Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Tons of Time and $ lost.. New Restore, DNS hijack? Invisible File, or I'm Crazy?


  • This topic is locked This topic is locked
5 replies to this topic

#1 EECKS

EECKS

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 13 June 2016 - 09:00 AM

I've reformatted my PCs so many times I've lost count.  I recently got this one up and running and I thought everything was good but it appears to me there is probably a bunch of stuff going on? 

 

Some pages started responding weird, then my ad blocker quit working, my office shows it wasn't actually installed, my new CD based Virus protection showed two versions, and it looks like this system has a ton of users hitting it???   Please help, Lost soo much time and money on this thinking it was the better thing to do to pay someone to come over and fix it rather than come here, but then they are gone and don't see the problem again minutes or hours after they leave, and I think they are just doing the surface cleaning, not looking for the actual cause of the issue.

 

Here are my Logs

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-06-2016 01
Ran by Casey (administrator) on ASUSFLOOR (13-06-2016 06:49:53)
Running from C:\Users\Casey\Downloads
Loaded Profiles: Casey (Available Profiles: Casey & KCsGuest & Administrator)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Manager\AsHKService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{9AF45D7C-34F1-4BA0-B799-825C8C04494C}\AiChargerDT.exe
(ASUSTeK) C:\Program Files (x86)\ASUS\ASUS Manager\Ai Charger II\Ai_ChargerII_TrayIcon(ASUS_Manager).exe
() C:\Program Files (x86)\ASUS\ASUS Manager\PC Cleanup\SecureDeleteBackground.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKU\S-1-5-21-3458565438-258332679-1599885353-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8722136 2016-06-01] (Piriform Ltd)
HKU\S-1-5-21-3458565438-258332679-1599885353-1002\...\MountPoints2: {9d345733-fe90-11e4-8258-806e6f6e6963} - "E:\WRSetupCD.exe" 
IFEO\taskmgr.exe: [Debugger] "C:\USERS\CASEY\DESKTOP\SYSINTERNALSSUITE\PROCEXP.EXE"
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2016-06-13] ()
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c90ac31d-d84a-476b-9539-c6d15a87caf9}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3458565438-258332679-1599885353-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
SearchScopes: HKU\S-1-5-21-3458565438-258332679-1599885353-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3458565438-258332679-1599885353-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-06-12] (Microsoft Corporation)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll => No File
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-06-12] (Microsoft Corporation)
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll => No File
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll No File
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll No File
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-12] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-12] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-12] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-12] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Casey\AppData\Roaming\Mozilla\Firefox\Profiles\ga5o5iti.default
FF Homepage: www.google.com
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-06-08] (Adobe Systems)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-06-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-08] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-06-08] (Adobe Systems)
FF Extension: Webroot Password Manager - C:\Users\Casey\AppData\Roaming\Mozilla\Firefox\Profiles\ga5o5iti.default\extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} [2016-06-12]
FF Extension: Download YouTube Videos as MP4 - C:\Users\Casey\AppData\Roaming\Mozilla\Firefox\Profiles\ga5o5iti.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2016-06-11]
FF Extension: Adblock Plus - C:\Users\Casey\AppData\Roaming\Mozilla\Firefox\Profiles\ga5o5iti.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-06-13]
 
Chrome: 
=======
CHR Profile: C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-08]
CHR Extension: (Google Docs) - C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-09]
CHR Extension: (Google Drive) - C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-09]
CHR Extension: (YouTube) - C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-09]
CHR Extension: (Google Sheets) - C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-08]
CHR Extension: (Google Docs Offline) - C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-08]
CHR Extension: (Gmail) - C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-09]
CHR HKLM-x32\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc] - hxxp://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [737984 2016-06-03] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2016-03-21] (Advanced Micro Devices) [File not signed]
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-11-06] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2945792 2016-05-26] (Microsoft Corporation)
S3 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [200240 2016-05-25] (Microsoft Corporation) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 amdacpksd; C:\WINDOWS\system32\drivers\amdacpksd.sys [305392 2016-04-05] (Advanced Micro Devices)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [40720 2015-07-28] (Advanced Micro Devices, Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R0 assdv2; C:\Windows\System32\Drivers\assdv2.sys [21816 2013-12-05] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [111120 2016-03-01] (Advanced Micro Devices)
U5 PROCMON23; C:\Windows\System32\Drivers\PROCMON23.sys [84792 2016-06-09] (Sysinternals - www.sysinternals.com)
S3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [607488 2016-02-25] (Realtek Semiconductor Corporation)
S3 RTWlanE; C:\Windows\System32\drivers\rtwlane.sys [3445248 2015-10-30] (Realtek Semiconductor Corporation                           )
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-13 06:49 - 2016-06-13 06:50 - 00013931 _____ C:\Users\Casey\Downloads\FRST.txt
2016-06-13 06:45 - 2016-06-13 06:49 - 00000000 ____D C:\FRST
2016-06-13 06:44 - 2016-06-13 06:45 - 02385408 _____ (Farbar) C:\Users\Casey\Downloads\FRST64.exe
2016-06-13 06:06 - 2016-06-13 06:06 - 00000000 ____D C:\Users\Casey\AppData\Local\Microsoft Help
2016-06-13 03:35 - 2016-06-13 03:35 - 00000000 _____ C:\Users\Casey\Desktop\New Text Document (3).txt
2016-06-13 03:14 - 2016-06-13 03:14 - 00001665 _____ C:\Users\Casey\Desktop\Txr.txt
2016-06-13 03:08 - 2016-06-13 03:08 - 00000000 _____ C:\Users\Casey\Desktop\New Text Document (2).txt
2016-06-13 01:52 - 2016-06-13 01:52 - 00000000 ____D C:\Users\Casey\AppData\Local\lptmp588155829
2016-06-13 01:52 - 2016-06-13 01:52 - 00000000 ____D C:\Users\Casey\AppData\Local\lptmp1877883024
2016-06-13 00:41 - 2016-06-13 00:41 - 00000000 ____D C:\Users\SanDi\Desktop\Old Firefox Data
2016-06-12 23:59 - 2016-06-13 00:04 - 00000847 _____ C:\Users\Casey\Desktop\DOWNLOAD MAIN.lnk
2016-06-12 23:59 - 2016-06-12 23:59 - 00000834 _____ C:\Users\Casey\Desktop\ARTWORK MAIN.lnk
2016-06-12 23:28 - 2016-06-12 23:28 - 00000000 ____D C:\DOWNLOAD MAIN
2016-06-12 23:27 - 2016-06-12 23:27 - 00000000 ____D C:\ARTWORK MAIN
2016-06-12 23:12 - 2016-06-12 23:12 - 00003614 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-KCFROMA-KCsGuest
2016-06-12 23:11 - 2016-06-12 23:11 - 00001934 _____ C:\Users\Casey\Desktop\FileZilla Client.lnk
2016-06-12 23:11 - 2016-06-12 23:11 - 00000000 ____D C:\Users\Casey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2016-06-12 23:11 - 2016-06-12 23:11 - 00000000 ____D C:\Users\Casey\AppData\Roaming\FileZilla
2016-06-12 23:11 - 2016-06-12 23:11 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2016-06-12 23:10 - 2016-06-12 23:10 - 00001095 _____ C:\Users\Public\Desktop\Notepad++.lnk
2016-06-12 23:10 - 2016-06-12 23:10 - 00000000 ____D C:\Users\Casey\AppData\Roaming\Notepad++
2016-06-12 23:10 - 2016-06-12 23:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2016-06-12 23:10 - 2016-06-12 23:10 - 00000000 ____D C:\Program Files (x86)\Notepad++
2016-06-12 23:09 - 2016-06-12 23:09 - 00000000 ____D C:\download
2016-06-12 23:08 - 2016-06-12 23:08 - 00002034 _____ C:\Users\SanDi\Desktop\Adobe Illustrator CC 2015.lnk
2016-06-12 23:08 - 2016-06-12 23:08 - 00001822 _____ C:\Users\SanDi\Desktop\Adobe Photoshop CC 2015.lnk
2016-06-12 23:08 - 2016-06-12 23:08 - 00001654 _____ C:\Users\SanDi\Desktop\Brackets.lnk
2016-06-12 23:04 - 2016-06-12 23:18 - 00000000 ____D C:\Users\SanDi\AppData\Local\Mozilla
2016-06-12 23:04 - 2016-06-12 23:04 - 00000000 ____D C:\Users\SanDi\AppData\Roaming\Mozilla
2016-06-12 23:02 - 2016-06-12 23:02 - 00000000 ____D C:\Users\SanDi\Documents\Artwork
2016-06-12 23:02 - 2016-06-12 23:02 - 00000000 ____D C:\Users\SanDi\Desktop\Artwork
2016-06-12 22:58 - 2016-06-13 00:27 - 00000000 ____D C:\Users\SanDi\AppData\LocalLow\LastPass
2016-06-12 22:58 - 2016-06-12 22:59 - 00000000 ____D C:\Users\SanDi\AppData\Roaming\Brackets
2016-06-12 22:58 - 2016-06-12 22:58 - 00000000 ____D C:\Users\SanDi\AppData\Local\CEF
2016-06-12 22:56 - 2016-06-12 22:56 - 00000000 ____D C:\Users\Casey\AppData\Roaming\Brackets
2016-06-12 22:56 - 2016-06-12 22:56 - 00000000 ____D C:\Users\Casey\AppData\Local\CEF
2016-06-12 22:31 - 2016-06-12 22:31 - 00003296 _____ C:\Users\Casey\Desktop\thoughts on the quran.txt
2016-06-12 22:30 - 2016-06-12 22:30 - 00000122 _____ C:\Users\Casey\Desktop\todo.txt
2016-06-12 20:48 - 2016-06-12 20:48 - 00000720 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brackets.lnk
2016-06-12 20:48 - 2016-06-12 20:48 - 00000000 ____D C:\Program Files (x86)\Brackets
2016-06-12 20:40 - 2016-06-12 20:40 - 00000000 ____D C:\Users\Casey\Documents\NEW TUK pieces
2016-06-12 20:40 - 2016-06-12 20:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Web Designer
2016-06-12 20:40 - 2016-06-12 20:40 - 00000000 ____D C:\Program Files\Google
2016-06-12 19:54 - 2016-06-12 19:54 - 00000000 ____D C:\Users\Casey\AppData\LocalLow\Webroot
2016-06-12 19:20 - 2016-06-13 01:52 - 00000000 ____D C:\Users\Casey\AppData\Local\lptmp
2016-06-12 19:20 - 2016-06-12 19:20 - 00000000 ____D C:\Users\Casey\AppData\LocalLow\LastPass
2016-06-12 15:14 - 2016-06-12 15:14 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Raptr
2016-06-12 15:14 - 2016-06-12 15:14 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\PlaysTV
2016-06-12 15:14 - 2016-06-12 15:14 - 00000000 ____D C:\Users\Administrator\AppData\Local\AMD
2016-06-12 15:14 - 2016-06-12 15:14 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2016-06-12 15:11 - 2016-06-12 23:12 - 00000000 ____D C:\Users\SanDi\AppData\Local\AMD
2016-06-12 15:11 - 2016-06-12 23:12 - 00000000 ____D C:\Users\SanDi\AppData\Local\Adobe
2016-06-12 15:11 - 2016-06-12 15:11 - 00000000 ____D C:\Users\SanDi\AppData\Roaming\Raptr
2016-06-12 15:11 - 2016-06-12 15:11 - 00000000 ____D C:\Users\SanDi\AppData\Roaming\PlaysTV
2016-06-12 15:00 - 2016-06-12 15:00 - 00004296 _____ C:\WINDOWS\System32\Tasks\AMD Updater
2016-06-12 14:58 - 2016-06-12 14:58 - 00000000 ____D C:\Users\Casey\AppData\Roaming\library_dir
2016-06-12 14:57 - 2016-06-12 14:58 - 00000000 ____D C:\Program Files (x86)\Raptr Inc
2016-06-12 14:57 - 2016-06-12 14:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulkan 1.0.3.1
2016-06-12 14:57 - 2016-06-12 14:57 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-06-12 14:57 - 2016-02-15 16:27 - 00125720 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2016-06-12 14:57 - 2016-02-15 16:26 - 00126232 _____ C:\WINDOWS\system32\vulkan-1.dll
2016-06-12 14:57 - 2016-02-15 16:25 - 00045848 _____ C:\WINDOWS\system32\vulkaninfo.exe
2016-06-12 14:57 - 2016-02-15 16:25 - 00042264 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2016-06-12 14:32 - 2016-06-12 14:32 - 00001822 _____ C:\Users\Casey\Desktop\Adobe Photoshop CC 2015.lnk
2016-06-12 14:03 - 2016-06-12 14:03 - 00035811 _____ C:\Users\Casey\Desktop\CaseyWhitcher-Resume-07.pdf
2016-06-12 13:49 - 2016-06-12 15:16 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-06-12 13:49 - 2016-06-12 15:15 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-06-12 13:49 - 2016-06-12 13:49 - 00002131 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-06-12 13:29 - 2016-06-12 20:41 - 00000000 ____D C:\Users\Casey\Documents\Artwork
2016-06-12 13:25 - 2016-06-12 13:25 - 00000000 ____D C:\Users\Casey\AppData\LocalLow\Adobe
2016-06-12 13:24 - 2016-06-12 13:24 - 00000033 _____ C:\Users\Casey\AppData\Roaming\AdobeWLCMCache.dat
2016-06-12 12:54 - 2016-06-12 12:54 - 00001036 _____ C:\Users\Casey\Desktop\Adobe Lightroom.lnk
2016-06-12 12:54 - 2016-06-12 12:54 - 00001036 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Lightroom.lnk
2016-06-12 12:47 - 2016-06-12 12:47 - 00002199 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2015.lnk
2016-06-12 12:45 - 2016-06-12 13:25 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-06-12 12:45 - 2016-06-12 12:45 - 00003602 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-KCFROMA-Casey
2016-06-12 12:36 - 2016-06-12 12:36 - 00001092 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2015.lnk
2016-06-12 12:36 - 2016-06-12 12:36 - 00000000 ____D C:\Users\Casey\Documents\Adobe
2016-06-12 12:34 - 2016-06-12 12:54 - 00000000 ____D C:\Program Files\Adobe
2016-06-12 12:34 - 2016-06-12 12:47 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-06-12 12:27 - 2016-06-13 01:47 - 00000000 ___RD C:\Users\Casey\Creative Cloud Files
2016-06-12 12:27 - 2016-06-13 01:47 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-06-12 12:24 - 2016-06-12 12:24 - 00001305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2016-06-12 12:21 - 2016-06-12 15:14 - 00000000 ____D C:\ProgramData\Adobe
2016-06-12 12:20 - 2016-06-12 13:48 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-06-12 12:16 - 2016-06-13 02:00 - 00000000 ____D C:\Users\Casey\AppData\Local\Adobe
2016-06-12 12:15 - 2016-06-12 12:16 - 00798912 _____ (Adobe Systems Incorporated) C:\Users\Casey\Downloads\CreativeCloudSet-Up.exe
2016-06-12 12:14 - 2016-06-12 12:14 - 00000000 ____D C:\Users\Casey\AppData\Roaming\Foxit Software
2016-06-12 11:59 - 2016-06-12 11:59 - 00002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-06-12 11:59 - 2016-06-12 11:59 - 00002499 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-06-12 11:59 - 2016-06-12 11:59 - 00002463 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2016-06-12 11:59 - 2016-06-12 11:59 - 00002462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-06-12 11:59 - 2016-06-12 11:59 - 00002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-06-12 11:59 - 2016-06-12 11:59 - 00002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-06-12 11:59 - 2016-06-12 11:59 - 00002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-06-12 11:59 - 2016-06-12 11:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2016-06-12 11:57 - 2016-06-12 15:17 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-06-12 11:57 - 2016-06-12 11:57 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-06-12 11:55 - 2016-06-12 11:55 - 00000761 _____ C:\Users\Casey\Desktop\Downloads.lnk
2016-06-12 11:52 - 2016-06-12 11:52 - 00000734 _____ C:\Users\Casey\Desktop\OneDrive-Personal.lnk
2016-06-12 11:35 - 2016-06-13 05:05 - 00001718 _____ C:\Users\Casey\Desktop\AntiBeacon.lnk
2016-06-12 09:30 - 2016-06-12 09:30 - 00000000 ____D C:\WINDOWS\SysWOW64\PolicyDefinitions
2016-06-12 09:30 - 2016-06-12 09:30 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2016-06-12 09:30 - 2016-06-12 09:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot Anti-Beacon
2016-06-12 09:30 - 2016-06-12 09:30 - 00000000 ____D C:\Program Files (x86)\Spybot Anti-Beacon
2016-06-11 14:59 - 2016-06-11 14:59 - 311784697 _____ C:\Users\Casey\Desktop\barnacluels.mp4
2016-06-11 14:46 - 2016-06-11 14:46 - 00000043 _____ C:\Users\Casey\Desktop\privacy stuff.txt
2016-06-11 13:20 - 2016-06-11 13:20 - 00000000 ____D C:\Users\SanDi\AppData\Roaming\Macromedia
2016-06-11 13:17 - 2016-06-11 13:29 - 00000000 ___RD C:\Users\SanDi\OneDrive
2016-06-11 13:17 - 2016-06-11 13:18 - 00002370 _____ C:\Users\SanDi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-06-11 13:17 - 2016-06-11 13:17 - 00000000 ____D C:\Users\SanDi\AppData\Local\Comms
2016-06-11 13:16 - 2016-06-12 15:13 - 00000000 ____D C:\Users\SanDi\AppData\Local\MicrosoftEdge
2016-06-11 13:16 - 2016-06-11 13:16 - 00000000 ____D C:\Users\SanDi\AppData\Local\ActiveSync
2016-06-11 13:15 - 2016-06-11 13:15 - 00000000 ____D C:\Users\SanDi\AppData\Local\Publishers
2016-06-11 13:14 - 2016-06-12 23:12 - 00000000 ____D C:\Users\SanDi\AppData\Roaming\Adobe
2016-06-11 13:14 - 2016-06-12 23:08 - 00000000 ____D C:\Users\SanDi\AppData\Local\Packages
2016-06-11 13:14 - 2016-06-11 13:17 - 00000000 ____D C:\Users\SanDi
2016-06-11 13:14 - 2016-06-11 13:14 - 00000020 ___SH C:\Users\SanDi\ntuser.ini
2016-06-11 13:14 - 2016-06-11 13:14 - 00000000 _SHDL C:\Users\SanDi\My Documents
2016-06-11 13:14 - 2016-06-11 13:14 - 00000000 _SHDL C:\Users\SanDi\Documents\My Videos
2016-06-11 13:14 - 2016-06-11 13:14 - 00000000 _SHDL C:\Users\SanDi\Documents\My Pictures
2016-06-11 13:14 - 2016-06-11 13:14 - 00000000 _SHDL C:\Users\SanDi\Documents\My Music
2016-06-11 13:14 - 2016-06-11 13:14 - 00000000 ____D C:\Users\SanDi\AppData\Local\VirtualStore
2016-06-11 13:14 - 2016-06-11 13:14 - 00000000 ____D C:\Users\SanDi\AppData\Local\TileDataLayer
2016-06-11 13:14 - 2016-06-11 13:14 - 00000000 ____D C:\Users\SanDi\AppData\Local\Google
2016-06-11 13:14 - 2016-06-09 20:56 - 00000000 ____D C:\Users\SanDi\AppData\Roaming\ATI
2016-06-11 13:14 - 2016-06-09 20:56 - 00000000 ____D C:\Users\SanDi\AppData\Local\ATI
2016-06-09 23:16 - 2016-06-11 13:33 - 00002394 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-06-09 23:16 - 2016-06-11 13:33 - 00000000 ___RD C:\Users\Administrator\OneDrive
2016-06-09 23:14 - 2016-06-09 23:14 - 00000000 ____D C:\Users\Administrator\AppData\Local\ActiveSync
2016-06-09 23:13 - 2016-06-09 23:13 - 00000000 ____D C:\Users\Administrator\AppData\Local\Publishers
2016-06-09 23:13 - 2016-06-09 23:13 - 00000000 ____D C:\Users\Administrator\AppData\Local\ASUS
2016-06-09 23:12 - 2016-06-12 15:14 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2016-06-09 23:12 - 2016-06-09 23:32 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages
2016-06-09 23:12 - 2016-06-09 23:16 - 00000000 ____D C:\Users\Administrator
2016-06-09 23:12 - 2016-06-09 23:12 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2016-06-09 23:12 - 2016-06-09 23:12 - 00000000 _SHDL C:\Users\Administrator\My Documents
2016-06-09 23:12 - 2016-06-09 23:12 - 00000000 _SHDL C:\Users\Administrator\Documents\My Videos
2016-06-09 23:12 - 2016-06-09 23:12 - 00000000 _SHDL C:\Users\Administrator\Documents\My Pictures
2016-06-09 23:12 - 2016-06-09 23:12 - 00000000 _SHDL C:\Users\Administrator\Documents\My Music
2016-06-09 23:12 - 2016-06-09 23:12 - 00000000 ____D C:\Users\Administrator\AppData\Local\TileDataLayer
2016-06-09 23:12 - 2016-06-09 23:12 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2016-06-09 23:12 - 2016-06-09 20:56 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ATI
2016-06-09 23:12 - 2016-06-09 20:56 - 00000000 ____D C:\Users\Administrator\AppData\Local\ATI
2016-06-09 22:46 - 2016-06-09 22:46 - 00000706 _____ C:\Users\Casey\Desktop\WIN10China.txt
2016-06-09 21:20 - 2016-06-12 23:47 - 00042168 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2016-06-09 21:17 - 2016-06-09 21:17 - 00084792 ____H (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCMON23.SYS
2016-06-09 21:15 - 2016-06-09 21:16 - 00000000 ____D C:\Users\Casey\Desktop\SysinternalsSuite
2016-06-09 21:02 - 2016-06-09 21:02 - 00000000 ____D C:\Users\Casey\AppData\Roaming\MAGIX
2016-06-09 20:57 - 2016-06-09 20:57 - 00000000 ____D C:\ProgramData\ATI
2016-06-09 20:56 - 2016-06-09 20:56 - 00000000 ____D C:\Users\Default\AppData\Roaming\ATI
2016-06-09 20:56 - 2016-06-09 20:56 - 00000000 ____D C:\Users\Default\AppData\Local\ATI
2016-06-09 20:56 - 2016-06-09 20:56 - 00000000 ____D C:\Users\Default User\AppData\Roaming\ATI
2016-06-09 20:56 - 2016-06-09 20:56 - 00000000 ____D C:\Users\Default User\AppData\Local\ATI
2016-06-09 20:30 - 2016-06-09 20:30 - 00001178 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-06-09 20:21 - 2016-06-09 20:21 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-06-09 20:09 - 2016-06-09 20:09 - 00002854 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-06-09 20:09 - 2016-06-09 20:09 - 00000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-06-09 20:09 - 2016-06-09 20:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-06-09 20:09 - 2016-06-09 20:09 - 00000000 ____D C:\Program Files\CCleaner
2016-06-09 18:53 - 2016-06-09 20:24 - 136157464 _____ (Microsoft Corporation) C:\Users\Casey\Desktop\msert.exe
2016-06-09 18:47 - 2016-06-09 20:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malwareg
2016-06-09 18:43 - 2016-06-13 06:01 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-06-09 18:43 - 2016-06-09 20:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-06-09 18:43 - 2016-06-09 18:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-06-09 18:43 - 2016-06-09 18:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-06-09 18:43 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-06-09 18:43 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-06-09 18:43 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-06-09 18:38 - 2016-06-09 18:38 - 00000000 ____D C:\Users\Casey\AppData\Local\ElevatedDiagnostics
2016-06-09 18:37 - 2016-06-09 18:37 - 00007616 _____ C:\Users\Casey\AppData\Local\Resmon.ResmonCfg
2016-06-09 07:04 - 2016-06-09 07:04 - 00000000 ____D C:\WINDOWS\system32\Altiris Logs
2016-06-08 22:56 - 2016-06-08 23:05 - 00000000 ____D C:\Users\Casey\Downloads\SQL
2016-06-08 22:27 - 2016-04-22 00:57 - 00453288 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-06-08 22:25 - 2016-06-08 22:27 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-06-08 22:25 - 2016-06-08 22:25 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-06-08 22:17 - 2016-06-08 22:17 - 00016044 _____ C:\Users\Casey\Desktop\Symantec Order # SP1224324.pdf
2016-06-08 21:32 - 2016-06-13 06:43 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-08 21:32 - 2016-06-13 05:51 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-08 21:32 - 2016-06-12 20:40 - 00000000 ____D C:\Users\Casey\AppData\Local\Google
2016-06-08 21:32 - 2016-06-08 21:38 - 00003980 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-06-08 21:32 - 2016-06-08 21:38 - 00003748 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-06-08 21:32 - 2016-06-08 21:32 - 00002351 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-08 21:32 - 2016-06-08 21:32 - 00002339 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-08 21:32 - 2016-06-08 21:32 - 00000000 ____D C:\Program Files (x86)\Google
2016-06-08 20:47 - 2016-06-08 20:47 - 00000000 ____D C:\Users\Casey\AppData\Roaming\WildTangent
2016-06-08 20:12 - 2016-06-08 20:19 - 00000979 _____ C:\Users\Casey\Desktop\New Text Document.txt
2016-06-08 18:39 - 2016-06-08 18:39 - 00001250 _____ C:\Users\Casey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CNext.lnk
2016-06-08 18:34 - 2016-06-12 14:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings
2016-06-08 18:34 - 2016-06-08 18:07 - 00000000 ____D C:\Program Files (x86)\AMD
2016-06-08 18:33 - 2016-06-12 14:49 - 00000000 ____D C:\AMD
2016-06-08 18:32 - 2016-06-12 16:01 - 00000000 ___RD C:\Users\Casey\OneDrive
2016-06-08 18:32 - 2016-06-08 18:32 - 00002370 _____ C:\Users\Casey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-06-08 18:30 - 2016-06-08 18:30 - 00000000 ____D C:\Users\Casey\AppData\Local\ActiveSync
2016-06-08 18:29 - 2016-06-08 18:29 - 00000000 ____D C:\Users\Casey\AppData\Local\Publishers
2016-06-08 18:28 - 2016-06-08 18:28 - 00000020 ___SH C:\Users\Casey\ntuser.ini
2016-06-08 18:28 - 2016-06-08 18:28 - 00000000 ____D C:\Users\Casey\AppData\Local\TileDataLayer
2016-06-08 18:28 - 2016-06-08 18:28 - 00000000 ____D C:\Users\Casey\AppData\Local\Comms
2016-06-08 18:16 - 2016-06-08 18:26 - 00000000 ____D C:\Users\Casey\AppData\Local\Mozilla
2016-06-08 18:16 - 2016-06-08 18:17 - 00000000 ____D C:\Users\Casey\AppData\Roaming\Mozilla
2016-06-08 18:09 - 2015-05-13 06:13 - 00061464 _____ (Advanced Micro Devices) C:\WINDOWS\system32\Drivers\usbfilter.sys
2016-06-08 18:07 - 2015-06-23 10:59 - 01187342 _____ C:\WINDOWS\system32\amdocl_as64.exe
2016-06-08 18:07 - 2015-06-23 10:59 - 01061902 _____ C:\WINDOWS\system32\amdocl_ld64.exe
2016-06-08 18:07 - 2015-06-23 10:59 - 00995342 _____ C:\WINDOWS\SysWOW64\amdocl_as32.exe
2016-06-08 18:07 - 2015-06-23 10:59 - 00798734 _____ C:\WINDOWS\SysWOW64\amdocl_ld32.exe
2016-06-08 17:58 - 2016-06-08 18:15 - 00000000 ____D C:\Users\Casey\AppData\Local\MicrosoftEdge
2016-06-08 17:52 - 2016-06-12 15:30 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-06-08 17:51 - 2016-06-08 17:51 - 00000000 _SHDL C:\Users\Default\My Documents
2016-06-08 17:51 - 2016-06-08 17:51 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2016-06-08 17:51 - 2016-06-08 17:51 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2016-06-08 17:51 - 2016-06-08 17:51 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2016-06-08 17:51 - 2016-06-08 17:51 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2016-06-08 17:51 - 2016-06-08 17:51 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2016-06-08 17:51 - 2016-06-08 17:51 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2016-06-08 17:48 - 2016-06-08 17:48 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2016-06-08 17:43 - 2016-06-08 17:43 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-06-08 17:40 - 2016-06-08 17:40 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2016-06-08 17:39 - 2016-06-12 15:16 - 00000000 ____D C:\Users\Casey
2016-06-08 17:39 - 2016-06-08 17:39 - 00000000 _SHDL C:\Users\Casey\My Documents
2016-06-08 17:39 - 2016-06-08 17:39 - 00000000 _SHDL C:\Users\Casey\Documents\My Videos
2016-06-08 17:39 - 2016-06-08 17:39 - 00000000 _SHDL C:\Users\Casey\Documents\My Pictures
2016-06-08 17:39 - 2016-06-08 17:39 - 00000000 _SHDL C:\Users\Casey\Documents\My Music
2016-06-08 17:37 - 2016-06-08 17:37 - 00006786 _____ C:\WINDOWS\system32\Drivers\rtwavesEFX.dat
2016-06-08 17:37 - 2016-06-08 17:37 - 00002626 _____ C:\WINDOWS\system32\Drivers\rtwavesMFX.dat
2016-06-08 17:37 - 2016-06-08 17:37 - 00001390 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudioWizard.lnk
2016-06-08 17:37 - 2016-06-08 17:37 - 00000000 ____D C:\Program Files\Common Files\logishrd
2016-06-08 17:36 - 2016-06-08 17:36 - 00319059 _____ C:\WINDOWS\system32\Drivers\RTWAVES40.dat
2016-06-08 17:36 - 2016-06-08 17:36 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2016-06-08 17:36 - 2016-06-08 17:36 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2016-06-08 17:36 - 2016-06-08 17:36 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-06-08 17:36 - 2016-06-08 17:36 - 00000000 ____D C:\ProgramData\Samsung
2016-06-08 17:36 - 2016-06-08 17:36 - 00000000 ____D C:\Program Files\Realtek
2016-06-08 17:36 - 2016-06-08 17:36 - 00000000 ____D C:\Program Files (x86)\SamsungPrinterLiveUpdateInstaller
2016-06-08 17:36 - 2016-06-08 17:36 - 00000000 ____D C:\Program Files (x86)\SamsungPrinterLiveUpdate
2016-06-08 17:34 - 2016-06-09 20:12 - 00000000 ___DC C:\WINDOWS\Panther
2016-06-08 17:30 - 2016-06-08 17:30 - 24604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 18676224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 13383168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-06-08 17:30 - 2016-06-08 17:30 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 06605504 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 05502976 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 05324288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 05240960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 04775424 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 04515256 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-06-08 17:30 - 2016-06-08 17:30 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-06-08 17:30 - 2016-06-08 17:30 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 03673424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 03591168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-06-08 17:30 - 2016-06-08 17:30 - 03575296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 03078144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 02919832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 02598912 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 02403680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-06-08 17:30 - 2016-06-08 17:30 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 02152280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-06-08 17:30 - 2016-06-08 17:30 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 02000896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-06-08 17:30 - 2016-06-08 17:30 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 01902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 01848072 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 01819208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 01776768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 01731072 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 01714688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 01594920 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 01575936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 01536088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 01522152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 01444352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 01410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 01395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-06-08 17:30 - 2016-06-08 17:30 - 01372304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 01319424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-06-08 17:30 - 2016-06-08 17:30 - 01297752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 01239552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 01211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 01161120 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 01152864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-06-08 17:30 - 2016-06-08 17:30 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-06-08 17:30 - 2016-06-08 17:30 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 01098240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 01092464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 01089888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-06-08 17:30 - 2016-06-08 17:30 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 01052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-06-08 17:30 - 2016-06-08 17:30 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-06-08 17:30 - 2016-06-08 17:30 - 00988672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00958976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-06-08 17:30 - 2016-06-08 17:30 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-06-08 17:30 - 2016-06-08 17:30 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-06-08 17:30 - 2016-06-08 17:30 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-06-08 17:30 - 2016-06-08 17:30 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00770640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00725776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00713920 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00707608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00696672 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2016-06-08 17:30 - 2016-06-08 17:30 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00686976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00650304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00639488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00638816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-06-08 17:30 - 2016-06-08 17:30 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-06-08 17:30 - 2016-06-08 17:30 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00619296 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00605440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-06-08 17:30 - 2016-06-08 17:30 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-06-08 17:30 - 2016-06-08 17:30 - 00582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00577368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-06-08 17:30 - 2016-06-08 17:30 - 00569744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00565600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-06-08 17:30 - 2016-06-08 17:30 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00550656 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00541304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-06-08 17:30 - 2016-06-08 17:30 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00534872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-06-08 17:30 - 2016-06-08 17:30 - 00530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2016-06-08 17:30 - 2016-06-08 17:30 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00522176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00513368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00498960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-06-08 17:30 - 2016-06-08 17:30 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00453472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00451928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-06-08 17:30 - 2016-06-08 17:30 - 00413536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-06-08 17:30 - 2016-06-08 17:30 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-06-08 17:30 - 2016-06-08 17:30 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlansec.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-06-08 17:30 - 2016-06-08 17:30 - 00390496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00378208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2016-06-08 17:30 - 2016-06-08 17:30 - 00374008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-06-08 17:30 - 2016-06-08 17:30 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-06-08 17:30 - 2016-06-08 17:30 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AccountsRt.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-06-08 17:30 - 2016-06-08 17:30 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2016-06-08 17:30 - 2016-06-08 17:30 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00330072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-06-08 17:30 - 2016-06-08 17:30 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00306832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-06-08 17:30 - 2016-06-08 17:30 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00294592 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00291360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2016-06-08 17:30 - 2016-06-08 17:30 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-06-08 17:30 - 2016-06-08 17:30 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-06-08 17:30 - 2016-06-08 17:30 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2016-06-08 17:30 - 2016-06-08 17:30 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-06-08 17:30 - 2016-06-08 17:30 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-06-08 17:30 - 2016-06-08 17:30 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthLEEnum.sys
2016-06-08 17:30 - 2016-06-08 17:30 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00217440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00204048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-06-08 17:30 - 2016-06-08 17:30 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00190144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-06-08 17:30 - 2016-06-08 17:30 - 00188256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-06-08 17:30 - 2016-06-08 17:30 - 00183904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2016-06-08 17:30 - 2016-06-08 17:30 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-06-08 17:30 - 2016-06-08 17:30 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-06-08 17:30 - 2016-06-08 17:30 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-06-08 17:30 - 2016-06-08 17:30 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00131424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufxsynopsys.sys
2016-06-08 17:30 - 2016-06-08 17:30 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2016-06-08 17:30 - 2016-06-08 17:30 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-06-08 17:30 - 2016-06-08 17:30 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00100232 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-06-08 17:30 - 2016-06-08 17:30 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdport.sys
2016-06-08 17:30 - 2016-06-08 17:30 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\filecrypt.sys
2016-06-08 17:30 - 2016-06-08 17:30 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-06-08 17:30 - 2016-06-08 17:30 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-06-08 17:30 - 2016-06-08 17:30 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
2016-06-08 17:30 - 2016-06-08 17:30 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00081144 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-06-08 17:30 - 2016-06-08 17:30 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00074424 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2016-06-08 17:30 - 2016-06-08 17:30 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-06-08 17:30 - 2016-06-08 17:30 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2016-06-08 17:30 - 2016-06-08 17:30 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00058400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00058208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwminit.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-06-08 17:30 - 2016-06-08 17:30 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe
2016-06-08 17:30 - 2016-06-08 17:30 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe
2016-06-08 17:30 - 2016-06-08 17:30 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2016-06-08 17:30 - 2016-06-08 17:30 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-06-08 17:30 - 2016-06-08 17:30 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsdchngr.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2016-06-08 17:30 - 2016-06-08 17:30 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-06-08 17:30 - 2016-06-08 17:30 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2016-06-08 17:30 - 2016-06-08 17:30 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacchooks.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacchooks.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00002186 _____ C:\WINDOWS\SysWOW64\AppxProvisioning.xml
2016-06-08 17:30 - 2016-06-08 17:30 - 00002186 _____ C:\WINDOWS\system32\AppxProvisioning.xml
2016-06-08 17:22 - 2016-06-08 17:22 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-06-08 17:21 - 2016-06-08 17:21 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-06-08 17:21 - 2016-06-08 17:21 - 00000000 ____D C:\Program Files\MSBuild
2016-06-08 17:21 - 2016-06-08 17:21 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-06-08 17:21 - 2016-06-08 17:21 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-06-08 17:21 - 2015-10-23 18:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2016-06-08 17:21 - 2015-10-23 18:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-06-08 17:21 - 2015-10-23 18:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2016-06-08 17:20 - 2015-10-23 18:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2016-06-08 17:20 - 2015-10-23 18:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2016-06-08 17:20 - 2015-10-23 18:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-06-08 16:52 - 2016-06-08 22:39 - 00000000 ____D C:\Users\Casey\Downloads\Symantec AV installer
2016-06-08 16:05 - 2016-06-08 17:50 - 00009528 _____ C:\WINDOWS\diagwrn.xml
2016-06-08 16:05 - 2016-06-08 17:50 - 00009528 _____ C:\WINDOWS\diagerr.xml
2016-06-08 16:05 - 2016-06-08 17:08 - 00000000 ___HD C:\$WINDOWS.~BT
2016-06-08 16:04 - 2016-06-08 16:04 - 00000000 ____D C:\Users\Casey\AppData\Roaming\Macromedia
2016-06-08 16:01 - 2016-06-08 16:05 - 00000036 _____ C:\WINDOWS\progress.ini
2016-06-08 16:00 - 2016-06-08 16:00 - 00000000 ____D C:\Users\Casey\AppData\Roaming\WinRAR
2016-06-08 15:59 - 2016-06-08 16:01 - 00000000 ____D C:\Program Files (x86)\WinRAR
2016-06-08 15:57 - 2016-06-08 16:01 - 00000000 ____D C:\Program Files\7-Zip
2016-06-08 15:50 - 2016-06-12 14:48 - 00000000 ____D C:\Users\Casey\Downloads\Drivers Windows 10
2016-06-08 15:48 - 2016-06-08 18:28 - 00000000 ___HD C:\$GetCurrent
2016-06-08 15:47 - 2016-06-08 20:58 - 00000000 __SHD C:\Users\Casey\AppData\LocalLow\EmieUserList
2016-06-08 15:47 - 2016-06-08 20:58 - 00000000 __SHD C:\Users\Casey\AppData\LocalLow\EmieSiteList
2016-06-08 15:47 - 2016-06-08 18:28 - 00000000 ____D C:\Windows10Upgrade
2016-06-08 15:47 - 2016-06-08 15:47 - 00000709 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Upgrade Assistant.lnk
2016-06-08 15:47 - 2016-06-08 15:47 - 00000697 _____ C:\Users\Casey\Desktop\Windows 10 Upgrade Assistant.lnk
2016-06-08 15:38 - 2016-06-13 05:53 - 00004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{11864F79-5AC1-4EB2-AECF-F38B8175AF98}
2016-06-08 15:38 - 2016-06-08 18:12 - 00000000 __SHD C:\Users\Casey\AppData\Local\EmieUserList
2016-06-08 15:38 - 2016-06-08 18:12 - 00000000 __SHD C:\Users\Casey\AppData\Local\EmieSiteList
2016-06-08 15:37 - 2016-06-08 15:37 - 00000000 ____D C:\Program Files\McAfee
2016-06-08 14:26 - 2016-06-08 14:26 - 00000000 ____D C:\Users\Casey\AppData\Roaming\WebStorage
2016-06-08 14:25 - 2016-06-08 17:48 - 00002810 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3458565438-258332679-1599885353-1002
2016-06-08 14:23 - 2016-06-08 17:59 - 00000000 ____D C:\Users\Casey\AppData\Local\AMD
2016-06-08 14:23 - 2016-06-08 14:23 - 00000000 ____D C:\Users\Casey\AppData\Roaming\ATI
2016-06-08 14:23 - 2016-06-08 14:23 - 00000000 ____D C:\Users\Casey\AppData\Local\ATI
2016-06-08 14:20 - 2016-06-13 01:51 - 00000000 ____D C:\Users\Casey\AppData\Local\Packages
2016-06-08 14:20 - 2016-06-12 13:25 - 00000000 ____D C:\Users\Casey\AppData\Roaming\Adobe
2016-06-08 14:20 - 2016-06-09 21:46 - 00000000 ____D C:\Users\Casey\AppData\Local\VirtualStore
2016-06-08 14:20 - 2016-06-08 14:20 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2016-06-08 14:20 - 2016-06-08 14:20 - 00000000 ____D C:\Users\Casey\Documents\My Bluetooth
2016-06-08 14:20 - 2016-06-08 14:20 - 00000000 ____D C:\Users\Casey\AppData\Local\ASUS
2016-06-08 14:17 - 2016-06-08 14:17 - 00000000 _____ C:\Recovery.txt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-13 06:49 - 2015-10-30 00:21 - 00000000 ____D C:\WINDOWS\INF
2016-06-13 06:01 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-13 05:50 - 2016-04-26 23:32 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-13 02:18 - 2015-10-29 23:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-06-13 02:18 - 2015-05-19 18:41 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2016-06-13 01:50 - 2015-10-30 00:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-06-12 23:08 - 2015-10-30 00:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-12 14:57 - 2015-05-19 18:40 - 00000000 ____D C:\Program Files\AMD
2016-06-12 14:55 - 2015-03-28 09:56 - 00000000 ____D C:\ProgramData\Package Cache
2016-06-12 12:05 - 2015-10-30 00:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-06-12 11:57 - 2015-10-30 00:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-06-11 13:14 - 2016-04-26 23:39 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-06-09 21:03 - 2015-05-19 18:49 - 00000000 ____D C:\ProgramData\ASUS
2016-06-09 21:03 - 2015-03-28 09:51 - 00000000 ____D C:\Program Files (x86)\ASUS
2016-06-09 21:02 - 2015-05-19 18:52 - 00000000 ____D C:\ProgramData\MAGIX
2016-06-09 20:57 - 2015-05-19 18:41 - 00000000 ____D C:\ProgramData\AMD
2016-06-08 20:48 - 2015-05-19 18:49 - 00000000 ____D C:\WINDOWS\System32\Tasks\ASUS
2016-06-08 20:47 - 2015-03-28 10:01 - 00000000 ____D C:\ProgramData\Skype
2016-06-08 20:47 - 2015-03-28 09:57 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-06-08 20:47 - 2015-03-28 09:56 - 00000000 ____D C:\ProgramData\WildTangent
2016-06-08 20:47 - 2015-03-28 09:30 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-06-08 18:38 - 2016-04-26 23:11 - 00000000 ____D C:\WINDOWS\OCR
2016-06-08 18:27 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\appcompat
2016-06-08 18:01 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\Registration
2016-06-08 17:59 - 2015-03-28 09:30 - 00000000 ___HD C:\Program Files (x86)\Temp
2016-06-08 17:52 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\rescache
2016-06-08 17:51 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-06-08 17:47 - 2015-10-30 00:24 - 00000000 __RHD C:\Users\Public\Libraries
2016-06-08 17:44 - 2015-10-29 23:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-06-08 17:44 - 2015-05-19 18:40 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2016-06-08 17:44 - 2015-03-28 10:08 - 00000000 ____D C:\WINDOWS\fr
2016-06-08 17:44 - 2015-03-28 10:08 - 00000000 ____D C:\WINDOWS\es
2016-06-08 17:44 - 2015-03-28 10:08 - 00000000 ____D C:\WINDOWS\en
2016-06-08 17:44 - 2015-03-28 09:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PhantomPDF
2016-06-08 17:43 - 2013-08-22 06:36 - 00000000 ____D C:\Users\Default.migrated
2016-06-08 17:42 - 2016-04-26 23:06 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2016-06-08 17:42 - 2016-04-26 23:06 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2016-06-08 17:42 - 2016-04-26 23:06 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2016-06-08 17:42 - 2016-04-26 23:06 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2016-06-08 17:42 - 2016-04-26 23:06 - 00000000 ____D C:\WINDOWS\system32\winrm
2016-06-08 17:42 - 2016-04-26 23:06 - 00000000 ____D C:\WINDOWS\system32\WCN
2016-06-08 17:42 - 2016-04-26 23:06 - 00000000 ____D C:\WINDOWS\system32\slmgr
2016-06-08 17:42 - 2016-04-26 23:06 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2016-06-08 17:42 - 2015-10-30 00:24 - 00000000 ___SD C:\WINDOWS\system32\dsc
2016-06-08 17:42 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2016-06-08 17:42 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2016-06-08 17:42 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2016-06-08 17:42 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2016-06-08 17:42 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\SysWOW64\et-EE
2016-06-08 17:42 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2016-06-08 17:42 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-06-08 17:42 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-06-08 17:42 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\MUI
2016-06-08 17:42 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2016-06-08 17:42 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2016-06-08 17:42 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2016-06-08 17:42 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\et-EE
2016-06-08 17:42 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-06-08 17:42 - 2015-10-29 23:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-06-08 17:42 - 2015-10-29 23:28 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-06-08 17:42 - 2014-09-06 02:27 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2016-06-08 17:42 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2016-06-08 17:42 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2016-06-08 17:41 - 2016-04-26 23:20 - 00000000 ____D C:\Program Files\Windows Journal
2016-06-08 17:41 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-06-08 17:41 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\InputMethod
2016-06-08 17:41 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\IME
2016-06-08 17:41 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\Help
2016-06-08 17:41 - 2015-10-30 00:24 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-06-08 17:41 - 2015-10-30 00:24 - 00000000 ____D C:\Program Files\Common Files\System
2016-06-08 17:41 - 2015-10-30 00:24 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-06-08 17:41 - 2015-05-19 18:41 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2016-06-08 17:41 - 2015-05-19 18:40 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2016-06-08 17:41 - 2015-03-28 09:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2016-06-08 17:41 - 2015-03-28 09:30 - 00000000 ____D C:\Program Files (x86)\Realtek
2016-06-08 17:41 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\MediaViewer
2016-06-08 17:41 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\ADFS
2016-06-08 17:39 - 2015-10-29 23:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-06-08 17:34 - 2015-10-30 00:24 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-06-08 17:33 - 2015-10-30 00:26 - 00000000 ____D C:\WINDOWS\Setup
2016-06-08 17:31 - 2015-10-30 00:24 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-06-08 17:31 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-06-08 17:31 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-06-08 17:31 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-06-08 17:31 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-06-08 16:54 - 2014-09-06 02:38 - 00809326 _____ C:\WINDOWS\system32\perfh00C.dat
2016-06-08 16:54 - 2014-09-06 02:38 - 00158774 _____ C:\WINDOWS\system32\perfc00C.dat
2016-06-08 16:54 - 2014-09-06 02:27 - 00807752 _____ C:\WINDOWS\system32\perfh00A.dat
2016-06-08 16:54 - 2014-09-06 02:27 - 00166140 _____ C:\WINDOWS\system32\perfc00A.dat
2016-06-08 15:39 - 2015-03-28 09:57 - 00000000 ____D C:\ProgramData\McAfee
 
==================== Files in the root of some directories =======
 
2016-06-12 19:20 - 2016-06-12 19:21 - 12964920 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2016-06-12 13:24 - 2016-06-12 13:24 - 0000033 _____ () C:\Users\Casey\AppData\Roaming\AdobeWLCMCache.dat
2016-06-08 14:20 - 2016-06-08 17:12 - 0010482 _____ () C:\Users\Casey\AppData\Local\BTServer.log
2016-06-09 18:37 - 2016-06-09 18:37 - 0007616 _____ () C:\Users\Casey\AppData\Local\Resmon.ResmonCfg
2016-06-08 17:36 - 2016-06-08 17:36 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-06-08 18:40
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,539 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:26 AM

Posted 14 June 2016 - 09:58 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

IFEO\taskmgr.exe: [Debugger] "C:\USERS\CASEY\DESKTOP\SYSINTERNALSSUITE\PROCEXP.EXE"
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll => No File
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll => No File
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll No File
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll No File
CHR Extension: (Chrome Web Store Payments) - C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-08]
C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Please post the logs and include the Addition.txt file that was created by the Farbar tool.
I need to review it.

Please let me know what problem persists with this computer.

#3 EECKS

EECKS
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 15 June 2016 - 08:53 AM

Thank you for all your help.  And for sure I still have a big problem.  After doing that I became aware that apparetly there is someone, some script or something operating virtual machines on all three of my computers. they've installed different software depending on the OS.  
 
the box in question is my main machine, and I'm guessing if I can figure out what to do with this one, it "should" carry over to the other two? I hope? It appears they have modified my bios as well becasue I see a to of new windows bios files, remote access files, tons of bluetooth and wireless files and drivers that keep appearing. 
 
Also I have the option to modify how my remote display looks so I made it horrible so it's painfully obvious when I'm in a VM window,  this also explains why I've had to install fonts over and over, and Office and photoshop both did not show that I had any installs.  
 
I have no idea how to handle this.  I've got my firewall turned way up in windows, and I "thought" I spent a ton of time configuring my router, but apparently from the tracert's that I've run, and the Netstat results, the router is not blocking anything I told it to. 
 
Also I didn't know anythign about Hyper-V or VM's yesterday, today I know a smidge more and it appears that maybe you have to have this enabled in the BIOS for it to work? and I've blatantly got it turned off, along with VPN's and a million other things that keep coming back.  
 
Here is the updated FixLog, and then also the origiinal Addition Text
 
 
 
Fixlog
 
Fix result of Farbar Recovery Scan Tool (x64) Version:12-06-2016 01
Ran by Casey (2016-06-14 09:22:32) Run:1
Running from C:\Users\Casey\Downloads
Loaded Profiles: Casey (Available Profiles: Casey & KCsGuest & Administrator)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
IFEO\taskmgr.exe: [Debugger] "C:\USERS\CASEY\DESKTOP\SYSINTERNALSSUITE\PROCEXP.EXE"
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll => No File
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll => No File
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll No File
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll No File
CHR Extension: (Chrome Web Store Payments) - C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-08]
C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\taskmgr.exe" => key removed successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c8d5d964-2be8-4c5b-8cf5-6e975aa88504}" => key removed successfully
"HKCR\CLSID\{c8d5d964-2be8-4c5b-8cf5-6e975aa88504}" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c8d5d964-2be8-4c5b-8cf5-6e975aa88504} => key not found. 
"HKCR\Wow6432Node\CLSID\{c8d5d964-2be8-4c5b-8cf5-6e975aa88504}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{97ab88ef-346b-4179-a0b1-7445896547a5} => value not found.
"HKCR\CLSID\{97ab88ef-346b-4179-a0b1-7445896547a5}" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{97ab88ef-346b-4179-a0b1-7445896547a5} => value not found.
"HKCR\Wow6432Node\CLSID\{97ab88ef-346b-4179-a0b1-7445896547a5}" => key removed successfully
C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
"C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found.
EmptyTemp: => 160.2 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 09:23:19 ====
 
 
 
 
Addition
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:12-06-2016 01
Ran by Casey (2016-06-13 06:50:36)
Running from C:\Users\Casey\Downloads
Windows 10 Home Version 1511 (X64) (2016-06-09 01:28:22)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3458565438-258332679-1599885353-500 - Administrator - Enabled) => C:\Users\Administrator
Casey (S-1-5-21-3458565438-258332679-1599885353-1002 - Administrator - Enabled) => C:\Users\Casey
DefaultAccount (S-1-5-21-3458565438-258332679-1599885353-503 - Limited - Disabled)
Guest (S-1-5-21-3458565438-258332679-1599885353-501 - Limited - Disabled)
KCsGuest (S-1-5-21-3458565438-258332679-1599885353-1003 - Limited - Enabled) => C:\Users\SanDi
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ACP Application (Version: 2016.0321.0955.20 - Advanced Micro Devices, Inc.) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.7.0.272 - Adobe Systems Incorporated)
Adobe Illustrator CC 2015 (HKLM-x32\...\ILST_19_2_1) (Version: 19.2.1 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.6 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.1.2 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\InstallShield_{261ED3C4-356F-4810-80B9-EDD0992ED5AA}) (Version: 20.3.44.03963 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\InstallShield_{B40D20A3-3CA3-4151-A0AC-F71AEE04F884}) (Version: 20.10.301.4101 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver  (x32 Version: 20.10.301.4101 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader Driver  (x32 Version: 20.3.44.03963 - Alcor Micro Corp.) Hidden
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
ASUS App Box (HKLM-x32\...\{F0CE6060-50B1-401E-8357-B6E24DB98D21}) (Version: 1.00.04 - ASUSTeK Computer Inc.)
ASUS Manager - Ai Booting (HKLM-x32\...\{2DCE446C-D090-4458-8782-8F16DF94351E}) (Version: 2.01.15 - ASUSTeK Computer Inc.)
ASUS Manager - Ai Charger II (HKLM-x32\...\{9AF45D7C-34F1-4BA0-B799-825C8C04494C}) (Version: 2.00.13 - ASUSTeK Computer Inc.)
ASUS Manager - Backup & Recovery (HKLM-x32\...\{34D67DE5-2ECF-4E6B-A243-2C16E2792787}) (Version: 2.01.12 - ASUSTeK Computer Inc.)
ASUS Manager - Family Safety (HKLM-x32\...\{016AFF97-4E18-4560-B8E5-B684BB124E32}) (Version: 2.00.06 - ASUSTeK Computer Inc.)
ASUS Manager - PC Cleanup (HKLM-x32\...\{E22A19AE-7DDB-4959-B1DB-A0996294352A}) (Version: 2.01.12 - ASUSTeK Computer Inc.)
ASUS Manager - Power Manager (HKLM-x32\...\{DD248BEE-E925-4720-A775-9A42276BB6EA}) (Version: 2.02.05 - ASUSTeK Computer Inc.)
ASUS Manager - SyncUp (HKLM-x32\...\{C2294792-457D-4DF7-9486-B630754C73D0}) (Version: 2.00.07 - ASUSTeK Computer Inc.)
ASUS Manager - Update (HKLM-x32\...\{675BBE8A-0ED3-4048-8723-BA51EAB8E1A8}) (Version: 2.02.08 - ASUSTeK Computer Inc.)
ASUS Manager (HKLM-x32\...\{F5E5AD85-4A90-4604-A887-464D3818D8FD}) (Version: 2.09.05 - ASUSTeK Computer Inc.)
Brackets (HKLM-x32\...\{EF4E49D9-63EF-4BD4-BAD0-2234C79970D3}) (Version: 1.7 - brackets.io)
Catalyst Control Center Next Localization BR (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.18 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
eManual (HKLM-x32\...\{0C84E634-EB68-4A54-B21E-A05EC87A4CC5}) (Version: 1.01.00 - ASUSTeK Computer Inc.)
FileZilla Client 3.18.0 (HKU\S-1-5-21-3458565438-258332679-1599885353-1002\...\FileZilla Client) (Version: 3.18.0 - Tim Kosse)
Foxit PhantomPDF (HKLM-x32\...\{D1C2E038-0E67-44CD-80B6-03B34D4CC413}) (Version: 7.0.56.1225 - Foxit Software Inc.)
Galería de fotos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.84 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Google Web Designer (HKLM\...\{811767F4-C586-4673-A41F-E9D767497222}) (Version: 1.3.5.0 - Google Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6965.2053 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.2 - Notepad++ Team)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6925.1016 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6925.1016 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6925.1016 - Microsoft Corporation) Hidden
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.838.833.120114 - REALTEK Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.29.314.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7272 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0247 - REALTEK Semiconductor Corp.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version:  - Samsung Electronics Co., Ltd.)
Spybot Anti-Beacon (HKLM-x32\...\{419A7FCF-93E1-474D-BFE9-987CF3F90C88}_is1) (Version: 1.5 - Safer-Networking Ltd.)
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17305 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3458565438-258332679-1599885353-1002_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-D9969FAB92D8}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-3458565438-258332679-1599885353-1002_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Casey\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3458565438-258332679-1599885353-1002_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {05C8CA89-119B-4CFE-8739-E769C6223A8A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-08] (Google Inc.)
Task: {0A9EC74D-5FEA-42BF-829D-FB95CBDDB172} - System32\Tasks\AdobeAAMUpdater-1.0-KCFROMA-KCsGuest => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-05-05] (Adobe Systems Incorporated)
Task: {26968F19-C841-4CA4-9B5C-7D9EF26862BC} - System32\Tasks\ASUS\ASUS AiCharger_Desktop Execute => C:\Program Files (x86)\InstallShield Installation Information\{9AF45D7C-34F1-4BA0-B799-825C8C04494C}\AiChargerDT.exe [2013-04-02] (ASUSTek Computer Inc.)
Task: {34845AD0-F499-4D67-B5B8-682EE20F4608} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-01] (Piriform Ltd)
Task: {36438482-745D-46C6-A3DB-B7484C20BA9E} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSUpdateChecker.exe [2014-03-18] ()
Task: {399A7F93-BC67-4160-BDF0-F898326EA12B} - System32\Tasks\ASUS\SyncUp => C:\Program Files (x86)\ASUS\ASUS Manager\SyncUp\Server\SyncUp Server.exe [2014-11-03] (ASUSTeK Computer Inc.)
Task: {4570A0D9-40B1-4946-8156-F6C8BC4A824D} - System32\Tasks\AdobeAAMUpdater-1.0-KCFROMA-Casey => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-05-05] (Adobe Systems Incorporated)
Task: {586BD4C2-09D3-481B-8ADE-A1C5EE70F251} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-03-21] (Advanced Micro Devices, Inc.)
Task: {599B03AA-F455-4CA8-A867-F8BCB19F6381} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-06-12] (Microsoft Corporation)
Task: {685D954F-BB99-4F13-AA19-D5E936D8D3B2} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-05-26] (Microsoft Corporation)
Task: {831CF606-CB6B-43A3-B294-D3BBE496DDD2} - System32\Tasks\ASUS\ASUS Manager HotKey Service => C:\Program Files (x86)\ASUS\ASUS Manager\AsHKService.exe [2014-03-19] (ASUSTeK Computer Inc.)
Task: {9EF852F3-CF17-47C1-AF5C-D8D296E17D60} - System32\Tasks\ASUS\ASUS Updater => C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSFourceUpdater.exe [2014-03-20] ()
Task: {B659AB4C-B9B1-45DF-AF88-46765A2CCEC5} - System32\Tasks\ASUS\ASUS Manager BackgroundWindow => C:\Program Files (x86)\ASUS\ASUS Manager\BackgroundWindow.exe [2013-08-23] ()
Task: {D1251C85-8773-489B-A0A7-B9E16B92E4F0} - System32\Tasks\ASUS\ASUS Manager - PC Cleanup - SecureDeleteBackground => C:\Program Files (x86)\ASUS\ASUS Manager\PC Cleanup\SecureDeleteBackground.exe [2014-06-03] ()
Task: {DAA2F48D-873E-478A-A91B-92675C70C24A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-08] (Google Inc.)
Task: {E10F8CDA-0039-481A-BC8B-D5A7F8E6EF4A} - System32\Tasks\ASUS\ASUS AiCharger_II TrayIcon => C:\Program Files (x86)\ASUS\ASUS Manager\Ai Charger II\Ai_ChargerII_TrayIcon(ASUS_Manager).exe [2014-03-20] (ASUSTeK)
Task: {ECE3923F-167E-4FE4-B871-826300FEBFED} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-05-26] (Microsoft Corporation)
Task: {FD1920B8-BD51-44F1-B758-439C513BE2CB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {FE8F2EBC-27DE-4FAB-B2DB-83744605779B} - System32\Tasks\Safer-Networking\Spybot Anti-Beacon\Refresh Anti-Beacon immunization => C:\Program Files (x86)\Spybot Anti-Beacon\SDAntiBeacon.exe [2015-10-19] (Safer-Networking Ltd.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 00:17 - 2015-10-30 00:17 - 00028672 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-10-30 00:18 - 2015-10-30 00:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2011-04-01 11:00 - 2011-04-01 11:00 - 00034304 _____ () C:\WINDOWS\System32\ssp9mlm.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-05-19 18:51 - 2014-06-03 15:59 - 00930448 _____ () C:\Program Files (x86)\ASUS\ASUS Manager\PC Cleanup\SecureDeleteBackground.exe
2016-06-08 17:30 - 2016-06-08 17:30 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-05-22 19:33 - 2016-05-22 19:33 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-06-08 18:32 - 2016-06-08 18:32 - 00959168 _____ () C:\Users\Casey\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-06-12 11:59 - 2016-06-12 11:59 - 08919752 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2015-05-19 18:51 - 2014-03-12 15:51 - 00907776 _____ () C:\Windows\PCCleanupContextMenu\x64\ContextMenuHandler.dll
2016-05-17 15:42 - 2016-05-17 15:42 - 00230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2016-04-26 23:10 - 2016-04-26 23:10 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-06 09:41 - 2016-01-06 09:41 - 00062168 _____ () C:\Program Files\CCleaner\branding.dll
2015-05-19 18:49 - 2013-11-06 03:58 - 00920736 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2016-06-08 21:32 - 2016-06-03 18:01 - 02334360 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\libglesv2.dll
2016-06-08 21:32 - 2016-06-03 18:01 - 00105112 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\libegl.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-06-08 17:30 - 2016-06-08 17:30 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-05-19 18:49 - 2016-06-13 05:52 - 00026624 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2015-05-19 18:49 - 2010-06-28 19:58 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3458565438-258332679-1599885353-1002\...\samsungsetup.com -> hxxp://www.samsungsetup.com
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 06:25 - 2016-06-13 05:55 - 00004750 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
0.0.0.0 a.ads1.msn.com
0.0.0.0 a.ads2.msads.net
0.0.0.0 a.ads2.msn.com
0.0.0.0 a.rad.msn.com
0.0.0.0 a-0001.a-msedge.net
0.0.0.0 a-0002.a-msedge.net
0.0.0.0 a-0003.a-msedge.net
0.0.0.0 a-0004.a-msedge.net
0.0.0.0 a-0005.a-msedge.net
0.0.0.0 a-0006.a-msedge.net
0.0.0.0 a-0007.a-msedge.net
0.0.0.0 a-0008.a-msedge.net
0.0.0.0 a-0009.a-msedge.net
0.0.0.0 ac3.msn.com
0.0.0.0 ad.doubleclick.net
0.0.0.0 adnexus.net
0.0.0.0 adnxs.com
0.0.0.0 ads.msn.com
0.0.0.0 ads1.msads.net
0.0.0.0 ads1.msn.com
0.0.0.0 aidps.atdmt.com
0.0.0.0 aka-cdn-ns.adtech.de
0.0.0.0 a-msedge.net
0.0.0.0 apps.skype.com
0.0.0.0 az361816.vo.msecnd.net
0.0.0.0 az512334.vo.msecnd.net
0.0.0.0 b.ads1.msn.com
0.0.0.0 b.ads2.msads.net
0.0.0.0 b.rad.msn.com
0.0.0.0 bs.serving-sys.com
 
There are 75 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3458565438-258332679-1599885353-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Casey\AppData\Local\Microsoft\Windows\Themes\windows\DesktopBackground\img0.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
09-06-2016 21:01:24 Removed Symantec Installation Manager
12-06-2016 12:22:47 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
12-06-2016 12:23:27 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
12-06-2016 15:20:45 Office-Adobe
 
==================== Faulty Device Manager Devices =============
 
Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8168
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Webcam C110
Description: Webcam C110
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: UPS Thermal 2844 
Description: UPS Thermal 2844 
Class Guid: 
Manufacturer: 
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/13/2016 01:51:14 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest2" on line C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
 
Error: (06/13/2016 01:51:13 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest2" on line C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
 
Error: (06/13/2016 01:42:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 10.0.10586.0, time stamp: 0x5632d7ba
Faulting module name: ESENT.dll, version: 10.0.10586.212, time stamp: 0x56fa1686
Exception code: 0xc0000602
Fault offset: 0x000000000022885f
Faulting process id: 0x840
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
Faulting package full name: svchost.exe4
Faulting package-relative application ID: svchost.exe5
 
Error: (06/13/2016 01:42:32 AM) (Source: ESENT) (EventID: 908) (User: )
Description: svchost (2112) Terminating process due to non-recoverable failure: PV: 10.0.10586.0 SV: 10.0.10586.0 GLE: 0 ERR: -1603(fucb.cxx:359): dllentry.cxx(103) (ESENT[10.0.10586.0] RETAIL RTM MBCS)
 
Error: (06/13/2016 01:42:29 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ASUSFLOOR)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/13/2016 12:49:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.10586.0, time stamp: 0x5632d899
Faulting module name: combase.dll, version: 10.0.10586.103, time stamp: 0x56a84cbb
Exception code: 0xc000027b
Fault offset: 0x00166fb1
Faulting process id: 0xd60
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5
 
Error: (06/12/2016 11:10:48 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ASUSFLOOR)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024891 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/12/2016 03:36:35 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest2" on line C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
 
Error: (06/12/2016 03:35:43 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest2" on line C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
 
Error: (06/12/2016 03:30:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.10586.306, time stamp: 0x571afaa5
Faulting module name: ShellExperienceHost.exe, version: 10.0.10586.306, time stamp: 0x571afaa5
Exception code: 0xc000027b
Fault offset: 0x0000000000085831
Faulting process id: 0x165c
Faulting application start time: 0xShellExperienceHost.exe0
Faulting application path: ShellExperienceHost.exe1
Faulting module path: ShellExperienceHost.exe2
Report Id: ShellExperienceHost.exe3
Faulting package full name: ShellExperienceHost.exe4
Faulting package-relative application ID: ShellExperienceHost.exe5
 
 
System errors:
=============
Error: (06/13/2016 05:50:26 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:00:07 AM on ‎6/‎13/‎2016 was unexpected.
 
Error: (06/13/2016 05:50:08 AM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)
Description: 32212256841201552
 
Error: (06/13/2016 05:27:50 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (06/13/2016 02:18:00 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_36cef service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (06/13/2016 02:18:00 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_36cef service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (06/13/2016 02:18:00 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_36cef service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (06/13/2016 02:18:00 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_36cef service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (06/13/2016 02:18:00 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (06/13/2016 01:43:41 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The iphlpsvc service depends on the WinHttpAutoProxySvc service which failed to start because of the following error: 
%%1068
 
Error: (06/13/2016 01:43:41 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The mrxsmb10 service depends on the mrxsmb service which failed to start because of the following error: 
%%1068
 
 
CodeIntegrity:
===================================
  Date: 2016-06-13 01:54:30.266
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-12 14:55:54.073
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\AtihdWT6.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-06-12 13:20:21.823
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-12 12:23:06.927
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-12 12:14:41.110
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-12 11:59:47.580
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-12 11:42:37.060
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\AtihdWT6.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-06-11 14:51:17.877
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\AtihdWT6.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-06-11 14:48:10.409
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\AtihdWT6.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-06-11 13:49:57.399
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\AtihdWT6.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: AMD A10-7800 Radeon R7, 12 Compute Cores 4C+8G 
Percentage of memory in use: 38%
Total physical RAM: 7113.64 MB
Available physical RAM: 4388.23 MB
Total Virtual: 8905.64 MB
Available Virtual: 5964.05 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:916.25 GB) (Free:857.01 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 535FF928)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
 


#4 EECKS

EECKS
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 16 June 2016 - 03:33 AM

hey there, I don't mean to rush you but my "friends" are kinda looking over my shoulder right now, and I was worried they may have hid your reply.  I promise If you don't hear from me it's cuz I can't reply, I will not go away till I can thank you for the fix ;)



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,539 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:26 AM

Posted 16 June 2016 - 08:49 AM


Nothing suspicious was found.


Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 3 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

rkill.exe
rkill.com
rkill.scr

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested on another computer and then transfer them to the desktop of the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

When completed it will create a log. Please post the content on your next reply.
===


--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,539 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:26 AM

Posted 22 June 2016 - 08:34 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users