Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow laptop, popups, mbam execution stopped, adaware cleanup stopped, defender d


  • This topic is locked This topic is locked
16 replies to this topic

#1 CRodgers

CRodgers

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:FL, USA
  • Local time:01:57 PM

Posted 14 June 2016 - 08:10 PM

Helping a friend with his son's laptop, uninstalled expired McAfee, tried to turn on win defender; downloaded and run mbam, but it unexpectedly closed; downloaded adaware, scanned, found lots of stuff to clean, cleaning process was terminated. Something(s) have a hold in here and are thwarting basic cleanup. What can i start of with?

BC AdBot (Login to Remove)

 


#2 CRodgers

CRodgers
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:FL, USA
  • Local time:01:57 PM

Posted 14 June 2016 - 08:11 PM

I had to post this from my tablet, it killed the browser trying to submit the new topic from the laptop.

#3 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:57 PM

Posted 16 June 2016 - 06:52 AM

Hi CRodgers :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules;
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
  • Since I'm still a trainee, all my posts have to be reviewed by an instructor prior to be posted to make sure that you receive the best assistance possible. Sorry for the inconvenience. This being said, I have a full time job, and I also have night classes on Mondays and Wednesdays, which means that if you reply during these two days, it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Let's start by getting a set of FRST logs. Follow the instructions below please.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • Check the Addition.txt option;
  • Click on the Scan button;
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files;
  • Copy and paste the content of both FRST.txt and Addition.txt in your next reply;
Your next reply(ies) should include:
  • Copy/pasted content of the FRST.txt log;
  • Copy/pasted content of the Addition.txt log;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#4 CRodgers

CRodgers
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:FL, USA
  • Local time:01:57 PM

Posted 18 June 2016 - 07:20 PM

Hey, I must be missing something - is there a link to download the app to the infected machine?  I'll search around for the app...



#5 CRodgers

CRodgers
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:FL, USA
  • Local time:01:57 PM

Posted 18 June 2016 - 09:29 PM

Found it in another thread...

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-06-2016
Ran by Jodi (administrator) on JOSEPH (18-06-2016 22:24:44)
Running from C:\Users\Jodi\Desktop\help
Loaded Profiles: Jodi (Available Profiles: Jodi)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe
(Vimicro Corporation) C:\Program Files (x86)\Vimicro Corporation\VMUVC\VMonitor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179288 2014-01-04] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2013-08-05] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)
HKLM-x32\...\Run: [VMonitorVMUVC] => C:\Program Files (x86)\Vimicro Corporation\VMUVC\VMonitor.exe [143360 2008-08-29] (Vimicro Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2815888356-1058474395-1548935969-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8722136 2016-06-01] (Piriform Ltd)
HKU\S-1-5-21-2815888356-1058474395-1548935969-1001\...\RunOnce: [Application Restart #1] => C:\Users\Jodi\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resourc (the data entry has 581 more characters).

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 65.32.1.65 65.32.1.70
Tcpip\..\Interfaces\{2C485994-10A3-463B-8A65-89D25FA9643B}: [DhcpNameServer] 65.32.1.65 65.32.1.70

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-2815888356-1058474395-1548935969-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-2815888356-1058474395-1548935969-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://mystart.toshiba.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2815888356-1058474395-1548935969-1001 -> DefaultScope {49942BC3-58C6-11E5-8269-ACE010434FB7} URL =
SearchScopes: HKU\S-1-5-21-2815888356-1058474395-1548935969-1001 -> {47A27A6D-8100-4FD2-974F-077D79EEC676} URL =

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll [2015-04-14] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll [2015-04-14] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2815888356-1058474395-1548935969-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jodi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-28] (Unity Technologies ApS)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [319104 2014-03-19] (Windows ® Win 7 DDK provider) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Qualcomm Atheros Communications, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-06-18] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [291544 2014-01-03] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-02-21] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [33168 2013-10-10] (Windows ® Win 7 DDK provider)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 VMUVC; C:\Windows\System32\Drivers\VMUVC.sys [198784 2009-05-25] (Vimicro Corporation)
S3 vvftUVC; C:\Windows\system32\drivers\vvftUVC.sys [303616 2008-07-01] (Vimicro Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-18 22:23 - 2016-06-18 22:24 - 00000000 ____D C:\FRST
2016-06-18 20:48 - 2016-06-18 20:48 - 00000000 ___HD C:\$WINDOWS.~BT
2016-06-18 20:40 - 2016-06-18 22:24 - 00000000 ____D C:\Users\Jodi\Desktop\help
2016-06-14 21:02 - 2016-06-14 21:06 - 00000000 ____D C:\AdwCleaner
2016-06-14 20:57 - 2016-06-14 20:58 - 00033854 _____ C:\Users\Jodi\Desktop\MTB.txt
2016-06-14 20:56 - 2016-06-14 20:56 - 00891392 _____ (Farbar) C:\Users\Jodi\Downloads\MiniToolBox.exe
2016-06-14 20:51 - 2016-05-16 17:13 - 00563016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-06-14 20:51 - 2016-05-16 17:13 - 00397224 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-06-14 20:51 - 2016-05-16 17:13 - 00340872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-06-14 20:51 - 2016-05-16 17:13 - 00178008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-06-14 20:51 - 2016-05-13 19:07 - 00675328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-06-14 20:51 - 2016-05-13 19:07 - 00416768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-06-14 20:51 - 2016-05-13 19:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-06-14 20:51 - 2016-05-13 18:34 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-06-14 20:51 - 2016-05-13 17:58 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-06-14 20:50 - 2016-05-21 13:28 - 25802752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-14 20:50 - 2016-05-21 12:57 - 20341248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-06-14 20:50 - 2016-05-20 18:02 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-14 20:50 - 2016-05-20 17:29 - 13815808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-06-14 20:50 - 2016-05-20 17:11 - 15420928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-14 20:50 - 2016-05-18 01:31 - 00372568 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-06-14 20:50 - 2016-05-18 01:31 - 00315224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-06-14 20:50 - 2016-05-13 19:09 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-06-14 20:50 - 2016-05-13 19:04 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-06-14 20:50 - 2016-05-13 18:19 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-06-14 20:50 - 2016-05-12 14:38 - 00135336 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-06-14 20:50 - 2016-05-12 13:43 - 00115704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-06-14 20:50 - 2016-05-12 12:17 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-06-14 20:50 - 2016-05-12 12:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-06-14 20:50 - 2016-05-12 12:07 - 01360896 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-06-14 20:50 - 2016-05-12 11:59 - 00398848 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-06-14 20:50 - 2016-05-12 11:43 - 00291328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-06-14 20:50 - 2016-05-12 11:37 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-06-14 20:50 - 2016-05-09 17:35 - 07075328 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2016-06-14 20:50 - 2016-05-09 16:56 - 05270016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2016-06-14 20:50 - 2016-05-09 16:45 - 07793152 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-06-14 20:50 - 2016-05-09 16:23 - 05265920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-06-14 20:50 - 2016-05-06 11:45 - 00748544 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-06-14 20:50 - 2016-05-06 11:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-06-14 20:49 - 2016-05-20 18:09 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-14 20:49 - 2016-05-20 18:08 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-14 20:49 - 2016-05-20 17:57 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-06-14 20:49 - 2016-05-20 17:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-06-14 20:49 - 2016-05-20 17:54 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-06-14 20:49 - 2016-05-20 17:50 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-06-14 20:49 - 2016-05-20 17:44 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-06-14 20:49 - 2016-05-20 17:27 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-06-14 20:49 - 2016-05-20 17:25 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-06-14 20:49 - 2016-05-20 17:25 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2016-06-14 20:49 - 2016-05-20 17:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-06-14 20:49 - 2016-05-20 17:21 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2016-06-14 20:49 - 2016-05-20 17:19 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-06-14 20:49 - 2016-05-20 17:16 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-06-14 20:49 - 2016-05-20 17:14 - 04610048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-06-14 20:49 - 2016-05-20 17:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-06-14 20:49 - 2016-05-20 17:11 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-06-14 20:49 - 2016-05-20 17:09 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-06-14 20:49 - 2016-05-20 17:09 - 00379392 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-06-14 20:49 - 2016-05-20 17:08 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-06-14 20:49 - 2016-05-20 17:08 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-14 20:49 - 2016-05-20 17:06 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-06-14 20:49 - 2016-05-20 16:46 - 02597888 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-14 20:49 - 2016-05-20 16:42 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-06-14 20:49 - 2016-05-20 16:38 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-06-14 20:49 - 2016-05-20 16:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-06-14 20:49 - 2016-05-20 16:34 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-14 20:49 - 2016-05-20 16:23 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-06-14 20:49 - 2016-05-18 19:15 - 01379040 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-14 20:49 - 2016-05-18 16:35 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-06-14 20:49 - 2016-05-14 16:01 - 00363104 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-06-14 20:49 - 2016-05-14 16:01 - 00320720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-06-14 20:49 - 2016-05-13 19:07 - 00281088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-06-14 20:49 - 2016-05-13 17:58 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-06-14 20:49 - 2016-05-13 17:45 - 00802816 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-06-14 20:49 - 2016-05-13 17:35 - 00286208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-06-14 20:49 - 2016-05-13 17:26 - 00631808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-06-14 20:34 - 2016-06-18 22:12 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-14 20:34 - 2016-06-14 20:34 - 00001129 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-06-14 20:34 - 2016-06-14 20:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-06-14 20:33 - 2016-06-14 20:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-06-14 20:33 - 2016-06-14 20:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-06-14 20:33 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-06-14 20:33 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-06-14 20:33 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-06-14 20:24 - 2016-04-22 03:57 - 00453288 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-06-14 20:23 - 2016-06-14 20:34 - 00000496 _____ C:\Users\Jodi\AppData\Roaming\Microsoft\Windows\Start Menu\Google.website
2016-06-14 19:51 - 2016-06-14 19:52 - 00000000 ____D C:\Program Files\CCleaner
2016-06-14 19:51 - 2016-06-14 19:51 - 00002784 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-06-14 19:51 - 2016-06-14 19:51 - 00000845 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-06-14 19:51 - 2016-06-14 19:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-18 22:23 - 2013-08-22 11:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-18 22:23 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\AppReadiness
2016-06-18 22:20 - 2015-04-14 01:31 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-18 22:12 - 2015-08-09 17:19 - 00000000 ___RD C:\Users\Jodi\OneDrive
2016-06-18 22:11 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-18 22:09 - 2015-08-26 12:16 - 00000000 ____D C:\Windows\system32\MRT
2016-06-18 22:06 - 2015-08-26 12:16 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-06-18 21:28 - 2015-08-09 17:17 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2815888356-1058474395-1548935969-1001
2016-06-18 21:20 - 2016-01-04 15:30 - 00000000 ____D C:\Users\Jodi\AppData\Local\ElevatedDiagnostics
2016-06-18 20:49 - 2014-12-05 16:45 - 00000000 ____D C:\Windows\Panther
2016-06-18 20:09 - 2015-08-09 17:55 - 00000000 ____D C:\Users\Jodi\AppData\Roaming\WildTangent
2016-06-18 20:09 - 2014-12-05 03:19 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-06-18 20:09 - 2014-12-05 03:19 - 00000000 ____D C:\ProgramData\WildTangent
2016-06-18 20:09 - 2014-12-05 03:19 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2016-06-14 22:15 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\LiveKernelReports
2016-06-14 22:07 - 2013-08-22 11:20 - 00000000 ____D C:\Windows\CbsTemp
2016-06-14 21:24 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\Inf
2016-06-14 21:23 - 2013-08-22 10:44 - 00413472 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-14 21:21 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-06-14 21:19 - 2015-09-18 17:31 - 00000000 ____D C:\Windows\system32\appraiser
2016-06-14 20:53 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\NDF
2016-06-14 20:07 - 2016-04-26 18:08 - 00013920 _____ C:\Windows\system32\Drivers\SWDUMon.sys
2016-06-14 20:06 - 2015-04-14 01:33 - 00000000 ____D C:\ProgramData\McAfee
2016-06-14 20:01 - 2013-08-22 11:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2016-06-14 20:01 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2016-06-14 20:00 - 2015-08-09 17:33 - 00000000 ____D C:\Windows\System32\Tasks\McAfee
2016-05-19 13:25 - 2015-08-09 17:07 - 00000000 ____D C:\Users\Jodi

==================== Files in the root of some directories =======

2015-04-14 00:59 - 2015-04-14 00:59 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-12-05 03:39 - 2014-12-05 03:39 - 0000123 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc

Some files in TEMP:
====================
C:\Users\Jodi\AppData\Local\Temp\libeay32.dll
C:\Users\Jodi\AppData\Local\Temp\McCSPInstall.dll
C:\Users\Jodi\AppData\Local\Temp\mccspuninstall.exe
C:\Users\Jodi\AppData\Local\Temp\msvcr120.dll
C:\Users\Jodi\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-06-18 21:28

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-06-2016
Ran by Jodi (2016-06-18 22:26:01)
Running from C:\Users\Jodi\Desktop\help
Windows 8.1 (Update) (X64) (2015-08-09 21:10:14)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2815888356-1058474395-1548935969-500 - Administrator - Disabled)
Guest (S-1-5-21-2815888356-1058474395-1548935969-501 - Limited - Disabled)
Jodi (S-1-5-21-2815888356-1058474395-1548935969-1001 - Administrator - Enabled) => C:\Users\Jodi

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
Audacity 1.3.14 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version:  - Audacity Team)
CCleaner (HKLM\...\CCleaner) (Version: 5.18 - Piriform)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.5524 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.4220 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.4220 - CyberLink Corp.) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3920.05 - CyberLink Corp.)
Dragons of Atlantis (HKU\S-1-5-21-2815888356-1058474395-1548935969-1001\...\Pokki_cfada041afdc4a11092a096cac66ab6a0945d92b) (Version: v1.1.7 - Pokki)
Edgeworld (HKU\S-1-5-21-2815888356-1058474395-1548935969-1001\...\Pokki_2e9d53cc2b402b6e65aa9551308ca17a19c4721a) (Version: 1.1.5.54816 - Pokki)
Elements 11 Organizer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Goodgame Empire (HKU\S-1-5-21-2815888356-1058474395-1548935969-1001\...\Pokki_149b46d4a102c0304583931ceaa3f0bf19785ee3) (Version: v1.1.7 - Pokki)
Host App Service (HKU\S-1-5-21-2815888356-1058474395-1548935969-1001\...\SweetLabs_AP) (Version: 0.269.7.927 - Pokki)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3408 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4641.1005 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d07b0db5-8dad-40e1-be90-88026298a46b}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{2749c485-3a8b-4533-92ff-7cf6e8221cff}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MyMusicCloud Sync Agent (HKLM-x32\...\{E5A80308-AAAD-4FDF-B85D-6755CCABFC35}) (Version: 3.3.285.4991 - TriPlay)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Pirate Storm (HKU\S-1-5-21-2815888356-1058474395-1548935969-1001\...\Pokki_17dd240efdb0c50e8a5015de26b6d100f1b1072c) (Version: v1.1.7 - Pokki)
Pokki Start Menu (HKU\S-1-5-21-2815888356-1058474395-1548935969-1001\...\SweetLabs_Start_Menu) (Version: 0.269.7.927 - Pokki)
PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7195 - Realtek Semiconductor Corp.)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
Stopmotion Explosion Software version 3.0 (HKLM-x32\...\{E7B6A7E1-AAD4-409E-B1E7-5816A3F47687}_is1) (Version: 3.0 - Stopmotion Explosion)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.3.0 - Synaptics Incorporated)
The Godfather (HKU\S-1-5-21-2815888356-1058474395-1548935969-1001\...\Pokki_923d0f1d35897f6a6a73ba838623cda94c4ab689) (Version: v1.2.5 - Pokki)
TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.6 - Toshiba Corporation)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.18.0 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{F64E9295-E1B3-4EEA-86D3-AF44A0087B06}) (Version: 1.1.16.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{94D2A899-0C34-4420-880E-AE337E635AB0}) (Version: 2.4.2.6403 - Toshiba Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.51.81.2C - TOSHIBA CORPORATION)
TOSHIBA Function Key (HKLM\...\{1844CFE2-EBA3-490A-8A5E-9BFC646342FD}) (Version: 1.1.5.6402 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{59358FD4-252B-4B38-AB81-955C491A494F}) (Version: 2.0.0.20C - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.2.00.56006005 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{BFE4C813-4DD4-4B1C-97F4-76A459055C8D}) (Version: 2.6.13 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0033 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.1.32003 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Unity Web Player (HKU\S-1-5-21-2815888356-1058474395-1548935969-1001\...\UnityWebPlayer) (Version: 5.2.0f3 - Unity Technologies ApS)
Utility Common Driver (x32 Version: 1.0.53.4 - Compal) Hidden
Vimicro USB2.0 UVC PC Camera (HKLM-x32\...\{71A51A91-E7D3-11DB-A386-005056C00008}) (Version: 2009.03.18 - Vimicro Corp.)
WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}) (Version: 18.5.11111 - WinZip Computing, S.L. )
ZUUS Music Video Player (HKLM-x32\...\{870B7B26-BBBE-4A0A-A030-B09F6CC9867D}) (Version: 1.0.0 - ZUUS Media, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {4F80C88A-6576-488A-B10B-4329444376D5} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-02-24] (Realtek Semiconductor)
Task: {4FAC07EC-49B7-4199-B3EF-C682844E585A} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-09-24] (TOSHIBA Corporation)
Task: {7DF54835-1F5E-41C6-8AE9-5F8D9EDE8CB0} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-02-21] (Synaptics Incorporated)
Task: {B3BB29D8-D697-44E5-A884-079080B35262} - System32\Tasks\SweetLabs App Platform => C:\Users\Jodi\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
Task: {D3FA300B-4E0A-42AE-8D0A-252DA1E4EAE6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-01] (Piriform Ltd)
Task: {EC64F0EE-5CB4-444B-A5E3-735E75FC41D2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-12-05 03:45 - 2012-04-24 22:43 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2012-07-18 21:38 - 2012-07-18 21:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2016-01-06 12:41 - 2016-01-06 12:41 - 00062168 _____ () C:\Program Files\CCleaner\branding.dll
2016-06-18 22:01 - 2016-06-18 22:01 - 01459712 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.UI\5062f8f84e45fee3a39c25e1f72b3461\Windows.UI.ni.dll
2016-06-18 22:01 - 2016-06-18 22:01 - 00521216 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Data\79e6f366f80b06b9eed6b8ac06f81969\Windows.Data.ni.dll
2016-06-18 22:00 - 2016-06-18 22:00 - 00363520 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\e2e1cd64b91b7395a96ebcde35a63a1c\Windows.Foundation.ni.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2815888356-1058474395-1548935969-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jodi\Pictures\Marvel Heroes.jpg
DNS Servers: 65.32.1.65 - 65.32.1.70
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{2967F897-267E-498F-8F78-5AEA33785A32}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{2D7FDF5C-1AB3-4CC3-860D-D5B1C449DB0C}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{3B7B11A8-0BE1-47D0-B395-5DEF82B6B884}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{B4798182-EDC6-468A-956D-0D0675A8CA1D}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{9FA125B6-42BF-4E0C-AE7C-5CD35F8C9912}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{C945C7AC-B97F-4980-9578-A18048A7AA9C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{5D82C2E4-2EC8-493E-82CB-9F5026F1506D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

==================== Restore Points =========================

23-04-2016 14:12:28 Windows Update
26-04-2016 15:11:19 Windows Update
12-05-2016 11:27:23 Windows Update
14-06-2016 20:11:32 Removed DriverUpdate
18-06-2016 22:05:16 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (06/14/2016 09:08:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AdwCleaner.exe, version: 5.200.0.0, time stamp: 0x57604e9c
Faulting module name: AdwCleaner.exe, version: 5.200.0.0, time stamp: 0x57604e9c
Exception code: 0xc0000005
Fault offset: 0x00020fea
Faulting process id: 0x13cc
Faulting application start time: 0xAdwCleaner.exe0
Faulting application path: AdwCleaner.exe1
Faulting module path: AdwCleaner.exe2
Report Id: AdwCleaner.exe3
Faulting package full name: AdwCleaner.exe4
Faulting package-relative application ID: AdwCleaner.exe5

Error: (06/14/2016 08:51:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_PcaSvc, version: 6.3.9600.17415, time stamp: 0x54504177
Faulting module name: ntdll.dll, version: 6.3.9600.18233, time stamp: 0x56bb4ebb
Exception code: 0xc0000008
Fault offset: 0x00000000000925fa
Faulting process id: 0x3e8
Faulting application start time: 0xsvchost.exe_PcaSvc0
Faulting application path: svchost.exe_PcaSvc1
Faulting module path: svchost.exe_PcaSvc2
Report Id: svchost.exe_PcaSvc3
Faulting package full name: svchost.exe_PcaSvc4
Faulting package-relative application ID: svchost.exe_PcaSvc5

Error: (06/14/2016 08:35:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.173.0, time stamp: 0x56e065b4
Faulting module name: mbam.exe, version: 2.3.173.0, time stamp: 0x56e065b4
Exception code: 0xc0000005
Fault offset: 0x001eb400
Faulting process id: 0x660
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5

Error: (06/14/2016 07:59:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: McSvHost.exe, version: 5.0.4062.0, time stamp: 0x55aee26a
Faulting module name: McPrtMgrPlugin.dll, version: 14.0.4121.0, time stamp: 0x55d781d6
Exception code: 0xc0000409
Fault offset: 0x00000000000674c0
Faulting process id: 0x90c
Faulting application start time: 0xMcSvHost.exe0
Faulting application path: McSvHost.exe1
Faulting module path: McSvHost.exe2
Report Id: McSvHost.exe3
Faulting package full name: McSvHost.exe4
Faulting package-relative application ID: McSvHost.exe5

Error: (05/12/2016 07:02:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: pmropn.exe, version: 1.3.337.354, time stamp: 0x55ae6e77
Faulting module name: pmropn.exe, version: 1.3.337.354, time stamp: 0x55ae6e77
Exception code: 0xc0000005
Fault offset: 0x00008dd1
Faulting process id: 0xbc8
Faulting application start time: 0xpmropn.exe0
Faulting application path: pmropn.exe1
Faulting module path: pmropn.exe2
Report Id: pmropn.exe3
Faulting package full name: pmropn.exe4
Faulting package-relative application ID: pmropn.exe5

Error: (05/12/2016 04:33:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18124, time stamp: 0x5641278d
Faulting module name: ntdll.dll, version: 6.3.9600.18233, time stamp: 0x56bb4e1d
Exception code: 0xc000000d
Fault offset: 0x000f57d4
Faulting process id: 0xe38
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (05/02/2016 08:56:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: pmropn.exe, version: 1.3.337.354, time stamp: 0x55ae6e77
Faulting module name: pmropn.exe, version: 1.3.337.354, time stamp: 0x55ae6e77
Exception code: 0xc0000005
Fault offset: 0x00008dd1
Faulting process id: 0xf98
Faulting application start time: 0xpmropn.exe0
Faulting application path: pmropn.exe1
Faulting module path: pmropn.exe2
Report Id: pmropn.exe3
Faulting package full name: pmropn.exe4
Faulting package-relative application ID: pmropn.exe5

Error: (04/26/2016 06:44:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.18123, time stamp: 0x563faf80
Faulting module name: comctl32.dll, version: 6.10.9600.17810, time stamp: 0x553b00be
Exception code: 0xc0000005
Fault offset: 0x0000000000009e3a
Faulting process id: 0x1804
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (04/26/2016 06:42:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.18123, time stamp: 0x563faf80
Faulting module name: IEFRAME.dll, version: 11.0.9600.18283, time stamp: 0x56fc6336
Exception code: 0xc0000005
Fault offset: 0x000000000041a248
Faulting process id: 0x28e4
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (04/26/2016 06:42:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.18123, time stamp: 0x563faf80
Faulting module name: IEFRAME.dll, version: 11.0.9600.18283, time stamp: 0x56fc6336
Exception code: 0xc0000005
Fault offset: 0x000000000041a248
Faulting process id: 0x98c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

System errors:
=============
Error: (06/18/2016 10:09:50 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007045b: Update for Windows 8.1 for x64-based Systems (KB3162835).

Error: (06/18/2016 10:09:50 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007045b: Security Update for Adobe Flash Player for Windows 8.1 for x64-based Systems (KB3167685).

Error: (06/18/2016 08:05:43 PM) (Source: DCOM) (EventID: 10010) (User: JOSEPH)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (06/14/2016 09:10:37 PM) (Source: DCOM) (EventID: 10010) (User: JOSEPH)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (06/14/2016 09:10:37 PM) (Source: DCOM) (EventID: 10010) (User: JOSEPH)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (06/14/2016 09:10:37 PM) (Source: DCOM) (EventID: 10010) (User: JOSEPH)
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (06/14/2016 09:10:36 PM) (Source: DCOM) (EventID: 10010) (User: JOSEPH)
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (06/14/2016 09:10:36 PM) (Source: DCOM) (EventID: 10010) (User: JOSEPH)
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (06/14/2016 09:07:05 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056 = An instance of the service is already running.

Error: (06/14/2016 09:06:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMScheduler service terminated unexpectedly.  It has done this 1 time(s).

==================== Memory info ===========================

Processor: Intel® Celeron® CPU N2840 @ 2.16GHz
Percentage of memory in use: 38%
Total physical RAM: 3982.88 MB
Available physical RAM: 2431.63 MB
Total Virtual: 4686.88 MB
Available Virtual: 2973.9 MB

==================== Drives ================================

Drive c: (TI10707700A) (Fixed) (Total:454.17 GB) (Free:405.84 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================



#6 CRodgers

CRodgers
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:FL, USA
  • Local time:01:57 PM

Posted 19 June 2016 - 06:20 AM

SORRY! Last night while I was sleeping, the laptop upgraded to Win 10.  I will re-run the FRST tool...



#7 CRodgers

CRodgers
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:FL, USA
  • Local time:01:57 PM

Posted 19 June 2016 - 06:34 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-06-2016
Ran by Jodi (administrator) on JOSEPH (19-06-2016 07:21:54)
Running from C:\Users\Jodi\Desktop\help
Loaded Profiles: Jodi (Available Profiles: Jodi)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
Failed to access process -> rundll32.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe
(Vimicro Corporation) C:\Program Files (x86)\Vimicro Corporation\VMUVC\VMonitor.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.113_none_7689896a26389b16\TiWorker.exe
 

==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [HotKeysCmds] => "C:\Windows\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\Windows\system32\igfxpers.exe"
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179288 2014-01-04] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954880 2015-10-08] (Synaptics Incorporated)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2013-08-05] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)
HKLM-x32\...\Run: [VMonitorVMUVC] => C:\Program Files (x86)\Vimicro Corporation\VMUVC\VMonitor.exe [143360 2008-08-29] (Vimicro Corporation)
HKU\S-1-5-21-2815888356-1058474395-1548935969-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8722136 2016-06-01] (Piriform Ltd)
HKU\S-1-5-21-2815888356-1058474395-1548935969-1001\...\RunOnce: [Uninstall C:\Users\Jodi\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jodi\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-2815888356-1058474395-1548935969-1001\...\RunOnce: [Uninstall C:\Users\Jodi\AppData\Local\Microsoft\OneDrive\17.3.5892.0626] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jodi\AppData\Local\Microsoft\OneDrive\17.3.5892.0626"
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 65.32.1.65 65.32.1.70
Tcpip\..\Interfaces\{2c485994-10a3-463b-8a65-89d25fa9643b}: [DhcpNameServer] 65.32.1.65 65.32.1.70
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-2815888356-1058474395-1548935969-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-2815888356-1058474395-1548935969-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://mystart.toshiba.com
HKU\S-1-5-21-2815888356-1058474395-1548935969-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.toshiba.com
SearchScopes: HKU\S-1-5-21-2815888356-1058474395-1548935969-1001 -> DefaultScope {49942BC3-58C6-11E5-8269-ACE010434FB7} URL =
SearchScopes: HKU\S-1-5-21-2815888356-1058474395-1548935969-1001 -> {47A27A6D-8100-4FD2-974F-077D79EEC676} URL =
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll [2015-04-14] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll [2015-04-14] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2815888356-1058474395-1548935969-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jodi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-28] (Unity Technologies ApS)
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [319104 2014-03-19] (Windows ® Win 7 DDK provider) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255168 2015-10-08] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4342936 2015-09-21] (Qualcomm Atheros Communications, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-06-19] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-09] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [51392 2015-10-08] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [54424 2015-07-29] (Toshiba Corporation)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 VMUVC; C:\Windows\System32\Drivers\VMUVC.sys [198784 2009-05-25] (Vimicro Corporation)
S3 vvftUVC; C:\Windows\system32\drivers\vvftUVC.sys [303616 2008-07-01] (Vimicro Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-19 07:18 - 2016-06-19 07:19 - 00002375 _____ C:\Users\Jodi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-06-19 07:13 - 2016-06-19 07:13 - 00000000 ____D C:\Users\Jodi\AppData\Local\MicrosoftEdge
2016-06-19 07:09 - 2016-06-19 07:09 - 00000000 ____D C:\Users\Jodi\AppData\Local\Publishers
2016-06-19 07:07 - 2016-06-19 07:07 - 00000000 ____D C:\Users\Jodi\AppData\Local\Comms
2016-06-19 07:07 - 2016-06-19 07:07 - 00000000 ____D C:\Users\Jodi\AppData\Local\ActiveSync
2016-06-19 07:06 - 2016-06-19 07:06 - 00000000 __SHD C:\Users\Jodi\IntelGraphicsProfiles
2016-06-19 07:06 - 2016-06-19 07:06 - 00000000 ____D C:\Users\Jodi\AppData\Local\TileDataLayer
2016-06-19 07:05 - 2016-06-19 07:05 - 00000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2016-06-19 07:05 - 2016-06-19 07:05 - 00000020 ___SH C:\Users\Jodi\ntuser.ini
2016-06-19 06:22 - 2016-06-19 07:03 - 00000000 ___DC C:\WINDOWS\Panther
2016-06-19 06:15 - 2016-06-19 06:16 - 00000000 ____D C:\Windows.old
2016-06-19 06:13 - 2016-06-19 06:13 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 02921880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 02403680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-06-19 06:13 - 2016-06-19 06:13 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 01092464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-06-19 06:13 - 2016-06-19 06:13 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-06-19 06:13 - 2016-06-19 06:13 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-06-19 06:13 - 2016-06-19 06:13 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 00501600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 00498960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 00451928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2016-06-19 06:13 - 2016-06-19 06:13 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-06-19 06:13 - 2016-06-19 06:13 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-06-19 06:13 - 2016-06-19 06:13 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-06-19 06:13 - 2016-06-19 06:13 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2016-06-19 06:13 - 2016-06-19 06:13 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2016-06-19 06:13 - 2016-06-19 06:13 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsdport.sys
2016-06-19 06:13 - 2016-06-19 06:13 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsdchngr.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 24605696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 18674176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 13385728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 12128256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 06973952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 06605504 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 05502976 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 05240960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 04896256 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 04775424 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 04515264 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 04387680 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 04268880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 03664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 03590144 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 03585536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 03078144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 02609664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 02548944 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 02281472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 02230272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 02195632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 02152280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 02000896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01848072 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01819208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01797120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01776768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01730560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01716736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01594416 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01575936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01536088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01522152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01445888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 01372312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01339904 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01319424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-06-19 06:12 - 2016-06-19 06:12 - 01297752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01239552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01185280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationFramework.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01161120 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01152864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01098240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01089888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-06-19 06:12 - 2016-06-19 06:12 - 00990208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00958976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00794624 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00770640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00725776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00713920 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00707608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 00693760 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00686976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00649792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00639488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00638816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00636304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00619296 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00614400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00606208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 00592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 00582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00577376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 00569744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00565600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00550656 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00546456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00534872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-06-19 06:12 - 2016-06-19 06:12 - 00530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00521664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00513368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00511488 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00485888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00453472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00431296 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ws2_32.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00428896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 00413536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlansec.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPSECSVC.DLL
2016-06-19 06:12 - 2016-06-19 06:12 - 00390496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00388384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ws2_32.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00378208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2016-06-19 06:12 - 2016-06-19 06:12 - 00374008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AccountsRt.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00357216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswsock.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\system32\polstore.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00316256 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00312160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswsock.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00306832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00293888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00291360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\polstore.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00290496 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00254656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthLEEnum.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrokerLib.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00217440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00211296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00204048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GnssAdapter.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00190144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 00188256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 00183904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Privacy.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00170848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00131424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufxsynopsys.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 00131248 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Ndu.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00111064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00100232 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 00097096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdport.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\FwRemoteSvr.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\filecrypt.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-06-19 06:12 - 2016-06-19 06:12 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00081144 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptsvc.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00074424 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00058400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00058208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwminit.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FwRemoteSvr.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxp.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacchooks.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacchooks.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00002186 _____ C:\WINDOWS\SysWOW64\AppxProvisioning.xml
2016-06-19 06:12 - 2016-06-19 06:12 - 00002186 _____ C:\WINDOWS\system32\AppxProvisioning.xml
2016-06-19 05:58 - 2016-06-19 05:58 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-06-19 05:54 - 2016-06-19 05:54 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-06-19 05:54 - 2016-06-19 05:54 - 00000000 ____D C:\Program Files\MSBuild
2016-06-19 05:54 - 2016-06-19 05:54 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-06-19 05:54 - 2016-06-19 05:54 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-06-19 05:53 - 2015-10-23 21:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2016-06-19 05:53 - 2015-10-23 21:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-06-19 05:53 - 2015-10-23 21:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2016-06-19 05:53 - 2015-10-23 21:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2016-06-19 05:53 - 2015-10-23 21:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2016-06-19 05:53 - 2015-10-23 21:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-06-19 02:54 - 2016-06-19 02:54 - 00000000 _SHDL C:\Users\Default\My Documents
2016-06-19 02:54 - 2016-06-19 02:54 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2016-06-19 02:54 - 2016-06-19 02:54 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2016-06-19 02:54 - 2016-06-19 02:54 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2016-06-19 02:54 - 2016-06-19 02:54 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2016-06-19 02:54 - 2016-06-19 02:54 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2016-06-19 02:54 - 2016-06-19 02:54 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2016-06-19 02:51 - 2016-06-19 02:51 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-06-19 02:48 - 2016-06-19 02:48 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2016-06-19 02:39 - 2016-06-19 02:39 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-06-19 02:33 - 2016-06-19 02:33 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2016-06-19 02:31 - 2016-06-19 07:06 - 00000000 ____D C:\Users\Jodi
2016-06-19 02:31 - 2016-06-19 02:31 - 00000000 _SHDL C:\Users\Jodi\My Documents
2016-06-19 02:31 - 2016-06-19 02:31 - 00000000 _SHDL C:\Users\Jodi\Documents\My Videos
2016-06-19 02:31 - 2016-06-19 02:31 - 00000000 _SHDL C:\Users\Jodi\Documents\My Pictures
2016-06-19 02:31 - 2016-06-19 02:31 - 00000000 _SHDL C:\Users\Jodi\Documents\My Music
2016-06-19 02:27 - 2016-06-19 02:27 - 00001527 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2016-06-19 02:27 - 2016-06-19 02:27 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2016-06-19 02:27 - 2016-06-19 02:27 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2016-06-19 02:27 - 2016-06-19 02:27 - 00000000 ____D C:\Program Files\Common Files\Atheros
2016-06-19 02:26 - 2016-06-19 02:34 - 00000000 ____D C:\Program Files\Intel
2016-06-19 02:26 - 2016-06-19 02:26 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-06-19 02:26 - 2016-06-19 02:26 - 00000000 ____D C:\Program Files\Realtek
2016-06-19 02:26 - 2016-05-03 23:30 - 00081416 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2016-06-19 02:26 - 2016-05-03 23:30 - 00077832 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2016-06-19 02:25 - 2016-06-19 02:25 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2016-06-19 02:25 - 2016-06-19 02:25 - 00000000 ____D C:\Program Files\Synaptics
2016-06-19 00:15 - 2016-06-19 02:53 - 00009528 _____ C:\WINDOWS\diagwrn.xml
2016-06-19 00:15 - 2016-06-19 02:53 - 00009528 _____ C:\WINDOWS\diagerr.xml
2016-06-19 00:15 - 2016-06-19 01:00 - 00000000 ___HD C:\$WINDOWS.~BT
2016-06-19 00:07 - 2016-06-19 00:15 - 00000036 _____ C:\WINDOWS\progress.ini
2016-06-18 22:58 - 2016-06-19 07:06 - 00000000 ____D C:\Windows10Upgrade
2016-06-18 22:58 - 2016-06-19 07:04 - 00000000 ___HD C:\$GetCurrent
2016-06-18 22:58 - 2016-06-18 22:58 - 05788016 _____ (Microsoft Corporation) C:\Users\Jodi\Downloads\Windows10Upgrade9194.exe
2016-06-18 22:58 - 2016-06-18 22:58 - 00000713 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Upgrade Assistant.lnk
2016-06-18 22:58 - 2016-06-18 22:58 - 00000701 _____ C:\Users\Jodi\Desktop\Windows 10 Upgrade Assistant.lnk
2016-06-18 22:23 - 2016-06-19 07:21 - 00000000 ____D C:\FRST
2016-06-18 20:40 - 2016-06-19 07:21 - 00000000 ____D C:\Users\Jodi\Desktop\help
2016-06-14 21:02 - 2016-06-14 21:06 - 00000000 ____D C:\AdwCleaner
2016-06-14 20:57 - 2016-06-14 20:58 - 00033854 _____ C:\Users\Jodi\Desktop\MTB.txt
2016-06-14 20:56 - 2016-06-14 20:56 - 00891392 _____ (Farbar) C:\Users\Jodi\Downloads\MiniToolBox.exe
2016-06-14 20:34 - 2016-06-19 07:07 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-06-14 20:34 - 2016-06-19 02:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-06-14 20:34 - 2016-06-14 20:34 - 00001129 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-06-14 20:33 - 2016-06-14 20:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-06-14 20:33 - 2016-06-14 20:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-06-14 20:33 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-06-14 20:33 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-06-14 20:33 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-06-14 20:24 - 2016-04-22 03:57 - 00453288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-06-14 20:23 - 2016-06-14 20:34 - 00000496 _____ C:\Users\Jodi\AppData\Roaming\Microsoft\Windows\Start Menu\Google.website
2016-06-14 19:51 - 2016-06-19 02:47 - 00002096 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-06-14 19:51 - 2016-06-19 02:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-06-14 19:51 - 2016-06-14 19:52 - 00000000 ____D C:\Program Files\CCleaner
2016-06-14 19:51 - 2016-06-14 19:51 - 00000845 _____ C:\Users\Public\Desktop\CCleaner.lnk
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-19 07:20 - 2015-04-14 01:31 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-06-19 07:19 - 2015-08-09 17:19 - 00000000 ___RD C:\Users\Jodi\OneDrive
2016-06-19 07:17 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2016-06-19 07:14 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-19 07:09 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-19 07:09 - 2015-08-09 17:11 - 00000000 ____D C:\Users\Jodi\AppData\Local\Packages
2016-06-19 07:06 - 2016-04-27 02:39 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-06-19 07:03 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\appcompat
2016-06-19 06:22 - 2015-10-30 03:24 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-06-19 06:14 - 2016-04-27 02:20 - 00000000 ____D C:\Program Files\Windows Journal
2016-06-19 06:14 - 2015-10-30 03:24 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-06-19 06:14 - 2015-10-30 03:24 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-06-19 06:14 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-06-19 06:14 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-06-19 06:14 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-06-19 06:14 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-06-19 06:14 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-06-19 06:14 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-06-19 06:12 - 2016-04-27 02:34 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2016-06-19 02:56 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\rescache
2016-06-19 02:54 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-06-19 02:52 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\Registration
2016-06-19 02:47 - 2016-04-27 02:32 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-19 02:47 - 2015-11-13 19:04 - 00002454 _____ C:\WINDOWS\System32\Tasks\SweetLabs App Platform
2016-06-19 02:47 - 2015-08-09 17:17 - 00002812 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2815888356-1058474395-1548935969-1001
2016-06-19 02:47 - 2015-04-14 01:31 - 00002898 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-06-19 02:47 - 2015-04-14 01:10 - 00002048 _____ C:\WINDOWS\System32\Tasks\Synaptics TouchPad Enhancements
2016-06-19 02:47 - 2015-04-14 00:59 - 00002172 _____ C:\WINDOWS\System32\Tasks\RTKCPL
2016-06-19 02:47 - 2015-04-14 00:44 - 00002750 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2815888356-1058474395-1548935969-500
2016-06-19 02:46 - 2015-10-30 03:24 - 00000000 __RHD C:\Users\Public\Libraries
2016-06-19 02:43 - 2016-04-27 02:29 - 00306008 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-06-19 02:42 - 2015-10-30 02:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-06-19 02:41 - 2016-04-27 02:06 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2016-06-19 02:41 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-06-19 02:41 - 2015-10-30 03:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-06-19 02:41 - 2015-10-30 02:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-06-19 02:41 - 2015-08-23 21:24 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
2016-06-19 02:41 - 2015-08-09 17:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vimicro USB2.0 UVC PC Camera
2016-06-19 02:41 - 2015-08-09 17:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stopmotion Explosion Software
2016-06-19 02:41 - 2015-04-14 01:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZUUS Music Video Player
2016-06-19 02:41 - 2015-04-14 01:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-06-19 02:41 - 2014-12-05 03:45 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector 10
2016-06-19 02:41 - 2014-12-05 03:40 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PhotoDirector 3
2016-06-19 02:41 - 2014-12-05 03:38 - 00000000 ____D C:\ProgramData\regid.2009-07.com.mymusiccloud
2016-06-19 02:41 - 2014-12-05 03:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2016-06-19 02:41 - 2014-12-05 03:19 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-06-19 02:39 - 2013-08-22 09:36 - 00000000 ____D C:\Users\Default.migrated
2016-06-19 02:36 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2016-06-19 02:36 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2016-06-19 02:36 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\SysWOW64\et-EE
2016-06-19 02:36 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2016-06-19 02:36 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-06-19 02:36 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2016-06-19 02:36 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2016-06-19 02:36 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2016-06-19 02:36 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\et-EE
2016-06-19 02:36 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-06-19 02:36 - 2015-04-14 01:08 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2016-06-19 02:36 - 2014-12-05 03:38 - 00000000 __SHD C:\WINDOWS\SysWOW64\AI_RecycleBin
2016-06-19 02:36 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2016-06-19 02:36 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2016-06-19 02:34 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-06-19 02:34 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\InputMethod
2016-06-19 02:34 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-06-19 02:34 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-06-19 02:34 - 2014-12-05 03:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
2016-06-19 02:34 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\MediaViewer
2016-06-19 02:34 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\ADFS
2016-06-19 02:30 - 2015-10-30 02:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-06-18 22:09 - 2015-08-26 12:16 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-06-18 22:06 - 2015-08-26 12:16 - 142482544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-06-18 21:20 - 2016-01-04 15:30 - 00000000 ____D C:\Users\Jodi\AppData\Local\ElevatedDiagnostics
2016-06-18 20:09 - 2015-08-09 17:55 - 00000000 ____D C:\Users\Jodi\AppData\Roaming\WildTangent
2016-06-18 20:09 - 2014-12-05 03:19 - 00000000 ____D C:\ProgramData\WildTangent
2016-06-18 20:09 - 2014-12-05 03:19 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2016-06-14 20:07 - 2016-04-26 18:08 - 00013920 _____ C:\WINDOWS\system32\Drivers\SWDUMon.sys
2016-06-14 20:06 - 2015-04-14 01:33 - 00000000 ____D C:\ProgramData\McAfee
2016-06-14 20:00 - 2015-08-09 17:33 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
 
==================== Files in the root of some directories =======
 
2016-06-19 02:27 - 2016-06-19 02:27 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-12-05 03:39 - 2014-12-05 03:39 - 0000123 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 

LastRegBack: 2016-06-19 02:23
 
==================== End of FRST.txt ========================

 

 

(something is happening on the laptop - it will not let me paste the second file contents,  I will try to reboot and paste in another reply).



#8 CRodgers

CRodgers
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:FL, USA
  • Local time:01:57 PM

Posted 19 June 2016 - 06:36 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-06-2016
Ran by Jodi (2016-06-19 07:24:14)
Running from C:\Users\Jodi\Desktop\help
Windows 10 Home Version 1511 (X64) (2016-06-19 11:04:54)
Boot Mode: Normal
==========================================================
 

==================== Accounts: =============================
 
Administrator (S-1-5-21-2815888356-1058474395-1548935969-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2815888356-1058474395-1548935969-503 - Limited - Disabled)
Guest (S-1-5-21-2815888356-1058474395-1548935969-501 - Limited - Disabled)
Jodi (S-1-5-21-2815888356-1058474395-1548935969-1001 - Administrator - Enabled) => C:\Users\Jodi
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
Audacity 1.3.14 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version:  - Audacity Team)
CCleaner (HKLM\...\CCleaner) (Version: 5.18 - Piriform)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.5524 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.4220 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.4220 - CyberLink Corp.) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3920.05 - CyberLink Corp.)
Dragons of Atlantis (HKU\S-1-5-21-2815888356-1058474395-1548935969-1001\...\Pokki_cfada041afdc4a11092a096cac66ab6a0945d92b) (Version: v1.1.7 - Pokki)
Edgeworld (HKU\S-1-5-21-2815888356-1058474395-1548935969-1001\...\Pokki_2e9d53cc2b402b6e65aa9551308ca17a19c4721a) (Version: 1.1.5.54816 - Pokki)
Elements 11 Organizer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Goodgame Empire (HKU\S-1-5-21-2815888356-1058474395-1548935969-1001\...\Pokki_149b46d4a102c0304583931ceaa3f0bf19785ee3) (Version: v1.1.7 - Pokki)
Host App Service (HKU\S-1-5-21-2815888356-1058474395-1548935969-1001\...\SweetLabs_AP) (Version: 0.269.7.927 - Pokki)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3408 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4641.1005 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d07b0db5-8dad-40e1-be90-88026298a46b}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{2749c485-3a8b-4533-92ff-7cf6e8221cff}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MyMusicCloud Sync Agent (HKLM-x32\...\{E5A80308-AAAD-4FDF-B85D-6755CCABFC35}) (Version: 3.3.285.4991 - TriPlay)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Pirate Storm (HKU\S-1-5-21-2815888356-1058474395-1548935969-1001\...\Pokki_17dd240efdb0c50e8a5015de26b6d100f1b1072c) (Version: v1.1.7 - Pokki)
Pokki Start Menu (HKU\S-1-5-21-2815888356-1058474395-1548935969-1001\...\SweetLabs_Start_Menu) (Version: 0.269.7.927 - Pokki)
PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7592 - Realtek Semiconductor Corp.)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
Stopmotion Explosion Software version 3.0 (HKLM-x32\...\{E7B6A7E1-AAD4-409E-B1E7-5816A3F47687}_is1) (Version: 3.0 - Stopmotion Explosion)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.3 - Synaptics Incorporated)
The Godfather (HKU\S-1-5-21-2815888356-1058474395-1548935969-1001\...\Pokki_923d0f1d35897f6a6a73ba838623cda94c4ab689) (Version: v1.2.5 - Pokki)
TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.6 - Toshiba Corporation)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.18.0 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{F64E9295-E1B3-4EEA-86D3-AF44A0087B06}) (Version: 1.1.16.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{94D2A899-0C34-4420-880E-AE337E635AB0}) (Version: 2.4.2.6403 - Toshiba Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.51.81.2C - TOSHIBA CORPORATION)
TOSHIBA Function Key (HKLM\...\{1844CFE2-EBA3-490A-8A5E-9BFC646342FD}) (Version: 1.1.5.6402 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{59358FD4-252B-4B38-AB81-955C491A494F}) (Version: 2.0.0.20C - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.2.00.56006005 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{BFE4C813-4DD4-4B1C-97F4-76A459055C8D}) (Version: 2.6.13 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0033 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.1.32003 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Unity Web Player (HKU\S-1-5-21-2815888356-1058474395-1548935969-1001\...\UnityWebPlayer) (Version: 5.2.0f3 - Unity Technologies ApS)
Utility Common Driver (x32 Version: 1.0.53.4 - Compal) Hidden
Vimicro USB2.0 UVC PC Camera (HKLM-x32\...\{71A51A91-E7D3-11DB-A386-005056C00008}) (Version: 2009.03.18 - Vimicro Corp.)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17323 - Microsoft Corporation)
WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}) (Version: 18.5.11111 - WinZip Computing, S.L. )
ZUUS Music Video Player (HKLM-x32\...\{870B7B26-BBBE-4A0A-A030-B09F6CC9867D}) (Version: 1.0.0 - ZUUS Media, Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2815888356-1058474395-1548935969-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Jodi\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2815888356-1058474395-1548935969-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {146962C0-0FB1-42F3-9CF2-CCB0429C3920} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {17E4174C-1F1D-4476-84C1-21B799707A75} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {28347B82-D399-498D-8AA5-1AC695B06467} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {33A72EAB-4259-4AF5-A12E-C34C4D9E01F9} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {4BF578FA-919E-4F4A-A411-D88F238496BC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {4F80C88A-6576-488A-B10B-4329444376D5} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-09-15] (Realtek Semiconductor)
Task: {4FAC07EC-49B7-4199-B3EF-C682844E585A} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-09-24] (TOSHIBA Corporation)
Task: {61DE7747-7BEB-42FF-85B1-17B712CF4EBA} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {6C3806FF-2EF3-465A-8989-F20EDFA7CC7E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {70753B81-0162-42B7-86D1-3DD52E069D48} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {7DF54835-1F5E-41C6-8AE9-5F8D9EDE8CB0} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-10-08] (Synaptics Incorporated)
Task: {B3BB29D8-D697-44E5-A884-079080B35262} - System32\Tasks\SweetLabs App Platform => C:\Users\Jodi\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
Task: {B4164281-A325-4822-BB10-57A51F78543C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {D0725E08-F339-4C8F-97EB-EC81053D9402} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {D3FA300B-4E0A-42AE-8D0A-252DA1E4EAE6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-01] (Piriform Ltd)
Task: {DCDC8C24-DF76-412C-B320-4E5D7F7BCFDE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {E4860CA2-7232-49DA-8A0D-E6ADB9786D8C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {EC64F0EE-5CB4-444B-A5E3-735E75FC41D2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {FFFBF8E3-9837-4DA6-BBC7-86273770686D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2014-12-05 03:45 - 2012-04-24 22:43 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-06-19 07:19 - 2016-06-19 07:19 - 00959168 _____ () C:\Users\Jodi\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-27 02:10 - 2016-04-27 02:10 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2012-07-18 21:38 - 2012-07-18 21:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2016-01-06 12:41 - 2016-01-06 12:41 - 00062168 _____ () C:\Program Files\CCleaner\branding.dll
2016-06-19 07:19 - 2016-06-19 07:19 - 00679624 _____ () C:\Users\Jodi\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 

==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 

==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 

==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 

==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 

==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2815888356-1058474395-1548935969-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jodi\Pictures\Marvel Heroes.jpg
DNS Servers: 65.32.1.65 - 65.32.1.70
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 

==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{5D82C2E4-2EC8-493E-82CB-9F5026F1506D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{C945C7AC-B97F-4980-9578-A18048A7AA9C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{9FA125B6-42BF-4E0C-AE7C-5CD35F8C9912}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{B4798182-EDC6-468A-956D-0D0675A8CA1D}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{3B7B11A8-0BE1-47D0-B395-5DEF82B6B884}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{2D7FDF5C-1AB3-4CC3-860D-D5B1C449DB0C}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{2967F897-267E-498F-8F78-5AEA33785A32}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 

==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/19/2016 07:04:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe, version: 10.0.10586.0, time stamp: 0x5632d69c
Faulting module name: GetCurrentDeploy.dll, version: 1.4.9200.17323, time stamp: 0x57550c3f
Exception code: 0xc0000005
Fault offset: 0x00067217
Faulting process id: 0x228
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3
Faulting package full name: rundll32.exe4
Faulting package-relative application ID: rundll32.exe5
 
Error: (06/19/2016 02:48:13 AM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: 0x8007085A
 
Error: (06/19/2016 02:45:34 AM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: 0x8007085A
 
Error: (06/19/2016 02:45:34 AM) (Source: MSDTC 2) (EventID: 4104) (User: )
Description: 0x8007085A
 
Error: (06/19/2016 02:45:33 AM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: 0x8007085A
 

System errors:
=============
Error: (06/19/2016 07:09:02 AM) (Source: DCOM) (EventID: 10016) (User: JOSEPH)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}JosephJodiS-1-5-21-2815888356-1058474395-1548935969-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (06/19/2016 07:09:02 AM) (Source: DCOM) (EventID: 10016) (User: JOSEPH)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}JosephJodiS-1-5-21-2815888356-1058474395-1548935969-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (06/19/2016 07:08:59 AM) (Source: DCOM) (EventID: 10016) (User: JOSEPH)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}JosephJodiS-1-5-21-2815888356-1058474395-1548935969-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (06/19/2016 07:08:59 AM) (Source: DCOM) (EventID: 10016) (User: JOSEPH)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}JosephJodiS-1-5-21-2815888356-1058474395-1548935969-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (06/19/2016 07:08:57 AM) (Source: DCOM) (EventID: 10016) (User: JOSEPH)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}JosephJodiS-1-5-21-2815888356-1058474395-1548935969-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (06/19/2016 07:08:57 AM) (Source: DCOM) (EventID: 10016) (User: JOSEPH)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}JosephJodiS-1-5-21-2815888356-1058474395-1548935969-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (06/19/2016 07:08:54 AM) (Source: DCOM) (EventID: 10016) (User: JOSEPH)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}JosephJodiS-1-5-21-2815888356-1058474395-1548935969-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (06/19/2016 07:08:54 AM) (Source: DCOM) (EventID: 10016) (User: JOSEPH)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}JosephJodiS-1-5-21-2815888356-1058474395-1548935969-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (06/19/2016 02:54:17 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
 
Error: (06/19/2016 02:40:33 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Background Intelligent Transfer Service service terminated with the following service-specific error:
%%2148007941 = Server execution failed
 
 
 
CodeIntegrity:
===================================
  Date: 2016-06-19 02:47:28.324
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-19 02:46:56.948
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-19 02:25:18.709
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 

==================== Memory info ===========================
 
Processor: Intel® Celeron® CPU N2840 @ 2.16GHz
Percentage of memory in use: 54%
Total physical RAM: 3982.88 MB
Available physical RAM: 1828.54 MB
Total Virtual: 5390.88 MB
Available Virtual: 3150.64 MB
 
==================== Drives ================================
 
Drive c: (TI10707700A) (Fixed) (Total:453.4 GB) (Free:403.14 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 

 

I did not reboot, just posted first content.  Strange.. and there is a bit of a delay between ctl-v and the pasted text showing up. 



#9 CRodgers

CRodgers
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:FL, USA
  • Local time:01:57 PM

Posted 19 June 2016 - 10:22 AM

oh btw, before you initially responded, I rebooted the laptop and even though the MBAM had initially been stopped from executing, MBAM kicked in on restart and cleaned up a bunch of malware/pup.  Then I rebooted and reran mbam and it came back clean.  I also installed and ran ADWare and CCleaner to clean up things.  Adware came back clean after the second run.

 

Then I got your message.  I am still having phantom issues.  Like I could paste the first file above, but then the second file would not paste.  I kept doing ctl-a, ctl-c, then ctl-v.  I even tried right-click copy and then right-click paste, but it would not paste.

 

Also, I kept seeing the mouse turn into a spinny circle for no apparent reason, like background processes were running.  Oh, and the laptop mouse pad kept disappearing, so I plugged in my wireless mouse and that seems to be working fine, but sometimes, the mouse/system freezes, not sure why.



#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:57 PM

Posted 19 June 2016 - 02:38 PM

Thank you for the logs :)

warning.gifMalicious Programs Warning!

I noticed that you have malicious programs installed on your system. I'll ask you to uninstall them since uninstalling such programs before running malware removal tools will ensure a better clean-up.
  • Dragons of Atlantis
  • Edgeworld
  • Goodgame Empire
  • Host App Service
  • Pirate Storm
  • Pokki Start Menu
  • The Godfather
If you have an issue when uninstalling a program, please let me know.

Now we'll run a first fix with FRST, and also do a sweep using JRT, AdwCleaner and Malwarebytes. The AdwCleaner and Malwarebytes scans should go through this time. If not, let me know.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Right-click on your Desktop, select New and click on Text Document. Name it fixlist (make sure it's a .txt file) and press on Enter;
  • Open the file you just created and copy/paste the content below in it, then save it (Ctrl + S);
    CloseProcesses:
    CreateRestorePoint:
    
    Task: {146962C0-0FB1-42F3-9CF2-CCB0429C3920} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {17E4174C-1F1D-4476-84C1-21B799707A75} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
    Task: {28347B82-D399-498D-8AA5-1AC695B06467} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {33A72EAB-4259-4AF5-A12E-C34C4D9E01F9} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {4BF578FA-919E-4F4A-A411-D88F238496BC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {61DE7747-7BEB-42FF-85B1-17B712CF4EBA} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
    Task: {6C3806FF-2EF3-465A-8989-F20EDFA7CC7E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {70753B81-0162-42B7-86D1-3DD52E069D48} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
    Task: {B4164281-A325-4822-BB10-57A51F78543C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {D0725E08-F339-4C8F-97EB-EC81053D9402} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {DCDC8C24-DF76-412C-B320-4E5D7F7BCFDE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {E4860CA2-7232-49DA-8A0D-E6ADB9786D8C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {FFFBF8E3-9837-4DA6-BBC7-86273770686D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {B3BB29D8-D697-44E5-A884-079080B35262} - System32\Tasks\SweetLabs App Platform => C:\Users\Jodi\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
    
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    
    C:\ProgramData\McAfee
    C:\Users\Jodi\AppData\Local\SweetLabs App Platform
    C:\WINDOWS\System32\Tasks\McAfee
    
    EmptyTemp:
    
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste its content in your next reply;
Follow the instructions below please.

iT103hr.pngJunkware Removal Tool (JRT)
  • Download Junkware Removal Tool (JRT) and move it to your Desktop;
  • Right-click on JRT.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Press on any key to launch the scan and let it complete;
    tLsXbWy.png
    Credits : BleepingComputer.com
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;
zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the EULA (I accept), let the database update, then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes;
    CfdTLN1.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply;
0isDeWa.pngMalwarebytes Anti-Malware - Clean Mode
  • Download and install the free version of Malwarebytes Anti-Malware
    Note: It's your choice if you want to enable the free trial of Malwarebytes Premium or not. Enabling it will give you real-time protection from the program, as well as access to all the Premium features.
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point;
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the Update Now button;
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan;
  • Let the scan run, the time required to complete the scan depends of your system and computer specs;
  • Once the scan is complete, make sure that the checkbox by Threat is checked (it means that every item detected is checked), then click on the Remove Selected button;
    L9PN4j1.png
  • Click on Save Results after the deletion (in the bottom-right corner) and select Copy to clipboard. Paste the content in your next reply;
Your next reply(ies) should therefore contain:
  • Copy/pasted content of the FRST fixlog;
  • Copy/pasted JRT log;
  • Copy/pasted AdwCleaner clean log;
  • Copy/pasted Malwarebytes clean log;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 CRodgers

CRodgers
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:FL, USA
  • Local time:01:57 PM

Posted 19 June 2016 - 04:24 PM

The FRST did not open a text file, but instead prompted me to reboot immediately. I later found that the fix txt file was removed, but the fix log existed in its place.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 19-06-2016 01
Ran by Jodi (2016-06-19 16:33:31) Run:1
Running from C:\Users\Jodi\Desktop\help
Loaded Profiles: Jodi (Available Profiles: Jodi)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
 
Task: {146962C0-0FB1-42F3-9CF2-CCB0429C3920} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {17E4174C-1F1D-4476-84C1-21B799707A75} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {28347B82-D399-498D-8AA5-1AC695B06467} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {33A72EAB-4259-4AF5-A12E-C34C4D9E01F9} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {4BF578FA-919E-4F4A-A411-D88F238496BC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {61DE7747-7BEB-42FF-85B1-17B712CF4EBA} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {6C3806FF-2EF3-465A-8989-F20EDFA7CC7E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {70753B81-0162-42B7-86D1-3DD52E069D48} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {B4164281-A325-4822-BB10-57A51F78543C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {D0725E08-F339-4C8F-97EB-EC81053D9402} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {DCDC8C24-DF76-412C-B320-4E5D7F7BCFDE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {E4860CA2-7232-49DA-8A0D-E6ADB9786D8C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {FFFBF8E3-9837-4DA6-BBC7-86273770686D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {B3BB29D8-D697-44E5-A884-079080B35262} - System32\Tasks\SweetLabs App Platform => C:\Users\Jodi\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
 
C:\ProgramData\McAfee
C:\Users\Jodi\AppData\Local\SweetLabs App Platform
C:\WINDOWS\System32\Tasks\McAfee
 
EmptyTemp:
*****************
 
Processes closed successfully.
Error: (0) Failed to create a restore point.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{146962C0-0FB1-42F3-9CF2-CCB0429C3920}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{146962C0-0FB1-42F3-9CF2-CCB0429C3920}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{17E4174C-1F1D-4476-84C1-21B799707A75}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{17E4174C-1F1D-4476-84C1-21B799707A75}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{28347B82-D399-498D-8AA5-1AC695B06467}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{28347B82-D399-498D-8AA5-1AC695B06467}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{33A72EAB-4259-4AF5-A12E-C34C4D9E01F9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{33A72EAB-4259-4AF5-A12E-C34C4D9E01F9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4BF578FA-919E-4F4A-A411-D88F238496BC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4BF578FA-919E-4F4A-A411-D88F238496BC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{61DE7747-7BEB-42FF-85B1-17B712CF4EBA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{61DE7747-7BEB-42FF-85B1-17B712CF4EBA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6C3806FF-2EF3-465A-8989-F20EDFA7CC7E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C3806FF-2EF3-465A-8989-F20EDFA7CC7E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{70753B81-0162-42B7-86D1-3DD52E069D48}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{70753B81-0162-42B7-86D1-3DD52E069D48}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B4164281-A325-4822-BB10-57A51F78543C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B4164281-A325-4822-BB10-57A51F78543C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D0725E08-F339-4C8F-97EB-EC81053D9402}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D0725E08-F339-4C8F-97EB-EC81053D9402}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DCDC8C24-DF76-412C-B320-4E5D7F7BCFDE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DCDC8C24-DF76-412C-B320-4E5D7F7BCFDE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E4860CA2-7232-49DA-8A0D-E6ADB9786D8C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E4860CA2-7232-49DA-8A0D-E6ADB9786D8C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FFFBF8E3-9837-4DA6-BBC7-86273770686D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FFFBF8E3-9837-4DA6-BBC7-86273770686D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B3BB29D8-D697-44E5-A884-079080B35262}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B3BB29D8-D697-44E5-A884-079080B35262}" => key removed successfully
C:\WINDOWS\System32\Tasks\SweetLabs App Platform => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SweetLabs App Platform" => key removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => key not found. 
C:\ProgramData\McAfee => moved successfully
"C:\Users\Jodi\AppData\Local\SweetLabs App Platform" => not found.
C:\WINDOWS\System32\Tasks\McAfee => moved successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9736832 B
Java, Flash, Steam htmlcache => 706 B
Windows/system/drivers => 5059166 B
Edge => 1536 B
Chrome => 25592232 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 5058 B
Jodi => 39007222 B
 
RecycleBin => 0 B
EmptyTemp: => 75.7 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 16:33:41 ====
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 10 Home x64 
Ran by Jodi (Administrator) on Sun 06/19/2016 at 16:45:36.01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 4 
 
Successfully deleted: C:\Users\Jodi\Start Menu\Programs\goodgame empire.lnk (Shortcut) 
Successfully deleted: C:\Users\Jodi\Start Menu\Programs\pc app store.lnk (Shortcut) 
Successfully deleted: C:\Users\Jodi\Start Menu\Programs\pokki start menu.lnk (Shortcut) 
Successfully deleted: C:\WINDOWS\system32\drivers\swdumon.sys (File) 
 
 
 
Registry: 1 
 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{47A27A6D-8100-4FD2-974F-077D79EEC676} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 06/19/2016 at 16:49:46.72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
# AdwCleaner v5.200 - Logfile created 19/06/2016 at 16:58:01
# Updated 14/06/2016 by ToolsLib
# Database : 2016-06-19.1 [Server]
# Operating system : Windows 10 Home  (X64)
# Username : Jodi - JOSEPH
# Running from : C:\Users\Jodi\Desktop\help\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
[-] Key Deleted : HKCU\Software\Classes\Directory\shell\pokki
[-] Key Deleted : HKCU\Software\Classes\Drive\shell\pokki
[-] Key Deleted : HKCU\Software\Classes\lnkfile\shell\pokki
[-] Key Deleted : HKCU\Software\SlimWare Utilities Inc
[-] Key Deleted : HKCU\Software\SweetLabs App Platform
[-] Key Deleted : HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
[-] Key Deleted : HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Secondary Start Pages]
[-] Data Restored : HKU\S-1-5-21-2815888356-1058474395-1548935969-1001\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
[-] Data Restored : HKU\S-1-5-21-2815888356-1058474395-1548935969-1001\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages]
 
***** [ Web browsers ] *****
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [1182 bytes] - [14/06/2016 21:06:38]
C:\AdwCleaner\AdwCleaner[C2].txt - [1929 bytes] - [19/06/2016 16:58:01]
C:\AdwCleaner\AdwCleaner[S1].txt - [6373 bytes] - [14/06/2016 21:03:08]
C:\AdwCleaner\AdwCleaner[S2].txt - [3770 bytes] - [19/06/2016 08:23:44]
C:\AdwCleaner\AdwCleaner[S3].txt - [2422 bytes] - [19/06/2016 16:54:29]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [2221 bytes] ##########
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 6/19/2016
Scan Time: 5:03 PM
Logfile: mbam_results.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.06.19.05
Rootkit Database: v2016.05.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Jodi
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 292870
Time Elapsed: 16 min, 30 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:57 PM

Posted 19 June 2016 - 06:15 PM

Thank you for the logs :)

Now, we'll run Emsisoft Emergency Kit to see if there are any remnants, and grab a fresh set of FRST logs to see if there's anything left to address.

G0tu5D9.pngEmsisoft Emergency Kit
Follow the instructions below to run a scan using the Emsisoft Emergency Kit.
  • Download the Emsisoft Emergency Kit and execute it. From there, click on the Extract button to extract the program in the EEK folder;
  • Once the extraction is complete, Emsisoft Emergency Kit will open, and suggest you to run an online update before using the program. Click on Yes to launch it.
  • After the update, click on Malware Scan under 2. Scan and accept to let Emsisoft Emergency Kit detect PUPs (click on Yes).
  • Once the scan is complete, make sure that every item in the list is checked, and click on Quarantine selected;
    Egla2gt.png
  • If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
  • After the restart, click on the Start Emsisoft Emergency Kit icon again on your desktop to open it;
  • This time, click on Logs;
  • From there, go under the Quarantine Log tab, and click on the Export button;
    IgfWDr3.png
  • Save the log on your desktop, then open it, and copy/paste its content in your next reply;
iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • Check the Addition.txt option;
  • Click on the Scan button;
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files;
  • Copy and paste the content of both FRST.txt and Addition.txt in your next reply;
After all that, how is the computer behaving now? Is it running good, or are there still issues to address? If so, which ones?

Your next reply(ies) should include:
  • Copy/pasted content of the EEK log;
  • Copy/pasted content of the FRST.txt log;
  • Copy/pasted content of the Addition.txt log;
  • Answer to my question about the computer/laptop current status;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 CRodgers

CRodgers
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:FL, USA
  • Local time:01:57 PM

Posted 19 June 2016 - 09:01 PM

Emsisoft Emergency Kit - Version 11.0
Quarantine log
 
Date Source Event Detection
6/19/2016 9:37:51 PM Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR Moved to quarantine Setting.DisableTaskMgr (A)
6/19/2016 9:37:50 PM Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Moved to quarantine Setting.DisableRegistryTools (A)
6/19/2016 9:37:50 PM Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN Moved to quarantine Setting.NoRun (A)
6/19/2016 9:37:50 PM Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS Moved to quarantine Setting.NoFolderOptions (A)
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-06-2016 01
Ran by Jodi (administrator) on JOSEPH (19-06-2016 21:40:01)
Running from C:\Users\Jodi\Desktop\help
Loaded Profiles: Jodi (Available Profiles: Jodi)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe
(Vimicro Corporation) C:\Program Files (x86)\Vimicro Corporation\VMUVC\VMonitor.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11602.1.26.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [HotKeysCmds] => "C:\Windows\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\Windows\system32\igfxpers.exe"
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179288 2014-01-04] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954880 2015-10-08] (Synaptics Incorporated)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2013-08-05] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)
HKLM-x32\...\Run: [VMonitorVMUVC] => C:\Program Files (x86)\Vimicro Corporation\VMUVC\VMonitor.exe [143360 2008-08-29] (Vimicro Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2016-04-23] (Adobe Systems Incorporated)
HKU\S-1-5-21-2815888356-1058474395-1548935969-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8722136 2016-06-01] (Piriform Ltd)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 65.32.1.65 65.32.1.70
Tcpip\..\Interfaces\{2c485994-10a3-463b-8a65-89d25fa9643b}: [DhcpNameServer] 65.32.1.65 65.32.1.70
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-2815888356-1058474395-1548935969-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
SearchScopes: HKU\S-1-5-21-2815888356-1058474395-1548935969-1001 -> DefaultScope {49942BC3-58C6-11E5-8269-ACE010434FB7} URL = 
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll [2015-04-14] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll [2015-04-14] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-04-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2815888356-1058474395-1548935969-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jodi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-28] (Unity Technologies ApS)
 
Chrome: 
=======
CHR Profile: C:\Users\Jodi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Jodi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-19]
CHR Extension: (Google Docs) - C:\Users\Jodi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-19]
CHR Extension: (Google Drive) - C:\Users\Jodi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-19]
CHR Extension: (YouTube) - C:\Users\Jodi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-19]
CHR Extension: (Google Sheets) - C:\Users\Jodi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-19]
CHR Extension: (Google Docs Offline) - C:\Users\Jodi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jodi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-19]
CHR Extension: (Gmail) - C:\Users\Jodi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-19]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [319104 2014-03-19] (Windows ® Win 7 DDK provider) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255168 2015-10-08] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4342936 2015-09-21] (Qualcomm Atheros Communications, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-06-19] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-09] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [51392 2015-10-08] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [54424 2015-07-29] (Toshiba Corporation)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 VMUVC; C:\Windows\System32\Drivers\VMUVC.sys [198784 2009-05-25] (Vimicro Corporation)
S3 vvftUVC; C:\Windows\system32\drivers\vvftUVC.sys [303616 2008-07-01] (Vimicro Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-19 21:17 - 2016-06-19 21:39 - 00000000 ____D C:\EEK
2016-06-19 15:50 - 2016-06-19 15:50 - 00002359 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-19 15:50 - 2016-06-19 15:50 - 00002347 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-19 15:48 - 2016-06-19 21:16 - 00000000 ____D C:\Users\Jodi\AppData\Local\Google
2016-06-19 15:48 - 2016-06-19 20:59 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-19 15:48 - 2016-06-19 17:30 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-19 15:48 - 2016-06-19 15:54 - 00003978 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-06-19 15:48 - 2016-06-19 15:54 - 00003746 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-06-19 15:48 - 2016-06-19 15:50 - 00000000 ____D C:\Program Files (x86)\Google
2016-06-19 15:48 - 2016-06-19 15:48 - 00987728 _____ (Google Inc.) C:\Users\Jodi\Downloads\ChromeSetup.exe
2016-06-19 15:43 - 2016-06-19 15:53 - 12483479 _____ C:\Users\Jodi\Downloads\issue109_en.pdf
2016-06-19 15:23 - 2016-06-19 15:23 - 00000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-06-19 09:58 - 2016-06-19 09:58 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-06-19 07:44 - 2016-06-19 07:44 - 00000000 ____D C:\Users\Jodi\AppData\Local\NetworkTiles
2016-06-19 07:18 - 2016-06-19 07:19 - 00002375 _____ C:\Users\Jodi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-06-19 07:13 - 2016-06-19 07:13 - 00000000 ____D C:\Users\Jodi\AppData\Local\MicrosoftEdge
2016-06-19 07:09 - 2016-06-19 07:09 - 00000000 ____D C:\Users\Jodi\AppData\Local\Publishers
2016-06-19 07:07 - 2016-06-19 07:07 - 00000000 ____D C:\Users\Jodi\AppData\Local\Comms
2016-06-19 07:07 - 2016-06-19 07:07 - 00000000 ____D C:\Users\Jodi\AppData\Local\ActiveSync
2016-06-19 07:06 - 2016-06-19 17:30 - 00000000 __SHD C:\Users\Jodi\IntelGraphicsProfiles
2016-06-19 07:06 - 2016-06-19 07:06 - 00000000 ____D C:\Users\Jodi\AppData\Local\TileDataLayer
2016-06-19 07:05 - 2016-06-19 07:05 - 00000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2016-06-19 07:05 - 2016-06-19 07:05 - 00000020 ___SH C:\Users\Jodi\ntuser.ini
2016-06-19 06:22 - 2016-06-19 07:03 - 00000000 ___DC C:\WINDOWS\Panther
2016-06-19 06:15 - 2016-06-19 06:16 - 00000000 ____D C:\Windows.old
2016-06-19 06:13 - 2016-06-19 06:13 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 02921880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 02403680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-06-19 06:13 - 2016-06-19 06:13 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 01092464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-06-19 06:13 - 2016-06-19 06:13 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-06-19 06:13 - 2016-06-19 06:13 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-06-19 06:13 - 2016-06-19 06:13 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 00501600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 00498960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 00451928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2016-06-19 06:13 - 2016-06-19 06:13 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-06-19 06:13 - 2016-06-19 06:13 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-06-19 06:13 - 2016-06-19 06:13 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-06-19 06:13 - 2016-06-19 06:13 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2016-06-19 06:13 - 2016-06-19 06:13 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2016-06-19 06:13 - 2016-06-19 06:13 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsdport.sys
2016-06-19 06:13 - 2016-06-19 06:13 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsdchngr.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 24605696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 18674176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 13385728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 12128256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 06973952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 06605504 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 05502976 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 05240960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 04896256 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 04775424 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 04515264 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 04387680 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 04268880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 03664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 03590144 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 03585536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 03078144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 02609664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 02548944 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 02281472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 02230272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 02195632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 02152280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 02000896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01848072 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01819208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01797120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01776768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01730560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01716736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01594416 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01575936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01536088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01522152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01445888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 01372312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01339904 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01319424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-06-19 06:12 - 2016-06-19 06:12 - 01297752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01239552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01185280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationFramework.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01161120 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01152864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01098240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01089888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-06-19 06:12 - 2016-06-19 06:12 - 00990208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00958976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00794624 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00770640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00725776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00713920 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00707608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 00693760 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00686976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00649792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00639488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00638816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00636304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00619296 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00614400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00606208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 00592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 00582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00577376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 00569744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00565600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00550656 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00546456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00534872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-06-19 06:12 - 2016-06-19 06:12 - 00530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00521664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00513368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00511488 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00485888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00453472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00431296 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ws2_32.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00428896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 00413536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlansec.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPSECSVC.DLL
2016-06-19 06:12 - 2016-06-19 06:12 - 00390496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00388384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ws2_32.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00378208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2016-06-19 06:12 - 2016-06-19 06:12 - 00374008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AccountsRt.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00357216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswsock.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\system32\polstore.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00316256 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00312160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswsock.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00306832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00293888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00291360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\polstore.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00290496 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00254656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthLEEnum.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrokerLib.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00217440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00211296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00204048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GnssAdapter.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00190144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 00188256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 00183904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Privacy.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00170848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00131424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufxsynopsys.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 00131248 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Ndu.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00111064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00100232 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 00097096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdport.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\FwRemoteSvr.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\filecrypt.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-06-19 06:12 - 2016-06-19 06:12 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00081144 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptsvc.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00074424 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00058400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00058208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwminit.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FwRemoteSvr.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-06-19 06:12 - 2016-06-19 06:12 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxp.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacchooks.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacchooks.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00002186 _____ C:\WINDOWS\SysWOW64\AppxProvisioning.xml
2016-06-19 06:12 - 2016-06-19 06:12 - 00002186 _____ C:\WINDOWS\system32\AppxProvisioning.xml
2016-06-19 05:58 - 2016-06-19 05:58 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-06-19 05:54 - 2016-06-19 05:54 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-06-19 05:54 - 2016-06-19 05:54 - 00000000 ____D C:\Program Files\MSBuild
2016-06-19 05:54 - 2016-06-19 05:54 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-06-19 05:54 - 2016-06-19 05:54 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-06-19 05:53 - 2015-10-23 21:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2016-06-19 05:53 - 2015-10-23 21:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-06-19 05:53 - 2015-10-23 21:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2016-06-19 05:53 - 2015-10-23 21:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2016-06-19 05:53 - 2015-10-23 21:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2016-06-19 05:53 - 2015-10-23 21:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-06-19 02:54 - 2016-06-19 02:54 - 00000000 _SHDL C:\Users\Default\My Documents
2016-06-19 02:54 - 2016-06-19 02:54 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2016-06-19 02:54 - 2016-06-19 02:54 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2016-06-19 02:54 - 2016-06-19 02:54 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2016-06-19 02:54 - 2016-06-19 02:54 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2016-06-19 02:54 - 2016-06-19 02:54 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2016-06-19 02:54 - 2016-06-19 02:54 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2016-06-19 02:51 - 2016-06-19 17:36 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-06-19 02:48 - 2016-06-19 02:48 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2016-06-19 02:39 - 2016-06-19 02:39 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-06-19 02:33 - 2016-06-19 02:33 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2016-06-19 02:31 - 2016-06-19 07:06 - 00000000 ____D C:\Users\Jodi
2016-06-19 02:31 - 2016-06-19 02:31 - 00000000 _SHDL C:\Users\Jodi\My Documents
2016-06-19 02:31 - 2016-06-19 02:31 - 00000000 _SHDL C:\Users\Jodi\Documents\My Videos
2016-06-19 02:31 - 2016-06-19 02:31 - 00000000 _SHDL C:\Users\Jodi\Documents\My Pictures
2016-06-19 02:31 - 2016-06-19 02:31 - 00000000 _SHDL C:\Users\Jodi\Documents\My Music
2016-06-19 02:27 - 2016-06-19 02:27 - 00001527 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2016-06-19 02:27 - 2016-06-19 02:27 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2016-06-19 02:27 - 2016-06-19 02:27 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2016-06-19 02:27 - 2016-06-19 02:27 - 00000000 ____D C:\Program Files\Common Files\Atheros
2016-06-19 02:26 - 2016-06-19 02:34 - 00000000 ____D C:\Program Files\Intel
2016-06-19 02:26 - 2016-06-19 02:26 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-06-19 02:26 - 2016-06-19 02:26 - 00000000 ____D C:\Program Files\Realtek
2016-06-19 02:26 - 2016-05-03 23:30 - 00081416 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2016-06-19 02:26 - 2016-05-03 23:30 - 00077832 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2016-06-19 02:25 - 2016-06-19 02:25 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2016-06-19 02:25 - 2016-06-19 02:25 - 00000000 ____D C:\Program Files\Synaptics
2016-06-19 00:15 - 2016-06-19 02:53 - 00009528 _____ C:\WINDOWS\diagwrn.xml
2016-06-19 00:15 - 2016-06-19 02:53 - 00009528 _____ C:\WINDOWS\diagerr.xml
2016-06-19 00:15 - 2016-06-19 01:00 - 00000000 ___HD C:\$WINDOWS.~BT
2016-06-19 00:07 - 2016-06-19 00:15 - 00000036 _____ C:\WINDOWS\progress.ini
2016-06-18 22:58 - 2016-06-19 07:06 - 00000000 ____D C:\Windows10Upgrade
2016-06-18 22:58 - 2016-06-19 07:04 - 00000000 ___HD C:\$GetCurrent
2016-06-18 22:58 - 2016-06-18 22:58 - 05788016 _____ (Microsoft Corporation) C:\Users\Jodi\Downloads\Windows10Upgrade9194.exe
2016-06-18 22:58 - 2016-06-18 22:58 - 00000713 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Upgrade Assistant.lnk
2016-06-18 22:58 - 2016-06-18 22:58 - 00000701 _____ C:\Users\Jodi\Desktop\Windows 10 Upgrade Assistant.lnk
2016-06-18 22:23 - 2016-06-19 21:40 - 00000000 ____D C:\FRST
2016-06-18 20:40 - 2016-06-19 21:40 - 00000000 ____D C:\Users\Jodi\Desktop\help
2016-06-14 21:02 - 2016-06-19 16:58 - 00000000 ____D C:\AdwCleaner
2016-06-14 20:56 - 2016-06-14 20:56 - 00891392 _____ (Farbar) C:\Users\Jodi\Downloads\MiniToolBox.exe
2016-06-14 20:34 - 2016-06-19 21:15 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-06-14 20:34 - 2016-06-19 02:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-06-14 20:34 - 2016-06-14 20:34 - 00001129 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-06-14 20:33 - 2016-06-14 20:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-06-14 20:33 - 2016-06-14 20:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-06-14 20:33 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-06-14 20:33 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-06-14 20:33 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-06-14 20:24 - 2016-06-15 16:40 - 00484008 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-06-14 20:23 - 2016-06-14 20:34 - 00000496 _____ C:\Users\Jodi\AppData\Roaming\Microsoft\Windows\Start Menu\Google.website
2016-06-14 19:51 - 2016-06-19 02:47 - 00002096 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-06-14 19:51 - 2016-06-19 02:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-06-14 19:51 - 2016-06-14 19:52 - 00000000 ____D C:\Program Files\CCleaner
2016-06-14 19:51 - 2016-06-14 19:51 - 00000845 _____ C:\Users\Public\Desktop\CCleaner.lnk
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-19 21:20 - 2015-04-14 01:31 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-06-19 17:36 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2016-06-19 17:29 - 2016-04-27 02:32 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-19 17:28 - 2015-10-30 02:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-06-19 15:59 - 2014-12-05 03:16 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-06-19 09:10 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-06-19 08:56 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-19 08:40 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-19 08:30 - 2015-08-09 17:11 - 00000000 ____D C:\Users\Jodi\AppData\Local\Packages
2016-06-19 07:19 - 2015-08-09 17:19 - 00000000 ___RD C:\Users\Jodi\OneDrive
2016-06-19 07:06 - 2016-04-27 02:39 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-06-19 07:03 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\appcompat
2016-06-19 06:22 - 2015-10-30 03:24 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-06-19 06:21 - 2015-10-30 03:26 - 00000000 ____D C:\WINDOWS\Setup
2016-06-19 06:14 - 2016-04-27 02:20 - 00000000 ____D C:\Program Files\Windows Journal
2016-06-19 06:14 - 2015-10-30 03:24 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-06-19 06:14 - 2015-10-30 03:24 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-06-19 06:14 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-06-19 06:14 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-06-19 06:14 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-06-19 06:14 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-06-19 06:14 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-06-19 06:14 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-06-19 06:12 - 2016-04-27 02:34 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2016-06-19 02:56 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\rescache
2016-06-19 02:54 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-06-19 02:52 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\Registration
2016-06-19 02:47 - 2015-08-09 17:17 - 00002812 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2815888356-1058474395-1548935969-1001
2016-06-19 02:47 - 2015-04-14 01:31 - 00002898 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-06-19 02:47 - 2015-04-14 01:10 - 00002048 _____ C:\WINDOWS\System32\Tasks\Synaptics TouchPad Enhancements
2016-06-19 02:47 - 2015-04-14 00:59 - 00002172 _____ C:\WINDOWS\System32\Tasks\RTKCPL
2016-06-19 02:47 - 2015-04-14 00:44 - 00002750 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2815888356-1058474395-1548935969-500
2016-06-19 02:46 - 2015-10-30 03:24 - 00000000 __RHD C:\Users\Public\Libraries
2016-06-19 02:43 - 2016-04-27 02:29 - 00306008 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-06-19 02:41 - 2016-04-27 02:06 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2016-06-19 02:41 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-06-19 02:41 - 2015-10-30 03:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-06-19 02:41 - 2015-10-30 02:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-06-19 02:41 - 2015-08-23 21:24 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
2016-06-19 02:41 - 2015-08-09 17:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vimicro USB2.0 UVC PC Camera
2016-06-19 02:41 - 2015-08-09 17:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stopmotion Explosion Software
2016-06-19 02:41 - 2015-04-14 01:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZUUS Music Video Player
2016-06-19 02:41 - 2015-04-14 01:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-06-19 02:41 - 2014-12-05 03:45 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector 10
2016-06-19 02:41 - 2014-12-05 03:40 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PhotoDirector 3
2016-06-19 02:41 - 2014-12-05 03:38 - 00000000 ____D C:\ProgramData\regid.2009-07.com.mymusiccloud
2016-06-19 02:41 - 2014-12-05 03:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2016-06-19 02:41 - 2014-12-05 03:19 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-06-19 02:39 - 2013-08-22 09:36 - 00000000 ____D C:\Users\Default.migrated
2016-06-19 02:36 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2016-06-19 02:36 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2016-06-19 02:36 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\SysWOW64\et-EE
2016-06-19 02:36 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2016-06-19 02:36 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-06-19 02:36 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2016-06-19 02:36 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2016-06-19 02:36 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2016-06-19 02:36 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\et-EE
2016-06-19 02:36 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-06-19 02:36 - 2015-04-14 01:08 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2016-06-19 02:36 - 2014-12-05 03:38 - 00000000 __SHD C:\WINDOWS\SysWOW64\AI_RecycleBin
2016-06-19 02:36 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2016-06-19 02:36 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2016-06-19 02:34 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-06-19 02:34 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\InputMethod
2016-06-19 02:34 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-06-19 02:34 - 2014-12-05 03:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
2016-06-19 02:34 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\MediaViewer
2016-06-19 02:34 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\ADFS
2016-06-19 02:30 - 2015-10-30 02:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-06-18 22:09 - 2015-08-26 12:16 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-06-18 22:06 - 2015-08-26 12:16 - 142482544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-06-18 21:20 - 2016-01-04 15:30 - 00000000 ____D C:\Users\Jodi\AppData\Local\ElevatedDiagnostics
2016-06-18 20:09 - 2015-08-09 17:55 - 00000000 ____D C:\Users\Jodi\AppData\Roaming\WildTangent
2016-06-18 20:09 - 2014-12-05 03:19 - 00000000 ____D C:\ProgramData\WildTangent
2016-06-18 20:09 - 2014-12-05 03:19 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2016-06-14 14:33 - 2015-10-30 03:26 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-06-14 14:33 - 2015-10-30 03:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2016-06-19 02:27 - 2016-06-19 02:27 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-12-05 03:39 - 2014-12-05 03:39 - 0000123 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
 
Some files in TEMP:
====================
C:\Users\Jodi\AppData\Local\Temp\libeay32.dll
C:\Users\Jodi\AppData\Local\Temp\msvcr120.dll
C:\Users\Jodi\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-06-19 02:23
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-06-2016 01
Ran by Jodi (2016-06-19 21:41:46)
Running from C:\Users\Jodi\Desktop\help
Windows 10 Home Version 1511 (X64) (2016-06-19 11:04:54)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2815888356-1058474395-1548935969-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2815888356-1058474395-1548935969-503 - Limited - Disabled)
Guest (S-1-5-21-2815888356-1058474395-1548935969-501 - Limited - Disabled)
Jodi (S-1-5-21-2815888356-1058474395-1548935969-1001 - Administrator - Enabled) => C:\Users\Jodi
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.16)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.16 - Adobe Systems Incorporated)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
Audacity 1.3.14 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version:  - Audacity Team)
CCleaner (HKLM\...\CCleaner) (Version: 5.18 - Piriform)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.5524 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.4220 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.4220 - CyberLink Corp.) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3920.05 - CyberLink Corp.)
Elements 11 Organizer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3408 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4641.1005 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d07b0db5-8dad-40e1-be90-88026298a46b}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{2749c485-3a8b-4533-92ff-7cf6e8221cff}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MyMusicCloud Sync Agent (HKLM-x32\...\{E5A80308-AAAD-4FDF-B85D-6755CCABFC35}) (Version: 3.3.285.4991 - TriPlay)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7592 - Realtek Semiconductor Corp.)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
Stopmotion Explosion Software version 3.0 (HKLM-x32\...\{E7B6A7E1-AAD4-409E-B1E7-5816A3F47687}_is1) (Version: 3.0 - Stopmotion Explosion)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.3 - Synaptics Incorporated)
TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.6 - Toshiba Corporation)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.18.0 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{F64E9295-E1B3-4EEA-86D3-AF44A0087B06}) (Version: 1.1.16.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{94D2A899-0C34-4420-880E-AE337E635AB0}) (Version: 2.4.2.6403 - Toshiba Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.51.81.2C - TOSHIBA CORPORATION)
TOSHIBA Function Key (HKLM\...\{1844CFE2-EBA3-490A-8A5E-9BFC646342FD}) (Version: 1.1.5.6402 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{59358FD4-252B-4B38-AB81-955C491A494F}) (Version: 2.0.0.20C - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.2.00.56006005 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{BFE4C813-4DD4-4B1C-97F4-76A459055C8D}) (Version: 2.6.13 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0033 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.1.32003 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Unity Web Player (HKU\S-1-5-21-2815888356-1058474395-1548935969-1001\...\UnityWebPlayer) (Version: 5.2.0f3 - Unity Technologies ApS)
Utility Common Driver (x32 Version: 1.0.53.4 - Compal) Hidden
Vimicro USB2.0 UVC PC Camera (HKLM-x32\...\{71A51A91-E7D3-11DB-A386-005056C00008}) (Version: 2009.03.18 - Vimicro Corp.)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17323 - Microsoft Corporation)
WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}) (Version: 18.5.11111 - WinZip Computing, S.L. )
ZUUS Music Video Player (HKLM-x32\...\{870B7B26-BBBE-4A0A-A030-B09F6CC9867D}) (Version: 1.0.0 - ZUUS Media, Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2815888356-1058474395-1548935969-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Jodi\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2815888356-1058474395-1548935969-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {4F80C88A-6576-488A-B10B-4329444376D5} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-09-15] (Realtek Semiconductor)
Task: {4FAC07EC-49B7-4199-B3EF-C682844E585A} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-09-24] (TOSHIBA Corporation)
Task: {7DF54835-1F5E-41C6-8AE9-5F8D9EDE8CB0} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-10-08] (Synaptics Incorporated)
Task: {D18C6E75-1AC7-482A-8B94-F67D22FBD710} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-19] (Google Inc.)
Task: {D3FA300B-4E0A-42AE-8D0A-252DA1E4EAE6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-01] (Piriform Ltd)
Task: {E5D63682-3A17-4C3E-875D-52674E855A28} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-19] (Google Inc.)
Task: {EC64F0EE-5CB4-444B-A5E3-735E75FC41D2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2014-12-05 03:45 - 2012-04-24 22:43 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2016-06-19 06:12 - 2016-06-19 06:12 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-06-19 07:19 - 2016-06-19 07:19 - 00959168 _____ () C:\Users\Jodi\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-06-19 08:22 - 2016-06-19 08:22 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-04-27 02:10 - 2016-04-27 02:10 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-06-19 06:13 - 2016-06-19 06:13 - 00674816 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-06-19 06:12 - 2016-06-19 06:12 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2012-07-18 21:38 - 2012-07-18 21:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2016-01-06 12:41 - 2016-01-06 12:41 - 00062168 _____ () C:\Program Files\CCleaner\branding.dll
2016-06-19 08:31 - 2016-06-19 08:32 - 10256384 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11602.1.26.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2016-06-19 15:50 - 2016-06-15 04:26 - 02334360 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll
2016-06-19 15:50 - 2016-06-15 04:26 - 00105112 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll
2016-06-19 08:22 - 2016-06-19 08:22 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-06-19 08:22 - 2016-06-19 08:22 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-06-19 07:19 - 2016-06-19 07:19 - 00679624 _____ () C:\Users\Jodi\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2815888356-1058474395-1548935969-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jodi\Pictures\Marvel Heroes.jpg
DNS Servers: 65.32.1.65 - 65.32.1.70
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{5D82C2E4-2EC8-493E-82CB-9F5026F1506D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{C945C7AC-B97F-4980-9578-A18048A7AA9C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{9FA125B6-42BF-4E0C-AE7C-5CD35F8C9912}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{B4798182-EDC6-468A-956D-0D0675A8CA1D}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{3B7B11A8-0BE1-47D0-B395-5DEF82B6B884}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{2D7FDF5C-1AB3-4CC3-860D-D5B1C449DB0C}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{2967F897-267E-498F-8F78-5AEA33785A32}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{67FCC854-612F-4E4E-8399-11872F74EAF7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
19-06-2016 16:45:37 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/19/2016 04:58:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOSEPH)
Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/19/2016 04:45:51 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (06/19/2016 10:34:25 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOSEPH)
Description: Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/19/2016 09:45:18 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOSEPH)
Description: Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/19/2016 09:10:17 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOSEPH)
Description: Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/19/2016 08:40:17 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOSEPH)
Description: Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/19/2016 08:19:32 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOSEPH)
Description: Activation of app Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009280 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/19/2016 08:15:17 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOSEPH)
Description: Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/19/2016 07:55:16 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOSEPH)
Description: Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/19/2016 07:30:10 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOSEPH)
Description: Activation of app Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009280 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (06/19/2016 05:28:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_3bc9a service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (06/19/2016 05:28:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_3bc9a service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (06/19/2016 05:28:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_3bc9a service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (06/19/2016 05:28:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_3bc9a service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (06/19/2016 05:28:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (06/19/2016 04:58:28 PM) (Source: DCOM) (EventID: 10010) (User: JOSEPH)
Description: Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider
 
Error: (06/19/2016 04:58:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_3e31f service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (06/19/2016 04:58:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_3e31f service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (06/19/2016 04:58:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_3e31f service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (06/19/2016 04:58:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_3e31f service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
 
CodeIntegrity:
===================================
  Date: 2016-06-19 09:11:18.725
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-19 02:47:28.324
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-19 02:46:56.948
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-19 02:25:18.709
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU N2840 @ 2.16GHz
Percentage of memory in use: 43%
Total physical RAM: 3982.88 MB
Available physical RAM: 2246.39 MB
Total Virtual: 5390.88 MB
Available Virtual: 3433.64 MB
 
==================== Drives ================================
 
Drive c: (TI10707700A) (Fixed) (Total:453.4 GB) (Free:400.39 GB) NTFS
Drive d: (TOMORROWLAND) (CDROM) (Total:6.79 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:57 PM

Posted 20 June 2016 - 05:15 AM

Thank you for the logs :)

After all that, how is the computer behaving now? Is it running good, or are there still issues to address? If so, which ones?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#15 CRodgers

CRodgers
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:FL, USA
  • Local time:01:57 PM

Posted 20 June 2016 - 07:28 AM

Seems to be working fine, now, thanks!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users