Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malwarebytes found Rootkit.fileless.mtgen - Is it removed?


  • Please log in to reply
14 replies to this topic

#1 Jakealope

Jakealope

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:56 AM

Posted 30 May 2016 - 05:13 PM

Malwarebytes found Rootkit.fileless.mtgen today and quarantined it.  I tried to run Microsoft Safety Scanner to and Windows Defender full scan and neither would run.  After searching around I also found and ran Kapersky TDSS killer and it did not find anything.

 

How do I know this malware has been removed from my PC?

 

  



BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,710 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:56 AM

Posted 30 May 2016 - 09:35 PM

Welcome aboard p22002758.gif

 

p22002970.gif Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

p22002970.gif Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


p22002970.gif Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
  • List Restore Points

Click Go and post the result.

p22002970.gif Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:

    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.



If you already have MBAM 2.0 installed:

  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


How to get logs:
(Export log to save as txt)


  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.



(Copy to clipboard for pasting into forum replies or tickets)

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.


p22002970.gifDownload 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit (MBAR) to your desktop.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"


NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.

p22002970.gif Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.


If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

NOTE Do NOT wrap your logs in "quote" or "code" brackets.
Do NOT use spoilers.
Do NOT edit your reply to post additional logs. Create new reply. I'll not get any email notifications about edits so I won't know you posted something new.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 Jakealope

Jakealope
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:56 AM

Posted 31 May 2016 - 08:53 AM

I meant to mention that I am using Windows 10.

 

Below is the Security Check Report:

 

 Results of screen317's Security Check version 1.014 --- 12/23/15  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Computer Security   
Windows Defender    
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Flash Player 21.0.0.242  
 Adobe Reader XI  
 Mozilla Firefox 34.0.5 Firefox out of Date!  
 Google Chrome (50.0.2661.102) 
 Google Chrome (50.0.2661.94) 
 Google Chrome (SetupMetrics.pma..) 
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe 
 Windows Defender MSASCui.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 F-Secure apps ComputerSecurity Anti-Virus\FSGK32.EXE 
 F-Secure apps ComputerSecurity Anti-Virus\fssm32.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe   
 Windows Defender MpCmdRun.exe   
 Windows Defender msascui.exe   
 Symantec Norton Online Backup NOBuAgent.exe  
 Symantec Norton Online Backup NOBuClient.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 
 
Below is the Farbar Report.  Do you also need the additional report and shortcut report?
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:29-05-2016 02
Ran by Patty (administrator) on PATTYSAMSUNG (31-05-2016 08:57:23)
Running from C:\Users\Patty\Downloads
Loaded Profiles: UpdatusUser & Patty (Available Profiles: UpdatusUser & Patty)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fsgk32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fssm32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSHDLL64.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Patty\Downloads\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242712 2015-09-21] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040296 2015-09-17] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-05-11] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2995904 2012-07-10] (Symantec Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-04-22] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [23745808 2016-05-06] (Dropbox, Inc.)
HKLM-x32\...\Run: [F-Secure Hoster (45061)] => C:\Program Files (x86)\F-Secure\fshoster32.exe [187432 2015-07-16] (F-Secure Corporation)
HKLM-x32\...\Run: [F-Secure Manager] => C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE [310312 2015-10-08] (F-Secure Corporation)
HKU\S-1-5-21-4204859643-4009438992-3315869148-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-04-22] (Apple Inc.)
HKU\S-1-5-21-4204859643-4009438992-3315869148-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2016-04-22] (Apple Inc.)
HKU\S-1-5-21-4204859643-4009438992-3315869148-1001\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1084688 2016-04-21] (Apple Inc.)
HKU\S-1-5-21-4204859643-4009438992-3315869148-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-21-4204859643-4009438992-3315869148-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-04-22] (Apple Inc.)
HKU\S-1-5-21-4204859643-4009438992-3315869148-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2016-04-22] (Apple Inc.)
HKU\S-1-5-21-4204859643-4009438992-3315869148-1002\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1084688 2016-04-21] (Apple Inc.)
HKU\S-1-5-21-4204859643-4009438992-3315869148-1002\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2016-04-22] (Apple Inc.)
HKU\S-1-5-21-4204859643-4009438992-3315869148-1002\...\RunOnce: [Uninstall C:\Users\Patty\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Patty\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-06] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2013-03-02]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{66468ef5-92a1-437e-b0ff-288e107324df}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4204859643-4009438992-3315869148-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com
HKU\S-1-5-21-4204859643-4009438992-3315869148-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSERT&Tid=000328B9&OHP=http%3A%2F%2Fgo.microsoft.com%2Ffwlink%2Fp%2F%3FLinkId%3D255141&OSP=http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3D%7BsearchTerms%7D%26rls%3Dcom.microsoft%3A%7Blanguage%7D%3A%7Breferrer%3Asource%3F%7D%26ie%3D%7BinputEncoding%7D%26oe%3D%7BoutputEncoding%7D%26sourceid%3Die7%26rlz%3D1I7MXGA%5FenUS552
HKU\S-1-5-21-4204859643-4009438992-3315869148-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com
SearchScopes: HKLM -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-4204859643-4009438992-3315869148-1001 -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-4204859643-4009438992-3315869148-1001 -> {7B6EFEF5-D5E7-4702-9B31-BBD18869E868} URL = 
SearchScopes: HKU\S-1-5-21-4204859643-4009438992-3315869148-1001 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-4204859643-4009438992-3315869148-1002 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-04-24] (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-08-10] (Qualcomm Atheros Commnucations)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-04-24] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-4204859643-4009438992-3315869148-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-4204859643-4009438992-3315869148-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-24] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-24] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-24] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-24] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Patty\AppData\Roaming\Mozilla\Firefox\Profiles\90r0t9do.default
FF NewTab: hxxp://www.google.com/
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-13] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-13] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-04-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-27] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-04-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4204859643-4009438992-3315869148-1002: vsee.com/VSeeDetection -> C:\Users\Patty\AppData\Roaming\VSeeInstall\npVSeeDetection.dll [2015-08-22] (VSee Lab)
FF Plugin ProgramFiles/Appdata: C:\Users\Patty\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-01-18] (Cisco WebEx LLC)
FF Extension: Lightbeam - C:\Users\Patty\AppData\Roaming\Mozilla\Firefox\Profiles\90r0t9do.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2015-10-07]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=https%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=llya694le36z&ss=1&scc=1&ltmpl=default&ltmplcache=2&from=login","hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll => No File
CHR Profile: C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Adblock Plus) - C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-10]
CHR Extension: (Google Search) - C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (20-20 3D Viewer for Virtual Studio) - C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbhljkhbideandpbhpinhedfgdhkpdc [2014-08-01]
CHR Extension: (Google Docs Offline) - C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Search by F-Secure) - C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkmikccifolokanfakbeadbmgchomeli [2016-02-05]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2015-01-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Gmail) - C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR HKU\S-1-5-21-4204859643-4009438992-3315869148-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gkmikccifolokanfakbeadbmgchomeli] - C:\Program Files (x86)\F-Secure\apps\SafeSearch\Chrome\main.crx [2015-11-04]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2838768 2016-04-03] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-02] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-02] (Dropbox, Inc.)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [11127016 2016-02-12] (DisplayLink Corp.)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-08-26] (Samsung Electronics CO., LTD.)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [131288 2015-09-21] (ELAN Microelectronics Corp.)
R2 fshoster; C:\Program Files (x86)\F-Secure\fshoster32.exe [187432 2015-07-16] (F-Secure Corporation)
U3 FSMA; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE [216104 2015-10-08] (F-Secure Corporation)
R2 FSORSPClient; C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe [60456 2016-01-03] (F-Secure Corporation)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-04-01] (Hewlett-Packard Company)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-11-01] (Intel Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-10] (Symantec Corporation)
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-10] (Atheros) [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00B\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-24] (CyberLink)
R3 DisplayLinkUsbIo_x64; C:\Windows\system32\DRIVERS\DisplayLinkUsbIo_x64_7.9.1488.0.sys [67344 2016-03-09] ()
R3 dlcdcncm; C:\Windows\System32\drivers\dlcdcncm62_x64.sys [91920 2016-02-12] (DisplayLink Corp.)
R3 dlusbaudio; C:\Windows\system32\DRIVERS\dlusbaudio_x64.sys [229648 2016-02-12] (DisplayLink Corp.)
R3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [32328 2015-09-21] (ELAN Microelectronic Corp.)
R3 F-Secure Gatekeeper; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [219128 2016-01-03] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys [106696 2016-04-20] (F-Secure Corporation)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [75448 2016-01-12] ()
R3 fsni; C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\fsni64.sys [110272 2016-05-09] (F-Secure Corporation)
R1 fsvista; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [13352 2015-10-08] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-05-31] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 MFE_RR; C:\Users\Patty\AppData\Local\Temp\mfe_rr.sys [24120 2016-05-30] (McAfee, Inc.)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows ® Win 7 DDK provider)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
S3 RtlWlanu; C:\Windows\System32\drivers\rtwlanu.sys [3764736 2015-10-30] (Realtek Semiconductor Corporation                           )
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-09-03] (Windows ® 2003 DDK 3790 provider)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
 
========================== Drivers MD5 =======================
 
C:\Windows\System32\drivers\1394ohci.sys DF1C3D7E6C7929AD83BE22852B5B08CB
C:\Windows\System32\drivers\3ware.sys 2C5B3035B86770ADD2FE9BFBAF5B35A4
C:\Windows\System32\drivers\ACPI.sys 469441BAE3FF8A16826FC62C51EF5E18
C:\Windows\System32\Drivers\acpiex.sys 7EADED8087C392876521F7EBCE846EF4
C:\Windows\System32\drivers\acpipagr.sys C498887123327CDFD73A05E7A2780920
C:\Windows\System32\drivers\acpipmi.sys C8DBE6EFFCF014CAA010B9BDDAC833EC
C:\Windows\System32\drivers\acpitime.sys 17039DBEB3B7B9ADCDB4B4533AA9771F
C:\Windows\System32\drivers\ADP80XX.SYS F7D0CD345D2DA42E7042ABCD73662403
C:\Windows\system32\drivers\afd.sys 70148EFA9A562E7185B75BBE7D376BF7
C:\Windows\System32\drivers\agp440.sys 870F1A2C936F92B5D053DF7EC75B352F
C:\Windows\System32\DRIVERS\ahcache.sys 3DF7751D5DC6525E7DC6617FBB45054F
C:\Windows\System32\drivers\amdk8.sys B70F0F2F54B4A4DB6E9C830454752F5A
C:\Windows\System32\drivers\amdppm.sys 35E890482C9728DD5C552B85DA8A5AB2
C:\Windows\System32\drivers\amdsata.sys 5B30BCFE6E02E45D3EE268FF001BC5E0
C:\Windows\System32\drivers\amdsbs.sys F20B30F35A5C7888441B4DCA001ECF8E
C:\Windows\System32\drivers\amdxata.sys AFE838D7576C581D6483529621AB10CC
C:\Windows\System32\drivers\appid.sys EDDB0D726DBECDFC1DBCC6DB464E5A13
C:\Windows\System32\drivers\arcsas.sys E3FE8F610B1CC12BC3B2E6BC43DC97E2
C:\Windows\System32\drivers\asyncmac.sys 5E00748A1AD246CAECBBB7553BED36CC
C:\Windows\System32\drivers\atapi.sys 492B99D2E3D5D7BFD5F0AE1BE7BD37DD
C:\Windows\System32\drivers\athw8x.sys 41DFF214D30294F18F64257167F1CCBA
C:\Windows\System32\drivers\bxvbda.sys 6447BA6FA709514B6C803D159B4C7D1E
C:\Windows\System32\drivers\BasicDisplay.sys B4AC08B1D04D0CE085435E5CD0E663C5
C:\Windows\System32\drivers\BasicRender.sys 25B5BB369DEE2BAE4BF459C978FF9035
C:\Windows\System32\drivers\bcmfn.sys 3F5523DCEFE42B385659C5CB46A6B810
C:\Windows\System32\drivers\bcmfn2.sys 0B750A6A6D847E73CA48ADD7A0F5A393
C:\Windows\System32\Drivers\Beep.sys 5A88834AEE15D97695FAE0837B73B3E4
C:\Windows\System32\DRIVERS\bowser.sys DA2C6F7ACE392193C424FEA975C5BFFB
C:\Windows\system32\DRIVERS\btfilter.sys 239A81CC18170F3369D389DA65E74342
C:\Windows\System32\drivers\BthAvrcpTg.sys CAEC7BC11AF69A181AF7932E636E09E4
C:\Windows\System32\drivers\BthEnum.sys A0718F7B48F08347800FB29844A6AF91
C:\Windows\System32\drivers\bthhfenum.sys 5F2B4B32E986C058525D3BA2A475A16C
C:\Windows\System32\drivers\BthHFHid.sys 5406289E8AE2CB52FC408154E0A64BA7
C:\Windows\System32\drivers\BthLEEnum.sys 3B3BF88BB54CB9A18DE1EF07292B5A3D
C:\Windows\System32\drivers\bthmodem.sys A76F20CCCA31895A1DA78A875E50F946
C:\Windows\System32\drivers\bthpan.sys 09C3DB1B137B269A822F941D867A6BB6
C:\Windows\System32\drivers\BTHport.sys A289FE26F5D8B5121D84DDEE6241CC26
C:\Windows\System32\drivers\BTHUSB.sys 281439D412441B2A39B63D20EE3E5D88
C:\Windows\System32\drivers\buttonconverter.sys BF89BDBA5D3A0B4256D3F6FC8D31880D
C:\Windows\System32\drivers\capimg.sys C24C27FDF93B85A4EFCF25F830253AA2
C:\Windows\system32\drivers\NARAx64\0401000.00B\ccSetx64.sys E41F70406C34F1CB667B4B27D81AD162
C:\Windows\System32\DRIVERS\cdfs.sys 7F9C7226D743B232907ED2537B8A574F
C:\Windows\System32\drivers\cdrom.sys 82D97776BF982AA143BDC7DFB5054EA8
C:\Windows\System32\drivers\circlass.sys 0505C1D991D0F9D47F3353BB98597C7E
C:\Windows\System32\drivers\CLFS.sys 8B4B39C507ABA09AAFE8E3932D1B392C
C:\Windows\system32\DRIVERS\CLVirtualDrive.sys 075CCE75090786F124573A788C8656E6
C:\Windows\System32\drivers\CmBatt.sys 95832B049E2833B9F5189823CDF946C7
C:\Windows\System32\Drivers\cng.sys 3B866F8CB10719A5AF9E410B1B149714
C:\Windows\System32\DRIVERS\cnghwassist.sys 58D640BC2294C71BDE0953F12D4B432F
C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys 14F9883588398A1BDE49C75098C75DE6
C:\Windows\System32\drivers\condrv.sys 02B8E49148DE5E0A2F6FDF28CE94A6AC
C:\Windows\System32\drivers\dam.sys 2619DC483579DB9FE804044C1ADFFD1A
C:\Windows\System32\Drivers\dfsc.sys 935823F79CBEDB91637B63D37E3A5A36
C:\Windows\System32\drivers\disk.sys 4904B152E4942BF700F2D73228B4D477
C:\Windows\system32\DRIVERS\DisplayLinkUsbIo_x64_7.9.1488.0.sys C5DB042DD88FDB75599BACBD45F1F30B
C:\Windows\System32\drivers\dlcdcncm62_x64.sys 09F10578A7BE8B214AE7DD29BBFEECA8
C:\Windows\system32\drivers\dlkmd.sys 88593FF23A65E2FADC9F50B84A90DD5E
C:\Windows\System32\drivers\dlkmdldr.sys 8792CC86383EEF55A1C3DA1988BFCABD
C:\Windows\system32\DRIVERS\dlusbaudio_x64.sys A39593F3E88277D50E205AF3AF1BB773
C:\Windows\System32\drivers\dmvsc.sys 0197AE4B9790A4E73751CACFAA480126
C:\Windows\System32\drivers\drmkaud.sys 25FA06D3B49D6ADF8E874FFCDCD76B50
C:\Windows\System32\drivers\dxgkrnl.sys 48D8729FACC784900B831212AE56F824
C:\Windows\System32\drivers\evbda.sys 491275B864B704B54EC08168344E0F38
C:\Windows\System32\drivers\EhStorClass.sys CEF108FCE06892CFA5F1B49527D4BF49
C:\Windows\System32\drivers\EhStorTcgDrv.sys 5B1EAAE3001A7A320C106FC3859F4111
C:\Windows\System32\drivers\errdev.sys 7A2705148A4BB3CA255F81624338B461
C:\Windows\system32\DRIVERS\ETD.sys 77DB2D3FF0D8FDFC46CCCC0999AF35B0
C:\Windows\system32\DRIVERS\ETDSMBus.sys 845DD60FFDA32CB7D29F9E3E8C742017
C:\Windows\System32\Drivers\exfat.sys DFE8A33FBCF6F38182631A4D6097B92D
C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys B356C6CB145949BA45323368AE7AE579
C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys EEB01B86F8973429B9867A4BCF3D35B0
C:\Windows\System32\Drivers\fastfat.sys C330883C06E2D4CE4F6982F048265D37
C:\Windows\System32\drivers\fdc.sys 9D299AE86D671488926126A84DF77BFD
C:\Windows\System32\drivers\filecrypt.sys 8F2523C9D8F1448FF2156452AF60FA00
C:\Windows\System32\drivers\fileinfo.sys 92ECCFA58C8195B8EA33ED942469D4E6
C:\Windows\System32\drivers\filetrace.sys 87C51FDD50C17882BA93E28BBABB9847
C:\Windows\System32\drivers\flpydisk.sys E99261DD76D1C9E05AF575939CAE5AC5
C:\Windows\System32\drivers\fltmgr.sys 25D7A58625E1453E40D36825DE74E4F1
C:\Windows\System32\Drivers\fsbts.sys 2F215CB2FCA090B0910A23D15131D099
C:\Windows\System32\drivers\FsDepends.sys B4175E8BE60B099686FF55CA7D692316
C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\fsni64.sys 6BE9C98DE63CA079754DF672EA879498
C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys 65113947384369B1495312C279D5F8E8
C:\Windows\System32\Drivers\Fs_Rec.sys CC71372CEB811A72F1DC99089C5CBF53
C:\Windows\System32\DRIVERS\fvevol.sys 50DFE05C698E9B0A63D95E3D669A105C
C:\Windows\System32\drivers\gagp30kx.sys B9981A4CB9F728B3312A3885BFAA7204
C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\System32\drivers\vmgencounter.sys 77555B11B264991DDC26872FFCF1AB97
C:\Windows\System32\drivers\genericusbfn.sys F3AC9652D88BF87BA6596CBEA28CE10F
C:\Windows\System32\Drivers\msgpioclx.sys F802FBABF0C4DF1BAA733187B2E476F5
C:\Windows\System32\drivers\gpuenergydrv.sys D011B0ADB15F4815310CE1BF4780B33E
C:\Windows\System32\drivers\HDAudBus.sys 84BC034B6BB763733C1949B7B9BAF976
C:\Windows\System32\drivers\HidBatt.sys 6B8CB114B8E64C0636EB49F7B914D1FC
C:\Windows\System32\drivers\hidbth.sys D1AD197CCDAAC0CB4819DA1D6EB17BAE
C:\Windows\System32\drivers\hidi2c.sys 64909DECCFCC6FB5D9A5BAFDCCB31FEE
C:\Windows\System32\drivers\hidinterrupt.sys F510F7B7BF61DEAAC04E65C3B65E8D59
C:\Windows\System32\drivers\hidir.sys 90F3ED42D423C942BA5EA54E2FFE7AC7
C:\Windows\System32\drivers\hidusb.sys 128DEDDD61915DBA4D451D91D21F0513
C:\Windows\System32\drivers\HpSAMD.sys FF442DCDCE1F6E9FAA9C8AD0CD1D199B
C:\Windows\System32\drivers\HTTP.sys 63C3F74DC398A1C1A77E39DFB9C312CA
C:\Windows\System32\drivers\hwpolicy.sys CBA5E88A0F0475B7F49653BB72150BEF
C:\Windows\System32\drivers\hyperkbd.sys D668FAB4B0397B426EE3D41683B9A1C0
C:\Windows\System32\drivers\i8042prt.sys 53FDD9E69189E546DE4740F8C4D8AB2F
C:\Windows\System32\drivers\iai2c.sys 9A2A2F3C69B9A30B6E78536F6D258BAD
C:\Windows\System32\drivers\iaLPSS2i_I2C.sys 59A20F5AD9F4AE54098154359519408E
C:\Windows\System32\drivers\iaLPSSi_GPIO.sys 16A10CCEDCF5AC4CAAE43DC9FC40392F
C:\Windows\System32\drivers\iaLPSSi_I2C.sys EB82A11613326691508D9ED9A4FE29E7
C:\Windows\System32\drivers\iaStorA.sys 050F2539E14F9D5E90A4B61738EC29BD
C:\Windows\System32\drivers\iaStorAV.sys 6B0029A0253098CCE28EACCFDB9E7208
C:\Windows\System32\drivers\iaStorV.sys 9652E1E35A92D8C75710C17A63B15796
C:\Windows\System32\drivers\ibbus.sys FFADF691F7BF727AF5C863454A372723
C:\Windows\system32\DRIVERS\igdkmd64.sys CEFA6BDB4789F3DA003ACBDCC64F5877
C:\Windows\system32\drivers\intelaud.sys B1F193AB8FB72E9FC34B3A39314ED872
C:\Windows\system32\drivers\RTKVHD64.sys 8DEDB08D32562867A3E83F0184F39ED4
C:\Windows\system32\DRIVERS\IntcDAud.sys 87871AB7AC797F922A6F3D4C874CED96
C:\Windows\System32\drivers\intelide.sys ECDB27420D3A98424666904525A8562A
C:\Windows\System32\drivers\intelpep.sys 8FF1978643EFD219C5BA49690191D701
C:\Windows\System32\drivers\intelppm.sys B61B60F36E1C8022FA8166ABF0F66B07
C:\Windows\System32\drivers\ioqos.sys CA0D42029AFFC4514D295E1EF823D02D
C:\Windows\System32\DRIVERS\ipfltdrv.sys 6E3F9D95235DFC9417384080A216F310
C:\Windows\System32\drivers\IPMIDrv.sys 4F527ECB5EAB47D8EAF34A469666C469
C:\Windows\System32\drivers\ipnat.sys 9E5E8F2A1996F23B7E9687846AA81B01
C:\Windows\System32\drivers\irenum.sys C317EB660138BC9CBFE37CCDE56351AE
C:\Windows\System32\drivers\isapnp.sys 531994A6D9399D9B74BE12B5BB58A81E
C:\Windows\System32\drivers\msiscsi.sys 68D5354A4A9692EEC24664C60F47D4A2
C:\Windows\System32\drivers\iwdbus.sys DD1F43B86AD84E53203F92FD3EF3AEB6
C:\Windows\System32\drivers\kbdclass.sys 701D7DB13B0815E7076EF4CB4CE981F8
C:\Windows\System32\drivers\kbdhid.sys 884EBBDDBF5968003B40185BD96FF0E6
C:\Windows\System32\drivers\kdnic.sys 6B3A0C7902811E6372643447E41F7048
C:\Windows\System32\Drivers\ksecdd.sys 982C795DE20CED7AEDD2E7899B5D9BC1
C:\Windows\System32\Drivers\ksecpkg.sys 7D8B9214692C4D0F1646215D9984E19A
C:\Windows\system32\drivers\ksthunk.sys E9BB0023D730701BB5D9839B44F5E6B5
C:\Windows\System32\drivers\lltdio.sys EC34EED89C34B27C292166B725AC7A7B
C:\Windows\System32\drivers\lsi_sas.sys 961F28D879D345BFA50AF51285C90F2E
C:\Windows\System32\drivers\lsi_sas2i.sys 6BFB8D1B3407518BE06B6F81F92FA0F5
C:\Windows\System32\drivers\lsi_sas3i.sys BE0E47988D78F731DEC2C0CB03E765CB
C:\Windows\System32\drivers\lsi_sss.sys F99BF02BE9219986817BF094981EEB18
C:\Windows\system32\drivers\luafv.sys 2FCF837196082864F66CFD9CAB256275
C:\WINDOWS\system32\drivers\mbam.sys 78BFF5425E044086E74E78650A359FBB
C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys 78488AF2AB2111D67B3C4044707A519B
C:\WINDOWS\system32\drivers\mwac.sys 898415AC0B5F1D2A9A48ABCB68A6DC4B
C:\Windows\System32\drivers\megasas.sys 2ED29B635F35E31A1C0D3DDB7DD2AD03
C:\Windows\System32\drivers\megasr.sys 22E3CB85870879CBAE13C5095A8B12E3
C:\Windows\System32\drivers\HECIx64.sys 772A1DEEDFDBC244183B5C805D1B7D85
C:\Users\Patty\AppData\Local\Temp\mfe_rr.sys 4CF921F589056941055B1AD7016B1C9B
C:\Windows\System32\drivers\mlx4_bus.sys D41920FBFFF2BBCBBC69A5B383AD022E
C:\Windows\system32\drivers\mmcss.sys 64BD0C87064EA20C2D3DC4199F9C239C
C:\Windows\System32\drivers\modem.sys 8D4B46FA84A3A3702EDADD37FAC6EDBA
C:\Windows\System32\drivers\monitor.sys 78FEC1BDB168370F131BFBFEA0A04E9D
C:\Windows\System32\drivers\mouclass.sys D1CC0833CFBC4222A95CAA5D0C8C78FF
C:\Windows\System32\drivers\mouhid.sys C2E05EC6B80BCF5AE362DA873E1BCE64
C:\Windows\System32\drivers\mountmgr.sys D5B7668A8F6C67C51FA5C6C513396D6C
C:\Windows\System32\drivers\mpsdrv.sys 5FBCB85D127BE21E3A9DAF11A13C00EA
C:\Windows\system32\drivers\mrxdav.sys BF6CA7EA5ECD6CF72D3D76652A9B8280
C:\Windows\System32\DRIVERS\mrxsmb.sys 0B3B0C1D86050355676640488FA897D3
C:\Windows\System32\DRIVERS\mrxsmb10.sys 1A490555FD330CA2764D89191177C867
C:\Windows\System32\DRIVERS\mrxsmb20.sys 0F47A6C09F0A7FB5513D322A2B9BE4EC
C:\Windows\System32\drivers\bridge.sys A4411C522D41707D5BCA817A5BB9E30B
C:\Windows\System32\Drivers\Msfs.sys D123343DDB02E372B02BF2C4293F835F
C:\Windows\System32\drivers\msgpiowin32.sys B3358F380BA3F29F56BE0F7734C24D5F
C:\Windows\System32\drivers\mshidkmdf.sys B2044D5D125F249680508EC0B2AAEFAC
C:\Windows\System32\drivers\mshidumdf.sys 36ABE7FC80BED4FE44754AE5CFB51432
C:\Windows\System32\drivers\msisadrv.sys 59307FEAFC9E72EEEC56B7FD7D294F4C
C:\Windows\system32\DRIVERS\MSKSSRV.sys E9457EDFEBC774199F907395C6D09CA2
C:\Windows\System32\drivers\mslldp.sys C85D79735641D27C5821C35ECDDC2334
C:\Windows\system32\DRIVERS\MSPCLOCK.sys EF75184B64356850D0F04D049C253526
C:\Windows\system32\DRIVERS\MSPQM.sys 543933D166C618E7588EA77707EC1683
C:\Windows\System32\Drivers\MsRPC.sys 182711E9DDF70121A20EBB61B2DFB9E8
C:\Windows\System32\drivers\mssmbios.sys E887FFDD6734C496407E9219225CB6FF
C:\Windows\system32\DRIVERS\MSTEE.sys 83A2AB75951000D681FABDB80C07AEFC
C:\Windows\System32\drivers\MTConfig.sys 4FA0483896FC16583851EFB733FCB083
C:\Windows\System32\Drivers\mup.sys 60F88248608315E13391C2F1C3B4473F
C:\Windows\System32\drivers\mvumis.sys 218705233D02776AE4D19CC37D985C1B
C:\Windows\System32\DRIVERS\nwifi.sys AA4CD20708B7E0412A5316D7E2875103
C:\Windows\System32\drivers\ndfltr.sys B57CE307DA101C739885B7CC0678077F
C:\Windows\System32\drivers\ndis.sys E582DA849A58524E645545FB68B6625D
C:\Windows\System32\drivers\ndiscap.sys 202260E7CDD731A32AF62ABD1ABEE008
C:\Windows\System32\drivers\NdisImPlatform.sys A1D473D0CF10561F29B58EA7C5412A92
C:\Windows\System32\DRIVERS\ndistapi.sys 1A0AE283B8DE6BB76412A0F8213D45AC
C:\Windows\System32\drivers\ndisuio.sys A74EE2D2C0BFF5EC3A6185791868C4CA
C:\Windows\System32\drivers\NdisVirtualBus.sys 32A9BD1342640D48AD85C8B3E812B984
C:\Windows\System32\drivers\ndiswan.sys 6A6A8CF5EE61801375A38EBB871D4057
C:\Windows\System32\DRIVERS\ndiswan.sys 6A6A8CF5EE61801375A38EBB871D4057
C:\Windows\System32\DRIVERS\NDProxy.sys 50AEF8EF0064A91ABB08D858D039C9DE
C:\Windows\System32\drivers\Ndu.sys D358DF634F52247CB43F0781218F4D6E
C:\Windows\System32\drivers\netbios.sys 026618ECF6C4BEBDCB7885D42EC0DBE4
C:\Windows\System32\DRIVERS\netbt.sys F51C02D992A8D6BC5EC4D990F227D4C7
C:\Windows\System32\Drivers\Npfs.sys 465DC580170CD844206D7E3EF1DBF2A1
C:\Windows\System32\drivers\npsvctrig.sys 29395C214D2CD4C81F73166AB988A797
C:\Windows\System32\drivers\nsiproxy.sys 2871225495F832A8C8A7DD1A17EDB3DC
C:\Windows\System32\Drivers\NTFS.sys 19BD8A88AAC580592668B070AC0727D9
C:\Windows\System32\Drivers\Null.sys 6DBD703320484C37CEA9E4E2D266A8CE
C:\Windows\System32\drivers\nvraid.sys 604D27CC38CC23493F218D0BB834B3FF
C:\Windows\System32\drivers\nvstor.sys 8B50D897657AB4A15FD9E251BBF7D107
C:\Windows\System32\drivers\nv_agp.sys 31F990B2B6B91E9D7A667405CE12FCB1
C:\Windows\System32\drivers\parport.sys 7D0FC96264C0F8F2C1321E33E8EB646C
C:\Windows\System32\drivers\partmgr.sys 24AC0FD10325FBC2303B29A5F237AEB0
C:\Windows\System32\drivers\pci.sys CFFE69B6C276A3418687109EA8AC9E7D
C:\Windows\System32\drivers\pciide.sys 2B4D98DF0CA57FB9536DBC80D2449D1F
C:\Windows\System32\drivers\pcmcia.sys F4D5793BF2E58AF15C6CF2FEEF9E73EB
C:\Windows\System32\drivers\pcw.sys 22A53744CEEADFFFD33BA010FAD95229
C:\Windows\System32\drivers\pdc.sys 67B9684B8272D5EBD1CCBB1DBD425EC8
C:\Windows\System32\drivers\peauth.sys E2F8376F9731D12A009C522036C6073A
C:\Windows\System32\drivers\percsas2i.sys 1398A85E59698067CBBE1D66A9C13ADF
C:\Windows\System32\drivers\percsas3i.sys 35F7C7AD709D909D618D9EDF987FC3ED
C:\Windows\System32\drivers\raspptp.sys 5BA6B9AD03B81546BA64E488C4EF9D17
C:\Windows\System32\drivers\processr.sys 21AECFF3EB5748CBE12538A2500EFDE5
C:\Windows\System32\drivers\pacer.sys 596FB6C5A72F34B7566930985E543806
C:\Windows\system32\drivers\qwavedrv.sys CFBA9C976CBF6796E5DC39EF59984021
C:\Windows\System32\drivers\RadioHIDMini.sys 194ED3C117525613E701FF257882303E
C:\Windows\System32\DRIVERS\rasacd.sys 7B2AD8C55217B514C14281AB97B4E21D
C:\Windows\System32\drivers\AgileVpn.sys E15A9CE1E2E7D1C8DF97A4FC1FFE6289
C:\Windows\System32\drivers\rasl2tp.sys E3C82823B22463BC38AA4F8ADA852624
C:\Windows\System32\DRIVERS\raspppoe.sys 3369023EB5790A75BA7DABA14B75D922
C:\Windows\System32\drivers\rassstp.sys 1E32A8CD65C4AD0A827CFEB13034DA29
C:\Windows\System32\DRIVERS\rdbss.sys 2B648363E4C5E34B469C58596F377DD9
C:\Windows\System32\drivers\rdpbus.sys D0221C13960E274CC539D72D5A842ED0
C:\Windows\System32\drivers\rdpdr.sys 1DC2CC74B51E4DC4CD5A20C1021E4010
C:\Windows\System32\drivers\rdpvideominiport.sys 177DF954D0DEC0465A380C75F6E7F65F
C:\Windows\System32\drivers\rdyboost.sys 5D1680871054D2B0B8A971BC8AB3B837
C:\Windows\System32\Drivers\ReFSv1.sys 341E6830DA70F65730300DAB4CB0B490
C:\Windows\System32\drivers\rfcomm.sys AEEF76F938188EBF27DF70C1806877F2
C:\Windows\System32\drivers\rspndr.sys 0AC5FCDC29ED97ECDEF1276425EE2059
C:\Windows\System32\drivers\rt640x64.sys FBEFF38DE03450E03E6CD9E8E37A8C74
C:\Windows\System32\drivers\rtwlanu.sys 25EA7F97A5BD5D9079162ECF7294D2CD
C:\windows\SysWOW64\drivers\rtport.sys 4CA0DBA9E224473D664C25E411F5A3BD
C:\Windows\System32\drivers\vms3cap.sys 044890BB0D6CF1E23C1087234D320509
C:\Windows\System32\drivers\sbp2port.sys 530F797129776AA7E81994783A97E2AD
C:\Windows\System32\DRIVERS\scfilter.sys 9B6B1D4DB35A3D9BEAF023BC95E1F49D
C:\Windows\System32\drivers\sdbus.sys B24408471C1BCB17FC44F5B47EA8DEA3
C:\Windows\System32\drivers\sdstor.sys DE6D7DC78D956928F59F7415A0F41E13
C:\Windows\System32\drivers\SerCx.sys 67585C295FF2D221679E376B68893B35
C:\Windows\System32\drivers\SerCx2.sys B8C4852CBCAAC1374C08EC7445443824
C:\Windows\System32\drivers\serenum.sys D3A103944A8FCD78FD48B2B19092790C
C:\Windows\System32\drivers\serial.sys 249A563C48DFD9E42A37587653E003BB
C:\Windows\System32\drivers\sermouse.sys 0F5B43074AE731D2C6F061241C9D84A6
C:\Windows\System32\drivers\sfloppy.sys D9FE59276BD56A9643C32D5FACE2F251
C:\Windows\System32\drivers\SiSRaid2.sys ABBE803FE0BDAE0E5BE74DDEFBE62F23
C:\Windows\System32\drivers\sisraid4.sys 6043DF55CFE3C7ACF477645FA64DEA98
C:\Windows\System32\drivers\spaceport.sys 1A6CB30F0EFC1632E6F1B852CA892583
C:\Windows\System32\drivers\SpbCx.sys E1C158F6C00359278727A2CEE5D2ED71
C:\Windows\System32\DRIVERS\srv.sys ACC1709EC7FE6EB8999DBC91C50C2B34
C:\Windows\System32\DRIVERS\srv2.sys AFBCFC946FAE7483E27BD316D03F94A5
C:\Windows\System32\DRIVERS\srvnet.sys 107C1EBE79710E4A759449BD6604245A
C:\Windows\System32\drivers\stexstor.sys CCDA497C880AD16D87EDFAEFCFB2EDF5
C:\Windows\System32\drivers\storahci.sys BF8EA6FC3358C2F69678E3E94F764F84
C:\Windows\System32\drivers\vmstorfl.sys 32FF460DA8C1F370F5C08B7654899B73
C:\Windows\System32\drivers\stornvme.sys CC21DB3EF619B9480FE31A4EFE92CBEB
C:\Windows\System32\drivers\storqosflt.sys 390B8A75768E2689586539C224520895
C:\Windows\System32\drivers\storufs.sys 770A92D9D3A0BF61C97C3AFCB36847D9
C:\Windows\System32\drivers\storvsc.sys 736A2418E3E7F3DB3CF6EB0A55D1D581
C:\Windows\System32\drivers\swenum.sys BD98B0225BCD49E8A62F4F8EE1D1F613
C:\Windows\System32\drivers\Synth3dVsc.sys CAE4B27B469C583131EA5AAE622F5D76
C:\Windows\System32\drivers\tcpip.sys 083A727D784009F9CCFB120C7841B7AF
C:\Windows\System32\drivers\tcpip.sys 083A727D784009F9CCFB120C7841B7AF
C:\Windows\System32\drivers\tcpipreg.sys 17F37EC9042D84561C550620643D9A85
C:\Windows\system32\DRIVERS\tdx.sys 91D3F2A6253EF83EFBD7903028F58C4D
C:\Windows\System32\drivers\terminpt.sys E730D0EB1B84EBC98423FC8D285EDBC0
C:\Windows\System32\drivers\tpm.sys 169B0A246067457FEF8A18EED7EED9D5
C:\Windows\System32\drivers\truecrypt.sys 370A6907DDF79532A39319492B1FA38A
C:\Windows\System32\drivers\TsUsbFlt.sys 48E828C66AB016E48F2CB4DD585315FD
C:\Windows\System32\drivers\TsUsbGD.sys 267C76EE60736EA5A1811A53FA02AABE
C:\Windows\System32\drivers\tunnel.sys 8CE72F094B822AD5EE9C3A3AFC0C16B6
C:\Windows\System32\drivers\uagp35.sys 42C546414F80BD6C0137FC3A106F8A69
C:\Windows\System32\drivers\uaspstor.sys 1686DBC81748B096232B15F16C302985
C:\Windows\System32\Drivers\UcmCx.sys 82D3B1F4D80057826AA649D78147DE36
C:\Windows\System32\drivers\UcmUcsi.sys 1C95F7CE37D9EFB90EBE987A9712356C
C:\Windows\System32\drivers\ucx01000.sys AED081772091C98173905E2DF28C223B
C:\Windows\System32\drivers\udecx.sys DCA34A111C29E4578DF2B8CEA3C7CDBD
C:\Windows\System32\DRIVERS\udfs.sys 718A956AE00CE086F381044AB66CC29C
C:\Windows\System32\drivers\UEFI.sys BA760F8E66428BA9FF1E8BFBC6248136
C:\Windows\System32\drivers\ufx01000.sys 28B8E1C6CBCF9FFE2FABFF3160C26ADF
C:\Windows\System32\drivers\UfxChipidea.sys 2B1DABA97DDF5365FC66EE7DEDD86A13
C:\Windows\System32\drivers\ufxsynopsys.sys 2A87EA182EA333D79AA0B03833EA67F2
C:\Windows\System32\drivers\uliagpkx.sys 6DE78C04BF32ECA7AF3064F53687C9A5
C:\Windows\System32\drivers\umbus.sys 67D1E0E6E4D5D33AF0AEF0E33B4DA0F4
C:\Windows\System32\drivers\umpass.sys 11680607944A719EF20E0E740785712A
C:\Windows\System32\drivers\urschipidea.sys 2410A0C20D21A25E6C01979FA886BE90
C:\Windows\System32\drivers\urscx01000.sys 6E59CE43B6BA5AA1ADCF36A4DBBB92BB
C:\Windows\System32\drivers\urssynopsys.sys E8A59FA109A22FC07E44BDFCC9727DBD
C:\Windows\System32\Drivers\usbaapl64.sys F957092C63CD71D85903CA0D8370F473
C:\Windows\System32\drivers\usbccgp.sys D8A44550ECE102B6443F5D54DCE7DAB3
C:\Windows\System32\drivers\usbcir.sys 66B3D22DAB5312FF238ABF5C6D9F8FAB
C:\Windows\System32\drivers\usbehci.sys 3E4F20DB902D2E2914F3FF3DB9772200
C:\Windows\System32\drivers\usbhub.sys 41F7F00D76904416EF1F9EFA1A4C37A2
C:\Windows\System32\drivers\UsbHub3.sys E7463CE8579A0418A98BE9BE42C647D7
C:\Windows\System32\drivers\usbohci.sys DAB35CCA86F5FBE77D870A40089BC4A1
C:\Windows\System32\drivers\usbprint.sys 21162F65C7756AAECAEBED9E67D0A5FE
C:\Windows\System32\drivers\usbser.sys 4AAD6547953D373A1EB5B2DF583D868B
C:\Windows\System32\drivers\USBSTOR.SYS 8949F77132A4F8F3BA17C6727099F002
C:\Windows\System32\drivers\usbuhci.sys 8B3E458A8851F9A3B2109B1680EE1159
C:\Windows\System32\Drivers\usbvideo.sys 4B13B61CBB9CC3CB373C60B930D648F5
C:\Windows\System32\drivers\USBXHCI.SYS 9E9D58F5E1702955B2F4D62996F80E8E
C:\Windows\System32\drivers\vdrvroot.sys E1BE37312785A71862516F66B3FD24CE
C:\Windows\System32\drivers\VerifierExt.sys E42C0F2850735FF9D908B9DB581E6314
C:\Windows\System32\drivers\vhdmp.sys EC15FD6A28757793E2DA394CD94ABD52
C:\Windows\System32\drivers\vhf.sys D0C9632C350F46786643A069251BC249
C:\Windows\System32\drivers\vmbus.sys E886CB75DA2B6EB35469EF10135624C7
C:\Windows\System32\drivers\VMBusHID.sys 46D2EC27820EC0F798F85821E53C2942
C:\Windows\System32\drivers\volmgr.sys B9265F47E7A354BAAA0AF5CBA3F8F7CE
C:\Windows\System32\drivers\volmgrx.sys BEE9C8B72AB752B794F69C2B9B3678AA
C:\Windows\System32\drivers\volsnap.sys E1F91A727A04C9F8199D04FF3BBBF63C
C:\Windows\System32\drivers\vpci.sys F7B1B1101271E31F43CC76E890704F51
C:\Windows\System32\drivers\vsmraid.sys D48ED0A08BD2FD25A833E6AC99623091
C:\Windows\System32\drivers\vstxraid.sys 6990D4AFDF545669D4E6C232F26DE1FB
C:\Windows\System32\drivers\vwifibus.sys 1EE11F0508C58EF081F4176E66D6970B
C:\Windows\System32\drivers\vwififlt.sys 938E4EF58E42D252B742B0E243011B90
C:\Windows\System32\drivers\vwifimp.sys 3BE5AAC930447FD18D4A8255A2FEC95C
C:\Windows\System32\drivers\wacompen.sys 00C27B64C758C111E5D78A70DE6CA2B6
C:\Windows\System32\DRIVERS\wanarp.sys 8CB53620B2C2F0641DD7563EA0FDF491
C:\Windows\System32\DRIVERS\wanarp.sys 8CB53620B2C2F0641DD7563EA0FDF491
C:\Windows\System32\drivers\WdBoot.sys 069D3D6E20AD753B34FCE856F0436869
C:\Windows\System32\drivers\Wdf01000.sys 6CC727E94CD84E9720FDCDA8089CABCC
C:\Windows\System32\drivers\WdFilter.sys E3E97151A1D1E87BB2D5371F66C5F169
C:\Windows\System32\DRIVERS\wdiwifi.sys 2BC2E99623119521EEF7910A11D0FDE0
C:\Windows\System32\Drivers\WdNisDrv.sys 07B043160399AF4009054E2EA3464BF4
C:\Windows\System32\drivers\wfplwfs.sys C11272713719922DE5711094333BD166
C:\Windows\System32\drivers\wimmount.sys EF536C54AB9281FDC4E83B07279FCFC4
C:\Windows\System32\drivers\WindowsTrustedRT.sys D8966A76408107224C6013993135DD78
C:\Windows\System32\drivers\WindowsTrustedRTProxy.sys 8B102A7B6CE326FD4208CC7C2D183343
C:\Windows\System32\drivers\winmad.sys 4A53441C1C4D2878BEF27E381138BB2D
C:\Windows\System32\drivers\WinUSB.SYS 260907CE034FE327AC99BDA4153AB22F
C:\Windows\System32\drivers\winverbs.sys 40A3E8D729F458B2C9A8BD9380FF83D5
C:\Windows\System32\drivers\wmiacpi.sys 8F010BF65238F3F822D22BA12831796E
C:\Windows\System32\Drivers\Wof.sys 2A9650FCC696DB28E45EA8B33B99B8E6
C:\Windows\System32\DRIVERS\wpcfltr.sys 22C52D7EE7C7D0E02C8EFD8CAE8E3A71
C:\Windows\System32\drivers\WpdUpFltr.sys 1C08E424CBDD5065BB7266F8C048C1B1
C:\Windows\system32\drivers\ws2ifsl.sys 638B43D39A3D0B47024555CF1095E6F1
C:\Windows\System32\drivers\WSDPrint.sys F517CB0182B1DA5C0E0FC6B548FF60CC
C:\Windows\System32\drivers\WudfPf.sys A928F25CB62232F413EE655352856E10
C:\Windows\System32\drivers\WudfRd.sys A932391623D5CEC4EF4A2A17D3CEBFCD
C:\Windows\system32\DRIVERS\WUDFRd.sys A932391623D5CEC4EF4A2A17D3CEBFCD
C:\Windows\System32\drivers\xboxgip.sys F279536122B83FD0D8E158AA753E1B7C
C:\Windows\System32\drivers\xinputhid.sys DA0807D87A62D076C29C4E30F1E84F46
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Three Months Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-31 08:57 - 2016-05-31 08:58 - 00055871 _____ C:\Users\Patty\Downloads\FRST.txt
2016-05-31 08:56 - 2016-05-31 08:57 - 00000000 ____D C:\FRST
2016-05-31 08:55 - 2016-05-31 08:55 - 02383872 _____ (Farbar) C:\Users\Patty\Downloads\FRST64.exe
2016-05-31 08:35 - 2016-05-31 08:36 - 00852798 _____ C:\Users\Patty\Downloads\SecurityCheck.exe
2016-05-31 08:21 - 2016-05-31 08:21 - 00000000 ___HD C:\OneDriveTemp
2016-05-30 20:33 - 2016-05-30 22:06 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-05-30 20:10 - 2016-05-30 20:10 - 00000000 ____D C:\Users\Patty\Downloads\mbar-1.09.3.1001
2016-05-30 19:55 - 2016-05-30 20:07 - 19044562 _____ C:\Users\Patty\Downloads\mbar-1.09.3.1001.zip
2016-05-30 17:48 - 2016-05-30 17:52 - 12406026 _____ C:\Users\Patty\Downloads\KVRT.exe
2016-05-30 17:39 - 2016-05-30 17:41 - 00282684 _____ C:\TDSSKiller.3.1.0.9_30.05.2016_17.39.28_log.txt
2016-05-30 17:38 - 2016-05-30 17:39 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Patty\Downloads\tdsskiller (1).exe
2016-05-30 12:06 - 2016-05-30 12:14 - 46137344 _____ C:\Users\Patty\Downloads\msert (7).exe
2016-05-30 12:01 - 2016-05-30 12:03 - 06291456 _____ C:\Users\Patty\Downloads\msert (6).exe
2016-05-30 11:57 - 2016-05-30 11:59 - 06291456 _____ C:\Users\Patty\Downloads\msert (5).exe
2016-05-29 16:14 - 2016-05-29 16:14 - 00015485 _____ C:\Users\Patty\Downloads\SchedulerExcelExport (100).xls
2016-05-29 16:12 - 2016-05-29 16:12 - 00022194 _____ C:\Users\Patty\Downloads\SchedulerExcelExport (99).xls
2016-05-28 13:47 - 2016-05-28 13:47 - 00004753 _____ C:\Users\Patty\Downloads\ChampSchedulerExcelExport (12).xls
2016-05-28 13:40 - 2016-05-28 13:40 - 00004737 _____ C:\Users\Patty\Downloads\ChampSchedulerExcelExport (11).xls
2016-05-28 13:33 - 2016-05-28 13:33 - 00004693 _____ C:\Users\Patty\Downloads\ChampSchedulerExcelExport (10).xls
2016-05-28 13:22 - 2016-05-28 13:22 - 00006166 _____ C:\Users\Patty\Downloads\ChampSchedulerExcelExport (9).xls
2016-05-26 15:02 - 2016-05-26 15:02 - 00000000 ____D C:\ProgramData\Citrix
2016-05-26 14:54 - 2016-05-26 14:54 - 00000000 ____D C:\Program Files (x86)\Citrix
2016-05-26 14:53 - 2016-05-26 14:53 - 00000000 ____D C:\Users\Patty\AppData\Local\Citrix
2016-05-25 12:37 - 2016-05-25 12:37 - 00009805 _____ C:\Users\Patty\Downloads\ACAC Home Matches - Adult 40 & Over Weekend.xlsx
2016-05-25 12:37 - 2016-05-25 12:37 - 00009805 _____ C:\Users\Patty\Downloads\ACAC Home Matches - Adult 40 & Over Weekend (1).xlsx
2016-05-24 09:54 - 2016-05-24 09:54 - 00065405 _____ C:\Users\Patty\Downloads\SchedulerExcelExport (98).xls
2016-05-23 13:23 - 2016-05-23 13:23 - 00539788 _____ C:\Users\Patty\Downloads\Roll with Cole revised (1).pdf
2016-05-23 12:24 - 2016-05-23 12:24 - 00018827 _____ C:\Users\Patty\Downloads\-temp-team (30).csv
2016-05-23 12:11 - 2016-05-23 12:11 - 00031423 _____ C:\Users\Patty\Downloads\-temp-team (29).csv
2016-05-23 12:11 - 2016-05-23 12:11 - 00031423 _____ C:\Users\Patty\Downloads\-temp-team (28).csv
2016-05-23 11:49 - 2016-05-23 11:49 - 00032571 _____ C:\Users\Patty\Downloads\-temp-team (27).csv
2016-05-22 11:26 - 2016-05-22 11:26 - 00011646 _____ C:\Users\Patty\Downloads\USTA 55 & Over New Flight Scheduler.xlsx
2016-05-21 14:27 - 2016-05-21 14:27 - 00038767 _____ C:\Users\Patty\Downloads\SchedulerExcelExport (97).xls
2016-05-21 14:03 - 2016-05-21 14:03 - 00038758 _____ C:\Users\Patty\Downloads\SchedulerExcelExport (96).xls
2016-05-20 20:06 - 2016-05-20 20:06 - 00038912 _____ C:\Users\Patty\Downloads\Mixed 40&Over - all levels.xls
2016-05-20 20:03 - 2016-05-20 20:03 - 00539788 _____ C:\Users\Patty\Downloads\Roll with Cole revised.pdf
2016-05-20 09:13 - 2016-05-20 09:13 - 00001822 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-05-20 09:13 - 2016-05-20 09:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-05-20 09:11 - 2016-05-20 09:11 - 00000000 ____D C:\Program Files\iPod
2016-05-20 09:11 - 2016-05-20 09:11 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-05-20 09:10 - 2016-05-20 09:13 - 00000000 ____D C:\Program Files\iTunes
2016-05-18 11:05 - 2016-05-18 11:05 - 00063981 _____ C:\Users\Patty\Downloads\SchedulerExcelExport (95).xls
2016-05-18 10:27 - 2016-05-18 10:27 - 00064922 _____ C:\Users\Patty\Downloads\SchedulerExcelExport (94).xls
2016-05-16 11:49 - 2016-05-16 11:49 - 00231397 _____ C:\Users\Patty\Downloads\Va Regional Advancement 2016.pdf
2016-05-16 10:27 - 2016-05-16 10:27 - 00909165 _____ C:\Users\Patty\Downloads\ShowBillImage (6).pdf
2016-05-16 10:27 - 2016-05-16 10:27 - 00908955 _____ C:\Users\Patty\Downloads\ShowBillImage (5).pdf
2016-05-16 10:26 - 2016-05-16 10:26 - 00909222 _____ C:\Users\Patty\Downloads\ShowBillImage (4).pdf
2016-05-16 10:25 - 2016-05-16 10:25 - 00909811 _____ C:\Users\Patty\Downloads\ShowBillImage (3).pdf
2016-05-16 10:25 - 2016-05-16 10:25 - 00909241 _____ C:\Users\Patty\Downloads\ShowBillImage (2).pdf
2016-05-16 10:24 - 2016-05-16 10:24 - 00910228 _____ C:\Users\Patty\Downloads\ShowBillImage (1).pdf
2016-05-16 09:55 - 2016-05-16 09:55 - 00013582 _____ C:\Users\Patty\Downloads\Transactions_Download (8).csv
2016-05-15 12:04 - 2016-04-23 00:31 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-05-15 12:04 - 2016-04-23 00:30 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-05-15 12:04 - 2016-04-23 00:28 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-05-15 12:04 - 2016-04-23 00:26 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-05-15 12:04 - 2016-04-23 00:25 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-05-15 12:04 - 2016-04-23 00:22 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-05-15 12:04 - 2016-04-23 00:20 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-05-15 12:04 - 2016-04-23 00:19 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-05-15 12:04 - 2016-04-23 00:19 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-05-15 12:04 - 2016-04-23 00:19 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-05-15 12:04 - 2016-04-23 00:19 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-05-15 12:04 - 2016-04-23 00:18 - 24604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-05-15 12:04 - 2016-04-23 00:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-05-15 12:04 - 2016-04-23 00:18 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-05-15 12:04 - 2016-04-23 00:18 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-05-15 12:04 - 2016-04-23 00:16 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-05-15 12:04 - 2016-04-23 00:15 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-05-15 12:04 - 2016-04-23 00:15 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-05-15 12:04 - 2016-04-23 00:14 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-05-15 12:04 - 2016-04-23 00:13 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-05-15 12:04 - 2016-04-23 00:13 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-05-15 12:04 - 2016-04-23 00:07 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-05-15 12:03 - 2016-04-30 02:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-05-15 12:03 - 2016-04-30 02:31 - 03591168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-05-15 12:03 - 2016-04-23 02:12 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-05-15 12:03 - 2016-04-23 02:12 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-05-15 12:03 - 2016-04-23 02:12 - 00713920 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-05-15 12:03 - 2016-04-23 02:12 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-05-15 12:03 - 2016-04-23 02:12 - 00294592 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-05-15 12:03 - 2016-04-23 02:12 - 00190144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-05-15 12:03 - 2016-04-23 02:12 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-05-15 12:03 - 2016-04-23 01:28 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-05-15 12:03 - 2016-04-23 01:28 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-05-15 12:03 - 2016-04-23 01:24 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-05-15 12:03 - 2016-04-23 01:24 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-05-15 12:03 - 2016-04-23 01:24 - 01819208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-05-15 12:03 - 2016-04-23 01:24 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-05-15 12:03 - 2016-04-23 01:12 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-05-15 12:03 - 2016-04-23 01:12 - 00451928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-05-15 12:03 - 2016-04-23 01:12 - 00413536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-05-15 12:03 - 2016-04-23 01:11 - 01092464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-05-15 12:03 - 2016-04-23 01:11 - 00498960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-05-15 12:03 - 2016-04-23 01:10 - 03673424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-05-15 12:03 - 2016-04-23 01:10 - 02919832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-05-15 12:03 - 2016-04-23 01:09 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-05-15 12:03 - 2016-04-23 01:09 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-05-15 12:03 - 2016-04-23 01:09 - 05240960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-05-15 12:03 - 2016-04-23 01:09 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-05-15 12:03 - 2016-04-23 01:09 - 00569744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2016-05-15 12:03 - 2016-04-23 01:09 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-05-15 12:03 - 2016-04-23 01:09 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-05-15 12:03 - 2016-04-23 01:08 - 06605504 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-05-15 12:03 - 2016-04-23 01:08 - 04515256 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-05-15 12:03 - 2016-04-23 01:08 - 00725776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2016-05-15 12:03 - 2016-04-23 01:07 - 01848072 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-05-15 12:03 - 2016-04-23 01:07 - 01536088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-05-15 12:03 - 2016-04-23 01:02 - 00188256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-05-15 12:03 - 2016-04-23 01:01 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-05-15 12:03 - 2016-04-23 01:01 - 00650304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-05-15 12:03 - 2016-04-23 01:01 - 00577368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-05-15 12:03 - 2016-04-23 01:01 - 00522176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-05-15 12:03 - 2016-04-23 01:01 - 00217440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-05-15 12:03 - 2016-04-23 01:00 - 01776768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-05-15 12:03 - 2016-04-23 01:00 - 01594920 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-05-15 12:03 - 2016-04-23 01:00 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-05-15 12:03 - 2016-04-23 01:00 - 01372304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-05-15 12:03 - 2016-04-23 00:56 - 00534872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-05-15 12:03 - 2016-04-23 00:39 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-05-15 12:03 - 2016-04-23 00:32 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-05-15 12:03 - 2016-04-23 00:31 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-05-15 12:03 - 2016-04-23 00:30 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-05-15 12:03 - 2016-04-23 00:29 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-05-15 12:03 - 2016-04-23 00:26 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-05-15 12:03 - 2016-04-23 00:25 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2016-05-15 12:03 - 2016-04-23 00:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-05-15 12:03 - 2016-04-23 00:24 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-05-15 12:03 - 2016-04-23 00:24 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-05-15 12:03 - 2016-04-23 00:23 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-05-15 12:03 - 2016-04-23 00:22 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-05-15 12:03 - 2016-04-23 00:21 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-05-15 12:03 - 2016-04-23 00:21 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-05-15 12:03 - 2016-04-23 00:20 - 18676224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-05-15 12:03 - 2016-04-23 00:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-05-15 12:03 - 2016-04-23 00:20 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-05-15 12:03 - 2016-04-23 00:20 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-05-15 12:03 - 2016-04-23 00:20 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-05-15 12:03 - 2016-04-23 00:20 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-05-15 12:03 - 2016-04-23 00:19 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-05-15 12:03 - 2016-04-23 00:18 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-05-15 12:03 - 2016-04-23 00:18 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-05-15 12:03 - 2016-04-23 00:18 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-05-15 12:03 - 2016-04-23 00:18 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-05-15 12:03 - 2016-04-23 00:18 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-05-15 12:03 - 2016-04-23 00:18 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-05-15 12:03 - 2016-04-23 00:17 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-05-15 12:03 - 2016-04-23 00:17 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-05-15 12:03 - 2016-04-23 00:17 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-05-15 12:03 - 2016-04-23 00:16 - 01319424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-05-15 12:03 - 2016-04-23 00:16 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-05-15 12:03 - 2016-04-23 00:15 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-05-15 12:03 - 2016-04-23 00:15 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-05-15 12:03 - 2016-04-23 00:15 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-05-15 12:03 - 2016-04-23 00:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-05-15 12:03 - 2016-04-23 00:14 - 13383168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-05-15 12:03 - 2016-04-23 00:14 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-05-15 12:03 - 2016-04-23 00:14 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-05-15 12:03 - 2016-04-23 00:14 - 00647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-05-15 12:03 - 2016-04-23 00:14 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-05-15 12:03 - 2016-04-23 00:14 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-05-15 12:03 - 2016-04-23 00:13 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-05-15 12:03 - 2016-04-23 00:13 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-05-15 12:03 - 2016-04-23 00:13 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-05-15 12:03 - 2016-04-23 00:10 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-05-15 12:03 - 2016-04-23 00:10 - 00639488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-05-15 12:03 - 2016-04-23 00:09 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-05-15 12:03 - 2016-04-23 00:09 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-05-15 12:03 - 2016-04-23 00:08 - 05324288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-05-15 12:03 - 2016-04-23 00:08 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-05-15 12:03 - 2016-04-23 00:07 - 02598912 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-05-15 12:03 - 2016-04-23 00:07 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-05-15 12:03 - 2016-04-23 00:06 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-05-15 12:03 - 2016-04-23 00:05 - 05502976 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-05-15 12:03 - 2016-04-23 00:05 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-05-15 12:03 - 2016-04-23 00:05 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-05-15 12:03 - 2016-04-23 00:05 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-05-15 12:03 - 2016-04-23 00:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-05-15 12:03 - 2016-04-23 00:05 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-05-15 12:03 - 2016-04-23 00:04 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-05-15 12:03 - 2016-04-23 00:04 - 01731072 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-05-15 12:03 - 2016-04-23 00:03 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-05-15 12:03 - 2016-04-23 00:03 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-05-15 12:03 - 2016-04-23 00:03 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-05-15 12:03 - 2016-04-23 00:03 - 02000896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-05-15 12:03 - 2016-04-23 00:03 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-05-15 12:03 - 2016-04-23 00:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-05-15 12:03 - 2016-04-23 00:02 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-05-15 12:03 - 2016-04-23 00:02 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-05-15 12:03 - 2016-04-23 00:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-05-15 12:03 - 2016-04-23 00:00 - 00984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-05-15 12:03 - 2016-04-22 22:10 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-05-15 12:02 - 2016-05-06 00:53 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdport.sys
2016-05-15 12:02 - 2016-05-06 00:05 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-05-15 12:02 - 2016-05-06 00:03 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-05-15 12:02 - 2016-05-05 23:53 - 00351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-05-15 12:02 - 2016-05-05 23:49 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2016-05-15 12:02 - 2016-05-05 23:44 - 00582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-05-15 12:02 - 2016-05-05 23:43 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-05-15 12:02 - 2016-05-05 23:23 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-05-15 12:02 - 2016-04-23 02:12 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-05-15 12:02 - 2016-04-23 01:26 - 00707608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-05-15 12:02 - 2016-04-23 01:24 - 00638816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-05-15 12:02 - 2016-04-23 01:24 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-05-15 12:02 - 2016-04-23 01:24 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-05-15 12:02 - 2016-04-23 01:22 - 01161120 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-05-15 12:02 - 2016-04-23 01:18 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-05-15 12:02 - 2016-04-23 01:13 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-05-15 12:02 - 2016-04-23 01:13 - 00306832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2016-05-15 12:02 - 2016-04-23 01:13 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-05-15 12:02 - 2016-04-23 01:11 - 00696672 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-05-15 12:02 - 2016-04-23 01:11 - 00390496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-05-15 12:02 - 2016-04-23 01:11 - 00131424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufxsynopsys.sys
2016-05-15 12:02 - 2016-04-23 01:11 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-05-15 12:02 - 2016-04-23 01:10 - 00330072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-05-15 12:02 - 2016-04-23 01:09 - 00565600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-05-15 12:02 - 2016-04-23 01:09 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-05-15 12:02 - 2016-04-23 01:07 - 00204048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2016-05-15 12:02 - 2016-04-23 01:07 - 00183904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2016-05-15 12:02 - 2016-04-23 01:06 - 00291360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2016-05-15 12:02 - 2016-04-23 01:01 - 00619296 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-05-15 12:02 - 2016-04-23 01:01 - 00513368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-05-15 12:02 - 2016-04-23 01:01 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-05-15 12:02 - 2016-04-23 01:00 - 01522152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-05-15 12:02 - 2016-04-23 01:00 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-05-15 12:02 - 2016-04-23 01:00 - 00550656 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2016-05-15 12:02 - 2016-04-23 01:00 - 00453472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2016-05-15 12:02 - 2016-04-23 01:00 - 00058208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwminit.dll
2016-05-15 12:02 - 2016-04-23 00:35 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-05-15 12:02 - 2016-04-23 00:34 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-05-15 12:02 - 2016-04-23 00:34 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2016-05-15 12:02 - 2016-04-23 00:34 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-05-15 12:02 - 2016-04-23 00:33 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-05-15 12:02 - 2016-04-23 00:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-05-15 12:02 - 2016-04-23 00:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2016-05-15 12:02 - 2016-04-23 00:33 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe
2016-05-15 12:02 - 2016-04-23 00:32 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2016-05-15 12:02 - 2016-04-23 00:32 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-05-15 12:02 - 2016-04-23 00:30 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-05-15 12:02 - 2016-04-23 00:30 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-05-15 12:02 - 2016-04-23 00:29 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2016-05-15 12:02 - 2016-04-23 00:29 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-05-15 12:02 - 2016-04-23 00:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\filecrypt.sys
2016-05-15 12:02 - 2016-04-23 00:29 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-05-15 12:02 - 2016-04-23 00:29 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2016-05-15 12:02 - 2016-04-23 00:29 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe
2016-05-15 12:02 - 2016-04-23 00:29 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2016-05-15 12:02 - 2016-04-23 00:28 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2016-05-15 12:02 - 2016-04-23 00:28 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-05-15 12:02 - 2016-04-23 00:28 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-05-15 12:02 - 2016-04-23 00:28 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-05-15 12:02 - 2016-04-23 00:28 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-05-15 12:02 - 2016-04-23 00:27 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-05-15 12:02 - 2016-04-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2016-05-15 12:02 - 2016-04-23 00:26 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2016-05-15 12:02 - 2016-04-23 00:25 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-05-15 12:02 - 2016-04-23 00:25 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-05-15 12:02 - 2016-04-23 00:25 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-05-15 12:02 - 2016-04-23 00:24 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-05-15 12:02 - 2016-04-23 00:24 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2016-05-15 12:02 - 2016-04-23 00:24 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2016-05-15 12:02 - 2016-04-23 00:24 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-05-15 12:02 - 2016-04-23 00:23 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-05-15 12:02 - 2016-04-23 00:23 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-05-15 12:02 - 2016-04-23 00:23 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2016-05-15 12:02 - 2016-04-23 00:23 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-05-15 12:02 - 2016-04-23 00:22 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-05-15 12:02 - 2016-04-23 00:20 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2016-05-15 12:02 - 2016-04-23 00:19 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlansec.dll
2016-05-15 12:02 - 2016-04-23 00:19 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2016-05-15 12:02 - 2016-04-23 00:18 - 00988672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-05-15 12:02 - 2016-04-23 00:18 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-05-15 12:02 - 2016-04-23 00:18 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-05-15 12:02 - 2016-04-23 00:18 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-05-15 12:02 - 2016-04-23 00:18 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-05-15 12:02 - 2016-04-23 00:17 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2016-05-15 12:02 - 2016-04-23 00:15 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-05-15 12:02 - 2016-04-23 00:14 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-05-15 12:02 - 2016-04-23 00:12 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-05-15 12:02 - 2016-04-23 00:07 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-05-15 12:02 - 2016-04-23 00:05 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-05-15 12:02 - 2016-04-23 00:05 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-05-15 12:02 - 2016-04-23 00:03 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-05-15 12:02 - 2016-04-23 00:01 - 04775424 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-05-15 12:02 - 2016-04-22 23:45 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-05-15 12:02 - 2016-04-22 22:10 - 00002186 _____ C:\WINDOWS\system32\AppxProvisioning.xml
2016-05-15 12:02 - 2016-04-18 18:30 - 00002186 _____ C:\WINDOWS\SysWOW64\AppxProvisioning.xml
2016-05-14 16:02 - 2016-05-14 16:02 - 00213566 _____ C:\Users\Patty\Downloads\line up 51416.pdf
2016-05-14 16:02 - 2016-05-14 16:02 - 00213566 _____ C:\Users\Patty\Downloads\line up 51416 (1).pdf
2016-05-13 13:45 - 2016-05-13 13:45 - 05995712 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2016-05-12 16:39 - 2016-05-12 16:39 - 00002012 _____ C:\Users\Patty\Downloads\calendar.ics
2016-05-12 13:40 - 2016-05-12 13:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-05-12 09:21 - 2016-05-12 09:21 - 00142437 _____ C:\Users\Patty\Downloads\AutoIDCards (1).pdf
2016-05-11 15:36 - 2016-05-11 15:36 - 00304535 _____ C:\Users\Patty\Downloads\Playoff and Consolation Playoff Matches - Adult 18  Over Weeknight Men.pdf
2016-05-11 15:20 - 2016-05-11 15:20 - 00304535 _____ C:\Users\Patty\Downloads\Playoff and Consolation Playoff Matches - Adult 18  Over Weeknight Men - DRAFT (1).pdf
2016-05-11 15:19 - 2016-05-11 15:20 - 00016852 _____ C:\Users\Patty\Downloads\Playoff - Weeknight 4.0 Men.xlsx
2016-05-11 11:18 - 2016-05-11 11:19 - 00004382 _____ C:\Users\Patty\Downloads\noname (15).eml
2016-05-10 14:59 - 2016-05-10 14:59 - 00304535 _____ C:\Users\Patty\Downloads\Playoff and Consolation Playoff Matches - Adult 18  Over Weeknight Men - DRAFT.pdf
2016-05-07 10:41 - 2016-05-07 10:41 - 00024186 _____ C:\Users\Patty\Downloads\-temp-team (25).csv
2016-05-07 10:41 - 2016-05-07 10:41 - 00016368 _____ C:\Users\Patty\Downloads\-temp-team (26).csv
2016-05-07 10:39 - 2016-05-07 10:39 - 00045552 _____ C:\Users\Patty\Downloads\-temp-team (24).csv
2016-05-07 10:38 - 2016-05-07 10:38 - 00027949 _____ C:\Users\Patty\Downloads\-temp-team (23).csv
2016-05-07 10:35 - 2016-05-07 10:35 - 00045552 _____ C:\Users\Patty\Downloads\-temp-team (22).csv
2016-05-06 10:00 - 2016-05-06 10:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2016-05-04 21:24 - 2016-05-04 21:24 - 00087849 _____ C:\Users\Patty\Downloads\document-0 (23).pdf
2016-05-04 12:10 - 2016-05-04 12:10 - 00196634 _____ C:\Users\Patty\Downloads\noname (14).eml
2016-05-04 09:33 - 2016-05-04 09:33 - 00171811 _____ C:\Users\Patty\Downloads\TakataPriorityGroups.pdf
2016-05-03 08:55 - 2016-05-03 08:55 - 00037524 _____ C:\Users\Patty\Downloads\CaptainEmailAddressReport (3).xls
2016-05-02 19:23 - 2016-05-02 19:23 - 00346072 _____ C:\Users\Patty\Downloads\Greater Richmond Tennis Leagues - April 2016.pdf
2016-05-02 19:14 - 2016-05-02 19:14 - 00012237 _____ C:\Users\Patty\Downloads\April Refunds - Patty and Stone Smith.xlsx
2016-05-01 20:22 - 2016-03-29 03:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-05-01 20:22 - 2016-03-29 03:19 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-05-01 20:22 - 2016-03-29 03:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-05-01 20:22 - 2016-03-29 03:02 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-05-01 20:22 - 2016-03-29 02:02 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-05-01 20:21 - 2016-04-01 23:19 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-05-01 20:21 - 2016-04-01 23:14 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-05-01 20:21 - 2016-04-01 23:07 - 03575296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-05-01 20:21 - 2016-03-29 06:20 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-05-01 20:21 - 2016-03-29 06:20 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-05-01 20:21 - 2016-03-29 06:20 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-05-01 20:21 - 2016-03-29 06:18 - 02152280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-05-01 20:21 - 2016-03-29 05:56 - 01297752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-05-01 20:21 - 2016-03-29 05:37 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-05-01 20:21 - 2016-03-29 05:13 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-05-01 20:21 - 2016-03-29 05:11 - 00605440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-05-01 20:21 - 2016-03-29 04:41 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-05-01 20:21 - 2016-03-29 04:06 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-05-01 20:21 - 2016-03-29 04:02 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-05-01 20:21 - 2016-03-29 04:01 - 00541304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-05-01 20:21 - 2016-03-29 03:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-05-01 20:21 - 2016-03-29 03:46 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-05-01 20:21 - 2016-03-29 03:36 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-05-01 20:21 - 2016-03-29 03:34 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-05-01 20:21 - 2016-03-29 03:20 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-05-01 20:21 - 2016-03-29 03:15 - 01714688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-05-01 20:21 - 2016-03-29 03:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-05-01 20:21 - 2016-03-29 03:14 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-05-01 20:21 - 2016-03-29 03:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-05-01 20:21 - 2016-03-29 03:12 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-05-01 20:21 - 2016-03-29 03:05 - 01395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-05-01 20:21 - 2016-03-29 03:02 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-05-01 20:21 - 2016-03-29 03:02 - 01211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-05-01 20:21 - 2016-03-29 03:00 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-05-01 20:21 - 2016-03-29 02:37 - 01444352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-05-01 20:21 - 2016-03-29 02:37 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-05-01 20:21 - 2016-03-29 02:36 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-05-01 20:21 - 2016-03-29 02:32 - 01098240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-05-01 20:21 - 2016-03-29 02:30 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-05-01 20:21 - 2016-03-29 02:28 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-05-01 20:21 - 2016-03-29 02:27 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-05-01 20:21 - 2016-03-29 02:26 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-05-01 20:21 - 2016-03-29 02:19 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-05-01 20:21 - 2016-03-29 02:05 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-05-01 20:21 - 2016-03-29 01:58 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-05-01 20:21 - 2016-03-29 01:45 - 03078144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-05-01 20:21 - 2016-03-29 01:43 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-05-01 20:21 - 2016-03-29 01:38 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-05-01 20:21 - 2016-03-29 01:36 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-05-01 20:21 - 2016-03-29 01:26 - 00958976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-05-01 20:20 - 2016-04-02 00:13 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-05-01 20:20 - 2016-04-02 00:10 - 00770640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2016-05-01 20:20 - 2016-04-02 00:10 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-05-01 20:20 - 2016-04-02 00:10 - 00374008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-05-01 20:20 - 2016-04-01 23:25 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2016-05-01 20:20 - 2016-04-01 23:25 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2016-05-01 20:20 - 2016-03-29 06:23 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-05-01 20:20 - 2016-03-29 06:22 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-05-01 20:20 - 2016-03-29 06:22 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-05-01 20:20 - 2016-03-29 06:15 - 00100232 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2016-05-01 20:20 - 2016-03-29 06:11 - 00686976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-05-01 20:20 - 2016-03-29 06:05 - 01152864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-05-01 20:20 - 2016-03-29 06:02 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-05-01 20:20 - 2016-03-29 06:02 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-05-01 20:20 - 2016-03-29 05:28 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-05-01 20:20 - 2016-03-29 05:25 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-05-01 20:20 - 2016-03-29 05:25 - 00058400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-05-01 20:20 - 2016-03-29 05:19 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-05-01 20:20 - 2016-03-29 05:18 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-05-01 20:20 - 2016-03-29 05:11 - 00074424 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2016-05-01 20:20 - 2016-03-29 05:10 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
2016-05-01 20:20 - 2016-03-29 05:09 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
2016-05-01 20:20 - 2016-03-29 05:08 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-05-01 20:20 - 2016-03-29 05:08 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2016-05-01 20:20 - 2016-03-29 05:07 - 00081144 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
2016-05-01 20:20 - 2016-03-29 04:41 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-05-01 20:20 - 2016-03-29 04:26 - 02403680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-05-01 20:20 - 2016-03-29 04:26 - 01089888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-05-01 20:20 - 2016-03-29 04:26 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll
2016-05-01 20:20 - 2016-03-29 04:25 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll
2016-05-01 20:20 - 2016-03-29 04:24 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-05-01 20:20 - 2016-03-29 04:23 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll
2016-05-01 20:20 - 2016-03-29 04:21 - 00378208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2016-05-01 20:20 - 2016-03-29 04:16 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-05-01 20:20 - 2016-03-29 04:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2016-05-01 20:20 - 2016-03-29 04:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2016-05-01 20:20 - 2016-03-29 04:07 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2016-05-01 20:20 - 2016-03-29 04:07 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll
2016-05-01 20:20 - 2016-03-29 04:06 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacchooks.dll
2016-05-01 20:20 - 2016-03-29 04:00 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-05-01 20:20 - 2016-03-29 04:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2016-05-01 20:20 - 2016-03-29 03:59 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2016-05-01 20:20 - 2016-03-29 03:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-05-01 20:20 - 2016-03-29 03:57 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-05-01 20:20 - 2016-03-29 03:57 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
2016-05-01 20:20 - 2016-03-29 03:55 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
2016-05-01 20:20 - 2016-03-29 03:55 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2016-05-01 20:20 - 2016-03-29 03:54 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-05-01 20:20 - 2016-03-29 03:53 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2016-05-01 20:20 - 2016-03-29 03:52 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2016-05-01 20:20 - 2016-03-29 03:51 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2016-05-01 20:20 - 2016-03-29 03:51 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-05-01 20:20 - 2016-03-29 03:51 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-05-01 20:20 - 2016-03-29 03:50 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2016-05-01 20:20 - 2016-03-29 03:50 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-05-01 20:20 - 2016-03-29 03:50 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-05-01 20:20 - 2016-03-29 03:50 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2016-05-01 20:20 - 2016-03-29 03:49 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthLEEnum.sys
2016-05-01 20:20 - 2016-03-29 03:49 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-05-01 20:20 - 2016-03-29 03:48 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2016-05-01 20:20 - 2016-03-29 03:46 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2016-05-01 20:20 - 2016-03-29 03:44 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2016-05-01 20:20 - 2016-03-29 03:39 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-05-01 20:20 - 2016-03-29 03:36 - 00530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2016-05-01 20:20 - 2016-03-29 03:35 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2016-05-01 20:20 - 2016-03-29 03:35 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2016-05-01 20:20 - 2016-03-29 03:34 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2016-05-01 20:20 - 2016-03-29 03:34 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2016-05-01 20:20 - 2016-03-29 03:33 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2016-05-01 20:20 - 2016-03-29 03:30 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-05-01 20:20 - 2016-03-29 03:30 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-05-01 20:20 - 2016-03-29 03:27 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-05-01 20:20 - 2016-03-29 03:26 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-05-01 20:20 - 2016-03-29 03:23 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2016-05-01 20:20 - 2016-03-29 03:23 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-05-01 20:20 - 2016-03-29 03:22 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2016-05-01 20:20 - 2016-03-29 03:21 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-05-01 20:20 - 2016-03-29 03:20 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2016-05-01 20:20 - 2016-03-29 03:20 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2016-05-01 20:20 - 2016-03-29 03:20 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsdchngr.dll
2016-05-01 20:20 - 2016-03-29 03:19 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-05-01 20:20 - 2016-03-29 03:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacchooks.dll
2016-05-01 20:20 - 2016-03-29 03:18 - 00676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2016-05-01 20:20 - 2016-03-29 03:17 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2016-05-01 20:20 - 2016-03-29 03:16 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-05-01 20:20 - 2016-03-29 03:11 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2016-05-01 20:20 - 2016-03-29 03:11 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-05-01 20:20 - 2016-03-29 03:11 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-05-01 20:20 - 2016-03-29 03:11 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll
2016-05-01 20:20 - 2016-03-29 03:09 - 01239552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2016-05-01 20:20 - 2016-03-29 03:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2016-05-01 20:20 - 2016-03-29 03:08 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-05-01 20:20 - 2016-03-29 03:08 - 00841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-05-01 20:20 - 2016-03-29 03:08 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-05-01 20:20 - 2016-03-29 03:07 - 01902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-05-01 20:20 - 2016-03-29 03:06 - 01575936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-05-01 20:20 - 2016-03-29 03:06 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2016-05-01 20:20 - 2016-03-29 03:05 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2016-05-01 20:20 - 2016-03-29 03:04 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2016-05-01 20:20 - 2016-03-29 03:03 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-05-01 20:20 - 2016-03-29 03:00 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-05-01 20:20 - 2016-03-29 03:00 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-05-01 20:20 - 2016-03-29 03:00 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-05-01 20:20 - 2016-03-29 02:59 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-05-01 20:20 - 2016-03-29 02:59 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2016-05-01 20:20 - 2016-03-29 02:59 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-05-01 20:20 - 2016-03-29 02:56 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-05-01 20:20 - 2016-03-29 02:55 - 01052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2016-05-01 20:20 - 2016-03-29 02:53 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2016-05-01 20:20 - 2016-03-29 02:53 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2016-05-01 20:20 - 2016-03-29 02:52 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2016-05-01 20:20 - 2016-03-29 02:49 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2016-05-01 20:20 - 2016-03-29 02:44 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-05-01 20:20 - 2016-03-29 02:43 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AccountsRt.dll
2016-05-01 20:20 - 2016-03-29 02:42 - 01410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-05-01 20:20 - 2016-03-29 02:42 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-05-01 20:20 - 2016-03-29 02:41 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2016-05-01 20:20 - 2016-03-29 02:40 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2016-05-01 20:20 - 2016-03-29 02:39 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2016-05-01 20:20 - 2016-03-29 02:39 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2016-05-01 20:20 - 2016-03-29 02:36 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-05-01 20:20 - 2016-03-29 02:34 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2016-05-01 20:20 - 2016-03-29 02:34 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-05-01 20:20 - 2016-03-29 02:32 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-05-01 20:20 - 2016-03-29 02:32 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2016-05-01 20:20 - 2016-03-29 02:32 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-05-01 20:20 - 2016-03-29 02:32 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-05-01 20:20 - 2016-03-29 02:32 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-05-01 20:20 - 2016-03-29 02:32 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2016-05-01 20:20 - 2016-03-29 02:31 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-05-01 20:20 - 2016-03-29 02:29 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-05-01 20:20 - 2016-03-29 02:29 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-05-01 20:20 - 2016-03-29 02:28 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-05-01 20:20 - 2016-03-29 02:27 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-05-01 20:20 - 2016-03-29 02:27 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-05-01 20:20 - 2016-03-29 02:27 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-05-01 20:20 - 2016-03-29 02:23 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2016-05-01 20:20 - 2016-03-29 02:17 - 00765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-05-01 20:20 - 2016-03-29 02:14 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2016-05-01 20:20 - 2016-03-29 02:13 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2016-05-01 20:20 - 2016-03-29 02:10 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-05-01 20:20 - 2016-03-29 02:06 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-05-01 20:20 - 2016-03-29 02:05 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-05-01 20:20 - 2016-03-29 02:05 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-05-01 20:20 - 2016-03-29 02:04 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-05-01 20:20 - 2016-03-29 02:01 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-05-01 20:20 - 2016-03-29 01:45 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2016-05-01 20:20 - 2016-03-29 01:43 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-05-01 20:20 - 2016-03-29 01:35 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2016-05-01 20:20 - 2016-03-29 01:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2016-05-01 20:20 - 2016-03-29 01:27 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-05-01 20:20 - 2016-03-29 01:26 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-05-01 20:20 - 2016-03-29 01:25 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2016-05-01 20:20 - 2016-03-29 01:25 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-05-01 20:20 - 2016-03-29 01:21 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-05-01 14:06 - 2016-05-01 14:06 - 00298355 _____ C:\Users\Patty\Downloads\Playoff - 4.0 Men Flight B.pdf
2016-05-01 14:06 - 2016-05-01 14:06 - 00298348 _____ C:\Users\Patty\Downloads\Playoff - 4.0 Men Flight A.pdf
2016-05-01 12:30 - 2016-05-01 12:30 - 00036535 _____ C:\Users\Patty\Downloads\CrystalReportViewer1 (5).pdf
2016-04-29 14:20 - 2016-04-29 14:21 - 19463533 _____ C:\Users\Patty\Downloads\attachments (4).zip
2016-04-29 14:01 - 2016-04-29 14:03 - 00000022 _____ C:\Users\Patty\Downloads\attachments (3).zip
2016-04-29 13:55 - 2016-04-29 13:55 - 00037804 _____ C:\Users\Patty\Downloads\eBayISAPI.gz
2016-04-29 13:46 - 2016-04-29 13:47 - 00000022 _____ C:\Users\Patty\Downloads\attachments (2).zip
2016-04-28 14:42 - 2016-04-28 14:42 - 00763288 _____ C:\Users\Patty\Downloads\Eyewitness Reports - david deptula grievance - leagues.pdf
2016-04-28 14:41 - 2016-04-28 14:42 - 00274601 _____ C:\Users\Patty\Downloads\Chronology of Events League - david deptula grievance (1).pdf
2016-04-28 14:41 - 2016-04-28 14:41 - 00123178 _____ C:\Users\Patty\Downloads\Grievance Form - Deptula.pdf
2016-04-28 14:26 - 2016-05-12 16:39 - 00000000 ____D C:\Users\Patty\Documents\Outlook Files
2016-04-28 14:25 - 2016-04-28 14:25 - 00199785 _____ C:\Users\Patty\Downloads\noname (13).eml
2016-04-28 14:05 - 2016-04-28 14:06 - 00212258 _____ C:\Users\Patty\Downloads\SKM_364e16042810150.pdf
2016-04-27 15:47 - 2016-04-27 15:48 - 08332233 _____ C:\Users\Patty\Downloads\attachments (1).zip
2016-04-26 09:19 - 2016-04-26 09:19 - 00269903 _____ C:\Users\Patty\Downloads\Scan3034.pdf
2016-04-24 14:52 - 2016-04-24 14:52 - 03300032 _____ (Microsoft Corporation) C:\Users\Patty\Downloads\Setup.X86.en-US_O365HomePremRetail_bee054b8-2646-4b8f-925a-76836748fe3c_TX_PR_.exe
2016-04-22 20:57 - 2016-04-22 20:58 - 00087796 _____ C:\Users\Patty\Downloads\document-0 (22).pdf
2016-04-15 13:55 - 2016-04-15 13:55 - 00305738 _____ C:\Users\Patty\Downloads\VoiceMessage (1).wav
2016-04-15 13:33 - 2016-04-15 13:33 - 00305738 _____ C:\Users\Patty\Downloads\VoiceMessage.wav
2016-04-12 09:57 - 2016-04-12 09:59 - 125349144 _____ (Microsoft Corporation) C:\Users\Patty\Downloads\msert (4).exe
2016-04-09 10:44 - 2016-04-09 10:44 - 00307961 _____ C:\Users\Patty\Downloads\2016 SECTION POLICIES 8-27-15 DRAFT (1).pdf
2016-04-09 10:24 - 2016-04-09 10:25 - 00307961 _____ C:\Users\Patty\Downloads\2016 SECTION POLICIES 8-27-15 DRAFT.pdf
2016-04-08 17:09 - 2016-04-08 17:09 - 00245538 _____ C:\Users\Patty\Downloads\Local League Rules - Leon County (1).pdf
2016-04-05 09:41 - 2016-04-05 09:41 - 00005605 _____ C:\Users\Patty\Downloads\statement417.pdf
2016-04-04 17:30 - 2016-04-04 17:30 - 00245538 _____ C:\Users\Patty\Downloads\Local League Rules - Leon County.pdf
2016-04-02 14:32 - 2016-04-02 14:32 - 00186498 _____ C:\Users\Patty\Downloads\PatriciaSmith_R100597202.pdf
2016-04-02 12:42 - 2016-04-02 12:42 - 00342313 _____ C:\Users\Patty\Downloads\Greater Richmond Tennis Leagues - March 2016.pdf
2016-04-01 15:06 - 2016-04-01 15:06 - 00089465 _____ C:\Users\Patty\Downloads\20160401142247276.pdf
2016-04-01 11:07 - 2016-04-01 11:07 - 00149725 _____ C:\Users\Patty\Downloads\GRTL March 2016 Invoice.pdf
2016-04-01 10:31 - 2016-04-01 10:31 - 00034935 _____ C:\Users\Patty\Downloads\CrystalReportViewer1 (4).pdf
2016-03-30 08:43 - 2016-03-30 08:43 - 00085601 _____ C:\Users\Patty\Downloads\2016 Mixed Playoff Draw.pdf
2016-03-26 10:58 - 2016-03-26 10:58 - 00018744 _____ C:\Users\Patty\Downloads\SchedulerExcelExport (93).xls
2016-03-26 10:45 - 2016-03-26 10:45 - 00018048 _____ C:\Users\Patty\Downloads\SchedulerExcelExport (92).xls
2016-03-26 10:24 - 2016-03-26 10:24 - 00018054 _____ C:\Users\Patty\Downloads\SchedulerExcelExport (91).xls
2016-03-26 09:57 - 2016-03-26 09:57 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2016-03-26 09:57 - 2016-03-26 09:57 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-03-25 14:16 - 2016-03-25 14:16 - 00039928 _____ C:\Users\Patty\Downloads\SchedulerExcelExport (90).xls
2016-03-25 11:29 - 2016-03-25 11:34 - 00458752 _____ C:\Users\Patty\Downloads\Schedule_289556_101.accdb
2016-03-25 09:17 - 2016-03-25 09:17 - 00000000 ____D C:\Users\Patty\Documents\Custom Office Templates
2016-03-25 09:16 - 2016-03-25 09:16 - 00028466 _____ C:\Users\Patty\Downloads\SchedulerExcelExport (89).xls
2016-03-25 09:12 - 2016-03-25 09:12 - 00000000 _____ C:\Users\Patty\Downloads\noname.txt
2016-03-24 19:03 - 2016-03-24 19:03 - 00002501 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-03-24 19:03 - 2016-03-24 19:03 - 00002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-03-24 19:03 - 2016-03-24 19:03 - 00002464 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2016-03-24 19:03 - 2016-03-24 19:03 - 00002463 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-03-24 19:03 - 2016-03-24 19:03 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-03-24 19:03 - 2016-03-24 19:03 - 00002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-03-24 19:03 - 2016-03-24 19:03 - 00002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-03-24 19:03 - 2016-03-24 19:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2016-03-24 18:27 - 2016-03-24 18:27 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-03-24 18:24 - 2016-03-24 18:25 - 03286208 _____ (Microsoft Corporation) C:\Users\Patty\Downloads\Setup.X86.en-US_O365HomePremRetail_762e4453-6965-47b3-bd85-999c9246efe5_TX_PR_.exe
2016-03-24 18:13 - 2016-03-24 18:14 - 22851472 _____ (Malwarebytes ) C:\Users\Patty\Downloads\mbam-setup-2.2.1.1043.exe
2016-03-24 16:02 - 2016-03-24 16:02 - 00010289 _____ C:\Users\Patty\Downloads\USTA Annual League Opportunities.xlsx
2016-03-23 10:56 - 2016-03-23 10:56 - 00577075 _____ C:\Users\Patty\Downloads\Huguenot Contract 03-09-16.pdf
2016-03-23 08:11 - 2016-03-23 08:11 - 00018016 _____ C:\Users\Patty\Downloads\ACAC Home Matches 18+ 2016.xlsx
2016-03-22 20:51 - 2016-03-22 20:51 - 00087779 _____ C:\Users\Patty\Downloads\document-0 (21).pdf
2016-03-22 13:59 - 2016-03-22 13:59 - 00000000 ____D C:\WINDOWS\PCHEALTH
2016-03-22 13:57 - 2016-02-23 06:32 - 08705672 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-03-22 13:57 - 2016-02-23 06:31 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-03-22 13:57 - 2016-02-23 05:38 - 06952088 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-03-22 13:57 - 2016-02-23 04:28 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-03-22 13:56 - 2016-03-01 01:31 - 00848168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-03-22 13:56 - 2016-03-01 01:22 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-03-22 13:56 - 2016-02-24 05:34 - 01613664 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-03-22 13:56 - 2016-02-24 05:28 - 03449168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2016-03-22 13:56 - 2016-02-24 04:58 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-03-22 13:56 - 2016-02-24 04:51 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-03-22 13:56 - 2016-02-24 04:50 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-03-22 13:56 - 2016-02-24 04:43 - 00625000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2016-03-22 13:56 - 2016-02-24 04:19 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-03-22 13:56 - 2016-02-24 04:11 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-03-22 13:56 - 2016-02-24 04:11 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-03-22 13:56 - 2016-02-24 02:59 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2016-03-22 13:56 - 2016-02-24 02:59 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2016-03-22 13:56 - 2016-02-24 02:44 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2016-03-22 13:56 - 2016-02-24 02:41 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-03-22 13:56 - 2016-02-24 02:40 - 01224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2016-03-22 13:56 - 2016-02-24 02:34 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2016-03-22 13:56 - 2016-02-24 02:18 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2016-03-22 13:56 - 2016-02-24 02:09 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2016-03-22 13:56 - 2016-02-24 02:07 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2016-03-22 13:56 - 2016-02-24 02:04 - 01497088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2016-03-22 13:56 - 2016-02-24 02:03 - 00769536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2016-03-22 13:56 - 2016-02-24 01:55 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-03-22 13:56 - 2016-02-24 01:34 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-03-22 13:56 - 2016-02-24 01:05 - 12586496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-03-22 13:56 - 2016-02-24 01:03 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-03-22 13:56 - 2016-02-23 06:32 - 02544264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-03-22 13:56 - 2016-02-23 06:32 - 01152328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2016-03-22 13:56 - 2016-02-23 06:32 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-03-22 13:56 - 2016-02-23 06:31 - 01017032 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2016-03-22 13:56 - 2016-02-23 06:31 - 00819648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2016-03-22 13:56 - 2016-02-23 06:31 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-03-22 13:56 - 2016-02-23 06:22 - 00572272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2016-03-22 13:56 - 2016-02-23 05:45 - 02773096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-03-22 13:56 - 2016-02-23 05:38 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-03-22 13:56 - 2016-02-23 05:38 - 00980352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2016-03-22 13:56 - 2016-02-23 05:38 - 00895080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2016-03-22 13:56 - 2016-02-23 05:38 - 00882720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-03-22 13:56 - 2016-02-23 05:37 - 00713824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2016-03-22 13:56 - 2016-02-23 05:27 - 00376536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2016-03-22 13:56 - 2016-02-23 05:20 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSave.dll
2016-03-22 13:56 - 2016-02-23 04:56 - 02186864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-03-22 13:56 - 2016-02-23 04:53 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-03-22 13:56 - 2016-02-23 04:40 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-03-22 13:56 - 2016-02-23 04:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-03-22 13:56 - 2016-02-23 04:29 - 00591872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-03-22 13:56 - 2016-02-23 04:22 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2016-03-22 13:56 - 2016-02-23 04:14 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2016-03-22 13:56 - 2016-02-23 04:10 - 00997376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2016-03-22 13:56 - 2016-02-23 04:04 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2016-03-22 13:56 - 2016-02-23 03:52 - 00456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-03-22 13:56 - 2016-02-23 03:49 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-03-22 13:56 - 2016-02-23 03:48 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2016-03-22 13:56 - 2016-02-23 03:38 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2016-03-22 13:56 - 2016-02-23 03:37 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2016-03-22 13:56 - 2016-02-23 03:36 - 00713728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2016-03-22 13:56 - 2016-02-23 03:31 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2016-03-22 13:56 - 2016-02-23 03:24 - 04827136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-03-22 13:56 - 2016-02-23 03:24 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2016-03-22 13:56 - 2016-02-23 03:01 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2016-03-22 13:56 - 2016-02-23 02:56 - 04412928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-03-22 13:56 - 2016-02-23 02:41 - 02912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2016-03-22 13:56 - 2016-02-23 02:35 - 07533568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-03-22 13:56 - 2016-02-23 02:33 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2016-03-22 13:56 - 2016-02-23 02:28 - 06740992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-03-22 13:55 - 2016-02-24 04:54 - 00127840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2016-03-22 13:55 - 2016-02-24 04:39 - 00141560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2016-03-22 13:55 - 2016-02-24 04:11 - 00258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll
2016-03-22 13:55 - 2016-02-24 04:09 - 00640472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-03-22 13:55 - 2016-02-24 04:09 - 00147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2016-03-22 13:55 - 2016-02-24 03:39 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTypeHelperUtil.dll
2016-03-22 13:55 - 2016-02-24 03:39 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExtrasXmlParser.dll
2016-03-22 13:55 - 2016-02-24 03:38 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2016-03-22 13:55 - 2016-02-24 03:37 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataLanguageUtil.dll
2016-03-22 13:55 - 2016-02-24 03:36 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenanceClient.dll
2016-03-22 13:55 - 2016-02-24 03:35 - 00220064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqmapi.dll
2016-03-22 13:55 - 2016-02-24 03:33 - 00538736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-03-22 13:55 - 2016-02-24 03:33 - 00141664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2016-03-22 13:55 - 2016-02-24 03:30 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp.dll
2016-03-22 13:55 - 2016-02-24 03:28 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\POSyncServices.dll
2016-03-22 13:55 - 2016-02-24 03:23 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-03-22 13:55 - 2016-02-24 03:23 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll
2016-03-22 13:55 - 2016-02-24 03:22 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2016-03-22 13:55 - 2016-02-24 03:20 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2016-03-22 13:55 - 2016-02-24 03:19 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2016-03-22 13:55 - 2016-02-24 03:19 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2016-03-22 13:55 - 2016-02-24 03:14 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll
2016-03-22 13:55 - 2016-02-24 03:13 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2016-03-22 13:55 - 2016-02-24 03:12 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\cemapi.dll
2016-03-22 13:55 - 2016-02-24 03:12 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2016-03-22 13:55 - 2016-02-24 03:10 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2016-03-22 13:55 - 2016-02-24 03:09 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2016-03-22 13:55 - 2016-02-24 03:09 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll
2016-03-22 13:55 - 2016-02-24 03:07 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2016-03-22 13:55 - 2016-02-24 03:03 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-03-22 13:55 - 2016-02-24 03:02 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2016-03-22 13:55 - 2016-02-24 03:01 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2016-03-22 13:55 - 2016-02-24 03:01 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2016-03-22 13:55 - 2016-02-24 03:00 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2016-03-22 13:55 - 2016-02-24 02:59 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-03-22 13:55 - 2016-02-24 02:58 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\scapi.dll
2016-03-22 13:55 - 2016-02-24 02:55 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2016-03-22 13:55 - 2016-02-24 02:55 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2016-03-22 13:55 - 2016-02-24 02:55 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll
2016-03-22 13:55 - 2016-02-24 02:54 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2016-03-22 13:55 - 2016-02-24 02:54 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2016-03-22 13:55 - 2016-02-24 02:54 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2016-03-22 13:55 - 2016-02-24 02:54 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll
2016-03-22 13:55 - 2016-02-24 02:53 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2016-03-22 13:55 - 2016-02-24 02:53 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll
2016-03-22 13:55 - 2016-02-24 02:52 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2016-03-22 13:55 - 2016-02-24 02:52 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PimIndexMaintenanceClient.dll
2016-03-22 13:55 - 2016-02-24 02:49 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2016-03-22 13:55 - 2016-02-24 02:46 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfapigp.dll
2016-03-22 13:55 - 2016-02-24 02:44 - 00915456 _____ (Microsoft Corporation) C:\WINDOWS\system32\configurationclient.dll
2016-03-22 13:55 - 2016-02-24 02:44 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\POSyncServices.dll
2016-03-22 13:55 - 2016-02-24 02:43 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2016-03-22 13:55 - 2016-02-24 02:40 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-03-22 13:55 - 2016-02-24 02:40 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll
2016-03-22 13:55 - 2016-02-24 02:39 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2016-03-22 13:55 - 2016-02-24 02:38 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2016-03-22 13:55 - 2016-02-24 02:36 - 01847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2016-03-22 13:55 - 2016-02-24 02:32 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2016-03-22 13:55 - 2016-02-24 02:32 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2016-03-22 13:55 - 2016-02-24 02:31 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cemapi.dll
2016-03-22 13:55 - 2016-02-24 02:31 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2016-03-22 13:55 - 2016-02-24 02:28 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2016-03-22 13:55 - 2016-02-24 02:28 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll
2016-03-22 13:55 - 2016-02-24 02:25 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll
2016-03-22 13:55 - 2016-02-24 02:23 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2016-03-22 13:55 - 2016-02-24 02:22 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2016-03-22 13:55 - 2016-02-24 02:21 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2016-03-22 13:55 - 2016-02-24 02:21 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2016-03-22 13:55 - 2016-02-24 02:18 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2016-03-22 13:55 - 2016-02-24 02:18 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2016-03-22 13:55 - 2016-02-24 02:17 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2016-03-22 13:55 - 2016-02-24 02:16 - 00394752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2016-03-22 13:55 - 2016-02-24 02:13 - 00540160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2016-03-22 13:55 - 2016-02-24 02:09 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2016-03-22 13:55 - 2016-02-24 02:07 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-03-22 13:55 - 2016-02-24 01:43 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwbase.dll
2016-03-22 13:55 - 2016-02-24 01:22 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwbase.dll
2016-03-22 13:55 - 2016-02-23 07:25 - 00563552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2016-03-22 13:55 - 2016-02-23 07:15 - 00779384 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2016-03-22 13:55 - 2016-02-23 06:31 - 00476728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2016-03-22 13:55 - 2016-02-23 06:17 - 00146272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2016-03-22 13:55 - 2016-02-23 05:40 - 00430944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-03-22 13:55 - 2016-02-23 05:38 - 00420928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2016-03-22 13:55 - 2016-02-23 05:20 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-03-22 13:55 - 2016-02-23 05:12 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\provpackageapidll.dll
2016-03-22 13:55 - 2016-02-23 05:10 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
2016-03-22 13:55 - 2016-02-23 05:07 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-03-22 13:55 - 2016-02-23 05:07 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2016-03-22 13:55 - 2016-02-23 05:06 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2016-03-22 13:55 - 2016-02-23 05:01 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2016-03-22 13:55 - 2016-02-23 05:00 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2016-03-22 13:55 - 2016-02-23 04:58 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\irmon.dll
2016-03-22 13:55 - 2016-02-23 04:55 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2016-03-22 13:55 - 2016-02-23 04:53 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2016-03-22 13:55 - 2016-02-23 04:48 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerClient.dll
2016-03-22 13:55 - 2016-02-23 04:39 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2016-03-22 13:55 - 2016-02-23 04:38 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2016-03-22 13:55 - 2016-02-23 04:38 - 00287712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2016-03-22 13:55 - 2016-02-23 04:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuickActionsDataModel.dll
2016-03-22 13:55 - 2016-02-23 04:34 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2016-03-22 13:55 - 2016-02-23 04:34 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2016-03-22 13:55 - 2016-02-23 04:33 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-03-22 13:55 - 2016-02-23 04:31 - 00463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2016-03-22 13:55 - 2016-02-23 04:27 - 00307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2016-03-22 13:55 - 2016-02-23 04:26 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2016-03-22 13:55 - 2016-02-23 04:23 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2016-03-22 13:55 - 2016-02-23 04:20 - 00847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2016-03-22 13:55 - 2016-02-23 04:20 - 00493568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-03-22 13:55 - 2016-02-23 04:19 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2016-03-22 13:55 - 2016-02-23 04:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-03-22 13:55 - 2016-02-23 04:04 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-03-22 13:55 - 2016-02-23 04:02 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2016-03-22 13:55 - 2016-02-23 04:02 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-03-22 13:55 - 2016-02-23 03:58 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerServer.dll
2016-03-22 13:55 - 2016-02-23 03:57 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TimeBrokerClient.dll
2016-03-22 13:55 - 2016-02-23 03:50 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2016-03-22 13:55 - 2016-02-23 03:47 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2016-03-22 13:55 - 2016-02-23 03:36 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-03-22 13:55 - 2016-02-23 03:35 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2016-03-22 13:55 - 2016-02-08 23:18 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2016-03-22 13:55 - 2016-02-08 23:18 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2016-03-22 13:55 - 2016-02-08 23:07 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-03-22 13:06 - 2016-03-22 13:06 - 00036540 _____ C:\Users\Patty\Downloads\2016 Spring USTA Weekend Home Match Times (1).pdf
2016-03-22 11:43 - 2016-03-22 11:43 - 00450560 _____ C:\Users\Patty\Downloads\Schedule_289486_84.accdb
2016-03-22 09:36 - 2016-03-22 09:36 - 00036540 _____ C:\Users\Patty\Downloads\2016 Spring USTA Weekend Home Match Times.pdf
2016-03-21 19:39 - 2016-02-12 11:20 - 00459536 _____ (DisplayLink Corp.) C:\WINDOWS\system32\Drivers\dlkmd.sys
2016-03-21 19:39 - 2016-02-12 11:20 - 00026896 _____ (DisplayLink Corp.) C:\WINDOWS\system32\Drivers\dlkmdldr.sys
2016-03-21 12:50 - 2016-03-21 12:50 - 00039915 _____ C:\Users\Patty\Downloads\SchedulerExcelExport (88).xls
2016-03-21 10:03 - 2016-03-21 10:03 - 00004908 _____ C:\Users\Patty\Downloads\SchedulerExcelExport (87).xls
2016-03-21 09:57 - 2016-03-21 09:57 - 00004876 _____ C:\Users\Patty\Downloads\SchedulerExcelExport (86).xls
2016-03-21 09:40 - 2016-03-21 09:40 - 00013789 _____ C:\Users\Patty\Downloads\Bon Air Courts Adult League.xlsx
2016-03-20 11:44 - 2016-03-20 11:44 - 00450560 _____ C:\Users\Patty\Downloads\Schedule_289499_22 (1).accdb
2016-03-20 11:35 - 2016-03-20 11:35 - 00450560 _____ C:\Users\Patty\Downloads\Schedule_289499_22.accdb
2016-03-19 06:07 - 2016-03-19 06:07 - 00635040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140.dll
2016-03-19 06:07 - 2016-03-19 06:07 - 00390320 _____ (Microsoft Corporation) C:\WINDOWS\system32\vccorlib140.dll
2016-03-19 06:07 - 2016-03-19 06:07 - 00332968 _____ (Microsoft Corporation) C:\WINDOWS\system32\concrt140.dll
2016-03-19 06:07 - 2016-03-19 06:07 - 00088752 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcruntime140.dll
2016-03-19 05:18 - 2016-03-19 05:18 - 00439608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp140.dll
2016-03-19 05:18 - 2016-03-19 05:18 - 00266928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vccorlib140.dll
2016-03-19 05:18 - 2016-03-19 05:18 - 00243520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\concrt140.dll
2016-03-19 05:18 - 2016-03-19 05:18 - 00085328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vcruntime140.dll
2016-03-18 11:38 - 2016-03-18 11:38 - 00004844 _____ C:\Users\Patty\Downloads\SchedulerExcelExport (85).xls
2016-03-18 11:36 - 2016-03-18 11:36 - 00005004 _____ C:\Users\Patty\Downloads\SchedulerExcelExport (84).xls
2016-03-17 20:18 - 2016-03-17 20:18 - 00032780 _____ C:\Users\Patty\Downloads\SchedulerExcelExport (83).xls
2016-03-17 20:13 - 2016-03-17 20:13 - 00017969 _____ C:\Users\Patty\Downloads\SchedulerExcelExport (82).xls
2016-03-17 19:54 - 2016-03-17 19:54 - 00022642 _____ C:\Users\Patty\Downloads\SchedulerExcelExport (81).xls
2016-03-17 19:47 - 2016-03-17 19:47 - 00033819 _____ C:\Users\Patty\Downloads\SchedulerExcelExport (80).xls
2016-03-17 19:41 - 2016-03-17 19:41 - 00033984 _____ C:\Users\Patty\Downloads\SchedulerExcelExport (79).xls
2016-03-17 19:39 - 2016-03-17 19:39 - 00001501 _____ C:\Users\Patty\Downloads\SchedulerExcelExport (78).xls
2016-03-17 19:02 - 2016-03-17 19:02 - 00022580 _____ C:\Users\Patty\Downloads\SchedulerExcelExport (77).xls
2016-03-17 18:56 - 2016-03-17 18:56 - 00027613 _____ C:\Users\Patty\Downloads\SchedulerExcelExport (76).xls
2016-03-17 18:53 - 2016-03-17 18:53 - 00253041 _____ C:\Users\Patty\Downloads\SchedulerExcelExport (75).xls
2016-03-16 11:13 - 2016-03-16 11:13 - 00018779 _____ C:\Users\Patty\Downloads\SchedulerExcelExport (74).xls
2016-03-16 10:56 - 2016-03-16 10:56 - 00022673 _____ C:\Users\Patty\Downloads\SchedulerExcelExport (73).xls
2016-03-16 10:46 - 2016-03-16 10:46 - 00022673 _____ C:\Users\Patty\Downloads\SchedulerExcelExport (72).xls
2016-03-16 10:36 - 2016-03-16 10:36 - 00022382 _____ C:\Users\Patty\Downloads\SchedulerExcelExport (71).xls
2016-03-16 10:15 - 2016-03-16 10:15 - 00022601 _____ C:\Users\Patty\Downloads\SchedulerExcelExport (70).xls
2016-03-16 10:03 - 2016-03-16 10:03 - 00027794 _____ C:\Users\Patty\Downloads\SchedulerExcelExport (69).xls
2016-03-16 09:43 - 2016-03-16 09:43 - 00027542 _____ C:\Users\Patty\Downloads\SchedulerExcelExport (68).xls
2016-03-15 14:10 - 2016-03-15 14:10 - 00039640 _____ C:\Users\Patty\Downloads\SchedulerExcelExport (67).xls
2016-03-15 13:50 - 2016-03-15 13:50 - 00028030 _____ C:\Users\Patty\Downloads\SchedulerExcelExport (66).xls
2016-03-15 13:04 - 2016-03-15 13:04 - 00039306 _____ C:\Users\Patty\Downloads\SchedulerExcelExport (65).xls
2016-03-15 12:54 - 2016-03-15 12:54 - 00039307 _____ C:\Users\Patty\Downloads\SchedulerExcelExport (64).xls
2016-03-15 12:52 - 2016-03-15 12:52 - 00464333 _____ C:\Users\Patty\Downloads\SchedulerExcelExport (63).xls
2016-03-12 15:06 - 2016-03-12 15:06 - 00018784 _____ C:\Users\Patty\Downloads\SchedulerExcelExport (62).xls
2016-03-12 15:05 - 2016-03-12 15:05 - 00010137 _____ C:\Users\Patty\Downloads\SchedulerExcelExport (61).xls
2016-03-12 15:04 - 2016-03-12 15:04 - 00027664 _____ C:\Users\Patty\Downloads\SchedulerExcelExport (60).xls
2016-03-12 15:03 - 2016-03-12 15:03 - 00027298 _____ C:\Users\Patty\Downloads\SchedulerExcelExport (59).xls
2016-03-12 15:02 - 2016-03-12 15:02 - 00027571 _____ C:\Users\Patty\Downloads\SchedulerExcelExport (58).xls
2016-03-12 15:01 - 2016-03-12 15:01 - 00027571 _____ C:\Users\Patty\Downloads\SchedulerExcelExport (57).xls
2016-03-12 15:00 - 2016-03-12 15:00 - 00027756 _____ C:\Users\Patty\Downloads\SchedulerExcelExport (56).xls
2016-03-12 14:59 - 2016-03-12 14:59 - 00027551 _____ C:\Users\Patty\Downloads\SchedulerExcelExport (55).xls
2016-03-12 14:58 - 2016-03-12 14:58 - 00039649 _____ C:\Users\Patty\Downloads\SchedulerExcelExport (54).xls
2016-03-12 14:57 - 2016-03-12 14:57 - 00028014 _____ C:\Users\Patty\Downloads\SchedulerExcelExport (53).xls
2016-03-12 14:56 - 2016-03-12 14:56 - 00039324 _____ C:\Users\Patty\Downloads\SchedulerExcelExport (52).xls
2016-03-12 14:52 - 2016-03-12 14:52 - 00456300 _____ C:\Users\Patty\Downloads\SchedulerExcelExport (51).xls
2016-03-12 10:43 - 2016-03-12 10:43 - 00023261 _____ C:\Users\Patty\Downloads\Weekend Women's Levels.xlsx
2016-03-12 09:44 - 2016-03-12 09:44 - 00005092 _____ C:\Users\Patty\Downloads\Transactions_Download (7).csv
2016-03-12 09:31 - 2016-03-12 09:31 - 00210493 _____ C:\Users\Patty\Downloads\alarm_certificate.pdf
2016-03-11 14:55 - 2016-03-11 14:55 - 00089050 _____ C:\Users\Patty\Downloads\GREATTENNIS_VA_2015_ArchiveTaxReturn.pdf
2016-03-11 14:54 - 2016-03-11 14:54 - 00128321 _____ C:\Users\Patty\Downloads\GREATTENNIS_US_2015_ArchiveTaxReturn.pdf
2016-03-11 14:54 - 2016-03-11 14:54 - 00050410 _____ C:\Users\Patty\Downloads\GREATTENNIS_Patricia P Smith-.pdf_2015_ArchiveK1Package.pdf
2016-03-11 14:52 - 2016-03-11 14:52 - 00050283 _____ C:\Users\Patty\Downloads\GREATTENNIS_Gladsone Smith III-.pdf_2015_ArchiveK1Package.pdf
2016-03-09 21:58 - 2016-03-09 21:59 - 00941428 _____ C:\Users\Patty\Downloads\10210 W Huguenot Purchase Contract.pdf
2016-03-09 21:21 - 2016-03-09 21:21 - 01447960 _____ (DisplayLink Corp.) C:\WINDOWS\system32\DisplayLinkUsbCo64_7.9.1488.0.dll
2016-03-09 21:21 - 2016-03-09 21:21 - 00067344 _____ () C:\WINDOWS\system32\Drivers\DisplayLinkUsbIo_x64_7.9.1488.0.sys
2016-03-06 17:57 - 2016-03-06 17:57 - 01063655 _____ C:\Users\Patty\Downloads\2016 Year of the Captain.pdf
2016-03-06 17:56 - 2016-03-06 17:56 - 00245807 _____ C:\Users\Patty\Downloads\Flyer.pdf
2016-03-05 20:15 - 2016-03-05 20:15 - 00162162 _____ C:\Users\Patty\Downloads\ABF U-Pack Moving Estimate _ U-Pack _ U-Pack.pdf
2016-03-05 11:59 - 2016-03-05 11:59 - 00035006 _____ C:\Users\Patty\Downloads\-temp-team (21).csv
2016-03-05 11:30 - 2016-03-05 11:30 - 00075008 _____ C:\Users\Patty\Downloads\-temp-team (20).csv
2016-03-05 11:10 - 2016-03-05 22:34 - 00037757 _____ C:\Users\Patty\Downloads\Captains - 2016 18 & Over Weekend.xlsx
2016-03-05 11:09 - 2016-03-05 11:09 - 00089777 _____ C:\Users\Patty\Downloads\-temp-team (19).csv
 
==================== Three Months Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-31 08:53 - 2012-11-10 22:16 - 00000000 ___RD C:\Users\Patty\Dropbox
2016-05-31 08:45 - 2014-08-16 13:04 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-05-31 08:37 - 2012-11-10 15:06 - 00000000 ____D C:\Users\Patty\AppData\Local\Packages
2016-05-31 08:31 - 2016-01-02 14:26 - 00000932 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-05-31 08:31 - 2012-08-23 00:03 - 00000000 ____D C:\ProgramData\WinClon
2016-05-31 08:29 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-05-31 08:28 - 2014-10-21 12:09 - 00004162 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{14F69FA3-E24F-4D2D-ABA4-FFAC3BBC06A5}
2016-05-31 08:25 - 2014-04-20 22:02 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-05-31 08:21 - 2015-03-14 14:24 - 00000000 ___RD C:\Users\Patty\iCloudDrive
2016-05-31 08:21 - 2014-09-22 19:08 - 00000000 __RDO C:\Users\Patty\OneDrive
2016-05-31 08:20 - 2016-01-02 14:26 - 00000928 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-05-31 08:20 - 2015-08-22 08:41 - 00000000 __SHD C:\Users\Patty\IntelGraphicsProfiles
2016-05-31 08:20 - 2013-06-09 08:15 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-30 22:06 - 2012-08-23 00:10 - 00000360 _____ C:\WINDOWS\Tasks\Xerox PhotoCafe Communicator.job
2016-05-30 21:08 - 2013-06-09 08:15 - 00000932 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-30 20:11 - 2014-04-20 22:01 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-05-30 17:24 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2016-05-30 17:24 - 2015-08-21 21:58 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-05-30 10:17 - 2015-12-27 07:01 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-05-30 10:17 - 2015-12-27 06:40 - 00000000 ____D C:\Users\UpdatusUser
2016-05-30 10:17 - 2015-10-30 02:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-05-30 10:16 - 2015-12-27 06:40 - 00000000 ____D C:\Users\Patty
2016-05-30 06:57 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-05-29 15:11 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-05-29 12:55 - 2012-12-29 10:47 - 00003498 _____ C:\WINDOWS\System32\Tasks\Apple Diagnostics
2016-05-27 07:23 - 2012-11-11 10:10 - 00000000 ____D C:\Users\Patty\AppData\Local\Microsoft Help
2016-05-26 16:29 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-23 14:55 - 2015-08-22 08:52 - 00002409 _____ C:\Users\Patty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-05-21 11:49 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\rescache
2016-05-20 09:11 - 2012-11-11 11:05 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-05-18 14:38 - 2012-11-10 13:59 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-05-18 14:26 - 2015-10-30 05:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-18 14:26 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-05-18 14:26 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-05-18 14:26 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-05-18 14:26 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-05-18 14:24 - 2015-10-30 03:24 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-05-15 19:46 - 2013-08-14 12:08 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-15 17:54 - 2012-12-13 20:02 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-05-14 15:27 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-05-13 14:21 - 2013-06-09 08:16 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-13 14:21 - 2013-06-09 08:16 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-12 13:41 - 2016-01-02 14:26 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-05-12 13:41 - 2012-11-10 22:13 - 00000000 ____D C:\Users\Patty\AppData\Roaming\Dropbox
2016-05-11 15:57 - 2015-10-30 03:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-05-11 15:57 - 2015-10-30 03:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-11 10:46 - 2014-05-15 11:47 - 00002487 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-05-10 19:03 - 2013-06-09 08:15 - 00003990 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-10 19:03 - 2013-06-09 08:15 - 00003758 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-10 12:07 - 2014-12-27 18:44 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-05-09 17:23 - 2016-01-03 12:47 - 00000000 ____D C:\ProgramData\F-Secure
2016-05-03 08:09 - 2015-12-27 06:31 - 00347408 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-05-02 21:59 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-05-02 21:59 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
 
==================== Files in the root of some directories =======
 
2014-01-08 22:42 - 2014-02-11 22:43 - 0000046 _____ () C:\Users\Patty\AppData\Roaming\WB.CFG
2013-03-12 21:20 - 2013-03-12 21:20 - 0000017 _____ () C:\Users\Patty\AppData\Local\resmon.resmoncfg
2015-12-27 06:36 - 2015-12-27 06:36 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-03-02 12:18 - 2014-04-28 10:52 - 0001596 _____ () C:\ProgramData\hpzinstall.log
2012-08-23 00:17 - 2012-08-08 00:07 - 2258432 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe
2012-08-23 00:17 - 2012-08-07 06:11 - 0003196 _____ () C:\ProgramData\MakeMarkerFile.xml
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== BCD ================================
 
Firmware Boot Manager
---------------------
identifier              {fwbootmgr}
displayorder            {bootmgr}
                        {755fedba-ed57-11e1-be68-806e6f6e6963}
                        {755fedb0-ed57-11e1-be68-806e6f6e6963}
                        {755fedb3-ed57-11e1-be68-806e6f6e6963}
                        {755fedb4-ed57-11e1-be68-806e6f6e6963}
                        {755fedb6-ed57-11e1-be68-806e6f6e6963}
                        {755fedb7-ed57-11e1-be68-806e6f6e6963}
                        {755fedb8-ed57-11e1-be68-806e6f6e6963}
                        {755fedb9-ed57-11e1-be68-806e6f6e6963}
timeout                 0
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume2
path                    \EFI\Microsoft\Boot\bootmgfw.efi
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {4e612868-2b60-11e2-be98-50b7c33bc044}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
 
Firmware Application (101fffff)
-------------------------------
identifier              {755fedb0-ed57-11e1-be68-806e6f6e6963}
description             Setup
 
Firmware Application (101fffff)
-------------------------------
identifier              {755fedb3-ed57-11e1-be68-806e6f6e6963}
description             SATA HDD:
 
Firmware Application (101fffff)
-------------------------------
identifier              {755fedb4-ed57-11e1-be68-806e6f6e6963}
description             SATA CD:
 
Firmware Application (101fffff)
-------------------------------
identifier              {755fedb5-ed57-11e1-be68-806e6f6e6963}
description             CD-ROM:
 
Firmware Application (101fffff)
-------------------------------
identifier              {755fedb6-ed57-11e1-be68-806e6f6e6963}
description             USB CD:
 
Firmware Application (101fffff)
-------------------------------
identifier              {755fedb7-ed57-11e1-be68-806e6f6e6963}
description             USB FDD:
 
Firmware Application (101fffff)
-------------------------------
identifier              {755fedb8-ed57-11e1-be68-806e6f6e6963}
description             USB HDD:
 
Firmware Application (101fffff)
-------------------------------
identifier              {755fedb9-ed57-11e1-be68-806e6f6e6963}
description             NETWORK:
 
Firmware Application (101fffff)
-------------------------------
identifier              {755fedba-ed57-11e1-be68-806e6f6e6963}
path                    \EFI\Microsoft\Boot\bootmgfw.efi
description             Windows Boot Manager
 
Windows Boot Loader
-------------------
identifier              {4e61285b-2b60-11e2-be98-50b7c33bc044}
device                  ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{4e61285c-2b60-11e2-be98-50b7c33bc044}
path                    \windows\system32\winload.efi
description             Windows Recovery Environment
locale                  en-us
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{4e61285c-2b60-11e2-be98-50b7c33bc044}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes
 
Windows Boot Loader
-------------------
identifier              {4e612860-2b60-11e2-be98-50b7c33bc044}
device                  ramdisk=[\Device\HarddiskVolume6]\Recovery\WindowsRE\Winre.wim,{4e612861-2b60-11e2-be98-50b7c33bc044}
path                    \windows\system32\winload.efi
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[\Device\HarddiskVolume6]\Recovery\WindowsRE\Winre.wim,{4e612861-2b60-11e2-be98-50b7c33bc044}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes
 
Windows Boot Loader
-------------------
identifier              {4e612865-2b60-11e2-be98-50b7c33bc044}
device                  ramdisk=[unknown]\Recovery\WindowsRE\Winre.wim,{4e612866-2b60-11e2-be98-50b7c33bc044}
path                    \windows\system32\winload.efi
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[unknown]\Recovery\WindowsRE\Winre.wim,{4e612866-2b60-11e2-be98-50b7c33bc044}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \WINDOWS\system32\winload.efi
description             Windows 10
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {4e61286a-2b60-11e2-be98-50b7c33bc044}
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
osdevice                partition=C:
systemroot              \WINDOWS
resumeobject            {4e612868-2b60-11e2-be98-50b7c33bc044}
nx                      OptIn
bootmenupolicy          Standard
 
Windows Boot Loader
-------------------
identifier              {4e61286a-2b60-11e2-be98-50b7c33bc044}
device                  ramdisk=[\Device\HarddiskVolume5]\Recovery\WindowsRE\Winre.wim,{4e61286b-2b60-11e2-be98-50b7c33bc044}
path                    \windows\system32\winload.efi
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[\Device\HarddiskVolume5]\Recovery\WindowsRE\Winre.wim,{4e61286b-2b60-11e2-be98-50b7c33bc044}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes
 
Resume from Hibernate
---------------------
identifier              {4e61285e-2b60-11e2-be98-50b7c33bc044}
device                  partition=C:
path                    \WINDOWS\system32\winresume.efi
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {4e612860-2b60-11e2-be98-50b7c33bc044}
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No
 
Resume from Hibernate
---------------------
identifier              {4e612863-2b60-11e2-be98-50b7c33bc044}
device                  partition=C:
path                    \WINDOWS\system32\winresume.efi
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {4e612865-2b60-11e2-be98-50b7c33bc044}
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No
 
Resume from Hibernate
---------------------
identifier              {4e612868-2b60-11e2-be98-50b7c33bc044}
device                  partition=C:
path                    \WINDOWS\system32\winresume.efi
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {4e61286a-2b60-11e2-be98-50b7c33bc044}
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No
 
Resume from Hibernate
---------------------
identifier              {e300032c-ed5a-11e1-8547-e8113269d3b5}
device                  partition=C:
path                    \windows\system32\winresume.efi
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {4e61285b-2b60-11e2-be98-50b7c33bc044}
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume2
path                    \EFI\Microsoft\Boot\memtest.efi
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 No
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
badmemorylist           0x10007
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {4e61285c-2b60-11e2-be98-50b7c33bc044}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume1
ramdisksdipath          \Recovery\WindowsRE\boot.sdi
 
Device options
--------------
identifier              {4e61285d-2b60-11e2-be98-50b7c33bc044}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi
 
Device options
--------------
identifier              {4e612861-2b60-11e2-be98-50b7c33bc044}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume6
ramdisksdipath          \Recovery\WindowsRE\boot.sdi
 
Device options
--------------
identifier              {4e612862-2b60-11e2-be98-50b7c33bc044}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi
 
Device options
--------------
identifier              {4e612867-2b60-11e2-be98-50b7c33bc044}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi
 
Device options
--------------
identifier              {4e61286b-2b60-11e2-be98-50b7c33bc044}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume5
ramdisksdipath          \Recovery\WindowsRE\boot.sdi
 
 
 
LastRegBack: 2016-05-21 10:05
 
==================== End of FRST.txt ============================


#4 Jakealope

Jakealope
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:56 AM

Posted 31 May 2016 - 08:56 AM

Below is the MiniToolKit Report.

 

MiniToolBox by Farbar  Version: 07-02-2016 01
Ran by Patty (administrator) on 31-05-2016 at 09:14:37
Running from "C:\Users\Patty\Downloads"
Microsoft Windows 10 Home  (X64)
Model: 300E4C/300E5C/300E7C Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
Boot Mode: Normal
***************************************************************************
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
========================= FF Proxy Settings: ============================== 
 
========================= Hosts content: =================================
========================= IP Configuration: ================================
 
DisplayLink Network Adapter NCM = Ethernet 2 (Disconnected)
Qualcomm Atheros AR9485WB-EG Wireless Network Adapter = Wi-Fi (Connected)
Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 13" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 11" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="wireless_16" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="ethernet_3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="wireless_20" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="ethernet_13" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="ethernet_9" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="ethernet_12" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Pattysamsung
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : E8-03-9A-F0-D4-BB
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Local Area Connection* 13:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Hosted Network Virtual Adapter
   Physical Address. . . . . . . . . : 52-B7-C3-3B-C0-43
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Ethernet 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Plugable Ethernet
   Physical Address. . . . . . . . . : 00-50-B6-11-13-DF
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Qualcomm Atheros AR9485WB-EG Wireless Network Adapter
   Physical Address. . . . . . . . . : 50-B7-C3-3B-C0-43
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::1039:d4cf:b112:12ce%12(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.0.100(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, May 31, 2016 8:20:13 AM
   Lease Expires . . . . . . . . . . : Tuesday, May 31, 2016 10:20:13 AM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 55621571
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-3F-DF-2B-E8-03-9A-F0-D4-BB
   DNS Servers . . . . . . . . . . . : 192.168.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 50-B7-C3-3B-C0-44
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{66468EF5-92A1-437E-B0FF-288E107324DF}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:3c1d:1403:47ea:d840(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::3c1d:1403:47ea:d840%7(Preferred) 
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 486539264
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-3F-DF-2B-E8-03-9A-F0-D4-BB
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  UnKnown
Address:  192.168.0.1
 
Name:    google.com
Address:  216.58.217.46
 
 
Pinging google.com [216.58.217.46] with 32 bytes of data:
Reply from 216.58.217.46: bytes=32 time=672ms TTL=54
Reply from 216.58.217.46: bytes=32 time=658ms TTL=54
 
Ping statistics for 216.58.217.46:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 658ms, Maximum = 672ms, Average = 665ms
Server:  UnKnown
Address:  192.168.0.1
 
Name:    yahoo.com
Addresses:  98.138.253.109
 206.190.36.45
 98.139.183.24
 
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=625ms TTL=50
Reply from 206.190.36.45: bytes=32 time=648ms TTL=50
 
Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 625ms, Maximum = 648ms, Average = 636ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  9...e8 03 9a f0 d4 bb ......Realtek PCIe GBE Family Controller
  2...52 b7 c3 3b c0 43 ......Microsoft Hosted Network Virtual Adapter
 20...00 50 b6 11 13 df ......Plugable Ethernet
 12...50 b7 c3 3b c0 43 ......Qualcomm Atheros AR9485WB-EG Wireless Network Adapter
 14...50 b7 c3 3b c0 44 ......Bluetooth Device (Personal Area Network)
  1...........................Software Loopback Interface 1
  5...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
  7...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1    192.168.0.100     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link     192.168.0.100    281
    192.168.0.100  255.255.255.255         On-link     192.168.0.100    281
    192.168.0.255  255.255.255.255         On-link     192.168.0.100    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.0.100    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.0.100    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  7    306 ::/0                     On-link
  1    306 ::1/128                  On-link
  7    306 2001::/32                On-link
  7    306 2001:0:9d38:6ab8:3c1d:1403:47ea:d840/128
                                    On-link
 12    281 fe80::/64                On-link
  7    306 fe80::/64                On-link
 12    281 fe80::1039:d4cf:b112:12ce/128
                                    On-link
  7    306 fe80::3c1d:1403:47ea:d840/128
                                    On-link
  1    306 ff00::/8                 On-link
  7    306 ff00::/8                 On-link
 12    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23552] (Microsoft Corporation)
Catalog5 07 C:\WINDOWS\SysWOW64\wshbth.dll [51712] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128] (Apple Inc.)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (05/31/2016 08:29:17 AM) (Source: Application Error) (User: )
Description: Faulting application name: CommonAgent.exe, version: 1.0.7.5, time stamp: 0x502ddd20
Faulting module name: CommonAgent.exe, version: 1.0.7.5, time stamp: 0x502ddd20
Exception code: 0x40000015
Fault offset: 0x0000000000183835
Faulting process id: 0x11a8
Faulting application start time: 0xCommonAgent.exe0
Faulting application path: CommonAgent.exe1
Faulting module path: CommonAgent.exe2
Report Id: CommonAgent.exe3
Faulting package full name: CommonAgent.exe4
Faulting package-relative application ID: CommonAgent.exe5
 
Error: (05/31/2016 08:28:47 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: PATTYSAMSUNG)
Description: Package windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel was terminated because it took too long to suspend.
 
Error: (05/31/2016 08:22:34 AM) (Source: Application Error) (User: )
Description: Faulting application name: CommonAgent.exe, version: 1.0.7.5, time stamp: 0x502ddd20
Faulting module name: CommonAgent.exe, version: 1.0.7.5, time stamp: 0x502ddd20
Exception code: 0x40000015
Fault offset: 0x0000000000183835
Faulting process id: 0x1590
Faulting application start time: 0xCommonAgent.exe0
Faulting application path: CommonAgent.exe1
Faulting module path: CommonAgent.exe2
Report Id: CommonAgent.exe3
Faulting package full name: CommonAgent.exe4
Faulting package-relative application ID: CommonAgent.exe5
 
Error: (05/30/2016 06:15:08 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5313
 
Error: (05/30/2016 06:15:08 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5313
 
Error: (05/30/2016 06:15:08 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/30/2016 06:15:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: PATTYSAMSUNG)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (05/30/2016 03:07:48 PM) (Source: Office 2016 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073418220
 
Error: (05/30/2016 10:26:26 AM) (Source: Application Error) (User: )
Description: Faulting application name: CommonAgent.exe, version: 1.0.7.5, time stamp: 0x502ddd20
Faulting module name: CommonAgent.exe, version: 1.0.7.5, time stamp: 0x502ddd20
Exception code: 0x40000015
Fault offset: 0x0000000000183835
Faulting process id: 0x2528
Faulting application start time: 0xCommonAgent.exe0
Faulting application path: CommonAgent.exe1
Faulting module path: CommonAgent.exe2
Report Id: CommonAgent.exe3
Faulting package full name: CommonAgent.exe4
Faulting package-relative application ID: CommonAgent.exe5
 
Error: (05/30/2016 10:25:55 AM) (Source: Application Error) (User: )
Description: Faulting application name: CommonAgent.exe, version: 1.0.7.5, time stamp: 0x502ddd20
Faulting module name: CommonAgent.exe, version: 1.0.7.5, time stamp: 0x502ddd20
Exception code: 0x40000015
Fault offset: 0x0000000000183835
Faulting process id: 0x23c8
Faulting application start time: 0xCommonAgent.exe0
Faulting application path: CommonAgent.exe1
Faulting module path: CommonAgent.exe2
Report Id: CommonAgent.exe3
Faulting package full name: CommonAgent.exe4
Faulting package-relative application ID: CommonAgent.exe5
 
 
System errors:
=============
Error: (05/31/2016 08:24:06 AM) (Source: DCOM) (User: PATTYSAMSUNG)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}PattysamsungPattyS-1-5-21-4204859643-4009438992-3315869148-1002LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (05/31/2016 08:24:05 AM) (Source: DCOM) (User: PATTYSAMSUNG)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}PattysamsungPattyS-1-5-21-4204859643-4009438992-3315869148-1002LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (05/30/2016 10:07:00 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Sync Host_e61ba service to connect.
 
Error: (05/30/2016 10:07:00 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the User Data Storage_e61ba service to connect.
 
Error: (05/30/2016 10:07:00 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Data Storage_e61ba service, but this action failed with the following error: 
%%1056
 
Error: (05/30/2016 10:06:50 PM) (Source: Service Control Manager) (User: )
Description: The User Data Access_e61ba service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (05/30/2016 10:06:50 PM) (Source: Service Control Manager) (User: )
Description: The User Data Storage_e61ba service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (05/30/2016 10:06:50 PM) (Source: Service Control Manager) (User: )
Description: The Contact Data_e61ba service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (05/30/2016 10:06:50 PM) (Source: Service Control Manager) (User: )
Description: The Sync Host_e61ba service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (05/30/2016 10:06:48 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2016-05-31 09:04:47.726
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-31 09:04:47.567
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-31 09:00:25.637
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-31 09:00:25.611
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-31 09:00:25.138
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-31 09:00:25.112
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-31 09:00:17.590
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-31 09:00:17.561
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-31 09:00:17.471
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-31 08:51:37.247
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
=========================== Installed Programs ============================
 
4500_G510nz_Help (HKLM-x32\...\{1E026BE7-5904-4056-9675-54115475D7B2}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
4500G510nz (HKLM-x32\...\{5B05FF91-F20C-4832-A8DE-E1912639C17C}) (Version: 140.0.001.000 - Hewlett-Packard) Hidden
4500G510nz_Software_Min (HKLM-x32\...\{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}) (Version: 140.0.001.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.16) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.16 - Adobe Systems Incorporated)
Allshare Play Link (HKLM-x32\...\{91786428-D4AA-476D-8AF9-A63FFAC2901F}) (Version: 1.0.0 - Samsung)
Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BufferChm (HKLM-x32\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
Cisco WebEx Meetings (HKCU\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Computer Security 14.121.104.0 (release) (HKLM-x32\...\{658FDBCA-B7A1-43E4-A849-9F0812473331}) (Version: 14.121.104.0 - F-Secure Corporation) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1912 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4415.02 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
DisplayLink Core Software (HKLM\...\{22ED06F1-2432-4D16-B4DC-2DF4A7ACD54A}) (Version: 7.9.1488.0 - DisplayLink Corp.)
DisplayLink Graphics (HKLM\...\{DB8324FA-E972-454B-B039-E911D568BD56}) (Version: 7.7.59032.0 - DisplayLink Corp.)
DocProc (HKLM-x32\...\{9B362566-EC1B-4700-BB9C-EC661BDE2175}) (Version: 140.0.185.000 - Hewlett-Packard) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.20.1 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.27.77 - Dropbox, Inc.) Hidden
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
ETDWare X64 15.7.0.1_WHQL (HKLM\...\Elantech) (Version: 15.7.0.1 - ELAN Microelectronic Corp.)
Fax (HKLM-x32\...\{9294F169-72EE-4D74-AE92-CA25F64B4FF8}) (Version: 140.0.307.000 - Hewlett-Packard) Hidden
Firefox Packages (HKCU\...\Firefox Packages) (Version:  - )
F-Secure (HKLM-x32\...\{65B66361-5AB6-44B0-B48E-F4C6114408E0}) (Version: 2.21.286.0 - F-Secure Corporation) Hidden
F-Secure (HKLM-x32\...\F-Secure ServiceEnabler 45061) (Version: 2.21.286.0 - F-Secure Corporation)
F-Secure CCF Reputation (HKLM-x32\...\{00000000-2778-5BED-8199-52EB14D8D22F}) (Version: 2.0.1337.0 - F-Secure) Hidden
F-Secure CCF Scanning 1.51.112.309 (release) (HKLM-x32\...\{53BA6504-F1CE-4604-970A-082021D39784}) (Version: 1.51.112.309 - F-Secure Corporation) Hidden
F-Secure Network CCF 1.03.102 (HKLM-x32\...\{EFE33E35-9B0B-4CF9-AF8C-CBE93BB8E6FF}) (Version: 1.03.102 - F-Secure Corporation) Hidden
F-Secure SafeSearch 1.03.207.0 (release) (HKLM-x32\...\{EADB477E-C12F-4008-AFE4-CF7BEAB8A6EF}) (Version: 1.03.207.0 - F-Secure Corporation) Hidden
Galería de fotos (HKLM-x32\...\{959BC6D1-38C8-441F-9466-9ECCD4E68413}) (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Galerie de photos (HKLM-x32\...\{FE8DFDD0-A543-4A83-B7A9-C411138194D5}) (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.30.3 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (HKLM-x32\...\{BB3447F6-9553-4AA9-960E-0DB5310C5779}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
Help Desk (HKLM\...\{C85A891D-7AB4-46AE-84F0-B0C3FAC82280}) (Version: 1.0.4 - Samsung Electronics CO., LTD.)
Home or Away Trial (HKLM-x32\...\{39FF4EF0-38DA-11E2-01EB-0A5E6F9A26E9}) (Version: 10.0.0.0 - CFB Software)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet 4500 G510n-z 14.0 Rel. 6 (HKLM\...\{6B9B2E57-D988-4258-8A2C-6F3657A600BD}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Solutions Framework (HKLM-x32\...\{69FD2930-C361-47F6-822E-71B021526778}) (Version: 11.50.0015 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}) (Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM-x32\...\{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{ADFDB647-35C0-4254-9EE6-2D9C3B7104BD}) (Version: 5.2.1.69 - Apple Inc.)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33070) (Version: 3.6.1.33070.11 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{B991A1BC-DE0F-41B3-9037-B2F948F706EC}) (Version: 3.1.1228 - Intel Corporation)
iTunes (HKLM\...\{58D7E5F7-BAD1-49C5-93C8-B655736EDA00}) (Version: 12.4.0.119 - Apple Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MarketResearch (HKLM-x32\...\{D360FA88-17C8-4F14-B67F-13AAF9607B12}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6769.2017 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{40F55150-F43D-4C9F-9A00-1A0A6F1EB7F0}) (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{9846E46F-07E0-4BDF-985A-E3FBA8C15877}) (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}) (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{E1DA4302-1C06-4533-AF6D-9D68B01FCB34}) (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Network64 (HKLM\...\{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}) (Version: 140.0.306.000 - Hewlett-Packard) Hidden
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.45 - Symantec Corporation)
Norton Online Backup ARA (HKLM-x32\...\NARA) (Version: 4.1.0.11 - Symantec Corporation) Hidden
NVIDIA Graphics Driver 305.46 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 305.46 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.6729.1014 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.6729.1014 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.6729.1014 - Microsoft Corporation) Hidden
Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version:  - PopCap Games)
Python 2.7.3 (64-bit) (HKLM\...\{C0C31BCC-56FB-42a7-8766-D29E1BD74C7d}) (Version: 2.7.3150 - Python Software Foundation)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7543 - Realtek Semiconductor Corp.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.4.0 - Samsung Electronics CO., LTD.)
S Agent (HKLM\...\{969B5BFB-094D-4D96-AC0C-C1A2675DB583}) (Version: 1.0.7 - Samsung Electronics CO., LTD.) Hidden
Scan (HKLM-x32\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden
Settings (HKLM-x32\...\{52E5DE60-C96B-42CC-9A37-FE04725940AE}) (Version: 2.0.0 - Samsung Electronics CO., LTD.)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SolutionCenter (HKLM-x32\...\{BC5DD87B-0143-4D14-AAE6-97109614DC6B}) (Version: 140.0.299.000 - Hewlett-Packard) Hidden
Splendid City Sports Scheduler v7.0 (HKLM-x32\...\Splendid City Sports Scheduler v7.0) (Version:  - )
Status (HKLM-x32\...\{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}) (Version: 140.0.342.000 - Hewlett-Packard) Hidden
Support Center FAQ (HKLM-x32\...\{5547725A-B333-475C-93C7-3B89267A72D4}) (Version: 1.0.0 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM-x32\...\{3B4E6027-AED5-4169-B030-B450E5A0F396}) (Version: 2.0.14 - Samsung Electronics CO., LTD.)
Toolbox (HKLM-x32\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (HKLM-x32\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
User Guide (HKLM-x32\...\{039EA659-E421-45C6-8913-BED5D69B5536}) (Version: 1.1.00 - Samsung Electronics CO., LTD.)
VSee (HKCU\...\VSee) (Version: 15.0.0.707 - VSee Lab Inc)
WebReg (HKLM-x32\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass  (07/27/2012 20.57.1.735) (HKLM\...\9F04C462DAB591BDCCE784F77E4D4F1736010B92) (Version: 07/27/2012 20.57.1.735 - Samsung Electronics Co. Ltd.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Xerox PhotoCafe (HKLM-x32\...\Xerox PhotoCafe) (Version: 1.0.0.6162 - Xerox)
 
========================= Devices: ================================
 
Name: Officejet 4500 G510n-z
Description: Officejet 4500 G510n-z
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Device ID: ROOT\MULTIFUNCTION\0000
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 79%
Total physical RAM: 3797.53 MB
Available physical RAM: 791.75 MB
Total Virtual: 7637.53 MB
Available Virtual: 3365.88 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:439.12 GB) (Free:367.06 GB) NTFS
3 Drive e: (HP USB FD) (Removable) (Total:30.21 GB) (Free:28.79 GB) FAT32
 
========================= Users: ========================================
 
User accounts for \\PATTYSAMSUNG
 
Administrator            DefaultAccount           Guest                    
Patty                    UpdatusUser              
 
========================= Restore Points ==================================
 
02-05-2016 00:27:30 Windows Update
09-05-2016 23:32:10 Scheduled Checkpoint
15-05-2016 21:53:28 Windows Update
 
**** End of log ****


#5 Jakealope

Jakealope
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:56 AM

Posted 31 May 2016 - 09:59 AM

I ran Malwarebytes this morning and there were no detections.

 

I ran that Malware Bytes anti rootkit last night and the reports are below.

 

Malwarebytes Anti-Rootkit BETA 1.9.3.1001

www.malwarebytes.org
 
Database version:
  main:    v2016.05.30.07
  rootkit: v2016.05.27.01
 
Windows 10 x64 NTFS
Internet Explorer 11.306.10586.0
Patty :: PATTYSAMSUNG [administrator]
 
5/30/2016 8:33:55 PM
mbar-log-2016-05-30 (20-33-55).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 411521
Time elapsed: 1 hour(s), 32 minute(s), 15 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 10.0.9200 Windows 10 x64
 
Account is Administrative
 
Internet Explorer version: 11.306.10586.0
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.395000 GHz
Memory total: 3982000128, free: 832061440
 
Downloaded database version: v2016.05.30.07
Host not found
Downloaded database version: v2016.05.30.07
Downloaded database version: v2016.05.27.01
Downloaded database version: v2016.05.25.01
=======================================
Initializing...
------------ Kernel report ------------
     05/30/2016 20:33:30
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\Drivers\fsbts.sys
\SystemRoot\system32\drivers\dlkmdldr.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\NARAx64\0401000.00B\ccSetx64.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\drivers\dlkmd.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\System32\drivers\truecrypt.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\??\C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys
\??\C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\CLVirtualDrive.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\athw8x.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\rt640x64.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\ETD.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\ETDSMBus.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\RadioHIDMini.sys
\SystemRoot\System32\drivers\mshidkmdf.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\iwdbus.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\system32\DRIVERS\btfilter.sys
\SystemRoot\System32\drivers\BTHUSB.sys
\SystemRoot\System32\drivers\bthport.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\DisplayLinkUsbIo_x64_7.9.1488.0.sys
\SystemRoot\system32\DRIVERS\dlusbaudio_x64.sys
\SystemRoot\System32\drivers\dlcdcncm62_x64.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\drivers\BthLEEnum.sys
\SystemRoot\System32\drivers\rfcomm.sys
\SystemRoot\System32\drivers\BthEnum.sys
\SystemRoot\System32\drivers\bthpan.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\tunnel.sys
\??\C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys
\??\C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\fsni64.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\drivers\WdFilter.sys
\SystemRoot\System32\drivers\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\System32\drivers\WpdUpFltr.sys
\SystemRoot\system32\Drivers\WdNisDrv.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\??\C:\WINDOWS\system32\drivers\mwac.sys
\SystemRoot\System32\drivers\vwifimp.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2016.05.30.07
  rootkit: v2016.05.27.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffe0012f226060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe0012f226b10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe0012f226060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffe0012e1b8060, DeviceName: \Device\00000032\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: B0418F27
 
GPT Protective MBR Partition information:
 
    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
GPT Partition information:
 
    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 1252194408
    GPT Header CurrentLba = 1 BackupLba 976773167
    GPT Header FirstUsableLba 34  LastUsableLba 976773134
    GPT Header Guid 86c6f57-2cfd-4219-a4ee-8b63a3ef3ad4
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128
 
    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 1252194408
    Backup GPT header CurrentLba = 976773167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 976773134
    Backup GPT header Guid 86c6f57-2cfd-4219-a4ee-8b63a3ef3ad4
    Backup GPT header Contains 128 partition entries starting at LBA 976773135
    Backup GPT header Partition entry size = 128
 
    Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 9d9a1846-fd30-49a2-bdac-6dcb78e828a
    FirstLBA 2048  Last LBA 1026047
    Attributes 1
    Partition Name                 Basic data partition
 
    Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID 5ef29d5e-57f7-4dd1-9ee8-c9d019e266b9
    FirstLBA 1026048  Last LBA 1640447
    Attributes 0
    Partition Name                 EFI system partition
 
    GPT Partition 1 is bootable
    Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 79481955-ae89-4f22-953e-9533b7187994
    FirstLBA 1640448  Last LBA 1902591
    Attributes 0
    Partition Name         Microsoft reserved partition
 
    Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 99fb57ba-733e-41a0-8c3c-afc369d4c82
    FirstLBA 1902592  Last LBA 922794574
    Attributes 0
    Partition Name                 Basic data partition
 
    Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID f2ce2e4d-2819-4070-83ed-fb5818214e9e
    FirstLBA 922796032  Last LBA 924463103
    Attributes 1
    Partition Name                                     
 
    Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID a243358e-3d35-4270-a989-6da080b93e99
    FirstLBA 924463104  Last LBA 925382655
    Attributes 1
    Partition Name                                     
 
    Partition 6 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID d5863876-98a7-43b0-8a39-46c33684669a
    FirstLBA 925382657  Last LBA 974675968
    Attributes 1
    Partition Name                 Basic data partition
 
    Partition 7 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 4cd9d1c6-3a46-4991-4173-636c65706975
    FirstLBA 974675969  Last LBA 976773120
    Attributes 1
    Partition Name                 Basic data partition
 
Disk Size: 500107862016 bytes
Sector size: 512 bytes
 
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffe001342d3060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe001349a7480, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe001342d3060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffe0012d656990, DeviceName: \Device\00000080\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C3072E18
 
Partition information:
 
    Partition 0 type is Other (0xc)
    Partition is ACTIVE.
    Partition starts at LBA: 32  Numsec = 63393760
    Partition is not bootable
    Partition file system is FAT32
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
Disk Size: 32457621504 bytes
Sector size: 512 bytes
 
Done!
File "C:\Users\Patty\AppData\Local\Comms\UnistoreDB\store.vol" is sparse (flags = 32768)
File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768)
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-32-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished
 


#6 Jakealope

Jakealope
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:56 AM

Posted 31 May 2016 - 10:05 AM

Here is the Malware Bytes Scan Log.

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 5/31/2016
Scan Time: 9:31 AM
Logfile: 
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.05.31.03
Rootkit Database: v2016.05.27.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Patty
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 411220
Time Elapsed: 1 hr, 15 min, 51 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,710 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:56 AM

Posted 31 May 2016 - 11:27 PM

Farbar Recovery Scan Tool (FRST) is not allowed in this forum.

You were supposed to post Farbar Service Scanner (FSS) log.

 

I also need rKIll log.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#8 Jakealope

Jakealope
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:56 AM

Posted 01 June 2016 - 07:18 AM

Below is the Farbar Service Scanner log.

 

Farbar Service Scanner Version: 27-01-2016
Ran by Patty (administrator) on 01-06-2016 at 08:02:53
Running from "C:\Users\Patty\Downloads"
Microsoft Windows 10 Home  (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Security Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****

 

 

Below is the Rkill log.

 

Rkill 2.8.4 by Lawrence Abrams (Grinler)
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 06/01/2016 08:08:01 AM in x64 mode.
Windows Version: Windows 10 Home 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\Users\Patty\Downloads\SecurityCheck.exe (PID: 5996) [UP-HEUR]
 * C:\Users\Patty\Downloads\FSS.exe (PID: 4816) [UP-HEUR]
 
2 proccesses terminated!
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 06/01/2016 08:16:59 AM
Execution time: 0 hours(s), 8 minute(s), and 58 seconds(s)


#9 Jakealope

Jakealope
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:56 AM

Posted 01 June 2016 - 01:53 PM

FYI.  This morning after I ran RKill, Windows Defender detected and quarantined Trojan:Win32/Gatrid.E!cl.  There were 2 of these files in quarantine.  I then ran Microsoft Safety Scanner Quick scan and Full Scan and nothing was detected either time.  

 

I'm wondering if the RKill allowed Windows Defender to work and find the Trojan?



#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,710 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:56 AM

Posted 01 June 2016 - 06:23 PM

Very possible.

That's the main purpose of rKill.

 

p22002970.gif Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

p22002970.gif Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


p22002970.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


p22002970.gif Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 Jakealope

Jakealope
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:56 AM

Posted 02 June 2016 - 09:15 AM

I ran Temp File cleaner this morning and it did not require a restart.

 

Below is the AdwCleaner log file.

 

# AdwCleaner v5.119 - Logfile created 02/06/2016 at 09:17:17

# Updated 30/05/2016 by Xplode
# Database : 2016-05-30.3 [Server]
# Operating system : Windows 10 Home  (X64)
# Username : Patty - PATTYSAMSUNG
# Running from : C:\Users\Patty\Downloads\adwcleaner_5.119.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\ProgramData\Babylon
[#] Folder Deleted : C:\ProgramData\Application Data\Babylon
[-] Folder Deleted : C:\Program Files (x86)\Conduit
[-] Folder Deleted : C:\Users\Patty\AppData\Local\SwvUpdater
[-] Folder Deleted : C:\Users\Patty\AppData\Roaming\Babylon
 
***** [ Files ] *****
 
[-] File Deleted : C:\END
[-] File Deleted : C:\WINDOWS\SysWOW64\lavasofttcpservice.dll
[-] File Deleted : C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini
[-] File Deleted : C:\Users\Patty\AppData\Roaming\Mozilla\Firefox\Profiles\90r0t9do.default\invalidprefs.js
[-] File Deleted : C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kdidombaedgpfiiedeimiebkmbilgmlc_0.localstorage
[-] File Deleted : C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_websearch.about.com_0.localstorage
[-] File Deleted : C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_websearch.about.com_0.localstorage-journal
[-] File Deleted : C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
[-] File Deleted : C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
[-] File Deleted : C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lifeshield.com_0.localstorage
[-] File Deleted : C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lifeshield.com_0.localstorage-journal
[-] File Deleted : C:\WINDOWS\SysNative\LavasoftTcpService64.dll
[-] File Deleted : C:\WINDOWS\SysNative\LavasoftTcpServiceOff.ini
 
***** [ DLLs ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\5355888db569b814
[-] Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{44C9CC91-6A4A-4579-B4B5-899ECDC18DC6}]
[-] Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
[-] Key Deleted : HKLM\SOFTWARE\Babylon
[-] Key Deleted : HKLM\SOFTWARE\Lavasoft\Web Companion
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Firefox Packages
[-] Key Deleted : HKU\S-1-5-21-4204859643-4009438992-3315869148-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Uninstall\Firefox Packages
[-] Key Deleted : HKU\S-1-5-21-4204859643-4009438992-3315869148-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\Software\adawarebp
[-] Key Deleted : HKU\S-1-5-21-4204859643-4009438992-3315869148-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Uninstall\Firefox Packages
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[-] Value Deleted : HKU\S-1-5-21-4204859643-4009438992-3315869148-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Web Companion]
[-] Value Deleted : HKU\S-1-5-21-4204859643-4009438992-3315869148-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Web Companion]
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Patty\AppData\Roaming\Mozilla\Firefox\Profiles\90r0t9do.default\prefs.js] Deleted : user_pref("CT3289847_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1368283766419,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
[-] [C:\Users\Patty\AppData\Roaming\Mozilla\Firefox\Profiles\90r0t9do.default\prefs.js] Deleted : user_pref("Smartbar.ConduitHomepagesList", "");
[-] [C:\Users\Patty\AppData\Roaming\Mozilla\Firefox\Profiles\90r0t9do.default\prefs.js] Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
[-] [C:\Users\Patty\AppData\Roaming\Mozilla\Firefox\Profiles\90r0t9do.default\prefs.js] Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
[-] [C:\Users\Patty\AppData\Roaming\Mozilla\Firefox\Profiles\90r0t9do.default\prefs.js] Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
[-] [C:\Users\Patty\AppData\Roaming\Mozilla\Firefox\Profiles\90r0t9do.default\prefs.js] Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3289847");
[-] [C:\Users\Patty\AppData\Roaming\Mozilla\Firefox\Profiles\90r0t9do.default\prefs.js] Deleted : user_pref("browser.search.defaultthis.engineName", "WhiteSmoke New Customized Web Search");
[-] [C:\Users\Patty\AppData\Roaming\Mozilla\Firefox\Profiles\90r0t9do.default\prefs.js] Deleted : user_pref("smartbar.machineId", "RWPGK+JPTLWZS2LYIOF+KROAW+TJ2RRPTIHQSXUHYLRW3A0NZB5WHUSCSUIMZQJMVKJML7E5GU1P50JVW1C3GQ");
[-] [C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : delta-search.com
[-] [C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.conduit.com
[-] [C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : askws
[-] [C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : wayfair.com
[-] [C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : klibnahbojhkanfgaglnlalfkgpcppfi
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [6638 bytes] - [02/06/2016 09:17:17]
C:\AdwCleaner\AdwCleaner[S1].txt - [6758 bytes] - [02/06/2016 09:10:23]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [6784 bytes] ##########
 
 
 
Below is the Junkware Removal Tool log file.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 10 Home x64 
Ran by Patty (Administrator) on Thu 06/02/2016 at 10:00:11.23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 4 
 
Successfully deleted: C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal (File) 
Successfully deleted: C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage (File) 
Successfully deleted: C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.saveur.com_0.localstorage-journal (File) 
Successfully deleted: C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.saveur.com_0.localstorage (File) 
 
 
 
Registry: 1 
 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 06/02/2016 at 10:10:30.94
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


#12 Jakealope

Jakealope
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:56 AM

Posted 02 June 2016 - 01:34 PM

I ran the Sophos Virus Removal Tool and it advised that my computer was clean.  No threats were found.  This virus scan took quite a long time.  

 

I am hoping that my PS is clean now and I got rid of the virus with your help.



#13 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,710 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:56 AM

Posted 02 June 2016 - 07:41 PM

Update Firefox to the current version.

 

Your computer is clean p3879546.jpg

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download 51a5ce45263de-delfix.pngDelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#14 Jakealope

Jakealope
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:56 AM

Posted 02 June 2016 - 09:07 PM

Thank you for your help Broni.  I ran Delfix.  I changed several passwords but need to change more tomorrow.  I will follow through on the rest of the items tomorrow since it is late here.

 

I live in a rural area and use satellite internet and have a data limit.  My data usage jumped way up last month.  Could that Rootkit Trojan have caused a spike in data usage?

 

Also I have been using Chrome.  Do you feel that Firefox is more secure?


Edited by Jakealope, 02 June 2016 - 09:08 PM.


#15 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,710 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:56 AM

Posted 02 June 2016 - 10:41 PM

Could that Rootkit Trojan have caused a spike in data usage?

 

Possibly.

 

All browsers are pretty much equal when it comes to security.

 

Good luck and stay safe :)


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users