7\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - heres_yeigb7\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - heres_yeigb7\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - heres_yeigb7\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
SiteAdvisor - heres_yeigb7\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho
Google Docs Offline - heres_yeigb7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
Chrome Web Store Payments - heres_yeigb7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - heres_yeigb7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
SiteAdvisor - heres_yeigb7\AppData\Local\Malware_Chromium\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho
Chrome Web Store Payments - heres_yeigb7\AppData\Local\Malware_Chromium\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
undetermined - Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\floipahigmmkfhkoapmnijnlnboniglg
 
==== Chromium Fix ======================
 
C:\Users\heres_3xpxvmr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ad.atdmt.com_0.localstorage deleted successfully
C:\Users\heres_3xpxvmr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ad.atdmt.com_0.localstorage-journal deleted successfully
C:\Users\heres_3xpxvmr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ad.doubleclick.net_0.localstorage deleted successfully
C:\Users\heres_3xpxvmr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ad.doubleclick.net_0.localstorage-journal deleted successfully
C:\Users\heres_3xpxvmr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully
C:\Users\heres_3xpxvmr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully
C:\Users\heres\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\heres\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\heres\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
C:\Users\heres\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\heres_3xpxvmr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\heres_3xpxvmr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\heres_3xpxvmr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
C:\Users\heres_3xpxvmr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\heres_yeigb7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\heres_yeigb7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\heres_yeigb7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
C:\Users\heres_yeigb7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\heres_3xpxvmr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_mcskinsearch.com_0.localstorage deleted successfully
C:\Users\heres_3xpxvmr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_mcskinsearch.com_0.localstorage-journal deleted successfully
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
==== All HKLM and HKCU SearchScopes ======================
 
HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
 
==== Empty IE Cache ======================
 
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Greg\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Greg\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Users\heres\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\heres_3xpxvmr\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\heres_3xpxvmr\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Users\heres_yeigb7\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Greg\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Greg\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Users\heres\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\heres_3xpxvmr\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\heres_3xpxvmr\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Users\heres_yeigb7\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
 
==== Empty FireFox Cache ======================
 
No FireFox Profiles found
 
==== Empty Chrome Cache ======================
 
C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\heres\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\heres_3xpxvmr\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\heres_yeigb7\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\heres_yeigb7\AppData\Local\Malware_Chromium\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
No Flash Cache Found
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=48 folders=10 9670051 bytes)
 
==== Empty Temp Folders ======================
 
C:\WINDOWS\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\WINDOWS\Temp successfully emptied
C:\Users\Greg\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== EOF on Tue 04/26/2016 at 15:42:11.02 ======================


#13 gregbsens

gregbsens
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 26 April 2016 - 03:44 PM

I'm working on EmsisoftEmergencyKit.exe now.



#14 gregbsens

gregbsens
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 26 April 2016 - 05:11 PM

results .....

 

 

 

Emsisoft Emergency Kit - Version 11.0
Last update: 4/26/2016 3:48:16 PM
User account: ZION\Greg
 
Scan settings:
 
Scan type: Custom Scan
Objects: Rootkits, Memory, Traces, C:\
 
Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 4/26/2016 3:50:58 PM
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN detected: Setting.NoRun (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN detected: Setting.NoRun (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS detected: Setting.NoFolderOptions (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS detected: Setting.NoFolderOptions (A)
C:\Users\Greg\Seraph\Documents\master\Removable drive\Tech\License\keyfinder.exe detected: Application.Findkeyxp.F (B)
C:\Users\Greg\Seraph\Documents\master\Tech\License\keyfinder.exe detected: Application.Findkeyxp.F (B)
 
Scanned 331100
Found 10
 
Scan end: 4/26/2016 4:32:12 PM
Scan time: 0:41:14
 
C:\Users\Greg\Seraph\Documents\master\Tech\License\keyfinder.exe Application.Findkeyxp.F (B)
C:\Users\Greg\Seraph\Documents\master\Removable drive\Tech\License\keyfinder.exe Application.Findkeyxp.F (B)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS Setting.NoFolderOptions (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN Setting.NoRun (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Setting.DisableRegistryTools (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR Setting.DisableTaskMgr (A)
 
Quarantined 6


#15 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:01 AM

Posted 26 April 2016 - 05:49 PM

C:\Users\Greg\Seraph\Documents\master\Tech\License\keyfinder.exe

You should not use this type softwares. in fact we do not support  when they use this type softwares. Delete all, If you are use another crack and  keygen the softwares.
===============================================================

Is there still the problem us.search ?

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users