Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help Diagnose


  • This topic is locked This topic is locked
22 replies to this topic

#1 decon21

decon21

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 09 November 2016 - 03:41 PM

Can not uninstall mcafee and iexplorer crashes when opened. 
I have run scans with Spybot-S&D Malwarebytes and Avast. 
 
cpu: pentium dc t4500 @ 2.3 ghz
4 gb ram
64 bit os
 
 
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 10:49:01 PM, on 04/11/2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18315)
 
 
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Toshiba\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Users\Shawn\Downloads\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.ca/welcome
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.iplay.com/?o=shp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Presented by TOSHIBA Leading Innovation >>>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: (no name) - {CC3C8D60-29D6-4880-B9D8-443C4CBA2BEC} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [{91120000-002F-0000-0000-0000000FF1CE}] C:\windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [{91120000-002F-0000-0000-0000000FF1CE}] C:\windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppIntegrationService - WildTangent - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\windows\system32\mfevtps.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 12613 bytes
 


BC AdBot (Login to Remove)

 


#2 decon21

decon21
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 10 November 2016 - 10:18 AM

I realy would like some help with this thanks.



#3 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:05:22 AM

Posted 10 November 2016 - 01:28 PM

Hi decon21 and welcome to BC.

HijackThis is very outdated and as such we longer use it.
It doesn't give us enough information and was never really designed for 64bit systems.
Let's get a proper look at your system.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.
  • Double-click the downloaded icon to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator

    frsticon_zpsdc3cbdc3.png
  • When the tool opens click Yes to disclaimer.

    frstdis_zps7f598f12.png
  • Make sure that Addition.txt is selected at the bottom
  • Press Scan button.

    newfrst_zpsa63ffa3d.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.
In your next reply, please submit:
Both reports from FRST.


Thanks.

BBPP6nz.png


#4 decon21

decon21
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 12 November 2016 - 02:54 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2016
Ran by Shawn (administrator) on SHAWN-PC (12-11-2016 13:50:09)
Running from C:\Users\Shawn\Desktop
Loaded Profiles: Shawn (Available Profiles: Shawn & Mcx1-SHAWN-PC)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\TOSHIBA Web Camera Application\TWebCamera.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [520760 2010-03-10] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9044392 2016-11-08] (AVAST Software)
HKLM-x32\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start hxxp://www.avg.com/ww.special-uninstallation-feedback-app?lic=SUFXV0ktWFpMVjItTllGTjMtUURQTUgtNFdGVFMtSg"&"inst=NzYtOTI0ODQzNzk1LVFJWDErNC1YMjAxMCsyLU4xKzEtVklQKzEtVFVHKzMtRERUKzUzNzk (the data entry has 167 more characters).
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3966840398-377389863-2040579310-1001\...\MountPoints2: {4e8e1299-09ee-11e2-a6cb-00266c4fa490} - E:\StartClickFreeBackup.exe
HKU\S-1-5-18\...\RunOnce: [{91120000-002F-0000-0000-0000000FF1CE}] => C:\windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18\...\RunOnce: [{90120000-006E-0409-0000-0000000FF1CE}] => C:\windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-10-30] (AVAST Software)
ShellIconOverlayIdentifiers: [MOBK] -> {3c3f3c1a-9153-7c05-f938-622e7003894d} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll [2010-04-13] (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK2] -> {e6ea1d7d-144e-b977-98c4-84c53c1a69d0} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll [2010-04-13] (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK3] -> {b4caf489-1eec-c617-49ad-8d7088598c06} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll [2010-04-13] (McAfee, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 172.16.1.254 142.165.21.5
Tcpip\..\Interfaces\{32190FDF-D106-47AD-A6BE-AE4AA606D184}: [DhcpNameServer] 172.16.1.254
Tcpip\..\Interfaces\{4F43E652-8F57-4562-9BF6-DC8F939389B0}: [DhcpNameServer] 172.16.1.254 142.165.21.5
 
Internet Explorer:
==================
HKU\S-1-5-21-3966840398-377389863-2040579310-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\S-1-5-21-3966840398-377389863-2040579310-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.toshiba.ca/welcome
URLSearchHook: HKU\S-1-5-21-3966840398-377389863-2040579310-1001 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKU\S-1-5-21-3966840398-377389863-2040579310-1001 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-3966840398-377389863-2040579310-1001 -> DefaultScope {1B22A0CB-B47F-425C-B59D-F86B0263B4FB} URL = hxxp://ca.search.yahoo.com/search?fr=mcafee&type=A011CA0&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-3966840398-377389863-2040579310-1001 -> URL hxxp://ca.yhs.search.yahoo.com/avg/search?fr=yhs-avgb-chrome&type=yahoo_avg_hs2-tb-web_chrome_ca&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3966840398-377389863-2040579310-1001 -> {1B22A0CB-B47F-425C-B59D-F86B0263B4FB} URL = hxxp://ca.search.yahoo.com/search?fr=mcafee&type=A011CA0&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-3966840398-377389863-2040579310-1001 -> {31C088A7-5097-4CB6-83EE-5E5F66D7B6C5} URL = hxxp://search.avg.com/route/?d=4e4aeb5b&v=7.7.26.1&i=26&tp=chrome&q={searchTerms}&lng={language}&iy=b&ychte=us
SearchScopes: HKU\S-1-5-21-3966840398-377389863-2040579310-1001 -> {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = hxxp://start.iplay.com/searchresults.aspx?o=chrome&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3966840398-377389863-2040579310-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA_en___CA395
SearchScopes: HKU\S-1-5-21-3966840398-377389863-2040579310-1001 -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=b&ychte=ca
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2014-04-24] (McAfee, Inc.)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22] (Adobe Systems Incorporated)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2014-04-24] (McAfee, Inc.)
BHO-x32: No Name -> {CC3C8D60-29D6-4880-B9D8-443C4CBA2BEC} -> No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-03-23] (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-03-02] (<TOSHIBA>)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2014-04-24] (McAfee, Inc.)
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2014-04-24] (McAfee, Inc.)
Toolbar: HKU\S-1-5-21-3966840398-377389863-2040579310-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3966840398-377389863-2040579310-1001 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\S-1-5-21-3966840398-377389863-2040579310-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2014-04-24] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2014-04-24] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2014-04-24] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2014-04-24] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2012-09-12] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2012-09-12] (McAfee, Inc.)
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor [2016-02-19] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2016-02-19] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2012-09-12] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\progra~2\mcafee\msc\npmcsn~1.dll [2012-09-12] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll [2014-05-07] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2011-06-07] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Shawn\AppData\Local\Google\Chrome\User Data\Default [2016-11-12]
CHR Extension: (Google Docs) - C:\Users\Shawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-30]
CHR Extension: (Google Drive) - C:\Users\Shawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-30]
CHR Extension: (YouTube) - C:\Users\Shawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-30]
CHR Extension: (Avast SafePrice) - C:\Users\Shawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-11-04]
CHR Extension: (Google Sheets) - C:\Users\Shawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-30]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Shawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2016-10-30]
CHR Extension: (Google Docs Offline) - C:\Users\Shawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-30]
CHR Extension: (Avast Online Security) - C:\Users\Shawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-10-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Shawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-30]
CHR Extension: (Gmail) - C:\Users\Shawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-30]
CHR Extension: (Chrome Media Router) - C:\Users\Shawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-30]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-10-30] (AVAST Software)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [383608 2012-09-10] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [237920 2012-06-22] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218320 2012-06-22] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [177144 2012-06-22] (McAfee, Inc.)
S4 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 aswHwid; C:\windows\system32\drivers\aswHwid.sys [37656 2016-10-30] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [108816 2016-10-30] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [103064 2016-10-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-10-30] (AVAST Software)
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [969184 2016-10-30] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [513632 2016-10-30] (AVAST Software)
R2 aswStm; C:\windows\system32\drivers\aswStm.sys [163416 2016-10-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-30] (AVAST Software)
S3 cfwids; C:\windows\System32\drivers\cfwids.sys [69672 2012-06-22] (McAfee, Inc.)
S3 ebdrv; C:\windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 gfiutil; C:\windows\System32\drivers\gfiutil.sys [32400 2016-03-04] (ThreatTrack Security)
S3 HipShieldK; C:\windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
R0 McPvDrv; C:\windows\System32\drivers\McPvDrv.sys [73096 2012-09-14] (McAfee, Inc.)
R3 mfeapfk; C:\windows\System32\drivers\mfeapfk.sys [169320 2012-06-22] (McAfee, Inc.)
R3 mfeavfk; C:\windows\System32\drivers\mfeavfk.sys [300392 2012-06-22] (McAfee, Inc.)
U3 mfeavfk01; no ImagePath
R3 mfefirek; C:\windows\System32\drivers\mfefirek.sys [513456 2012-06-22] (McAfee, Inc.)
R0 mfehidk; C:\windows\System32\drivers\mfehidk.sys [752672 2012-06-22] (McAfee, Inc.)
S3 mferkdet; C:\windows\System32\drivers\mferkdet.sys [106112 2012-06-22] (McAfee, Inc.)
R0 mfewfpk; C:\windows\System32\drivers\mfewfpk.sys [335784 2012-06-22] (McAfee, Inc.)
R1 MOBKFilter; C:\windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)
R2 sbapifs; C:\windows\System32\DRIVERS\sbapifs.sys [88928 2016-10-30] (ThreatTrack Security, Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-12 13:50 - 2016-11-12 13:50 - 00023116 _____ C:\Users\Shawn\Desktop\FRST.txt
2016-11-12 13:50 - 2016-11-12 13:50 - 00000000 ____D C:\Users\Shawn\Desktop\FRST-OlderVersion
2016-11-12 13:49 - 2016-11-12 13:49 - 02411520 _____ (Farbar) C:\Users\Shawn\Downloads\FRST64 (1).exe
2016-11-11 23:11 - 2016-11-12 13:50 - 00000000 ____D C:\FRST
2016-11-11 23:10 - 2016-11-12 13:50 - 02411520 _____ (Farbar) C:\Users\Shawn\Desktop\FRST64.exe
2016-11-11 04:30 - 2016-05-12 11:15 - 00105472 _____ (Microsoft Corporation) C:\windows\system32\winipsec.dll
2016-11-11 04:30 - 2016-05-12 11:14 - 00794624 _____ (Microsoft Corporation) C:\windows\system32\gpsvc.dll
2016-11-11 04:30 - 2016-05-12 11:14 - 00502272 _____ (Microsoft Corporation) C:\windows\system32\IPSECSVC.DLL
2016-11-11 04:30 - 2016-05-12 11:14 - 00373760 _____ (Microsoft Corporation) C:\windows\system32\polstore.dll
2016-11-11 04:30 - 2016-05-12 11:14 - 00096256 _____ (Microsoft Corporation) C:\windows\system32\gpapi.dll
2016-11-11 04:30 - 2016-05-12 11:14 - 00075776 _____ (Microsoft Corporation) C:\windows\system32\FwRemoteSvr.dll
2016-11-11 04:30 - 2016-05-12 09:18 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\polstore.dll
2016-11-11 04:30 - 2016-05-12 09:18 - 00079360 _____ (Microsoft Corporation) C:\windows\SysWOW64\gpapi.dll
2016-11-11 04:30 - 2016-05-12 09:18 - 00070144 _____ (Microsoft Corporation) C:\windows\SysWOW64\winipsec.dll
2016-11-11 04:30 - 2016-05-12 09:18 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\FwRemoteSvr.dll
2016-11-11 04:30 - 2015-12-20 12:50 - 03180544 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2016-11-11 04:30 - 2015-12-20 12:50 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2016-11-11 04:30 - 2015-12-20 08:08 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2016-11-11 04:30 - 2015-07-16 13:12 - 04922368 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2016-11-11 04:30 - 2015-07-16 13:12 - 00269824 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2016-11-11 04:30 - 2015-07-16 13:12 - 00037376 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2016-11-11 04:30 - 2015-07-16 13:11 - 05779456 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2016-11-11 04:30 - 2015-07-16 13:11 - 00322560 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll
2016-11-11 04:30 - 2015-07-16 13:11 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2016-11-11 04:30 - 2014-12-11 11:47 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2016-11-11 04:29 - 2014-08-28 20:06 - 01125888 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2016-11-11 04:29 - 2014-08-28 19:44 - 01050112 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2016-11-11 04:28 - 2016-11-02 09:36 - 00382696 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2016-11-11 04:28 - 2016-11-02 09:22 - 00308456 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2016-11-11 04:28 - 2016-10-27 21:59 - 00394440 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-11-11 04:28 - 2016-10-27 21:14 - 00346320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2016-11-11 04:28 - 2016-10-27 12:51 - 02896384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-11-11 04:28 - 2016-10-27 12:28 - 25763328 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-11-11 04:28 - 2016-10-27 12:28 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2016-11-11 04:28 - 2016-10-27 12:19 - 06047744 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-11-11 04:28 - 2016-10-27 11:46 - 00806912 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-11-11 04:28 - 2016-10-27 11:46 - 00725504 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2016-11-11 04:28 - 2016-10-27 11:44 - 02131456 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-11-11 04:28 - 2016-10-27 11:44 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2016-11-11 04:28 - 2016-10-27 11:17 - 15257088 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-11-11 04:28 - 2016-10-27 11:16 - 02920448 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-11-11 04:28 - 2016-10-27 11:03 - 01543680 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-11-11 04:28 - 2016-10-27 09:05 - 20304896 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-11-11 04:28 - 2016-10-25 09:02 - 03219456 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-11-11 04:28 - 2016-10-22 11:27 - 02287616 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2016-11-11 04:28 - 2016-10-22 10:44 - 04608000 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-11-11 04:28 - 2016-10-22 10:43 - 02055680 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2016-11-11 04:28 - 2016-10-22 10:43 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2016-11-11 04:28 - 2016-10-22 10:30 - 13654016 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-11-11 04:28 - 2016-10-22 10:12 - 02444800 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-11-11 04:28 - 2016-10-22 10:09 - 01312256 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-11-11 04:28 - 2016-10-15 09:31 - 00976896 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2016-11-11 04:28 - 2016-10-15 09:13 - 00741888 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2016-11-11 04:28 - 2016-10-11 09:37 - 00370920 _____ (Microsoft Corporation) C:\windows\system32\clfs.sys
2016-11-11 04:28 - 2016-10-11 09:31 - 01148416 _____ (Microsoft Corporation) C:\windows\system32\IMJP10.IME
2016-11-11 04:28 - 2016-10-11 09:31 - 01068544 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
2016-11-11 04:28 - 2016-10-11 09:31 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL
2016-11-11 04:28 - 2016-10-11 09:31 - 00176128 _____ (Microsoft Corporation) C:\windows\system32\tintlgnt.ime
2016-11-11 04:28 - 2016-10-11 09:31 - 00175104 _____ (Microsoft Corporation) C:\windows\system32\quick.ime
2016-11-11 04:28 - 2016-10-11 09:31 - 00175104 _____ (Microsoft Corporation) C:\windows\system32\qintlgnt.ime
2016-11-11 04:28 - 2016-10-11 09:31 - 00175104 _____ (Microsoft Corporation) C:\windows\system32\phon.ime
2016-11-11 04:28 - 2016-10-11 09:31 - 00175104 _____ (Microsoft Corporation) C:\windows\system32\cintlgnt.ime
2016-11-11 04:28 - 2016-10-11 09:31 - 00175104 _____ (Microsoft Corporation) C:\windows\system32\chajei.ime
2016-11-11 04:28 - 2016-10-11 09:31 - 00132608 _____ (Microsoft Corporation) C:\windows\system32\pintlgnt.ime
2016-11-11 04:28 - 2016-10-11 09:18 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\tintlgnt.ime
2016-11-11 04:28 - 2016-10-11 09:18 - 00125952 _____ (Microsoft Corporation) C:\windows\SysWOW64\cintlgnt.ime
2016-11-11 04:28 - 2016-10-11 09:18 - 00090112 _____ (Microsoft Corporation) C:\windows\SysWOW64\pintlgnt.ime
2016-11-11 04:28 - 2016-10-11 07:33 - 00187392 _____ (Microsoft Corporation) C:\windows\SysWOW64\UIAnimation.dll
2016-11-11 04:28 - 2016-10-11 07:06 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\UIAnimation.dll
2016-11-11 04:28 - 2016-10-10 09:33 - 01462272 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-11-11 04:28 - 2016-10-10 09:33 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2016-11-11 04:28 - 2016-10-10 09:16 - 00261120 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2016-11-11 04:28 - 2016-10-07 09:40 - 00631176 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2016-11-11 04:28 - 2016-10-07 09:37 - 05547752 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-11-11 04:28 - 2016-10-07 09:37 - 00706792 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2016-11-11 04:28 - 2016-10-07 09:35 - 01732864 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2016-11-11 04:28 - 2016-10-07 09:32 - 03649536 _____ (Microsoft Corporation) C:\windows\system32\MSVidCtl.dll
2016-11-11 04:28 - 2016-10-07 09:18 - 04000488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2016-11-11 04:28 - 2016-10-07 09:18 - 03944680 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2016-11-11 04:28 - 2016-10-07 09:15 - 01314112 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2016-11-11 04:28 - 2016-10-07 09:12 - 02291712 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSVidCtl.dll
2016-11-11 04:28 - 2016-10-05 08:54 - 00090112 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bowser.sys
2016-11-11 04:28 - 2016-09-15 08:56 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2016-11-11 04:28 - 2016-09-09 12:20 - 00756736 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2016-11-11 04:28 - 2016-09-09 12:00 - 00497152 _____ (Microsoft Corporation) C:\windows\SysWOW64\win32spl.dll
2016-11-11 04:27 - 2016-11-02 09:32 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2016-11-11 04:27 - 2016-11-02 09:32 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2016-11-11 04:27 - 2016-11-02 09:32 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2016-11-11 04:27 - 2016-11-02 09:32 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2016-11-11 04:27 - 2016-11-02 09:16 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2016-11-11 04:27 - 2016-11-02 09:16 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2016-11-11 04:27 - 2016-11-02 09:16 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2016-11-11 04:27 - 2016-11-02 08:53 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2016-11-11 04:27 - 2016-10-27 13:13 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2016-11-11 04:27 - 2016-10-27 13:13 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2016-11-11 04:27 - 2016-10-27 12:55 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2016-11-11 04:27 - 2016-10-27 12:54 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2016-11-11 04:27 - 2016-10-27 12:54 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2016-11-11 04:27 - 2016-10-27 12:53 - 00576000 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-11-11 04:27 - 2016-10-27 12:53 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2016-11-11 04:27 - 2016-10-27 12:44 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2016-11-11 04:27 - 2016-10-27 12:43 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2016-11-11 04:27 - 2016-10-27 12:38 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2016-11-11 04:27 - 2016-10-27 12:37 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-11-11 04:27 - 2016-10-27 12:37 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2016-11-11 04:27 - 2016-10-27 12:37 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2016-11-11 04:27 - 2016-10-27 12:37 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2016-11-11 04:27 - 2016-10-27 12:24 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2016-11-11 04:27 - 2016-10-27 12:15 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2016-11-11 04:27 - 2016-10-27 12:13 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2016-11-11 04:27 - 2016-10-27 12:09 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2016-11-11 04:27 - 2016-10-27 12:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-11-11 04:27 - 2016-10-27 12:05 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2016-11-11 04:27 - 2016-10-27 12:02 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2016-11-11 04:27 - 2016-10-27 11:49 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-11-11 04:27 - 2016-10-27 10:54 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-11-11 04:27 - 2016-10-22 11:54 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2016-11-11 04:27 - 2016-10-22 11:36 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2016-11-11 04:27 - 2016-10-22 11:36 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2016-11-11 04:27 - 2016-10-22 11:35 - 00498688 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-11-11 04:27 - 2016-10-22 11:35 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2016-11-11 04:27 - 2016-10-22 11:34 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2016-11-11 04:27 - 2016-10-22 11:27 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2016-11-11 04:27 - 2016-10-22 11:26 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2016-11-11 04:27 - 2016-10-22 11:22 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2016-11-11 04:27 - 2016-10-22 11:21 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-11-11 04:27 - 2016-10-22 11:21 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2016-11-11 04:27 - 2016-10-22 11:20 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2016-11-11 04:27 - 2016-10-22 11:09 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2016-11-11 04:27 - 2016-10-22 11:04 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-11-11 04:27 - 2016-10-22 11:03 - 00091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2016-11-11 04:27 - 2016-10-22 10:59 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2016-11-11 04:27 - 2016-10-22 10:58 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2016-11-11 04:27 - 2016-10-22 10:56 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2016-11-11 04:27 - 2016-10-22 10:54 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2016-11-11 04:27 - 2016-10-22 10:46 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2016-11-11 04:27 - 2016-10-22 10:45 - 00693248 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-11-11 04:27 - 2016-10-22 10:09 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-11-11 04:27 - 2016-10-15 09:31 - 00084480 _____ (Microsoft Corporation) C:\windows\system32\INETRES.dll
2016-11-11 04:27 - 2016-10-15 09:13 - 00084480 _____ (Microsoft Corporation) C:\windows\SysWOW64\INETRES.dll
2016-11-11 04:27 - 2016-10-11 09:31 - 00457216 _____ (Microsoft Corporation) C:\windows\system32\imkr80.ime
2016-11-11 04:27 - 2016-10-11 09:31 - 00246784 _____ (Microsoft Corporation) C:\windows\system32\input.dll
2016-11-11 04:27 - 2016-10-11 09:18 - 01027584 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10.IME
2016-11-11 04:27 - 2016-10-11 09:18 - 00829952 _____ (Microsoft Corporation) C:\windows\SysWOW64\msctf.dll
2016-11-11 04:27 - 2016-10-11 09:18 - 00701440 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10K.DLL
2016-11-11 04:27 - 2016-10-11 09:18 - 00430080 _____ (Microsoft Corporation) C:\windows\SysWOW64\imkr80.ime
2016-11-11 04:27 - 2016-10-11 09:18 - 00202240 _____ (Microsoft Corporation) C:\windows\SysWOW64\input.dll
2016-11-11 04:27 - 2016-10-11 09:18 - 00125952 _____ (Microsoft Corporation) C:\windows\SysWOW64\quick.ime
2016-11-11 04:27 - 2016-10-11 09:18 - 00125952 _____ (Microsoft Corporation) C:\windows\SysWOW64\qintlgnt.ime
2016-11-11 04:27 - 2016-10-11 09:18 - 00125952 _____ (Microsoft Corporation) C:\windows\SysWOW64\phon.ime
2016-11-11 04:27 - 2016-10-11 09:18 - 00125952 _____ (Microsoft Corporation) C:\windows\SysWOW64\chajei.ime
2016-11-11 04:27 - 2016-10-10 09:38 - 00154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-11-11 04:27 - 2016-10-10 09:38 - 00095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2016-11-11 04:27 - 2016-10-10 09:34 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2016-11-11 04:27 - 2016-10-10 09:34 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2016-11-11 04:27 - 2016-10-10 09:34 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2016-11-11 04:27 - 2016-10-10 09:34 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2016-11-11 04:27 - 2016-10-10 09:33 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2016-11-11 04:27 - 2016-10-10 09:33 - 00730624 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-11-11 04:27 - 2016-10-10 09:33 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2016-11-11 04:27 - 2016-10-10 09:33 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2016-11-11 04:27 - 2016-10-10 09:33 - 00345600 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-11-11 04:27 - 2016-10-10 09:33 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2016-11-11 04:27 - 2016-10-10 09:33 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2016-11-11 04:27 - 2016-10-10 09:33 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2016-11-11 04:27 - 2016-10-10 09:33 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2016-11-11 04:27 - 2016-10-10 09:33 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2016-11-11 04:27 - 2016-10-10 09:33 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2016-11-11 04:27 - 2016-10-10 09:33 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2016-11-11 04:27 - 2016-10-10 09:16 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2016-11-11 04:27 - 2016-10-10 09:16 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2016-11-11 04:27 - 2016-10-10 09:16 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2016-11-11 04:27 - 2016-10-10 09:16 - 00342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2016-11-11 04:27 - 2016-10-10 09:16 - 00254464 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2016-11-11 04:27 - 2016-10-10 09:16 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2016-11-11 04:27 - 2016-10-10 09:16 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2016-11-11 04:27 - 2016-10-10 09:16 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2016-11-11 04:27 - 2016-10-10 09:16 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2016-11-11 04:27 - 2016-10-10 09:16 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2016-11-11 04:27 - 2016-10-10 09:16 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2016-11-11 04:27 - 2016-10-10 09:16 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2016-11-11 04:27 - 2016-10-10 09:16 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2016-11-11 04:27 - 2016-10-10 09:16 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2016-11-11 04:27 - 2016-10-10 09:02 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2016-11-11 04:27 - 2016-10-10 08:56 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-11-11 04:27 - 2016-10-10 08:55 - 00291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-11-11 04:27 - 2016-10-10 08:55 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-11-11 04:27 - 2016-10-10 08:55 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2016-11-11 04:27 - 2016-10-10 08:54 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2016-11-11 04:27 - 2016-10-10 08:50 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00880640 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00877056 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\asycfilt.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00059904 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00034816 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00644096 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00581632 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\asycfilt.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:04 - 00148480 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2016-11-11 04:27 - 2016-10-07 09:04 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2016-11-11 04:27 - 2016-10-07 09:04 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2016-11-11 04:27 - 2016-10-07 09:01 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2016-11-11 04:27 - 2016-10-07 09:00 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2016-11-11 04:27 - 2016-10-07 08:56 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2016-11-11 04:27 - 2016-10-07 08:50 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2016-11-11 04:27 - 2016-10-07 08:50 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2016-11-11 04:27 - 2016-10-07 08:50 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2016-11-11 04:27 - 2016-10-07 08:50 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2016-11-11 04:27 - 2016-10-07 08:49 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 08:49 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 08:49 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 08:49 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-11-11 04:27 - 2016-09-13 09:37 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2016-11-11 04:27 - 2016-09-13 09:11 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2016-11-11 04:27 - 2016-08-22 10:19 - 01386496 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2016-11-10 23:14 - 2016-08-12 10:26 - 00464896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv.sys
2016-11-10 23:14 - 2016-08-12 10:26 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2016-11-10 23:14 - 2016-08-12 10:26 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2016-11-10 23:14 - 2016-06-25 18:27 - 00970240 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2016-11-10 23:14 - 2016-06-25 18:27 - 00344576 _____ (Microsoft Corporation) C:\windows\system32\ntprint.dll
2016-11-10 23:14 - 2016-06-25 18:27 - 00166400 _____ (Microsoft Corporation) C:\windows\system32\inetpp.dll
2016-11-10 23:14 - 2016-06-25 18:27 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\inetppui.dll
2016-11-10 23:14 - 2016-06-25 13:53 - 00297472 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntprint.dll
2016-11-10 23:14 - 2016-06-25 13:53 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\ntprint.exe
2016-11-10 23:14 - 2016-06-25 13:53 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\wpnpinst.exe
2016-11-10 23:14 - 2016-06-25 13:41 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntprint.exe
2016-11-10 23:13 - 2016-08-12 11:02 - 14632960 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2016-11-10 23:12 - 2016-09-12 15:08 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\adsmsext.dll
2016-11-10 23:12 - 2016-09-12 14:49 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\adsmsext.dll
2016-11-10 23:12 - 2016-09-12 13:08 - 01251328 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2016-11-10 23:12 - 2016-09-12 12:43 - 01648128 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2016-11-10 23:12 - 2016-09-12 12:43 - 01180160 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2016-11-10 23:12 - 2016-09-08 14:34 - 00263680 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2016-11-10 23:12 - 2016-09-08 14:34 - 00208896 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2016-11-10 23:12 - 2016-09-08 14:34 - 00108544 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2016-11-10 23:12 - 2016-09-08 14:34 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2016-11-10 23:12 - 2016-09-08 08:55 - 00142336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2016-11-10 23:12 - 2016-09-08 08:55 - 00106496 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dfsc.sys
2016-11-10 23:12 - 2016-08-12 11:02 - 12574720 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2016-11-10 23:12 - 2016-08-12 11:02 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2016-11-10 23:12 - 2016-08-12 11:02 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2016-11-10 23:12 - 2016-08-12 11:02 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2016-11-10 23:12 - 2016-08-12 10:47 - 12574208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2016-11-10 23:12 - 2016-08-12 10:47 - 11410432 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2016-11-10 23:12 - 2016-08-12 10:31 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll
2016-11-10 23:12 - 2016-08-12 10:31 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx
2016-11-10 23:12 - 2016-08-12 10:31 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll
2016-11-10 23:12 - 2016-08-12 10:26 - 00461312 _____ (Microsoft Corporation) C:\windows\system32\scavengeui.dll
2016-11-10 23:12 - 2016-08-06 09:31 - 02023424 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2016-11-10 23:12 - 2016-08-06 09:31 - 00347136 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll
2016-11-10 23:12 - 2016-08-06 09:31 - 00310784 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2016-11-10 23:12 - 2016-08-06 09:31 - 00182272 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll
2016-11-10 23:12 - 2016-08-06 09:31 - 00054272 _____ (Microsoft Corporation) C:\windows\system32\WsmRes.dll
2016-11-10 23:12 - 2016-08-06 09:31 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\wsmplpxy.dll
2016-11-10 23:12 - 2016-08-06 09:15 - 01178112 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2016-11-10 23:12 - 2016-08-06 09:15 - 00249344 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll
2016-11-10 23:12 - 2016-08-06 09:15 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
2016-11-10 23:12 - 2016-08-06 09:15 - 00146944 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll
2016-11-10 23:12 - 2016-08-06 09:15 - 00054272 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmRes.dll
2016-11-10 23:12 - 2016-08-06 09:01 - 00266752 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe
2016-11-10 23:12 - 2016-08-06 09:01 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\wsmprovhost.exe
2016-11-10 23:12 - 2016-08-06 08:53 - 00199168 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe
2016-11-10 23:12 - 2016-08-06 08:53 - 00012288 _____ (Microsoft Corporation) C:\windows\SysWOW64\wsmprovhost.exe
2016-11-10 23:12 - 2016-08-06 08:53 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\wsmplpxy.dll
2016-11-10 23:12 - 2016-06-14 11:21 - 00094440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2016-11-10 23:12 - 2016-06-14 11:16 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 01573888 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 01483264 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 01202176 _____ (Microsoft Corporation) C:\windows\system32\drmv2clt.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 01068544 _____ (Microsoft Corporation) C:\windows\system32\cryptui.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00842240 _____ (Microsoft Corporation) C:\windows\system32\blackbox.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00782848 _____ (Microsoft Corporation) C:\windows\system32\wmdrmsdk.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00680448 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00641024 _____ (Microsoft Corporation) C:\windows\system32\msscp.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00632320 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00499712 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00497664 _____ (Microsoft Corporation) C:\windows\system32\drmmgrtn.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00440320 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00433152 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00325632 _____ (Microsoft Corporation) C:\windows\system32\msnetobj.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00295936 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00190976 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00187904 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00141824 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00081920 _____ (Microsoft Corporation) C:\windows\system32\cryptsp.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\pcadm.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00008704 _____ (Microsoft Corporation) C:\windows\system32\pcaevts.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2016-11-10 23:12 - 2016-06-14 11:11 - 00663552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys
2016-11-10 23:12 - 2016-06-14 09:21 - 03209216 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2016-11-10 23:12 - 2016-06-14 09:21 - 01329664 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll
2016-11-10 23:12 - 2016-06-14 09:21 - 01176064 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2016-11-10 23:12 - 2016-06-14 09:21 - 01005056 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptui.dll
2016-11-10 23:12 - 2016-06-14 09:21 - 00988160 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmv2clt.dll
2016-11-10 23:12 - 2016-06-14 09:21 - 00744960 _____ (Microsoft Corporation) C:\windows\SysWOW64\blackbox.dll
2016-11-10 23:12 - 2016-06-14 09:21 - 00617984 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmdrmsdk.dll
2016-11-10 23:12 - 2016-06-14 09:21 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2016-11-10 23:12 - 2016-06-14 09:21 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msscp.dll
2016-11-10 23:12 - 2016-06-14 09:21 - 00489984 _____ (Microsoft Corporation) C:\windows\SysWOW64\evr.dll
2016-11-10 23:12 - 2016-06-14 09:21 - 00442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2016-11-10 23:12 - 2016-06-14 09:21 - 00406016 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmmgrtn.dll
2016-11-10 23:12 - 2016-06-14 09:21 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2016-11-10 23:12 - 2016-06-14 09:21 - 00354816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfplat.dll
2016-11-10 23:12 - 2016-06-14 09:21 - 00265216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msnetobj.dll
2016-11-10 23:12 - 2016-06-14 09:21 - 00195072 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2016-11-10 23:12 - 2016-06-14 09:21 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2016-11-10 23:12 - 2016-06-14 09:21 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2016-11-10 23:12 - 2016-06-14 09:21 - 00106496 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2016-11-10 23:12 - 2016-06-14 09:21 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2016-11-10 23:12 - 2016-06-14 09:21 - 00080896 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsp.dll
2016-11-10 23:12 - 2016-06-14 09:21 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2016-11-10 23:12 - 2016-06-14 09:15 - 00125952 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2016-11-10 23:12 - 2016-06-14 09:15 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2016-11-10 23:12 - 2016-06-14 09:15 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2016-11-10 23:12 - 2016-06-14 09:05 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2016-11-10 23:12 - 2016-06-14 09:05 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2016-11-10 23:12 - 2016-06-14 09:00 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\pcawrk.exe
2016-11-10 23:12 - 2016-06-14 09:00 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\pcalua.exe
2016-11-10 23:09 - 2016-09-12 15:17 - 00077032 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2016-11-10 23:09 - 2016-09-12 15:08 - 01226752 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2016-11-10 23:09 - 2016-09-09 09:54 - 01629184 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2016-11-10 23:09 - 2016-09-09 09:54 - 00586752 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2016-11-10 23:09 - 2016-09-09 09:54 - 00575488 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2016-11-10 23:09 - 2016-09-09 09:54 - 00314368 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2016-11-10 23:09 - 2016-09-09 09:54 - 00273408 _____ (Microsoft Corporation) C:\windows\system32\centel.dll
2016-11-10 23:09 - 2016-09-09 09:54 - 00224256 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2016-11-10 23:09 - 2016-09-09 09:54 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2016-11-10 23:08 - 2016-05-13 16:09 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2016-11-10 23:08 - 2016-05-13 16:09 - 00192512 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2016-11-10 23:08 - 2016-05-13 16:09 - 00098816 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2016-11-10 23:08 - 2016-05-13 16:07 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2016-11-10 23:08 - 2016-05-13 15:55 - 02607104 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2016-11-10 23:08 - 2016-05-13 15:53 - 00709120 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2016-11-10 23:08 - 2016-05-13 15:53 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2016-11-10 23:08 - 2016-05-13 15:52 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2016-11-10 23:08 - 2016-05-13 15:52 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2016-11-10 23:08 - 2016-05-13 15:52 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2016-11-10 23:08 - 2016-05-13 15:52 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2016-11-10 23:08 - 2016-05-13 15:50 - 00174080 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2016-11-10 23:08 - 2016-05-13 15:38 - 00573440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2016-11-10 23:08 - 2016-05-13 15:38 - 00093696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2016-11-10 23:08 - 2016-05-13 15:38 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2016-11-10 23:08 - 2016-05-13 15:38 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2016-11-10 23:08 - 2016-05-12 09:18 - 00090624 _____ (Microsoft Corporation) C:\windows\SysWOW64\olepro32.dll
2016-11-10 23:08 - 2016-05-12 07:05 - 00459640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2016-11-10 23:08 - 2016-05-12 07:05 - 00297984 _____ (Microsoft Corporation) C:\windows\system32\bcryptprimitives.dll
2016-11-10 23:08 - 2016-05-12 07:04 - 00249352 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcryptprimitives.dll
2016-11-10 23:08 - 2016-05-04 11:21 - 00114408 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2016-11-10 23:08 - 2016-05-04 11:17 - 03244032 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2016-11-10 23:08 - 2016-05-04 11:17 - 02365440 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2016-11-10 23:08 - 2016-05-04 11:17 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2016-11-10 23:08 - 2016-05-04 11:17 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2016-11-10 23:08 - 2016-05-04 11:17 - 00025088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msimsg.dll
2016-11-10 23:08 - 2016-05-04 11:17 - 00025088 _____ (Microsoft Corporation) C:\windows\system32\msimsg.dll
2016-11-10 23:08 - 2016-05-04 11:16 - 00070144 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2016-11-10 23:08 - 2016-05-04 09:04 - 00128512 _____ (Microsoft Corporation) C:\windows\system32\msiexec.exe
2016-11-10 23:08 - 2016-05-04 08:55 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msiexec.exe
2016-11-10 23:06 - 2016-08-16 11:36 - 01009152 _____ (Microsoft Corporation) C:\windows\system32\user32.dll
2016-11-10 23:06 - 2016-08-15 20:48 - 00833024 _____ (Microsoft Corporation) C:\windows\SysWOW64\user32.dll
2016-11-10 23:06 - 2016-07-07 09:36 - 01896168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2016-11-10 23:06 - 2016-07-07 09:36 - 00377576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2016-11-10 23:06 - 2016-07-07 09:36 - 00287976 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2016-11-10 23:06 - 2016-07-07 09:08 - 00046080 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpipreg.sys
2016-11-10 23:05 - 2016-08-29 09:31 - 14183424 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2016-11-10 23:05 - 2016-08-29 09:31 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2016-11-10 23:05 - 2016-08-29 09:31 - 01867776 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll
2016-11-10 23:05 - 2016-08-29 09:12 - 12880384 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2016-11-10 23:05 - 2016-08-29 09:12 - 01806848 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2016-11-10 23:05 - 2016-08-29 09:12 - 01499648 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll
2016-11-10 23:05 - 2016-08-29 09:04 - 03229696 _____ (Microsoft Corporation) C:\windows\explorer.exe
2016-11-10 23:05 - 2016-08-29 08:55 - 02972672 _____ (Microsoft Corporation) C:\windows\SysWOW64\explorer.exe
2016-11-10 23:05 - 2016-08-16 14:40 - 00343552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2016-11-10 23:05 - 2016-08-16 14:40 - 00327168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2016-11-10 23:05 - 2016-08-16 14:40 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2016-11-10 23:05 - 2016-08-16 14:40 - 00056320 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2016-11-10 23:05 - 2016-08-16 14:40 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2016-11-10 23:05 - 2016-08-16 14:40 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
2016-11-10 23:05 - 2016-08-16 14:40 - 00007808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2016-11-10 23:05 - 2016-05-11 11:02 - 00483840 _____ (Microsoft Corporation) C:\windows\system32\StructuredQuery.dll
2016-11-10 23:05 - 2016-05-11 11:02 - 00444928 _____ (Microsoft Corporation) C:\windows\system32\winhttp.dll
2016-11-10 23:05 - 2016-05-11 11:02 - 00327168 _____ (Microsoft Corporation) C:\windows\system32\mswsock.dll
2016-11-10 23:05 - 2016-05-11 11:02 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\ws2_32.dll
2016-11-10 23:05 - 2016-05-11 09:19 - 00363520 _____ (Microsoft Corporation) C:\windows\SysWOW64\StructuredQuery.dll
2016-11-10 23:05 - 2016-05-11 09:19 - 00351744 _____ (Microsoft Corporation) C:\windows\SysWOW64\winhttp.dll
2016-11-10 23:05 - 2016-05-11 09:19 - 00231424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mswsock.dll
2016-11-10 23:05 - 2016-05-11 09:19 - 00206336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ws2_32.dll
2016-11-10 23:05 - 2016-05-11 09:11 - 00025088 _____ (Microsoft Corporation) C:\windows\system32\netbtugc.exe
2016-11-10 23:05 - 2016-05-11 09:01 - 00026624 _____ (Microsoft Corporation) C:\windows\SysWOW64\netbtugc.exe
2016-11-10 23:05 - 2016-05-11 08:58 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netbt.sys
2016-11-10 23:04 - 2016-05-18 10:10 - 00312832 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2016-11-10 23:04 - 2016-05-18 10:09 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2016-11-10 22:30 - 2016-03-09 13:00 - 00396800 _____ (Microsoft Corporation) C:\windows\system32\webio.dll
2016-11-10 22:30 - 2016-03-09 12:40 - 00316416 _____ (Microsoft Corporation) C:\windows\SysWOW64\webio.dll
2016-11-06 23:01 - 2011-07-19 15:21 - 734355456 _____ C:\Users\Shawn\Downloads\exvid-jackass.3.5.avi
2016-11-06 23:01 - 2011-03-25 23:31 - 739594714 _____ C:\Users\Shawn\Downloads\Jane Austen's Mafia[1998]Eng.Swesub.DvDrip.NeRoZ.avi
2016-11-06 23:00 - 2013-05-12 11:05 - 227244533 _____ C:\Users\Shawn\Downloads\Anger.Management.S02E15.HDTV.x264-2HD.mp4
2016-11-06 23:00 - 2013-05-12 11:04 - 197406308 _____ C:\Users\Shawn\Downloads\Anger.Management.S02E14.HDTV.x264-EVOLVE.mp4
2016-11-06 23:00 - 2013-01-28 23:11 - 63384344 _____ C:\Users\Shawn\Downloads\American.Dad.S08E10.HDTV.x264-LOL.mp4
2016-11-06 23:00 - 2012-12-12 09:49 - 81854536 _____ C:\Users\Shawn\Downloads\American.Dad.S08E06.HDTV.x264-LOL.mp4
2016-11-06 23:00 - 2012-12-03 21:13 - 78329440 _____ C:\Users\Shawn\Downloads\American.Dad.S08E05.HDTV.x264-LOL.mp4
2016-11-06 23:00 - 2012-10-08 18:30 - 66870921 _____ C:\Users\Shawn\Downloads\American.Dad.S08E01.HDTV.x264-LOL.mp4
2016-11-06 23:00 - 2012-10-08 18:28 - 98249532 _____ C:\Users\Shawn\Downloads\American.Dad.S08E02.HDTV.x264-LOL.mp4
2016-11-06 23:00 - 2012-01-25 20:13 - 901257026 _____ C:\Users\Shawn\Downloads\Columbiana(2011)BRrip-720p_Xvid-859MB.avi
2016-11-06 22:59 - 2016-11-06 22:59 - 00000000 ____D C:\Users\Shawn\Downloads\ZZ Top - La Futura (2012)
2016-11-06 22:59 - 2016-11-06 22:59 - 00000000 ____D C:\Users\Shawn\Downloads\Zootopia (2016) 720p BrRip x264 - VPPV
2016-11-06 22:59 - 2016-05-23 01:34 - 841621541 _____ C:\Users\Shawn\Downloads\10.Cloverfield.Lane.2016.720p.HDRip.800MB.MkvCage.mkv
2016-11-06 22:58 - 2016-11-06 22:58 - 00000000 ____D C:\Users\Shawn\Downloads\Zoolander.2.2016.HDRip.XViD-ETRG
2016-11-06 22:58 - 2016-11-06 22:58 - 00000000 ____D C:\Users\Shawn\Downloads\Zero Dark Thirty (2012)
2016-11-06 22:57 - 2016-11-06 22:57 - 00000000 ____D C:\Users\Shawn\Downloads\X.Men.Apocalypse.2016.TC.x264.AAC-ETRG
2016-11-06 22:57 - 2016-11-06 22:57 - 00000000 ____D C:\Users\Shawn\Downloads\Volbeat - Beyond Hell Above Heaven (2010)
2016-11-06 22:56 - 2016-11-06 22:56 - 00000000 ____D C:\Users\Shawn\Downloads\Victor.Frankenstein.2015.HDRip.XViD-ETRG
2016-11-06 22:55 - 2016-11-06 22:56 - 00000000 ____D C:\Users\Shawn\Downloads\Universal Soldier Day of Reckoning (2012) [1080p]
2016-11-06 22:54 - 2016-11-06 22:54 - 00000000 ____D C:\Users\Shawn\Downloads\Underworld Awakening 2012 BRRiP XViD AbSurdiTy
2016-11-06 22:53 - 2013-05-19 15:00 - 1821918619 _____ C:\Users\Shawn\Downloads\The Place Beyond the Pines [2012]H264 DVDRip.mp4[Eng]BlueLady.mp4
2016-11-06 22:53 - 2012-11-08 15:14 - 81068794 _____ C:\Users\Shawn\Downloads\South.Park.S16E14.HDTV.x264-ASAP.mp4
2016-11-06 22:53 - 2012-10-11 19:42 - 86282801 _____ C:\Users\Shawn\Downloads\South.Park.S16E10.PROPER.HDTV.x264-2HD.mp4
2016-11-06 22:53 - 2012-09-29 11:35 - 91604020 _____ C:\Users\Shawn\Downloads\South.Park.S16E08.HDTV.x264-2HD.mp4
2016-11-06 22:52 - 2013-06-05 18:14 - 2646880589 _____ C:\Users\Shawn\Downloads\Snitch [2013]H264 DVDRip.mp4[Eng]BlueLady.mp4
2016-11-06 22:52 - 2011-06-18 09:44 - 734908642 _____ C:\Users\Shawn\Downloads\Robin.Williams.Weapons.Of.Self.Destruction.HDTV.XviD-CHGRP.avi
2016-11-06 22:51 - 2012-11-09 20:34 - 733659136 _____ C:\Users\Shawn\Downloads\Resident.Evil.Apocalypse.DVDRiP.XViD.avi
2016-11-06 22:51 - 2011-08-19 18:19 - 1468095404 _____ C:\Users\Shawn\Downloads\Rise.of.the.Planet.of.the.Apes.2011.TS.XviD-NOVA.avi
2016-11-06 22:50 - 2012-01-22 21:13 - 735442944 _____ C:\Users\Shawn\Downloads\Paranormal.Activity.3.2011.UNRATED.DVDRip.XviD-SPARKS.avi
2016-11-04 23:09 - 2016-11-04 23:09 - 00000000 ____D C:\Users\Shawn\Downloads\backups
2016-11-01 22:42 - 2016-11-01 23:31 - 00224738 _____ C:\windows\ntbtlog.txt
2016-11-01 00:28 - 2016-11-01 00:28 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2016-11-01 00:28 - 2016-11-01 00:28 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-11-01 00:28 - 2016-11-01 00:28 - 00000000 ____D C:\Users\Shawn\Tracing
2016-11-01 00:28 - 2016-11-01 00:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-10-31 03:31 - 2015-07-30 07:13 - 00124624 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2016-10-31 03:31 - 2015-07-30 07:13 - 00103120 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-10-30 15:57 - 2016-03-06 12:53 - 01885696 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2016-10-30 15:57 - 2016-03-06 12:53 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2016-10-30 15:57 - 2016-03-06 12:38 - 01240576 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2016-10-30 15:57 - 2016-03-06 12:38 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2016-10-30 15:56 - 2016-03-17 16:56 - 02084864 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
2016-10-30 15:56 - 2016-03-17 16:28 - 01414144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll
2016-10-30 15:54 - 2015-07-15 12:10 - 01743360 _____ (Microsoft Corporation) C:\windows\system32\sysmain.dll
2016-10-30 15:47 - 2016-01-20 18:51 - 00073664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\disk.sys
2016-10-30 15:47 - 2015-11-19 08:07 - 00994760 _____ (Microsoft Corporation) C:\windows\system32\ucrtbase.dll
2016-10-30 15:47 - 2015-11-19 08:07 - 00063840 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:07 - 00020832 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:07 - 00019808 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:07 - 00017760 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:07 - 00017760 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:07 - 00016224 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:07 - 00015712 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:07 - 00014176 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:07 - 00014176 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-10-30 15:47 - 2015-11-19 08:07 - 00013664 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:07 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:07 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:07 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:07 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:07 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:07 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:07 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-10-30 15:47 - 2015-11-19 08:07 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-10-30 15:47 - 2015-11-19 08:07 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:07 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:07 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:07 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00922432 _____ (Microsoft Corporation) C:\windows\SysWOW64\ucrtbase.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00066400 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00022368 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00019808 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00017760 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00017760 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00016224 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00015712 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00014176 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00014176 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00013664 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-10-30 15:47 - 2015-11-03 13:04 - 00802304 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
2016-10-30 15:47 - 2015-11-03 12:56 - 00627712 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll
2016-10-30 15:46 - 2015-07-09 11:58 - 01632256 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
2016-10-30 15:46 - 2015-07-09 11:58 - 00082944 _____ (Microsoft Corporation) C:\windows\system32\dwmapi.dll
2016-10-30 15:46 - 2015-07-09 11:42 - 01372160 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmcore.dll
2016-10-30 15:46 - 2015-07-09 11:42 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmapi.dll
2016-10-30 15:44 - 2015-07-14 21:19 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\basesrv.dll
2016-10-30 15:36 - 2016-11-01 00:28 - 00000000 ____D C:\Users\Shawn\AppData\Local\Skype
2016-10-30 15:36 - 2016-04-09 01:01 - 00986344 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2016-10-30 15:36 - 2016-04-09 01:01 - 00264936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgmms1.sys
2016-10-30 15:36 - 2016-04-09 00:57 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\cdd.dll
2016-10-30 15:36 - 2016-02-05 12:56 - 00020480 _____ (Microsoft Corporation) C:\windows\system32\tbs.dll
2016-10-30 15:36 - 2016-02-05 12:54 - 00109568 _____ (Microsoft Corporation) C:\windows\system32\fveapibase.dll
2016-10-30 15:36 - 2016-02-05 11:33 - 00015360 _____ (Microsoft Corporation) C:\windows\SysWOW64\tbs.dll
2016-10-30 15:36 - 2015-06-03 14:21 - 00451080 _____ (Microsoft Corporation) C:\windows\system32\fveapi.dll
2016-10-30 15:35 - 2016-11-01 00:29 - 00000000 ____D C:\Users\Shawn\AppData\Roaming\Skype
2016-10-30 15:34 - 2016-11-01 00:28 - 00000000 ____D C:\ProgramData\Skype
2016-10-30 15:34 - 2016-01-11 13:11 - 01684416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2016-10-30 15:22 - 2012-08-23 07:41 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2016-10-30 15:22 - 2012-08-23 07:40 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2016-10-30 15:21 - 2012-08-23 08:10 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpvideominiport.sys
2016-10-30 15:21 - 2012-08-23 08:07 - 00057856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2016-10-30 15:21 - 2012-08-23 07:47 - 00046592 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsRdpWebAccess.dll
2016-10-30 15:21 - 2012-08-23 07:46 - 00016896 _____ (Microsoft Corporation) C:\windows\SysWOW64\wksprtPS.dll
2016-10-30 15:21 - 2012-08-23 07:20 - 00054272 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2016-10-30 15:21 - 2012-08-23 07:17 - 00018432 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2016-10-30 15:21 - 2012-08-23 07:06 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2016-10-30 15:21 - 2012-08-23 05:14 - 00384000 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2016-10-30 15:21 - 2012-08-23 05:12 - 00192000 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdpendp_winip.dll
2016-10-30 15:21 - 2012-08-23 04:51 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\rdpendp_winip.dll
2016-10-30 14:31 - 2015-08-05 11:56 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\icaapi.dll
2016-10-30 14:31 - 2015-08-05 11:06 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2016-10-30 14:28 - 2015-12-16 12:55 - 00069120 _____ (Microsoft Corporation) C:\windows\system32\nlsbres.dll
2016-10-30 14:28 - 2015-12-16 12:53 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\kbdgeoqw.dll
2016-10-30 14:28 - 2015-12-16 12:53 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDAZEL.DLL
2016-10-30 14:28 - 2015-12-16 12:53 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDAZE.DLL
2016-10-30 14:28 - 2015-12-16 12:48 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDAZE.DLL
2016-10-30 14:28 - 2015-12-16 12:48 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\kbdgeoqw.dll
2016-10-30 14:28 - 2015-12-16 12:48 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDAZEL.DLL
2016-10-30 14:28 - 2015-12-16 12:47 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlsbres.dll
2016-10-30 14:28 - 2015-12-16 08:35 - 00419640 _____ C:\windows\SysWOW64\locale.nls
2016-10-30 14:28 - 2015-12-16 08:35 - 00419640 _____ C:\windows\system32\locale.nls
2016-10-30 02:39 - 2016-10-30 02:39 - 00000000 ____D C:\windows\pss
2016-10-30 02:28 - 2016-10-30 02:28 - 00281632 _____ C:\Users\Shawn\Documents\cc_20161030_022802.reg
2016-10-30 02:21 - 2016-10-30 02:47 - 00002792 _____ C:\windows\System32\Tasks\CCleanerSkipUAC
2016-10-30 02:21 - 2016-10-30 02:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-10-30 02:21 - 2016-10-30 02:21 - 00000000 ____D C:\Program Files\CCleaner
2016-10-30 02:17 - 2016-10-30 02:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
2016-10-30 02:17 - 2016-10-30 02:17 - 00000000 ____D C:\Program Files\Defraggler
2016-10-30 02:16 - 2016-10-30 02:16 - 00000000 ____D C:\Users\Shawn\AppData\Local\CEF
2016-10-30 02:15 - 2016-10-30 02:15 - 00000000 ____D C:\Users\Shawn\AppData\Roaming\AVAST Software
2016-10-30 02:14 - 2016-11-01 23:41 - 00004180 _____ C:\windows\System32\Tasks\avast! Emergency Update
2016-10-30 02:14 - 2016-10-30 02:14 - 00000000 ____D C:\windows\System32\Tasks\AVAST Software
2016-10-30 02:14 - 2016-10-30 02:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-10-30 02:13 - 2016-10-30 02:14 - 00969184 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys
2016-10-30 02:13 - 2016-10-30 02:14 - 00513632 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2016-10-30 02:13 - 2016-10-30 02:14 - 00293352 _____ (AVAST Software) C:\windows\system32\Drivers\aswvmm.sys
2016-10-30 02:13 - 2016-10-30 02:12 - 00391496 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2016-10-30 02:13 - 2016-10-30 02:12 - 00163416 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2016-10-30 02:13 - 2016-10-30 02:12 - 00108816 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2016-10-30 02:13 - 2016-10-30 02:12 - 00103064 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2016-10-30 02:13 - 2016-10-30 02:12 - 00074544 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2016-10-30 02:13 - 2016-10-30 02:12 - 00037656 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2016-10-30 02:12 - 2016-10-30 02:12 - 00053208 _____ (AVAST Software) C:\windows\avastSS.scr
2016-10-30 02:12 - 2016-10-30 02:12 - 00000920 _____ C:\ProgramData\Microsoft\Windows\Start Menu\µTorrent.lnk
2016-10-30 02:12 - 2016-10-30 02:12 - 00000914 _____ C:\Users\Public\Desktop\µTorrent.lnk
2016-10-30 02:12 - 2016-10-30 02:12 - 00000000 ____D C:\Program Files (x86)\uTorrent
2016-10-30 02:11 - 2016-10-30 02:11 - 00000000 ____D C:\Program Files\AVAST Software
2016-10-30 02:10 - 2016-10-30 02:10 - 00000898 _____ C:\Users\Shawn\Desktop\Downloads.lnk
2016-10-30 02:09 - 2016-10-30 02:09 - 00000000 ____D C:\ProgramData\AVAST Software
2016-10-30 02:07 - 2016-10-30 02:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-10-30 01:44 - 2016-10-30 01:44 - 00000000 ____D C:\SUPERDelete
2016-10-30 01:41 - 2016-03-04 10:26 - 00032400 _____ (ThreatTrack Security) C:\windows\system32\Drivers\gfiutil.sys
2016-10-30 01:28 - 2016-10-30 01:28 - 00002238 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-30 01:28 - 2016-10-30 01:28 - 00002226 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-10-30 01:15 - 2016-10-30 01:15 - 00536976 _____ (ThreatTrack Security, Inc.) C:\windows\SysWOW64\sbap.dll
2016-10-30 01:15 - 2016-10-30 01:15 - 00088928 _____ (ThreatTrack Security, Inc.) C:\windows\system32\Drivers\sbapifs.sys
2016-10-30 01:15 - 2016-10-29 23:16 - 12610968 _____ (2017© PC Cleaners) C:\ProgramData\sprunst.exe
2016-10-30 01:14 - 2016-10-30 01:41 - 00000000 ____D C:\ProgramData\AntiMalwareProData
2016-10-30 00:39 - 2016-11-01 22:44 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-10-30 00:38 - 2016-10-30 00:38 - 00001073 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-10-30 00:38 - 2016-10-30 00:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-10-30 00:38 - 2016-10-30 00:38 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-10-30 00:38 - 2016-10-30 00:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-10-30 00:38 - 2016-03-10 13:09 - 00064896 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2016-10-30 00:38 - 2016-03-10 13:08 - 00140672 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2016-10-30 00:38 - 2016-03-10 13:08 - 00027008 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2016-10-29 23:40 - 2016-10-30 02:14 - 00000000 ____D C:\Program Files\Common Files\AV
2016-10-29 23:25 - 2016-10-30 00:34 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-10-29 23:25 - 2016-10-29 23:40 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-10-29 23:25 - 2016-10-29 23:25 - 00001362 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-10-29 23:25 - 2016-10-29 23:25 - 00001350 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-10-29 23:25 - 2016-10-29 23:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-10-29 23:25 - 2013-09-20 09:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-12 13:49 - 2013-06-05 12:57 - 00000350 _____ C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2016-11-12 13:49 - 2010-09-02 17:23 - 00000000 ____D C:\Users\Shawn\AppData\Local\CrashDumps
2016-11-12 04:41 - 2009-07-13 21:20 - 00000000 ____D C:\windows\rescache
2016-11-12 03:59 - 2009-07-13 22:45 - 00016304 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-12 03:59 - 2009-07-13 22:45 - 00016304 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-12 03:58 - 2009-07-13 23:13 - 00793654 _____ C:\windows\system32\PerfStringBackup.INI
2016-11-12 03:58 - 2009-07-13 21:20 - 00000000 ____D C:\windows\inf
2016-11-12 03:51 - 2009-07-13 23:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-11-12 03:47 - 2009-07-13 22:45 - 00338960 _____ C:\windows\system32\FNTCACHE.DAT
2016-11-12 03:23 - 2013-09-02 08:17 - 00000000 ____D C:\windows\system32\MRT
2016-11-12 03:16 - 2010-08-31 20:21 - 141011376 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-11-11 23:09 - 2009-07-13 22:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-11-11 03:49 - 2013-03-14 06:41 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-11-11 03:49 - 2010-05-29 20:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-11-11 03:45 - 2015-02-10 22:04 - 00000000 ____D C:\windows\system32\appraiser
2016-11-11 03:45 - 2014-05-14 23:38 - 00000000 ___SD C:\windows\system32\CompatTel
2016-11-11 03:45 - 2009-07-13 21:20 - 00000000 ____D C:\windows\SysWOW64\Dism
2016-11-11 03:45 - 2009-07-13 21:20 - 00000000 ____D C:\windows\system32\Dism
2016-11-11 03:06 - 2013-03-20 13:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-11-04 22:31 - 2010-08-31 20:34 - 00000000 ____D C:\Users\Shawn\AppData\Local\Google
2016-11-01 23:41 - 2013-03-06 13:54 - 00000000 ____D C:\Users\Shawn\AppData\Local\ElevatedDiagnostics
2016-11-01 23:41 - 2009-07-13 21:20 - 00000000 ____D C:\windows\system32\NDF
2016-11-01 10:44 - 2011-07-05 22:18 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-11-01 00:28 - 2010-08-31 18:49 - 00000000 ____D C:\Users\Shawn
2016-10-31 04:01 - 2010-09-01 02:29 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-31 04:01 - 2010-09-01 02:29 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-31 03:56 - 2009-07-13 21:20 - 00000000 ____D C:\windows\PolicyDefinitions
2016-10-30 18:20 - 2012-06-03 09:16 - 00000000 ____D C:\Users\Shawn\AppData\LocalLow\Bcool
2016-10-30 14:56 - 2014-04-23 15:34 - 00777964 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2016-10-30 02:47 - 2010-11-14 22:51 - 00003148 _____ C:\windows\System32\Tasks\{217E40A0-9E31-4AD3-A260-465E8937EDC1}
2016-10-30 02:47 - 2010-09-01 02:29 - 00003906 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-10-30 02:47 - 2010-09-01 02:29 - 00003654 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-10-30 02:30 - 2010-05-29 20:49 - 00000000 ____D C:\Program Files (x86)\Windows Live
2016-10-30 02:27 - 2012-11-27 21:59 - 00000000 ____D C:\windows\Minidump
2016-10-30 02:27 - 2010-09-04 02:33 - 00000000 ____D C:\Users\Shawn\AppData\Roaming\uTorrent
2016-10-30 02:27 - 2010-03-23 00:43 - 00000000 ____D C:\windows\Panther
2016-10-30 02:07 - 2010-09-05 00:51 - 00000000 ____D C:\Users\Shawn\AppData\Roaming\vlc
2016-10-30 01:57 - 2011-11-19 14:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2016-10-30 01:56 - 2012-05-18 01:55 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2016-10-30 01:56 - 2010-05-29 20:53 - 00000000 ____D C:\ProgramData\WildTangent
2016-10-30 01:56 - 2010-05-29 20:53 - 00000000 ____D C:\Program Files (x86)\TOSHIBA Games
2016-10-30 01:56 - 2009-07-13 23:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-10-30 01:54 - 2010-09-05 00:49 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2016-10-30 01:53 - 2010-09-05 00:49 - 00000000 ____D C:\ProgramData\Yahoo!
2016-10-30 01:44 - 2013-03-10 11:38 - 00000000 ____D C:\Users\Shawn\AppData\Roaming\Uniblue
2016-10-30 01:38 - 2014-06-04 23:46 - 00009043 _____ C:\windows\wininit.ini
2016-10-30 01:36 - 2010-05-29 20:52 - 00000000 ____D C:\Program Files\Google
2016-10-30 01:36 - 2010-05-29 20:52 - 00000000 ____D C:\Program Files (x86)\Google
2016-10-30 01:14 - 2010-05-29 20:52 - 00000000 ____D C:\ProgramData\Google
2016-10-30 01:04 - 2009-07-13 21:20 - 00000000 ____D C:\windows\system
2016-10-30 01:02 - 2012-03-19 15:06 - 00000000 ____D C:\ProgramData\InstallMate
2016-10-30 01:02 - 2010-09-25 19:57 - 00000000 ____D C:\Program Files (x86)\Zynga
2016-10-30 00:34 - 2013-03-10 11:48 - 00000000 ____D C:\Users\Shawn\AppData\Roaming\player
2016-10-30 00:34 - 2010-09-25 19:57 - 00000000 ____D C:\Program Files (x86)\Conduit
2016-10-29 23:21 - 2016-06-19 18:49 - 00000000 ____D C:\Users\Shawn\Downloads\The Conjuring 2 2016 HD-TS x264 AC3-CPG
2016-10-29 23:21 - 2016-02-19 09:09 - 00000000 ____D C:\Users\Shawn\Downloads\Its.Always.Sunny.in.Philadelphia.S11E07.HDTV.x264-KILLERS[rarbg]
2016-10-29 23:21 - 2016-02-19 09:09 - 00000000 ____D C:\Users\Shawn\Downloads\Its.Always.Sunny.in.Philadelphia.S11E06.HDTV.x264-FUM[ettv]
2016-10-29 23:21 - 2015-03-24 19:30 - 00000000 ____D C:\Users\Shawn\Downloads\American.Dad.S11E11.HDTV.x264-KILLERS[ettv]
2016-10-29 23:21 - 2015-03-23 13:22 - 00000000 ____D C:\Users\Shawn\Downloads\The.Walking.Dead.S05E15.PROPER.HDTV.x264-BATV[ettv]
2016-10-29 23:21 - 2015-03-11 17:39 - 00000000 ____D C:\Users\Shawn\Downloads\Exodus Gods and Kings (2014)
2016-10-29 23:21 - 2015-03-09 20:31 - 00000000 ____D C:\Users\Shawn\Downloads\The Hobbit The Battle of the Five Armies (2014) [1080p]
2016-10-29 23:21 - 2015-02-19 15:33 - 00000000 ____D C:\Users\Shawn\Downloads\The.Hunger.Games.Mockingjay.Part.1.2014.HDRip.XviD-EVO
2016-10-29 23:21 - 2015-02-19 15:29 - 00000000 ____D C:\Users\Shawn\Downloads\Saturday.Night.Live.40th.Anniversary.Special.HDTV.x264-KILLERS[ettv]
 
==================== Files in the root of some directories =======
 
2012-02-16 23:43 - 2012-02-16 23:43 - 0002634 _____ () C:\Users\Shawn\AppData\Roaming\result.db
2011-10-20 20:05 - 2011-10-20 20:05 - 0017408 _____ () C:\Users\Shawn\AppData\Local\WebpageIcons.db
2011-12-24 11:01 - 2011-12-24 11:01 - 0000000 _____ () C:\Users\Shawn\AppData\Local\{DF21128F-8731-4CC6-AED3-EB639974834F}
2016-10-30 01:15 - 2016-10-29 23:16 - 12610968 _____ (2017© PC Cleaners) C:\ProgramData\sprunst.exe
 
Files to move or delete:
====================
C:\ProgramData\sprunst.exe
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-11-11 05:07
 
==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-11-2016
Ran by Shawn (12-11-2016 13:52:46)
Running from C:\Users\Shawn\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2010-09-01 00:49:00)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3966840398-377389863-2040579310-500 - Administrator - Disabled)
Guest (S-1-5-21-3966840398-377389863-2040579310-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3966840398-377389863-2040579310-1002 - Limited - Enabled)
Mcx1-SHAWN-PC (S-1-5-21-3966840398-377389863-2040579310-1003 - Limited - Enabled) => C:\Users\Mcx1-SHAWN-PC
Shawn (S-1-5-21-3966840398-377389863-2040579310-1001 - Administrator - Enabled) => C:\Users\Shawn
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: McAfee Firewall (Disabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.0.1.152 - Adobe Systems Incorporated)
Adobe Reader 9.4.6 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A94000000001}) (Version: 9.4.6 - Adobe Systems Incorporated)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.27 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.23 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.111.0.64 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
iLivid (x32 Version: 1.92.0.118480 - Bandoo Media Inc.) Hidden <==== ATTENTION
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java™ 6 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee Online Backup (Version: 1.16.4.0 - McAfee, Inc.) Hidden
McAfee Online Backup (x32 Version:  - McAfee, Inc.) Hidden
McAfee Total Protection (HKLM-x32\...\MSC) (Version: 11.6.435 - McAfee, Inc.)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.11 - TOSHIBA CORPORATION)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.07.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{607BE7BF-7C28-4ADB-A4A0-385962B901C3}) (Version: 8.0.28 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}) (Version: 2.00.06 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.3.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.4.9 - TOSHIBA CORPORATION)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM-x32\...\{073B89C3-BA88-41B5-965F-B35A88EAE838}) (Version: 2.00.03 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.3.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.15 - TOSHIBA Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {12854118-C3E2-472B-9608-9CA72C8ED477} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\windows\TEMP\{015A9D8E-EA66-4BE0-AB60-2F74C33B0AFE}.exe <==== ATTENTION
Task: {1E924F5C-C0E7-4753-A17B-21863A69BE4D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {21F4C0E6-5677-4201-AEFE-FD6A00C08B63} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-SHAWN-PC => C:\windows\ehome\McxTask.exe [2009-07-13] (Microsoft Corporation)
Task: {2A07900F-B990-4610-88CC-E4F2FF6A0E47} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-02-22] (TOSHIBA CORPORATION)
Task: {4A240997-677C-4B42-9EC3-2C800B8C89B9} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-10-30] (AVAST Software)
Task: {68743DCF-CE53-4D5A-B809-1E090BBE24E6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {C61EDE7F-F2ED-4C2A-AE1E-097AB24A3222} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-10-30] (AVAST Software)
Task: {E058B934-F002-453A-A46C-7E033D9F590D} - System32\Tasks\Microsoft\Windows\PLA\System\{F25B30F0-C1DE-479A-AB4D-140F6257E37F}_System Diagnostics => Rundll32.exe C:\windows\system32\pla.dll,PlaHost "system\System Diagnostics" "$(Arg0)"
Task: {EBA97576-2485-44E9-BA9C-FF6CDBB9A0B4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-09-28] (Piriform Ltd)
Task: {FB2FA92F-8E72-4E39-BD90-794358A32318} - System32\Tasks\{217E40A0-9E31-4AD3-A260-465E8937EDC1} => pcalua.exe -a "C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe" -c /AppMode=SETUP /Uninstall
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\windows\TEMP\{015A9D8E-EA66-4BE0-AB60-2F74C33B0AFE}.exe <==== ATTENTION
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2012-08-15 02:03 - 2012-06-22 06:41 - 00024704 _____ () C:\Program Files\Common Files\McAfee\SystemCore\mfeelama.dll
2010-03-03 15:15 - 2010-03-03 15:15 - 08762680 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-11-03 14:26 - 2009-11-03 14:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-03 15:15 - 2010-03-03 15:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 15:15 - 2010-03-03 15:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2010-03-23 00:12 - 2009-06-22 16:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
2009-03-12 20:08 - 2009-03-12 20:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 18:38 - 2009-07-25 18:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2016-10-30 02:12 - 2016-10-30 02:12 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-10-30 02:12 - 2016-10-30 02:12 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-11-12 07:51 - 2016-11-12 07:51 - 03130832 _____ () C:\Program Files\AVAST Software\Avast\defs\16111200\algo.dll
2016-10-29 23:25 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-10-29 23:25 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-10-29 23:25 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-10-29 23:25 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-10-29 23:25 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2016-10-30 02:12 - 2016-10-30 02:12 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-10-30 01:28 - 2016-10-20 02:47 - 01819240 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\libglesv2.dll
2016-10-30 01:28 - 2016-10-20 02:47 - 00093288 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4 [151]
AlternateDataStreams: C:\ProgramData\TEMP:B16047B8 [296]
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1 [112]
AlternateDataStreams: C:\Users\Shawn\Documents\Robin Williams - Live On Broadway.avi:TOC.WMV [130]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3966840398-377389863-2040579310-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Shawn\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 172.16.1.254 - 142.165.21.5
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: MOBKbackup => 2
MSCONFIG\startupfolder: C:^Users^Shawn^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: SmartFaceVWatcher => %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
MSCONFIG\startupreg: Spybot-S&D Cleaning => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{F42F65F2-9F3B-47DD-BE52-36A1E8C44A79}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{23459075-287B-46B9-A45E-AD3A2719D35C}] => (Allow) svchost.exe
FirewallRules: [{980577AD-F082-4114-95A6-C16E284423BB}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6AB469E5-F05D-4B8C-B32E-A41491F4B93F}] => (Allow) LPort=2869
FirewallRules: [{78AE064E-AC73-4460-B9C3-3BD95DF1EDCB}] => (Allow) LPort=1900
FirewallRules: [{743FA328-0459-4543-B944-B1F90045D90D}] => (Allow) C:\Program Files (x86)\FrostWire 5\FrostWire.exe
FirewallRules: [{541A2C32-38C8-45B2-8370-A8D4159521E9}] => (Allow) C:\Program Files (x86)\FrostWire 5\FrostWire.exe
FirewallRules: [{F92201CA-34FD-4415-8C7B-65A927FEC322}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{AAA91A8E-EAB6-45FC-92DD-AADB3FFF1750}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{64658DA2-A8EF-44A7-BED4-5C9F79F9CBA5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{FE90D8ED-025F-4ACC-B096-DA9C05737D2C}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{EEAC36B5-E98D-4A7B-9F67-BF13CB55FEF1}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{CBBE2EFC-E537-4161-8B0D-CF9154DC46C7}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Restore Points =========================
 
11-11-2016 03:01:14 Windows Update
12-11-2016 03:00:38 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/12/2016 01:49:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Dwm.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc541
Faulting module name: d3d11.dll, version: 6.2.9200.16570, time stamp: 0x5153b56b
Exception code: 0xc0000005
Fault offset: 0x000000000001e354
Faulting process id: 0xaac
Faulting application start time: 0x01d23d1dcff3637e
Faulting application path: C:\windows\system32\Dwm.exe
Faulting module path: C:\windows\system32\d3d11.dll
Report Id: 1067a9d0-a911-11e6-94df-00266c4fa490
 
Error: (11/12/2016 03:34:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_GeneralTel.dll, version: 6.1.7600.16385, time stamp: 0x4a5bc9e0
Faulting module name: D3D11.dll, version: 6.2.9200.16570, time stamp: 0x5153b56b
Exception code: 0xc0000005
Fault offset: 0x000000000001e354
Faulting process id: 0x1160
Faulting application start time: 0x01d23cc7e066da2a
Faulting application path: C:\windows\system32\rundll32.exe
Faulting module path: C:\windows\system32\D3D11.dll
Report Id: 2d97b2cd-a8bb-11e6-9ed4-00266c4fa490
 
Error: (11/11/2016 11:09:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Dwm.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc541
Faulting module name: d3d11.dll, version: 6.2.9200.16570, time stamp: 0x5153b56b
Exception code: 0xc0000005
Fault offset: 0x000000000001e354
Faulting process id: 0x125c
Faulting application start time: 0x01d23ca2f18a3c53
Faulting application path: C:\windows\system32\Dwm.exe
Faulting module path: C:\windows\system32\d3d11.dll
Report Id: 30488572-a896-11e6-9ed4-00266c4fa490
 
Error: (11/11/2016 03:58:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_GeneralTel.dll, version: 6.1.7600.16385, time stamp: 0x4a5bc9e0
Faulting module name: D3D11.dll, version: 6.2.9200.16570, time stamp: 0x5153b56b
Exception code: 0xc0000005
Fault offset: 0x000000000001e354
Faulting process id: 0x91c
Faulting application start time: 0x01d23c0212174288
Faulting application path: C:\windows\system32\rundll32.exe
Faulting module path: C:\windows\system32\D3D11.dll
Report Id: 5addf870-a7f5-11e6-9ed4-00266c4fa490
 
Error: (11/09/2016 04:25:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_GeneralTel.dll, version: 6.1.7600.16385, time stamp: 0x4a5bc9e0
Faulting module name: D3D11.dll, version: 6.2.9200.16570, time stamp: 0x5153b56b
Exception code: 0xc0000005
Fault offset: 0x000000000001e354
Faulting process id: 0x1024
Faulting application start time: 0x01d23a738f6b70e6
Faulting application path: C:\windows\system32\rundll32.exe
Faulting module path: C:\windows\system32\D3D11.dll
Report Id: d2c957a6-a666-11e6-99d3-00266c4fa490
 
Error: (11/08/2016 03:09:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_GeneralTel.dll, version: 6.1.7600.16385, time stamp: 0x4a5bc9e0
Faulting module name: D3D11.dll, version: 6.2.9200.16570, time stamp: 0x5153b56b
Exception code: 0xc0000005
Fault offset: 0x000000000001e354
Faulting process id: 0x17a8
Faulting application start time: 0x01d2399fc30932a9
Faulting application path: C:\windows\system32\rundll32.exe
Faulting module path: C:\windows\system32\D3D11.dll
Report Id: 063d70bc-a593-11e6-99d3-00266c4fa490
 
Error: (11/04/2016 11:56:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.18315, time stamp: 0x571aea6f
Faulting module name: mshtml.dll, version: 11.0.9600.18315, time stamp: 0x571b048b
Exception code: 0x80000003
Fault offset: 0x000000000106f692
Faulting process id: 0x12ac
Faulting application start time: 0x01d237295de527bf
Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe
Faulting module path: C:\Windows\System32\mshtml.dll
Report Id: a0ef9bf4-a31c-11e6-99d3-00266c4fa490
 
Error: (11/04/2016 11:43:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_GeneralTel.dll, version: 6.1.7600.16385, time stamp: 0x4a5bc9e0
Faulting module name: D3D11.dll, version: 6.2.9200.16570, time stamp: 0x5153b56b
Exception code: 0xc0000005
Fault offset: 0x000000000001e354
Faulting process id: 0x874
Faulting application start time: 0x01d237277710174e
Faulting application path: C:\windows\system32\rundll32.exe
Faulting module path: C:\windows\system32\D3D11.dll
Report Id: bc236989-a31a-11e6-99d3-00266c4fa490
 
Error: (11/04/2016 11:42:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Dwm.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc541
Faulting module name: d3d11.dll, version: 6.2.9200.16570, time stamp: 0x5153b56b
Exception code: 0xc0000005
Fault offset: 0x000000000001e354
Faulting process id: 0xd1c
Faulting application start time: 0x01d2372755af4e2c
Faulting application path: C:\windows\system32\Dwm.exe
Faulting module path: C:\windows\system32\d3d11.dll
Report Id: 95332983-a31a-11e6-99d3-00266c4fa490
 
Error: (11/04/2016 11:35:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.18315, time stamp: 0x571aea6f
Faulting module name: mshtml.dll, version: 11.0.9600.18315, time stamp: 0x571b048b
Exception code: 0x80000003
Fault offset: 0x000000000106f692
Faulting process id: 0x984
Faulting application start time: 0x01d2372655b5bbc8
Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe
Faulting module path: C:\Windows\System32\mshtml.dll
Report Id: 9e5997c9-a319-11e6-a1c5-00266c4fa490
 
 
System errors:
=============
Error: (11/12/2016 03:53:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Network Agent service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (11/12/2016 03:53:26 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Network Agent service to connect.
 
Error: (11/12/2016 03:53:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee VirusScan Announcer service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (11/12/2016 03:53:26 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee VirusScan Announcer service to connect.
 
Error: (11/12/2016 03:53:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Services service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (11/12/2016 03:53:26 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Services service to connect.
 
Error: (11/12/2016 03:51:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Anti-Spam Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (11/12/2016 03:51:20 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Anti-Spam Service service to connect.
 
Error: (11/12/2016 03:51:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Proxy Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (11/12/2016 03:51:20 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Proxy Service service to connect.
 
 
CodeIntegrity:
===================================
  Date: 2014-06-20 02:50:40.380
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-20 02:50:40.375
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-20 02:50:11.069
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2010-10-12 16:21:17.336
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ks.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2010-10-12 16:21:17.336
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ks.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2010-10-12 16:21:13.686
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ks.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2010-10-12 16:21:13.670
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ks.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2010-10-12 16:21:10.067
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ks.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2010-10-12 16:21:10.051
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ks.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU T4500 @ 2.30GHz
Percentage of memory in use: 42%
Total physical RAM: 3963.97 MB
Available physical RAM: 2262.72 MB
Total Virtual: 7926.12 MB
Available Virtual: 5823.7 MB
 
==================== Drives ================================
 
Drive c: (S3A8944D003) (Fixed) (Total:267.93 GB) (Free:12.34 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 54882370)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=267.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=18.1 GB) - (Type=17)
Partition 4: (Not Active) - (Size=10.6 GB) - (Type=17)
 
==================== End of Addition.txt ============================


#5 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:05:22 AM

Posted 12 November 2016 - 04:52 PM

Hi decon21

Thanks for getting back to me.

Please take note of the following:

1. Please do not run any other tools unless instructed.
2. Please don't install or uninstall anything unless asked.
3. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean.
4. If there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.
5. Please reply to this thread. Do not start a new topic.
6. Please follow steps in the correct order.

P2P Warning
Please note that as long as you're using any form of Peer-to-Peer networking ( Frostwire, Bearshare, uTorrent etc.) and downloading files from non-documented sources, you can expect infestations of malware and system problems to occur.
P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

Many of the programmes come bundled with other unwanted programmes, but even the ones free of any bundled software are not safe to use.
When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

You may decide to continue P2P sharing, but keep in mind that this practice may be the source of future malware infestation.
If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we may refuse to help you.

If you do decide (unwisely) to keep these programs, please refrain from using them until we have finished cleaning your system.

There are a number of issues showing in the reports....
We'll deal with these gradually....
 

Drive c: (S3A8944D003) (Fixed) (Total:267.93 GB) (Free:12.34 GB)

This shows that you have approx 5% of free Hard drive space.
Your system will struggle on less than 15% - 20%.
Obviously you need to create as much free space as you can.
Remove any old unused programs, Move some pics/music etc to an external hard drive/USB etc.
You do have quite a lot of films showing in the reports... these can be as much as 2gb each!!

Step 1
I assume that you want to keep Avast? .... so.....
It is not recommend that you have more than one anti virus product installed and running on your computer at a time.
The reason for this is that if these products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms".
It can also lead to a clash as these products fight for access to files which are opened again this is the resident/automatic protection. In general terms, these programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to these products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove Spybot - Search & Destroy and McAfee Total Protection.

If McAfee still won't uninstall.......
Download the McAfee removal tool to your desktop.
Then double click to start the uninstaller.
Windows 7,8 and 10 users... right click on the downloaded file and select Run as Administrator


Step 2
Please download the attached fixlist.txt file (bottom of this post) and save it to the Desktop.
NOTE.
It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.

frstfix_zps7db0c905.png

The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply.



Step 3
We'll need to check for any leftovers before moving on, so..........

Please re-run FRST.
  • Make sure that Addition.txt is selected at the bottom
  • Press Scan button.

    newfrst_zpsa63ffa3d.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • It will also make another log (Addition.txt). Please copy and paste it to your reply also.
In your next reply, please submit:
Fixlog.txt
2 new FRST reports

also let me know of any problems removing the AV programs


Thanks.

Attached Files


BBPP6nz.png


#6 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:05:22 AM

Posted 16 November 2016 - 02:01 PM

Hi decon21

Everything ok?
Do you still require assistance?

BBPP6nz.png


#7 decon21

decon21
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 16 November 2016 - 11:32 PM

sorry im working my this tonight. Kids were sick and remodeling the basement.



#8 decon21

decon21
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 17 November 2016 - 12:04 AM

mcafee is gone but iexplorer still crashes. I also get a desktop window manager crash on startup
Thanks so much for your help so far
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-11-2016
Ran by Shawn (administrator) on SHAWN-PC (16-11-2016 22:52:13)
Running from C:\Users\Shawn\Desktop
Loaded Profiles: Shawn (Available Profiles: Shawn & Mcx1-SHAWN-PC)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\TOSHIBA Web Camera Application\TWebCamera.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [520760 2010-03-10] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-15] (AVAST Software)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-18\...\RunOnce: [{91120000-002F-0000-0000-0000000FF1CE}] => C:\windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18\...\RunOnce: [{90120000-006E-0409-0000-0000000FF1CE}] => C:\windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-10-30] (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 172.16.1.254 142.165.21.5
Tcpip\..\Interfaces\{32190FDF-D106-47AD-A6BE-AE4AA606D184}: [DhcpNameServer] 172.16.1.254
Tcpip\..\Interfaces\{4F43E652-8F57-4562-9BF6-DC8F939389B0}: [DhcpNameServer] 172.16.1.254 142.165.21.5
 
Internet Explorer:
==================
HKU\S-1-5-21-3966840398-377389863-2040579310-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\S-1-5-21-3966840398-377389863-2040579310-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.toshiba.ca/welcome
URLSearchHook: HKU\S-1-5-21-3966840398-377389863-2040579310-1001 - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-3966840398-377389863-2040579310-1001 -> DefaultScope {1B22A0CB-B47F-425C-B59D-F86B0263B4FB} URL = hxxp://ca.search.yahoo.com/search?fr=mcafee&type=A011CA0&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-3966840398-377389863-2040579310-1001 -> {1B22A0CB-B47F-425C-B59D-F86B0263B4FB} URL = hxxp://ca.search.yahoo.com/search?fr=mcafee&type=A011CA0&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-3966840398-377389863-2040579310-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA_en___CA395
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22] (Adobe Systems Incorporated)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-03-23] (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-03-02] (<TOSHIBA>)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll [2014-05-07] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2011-06-07] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Shawn\AppData\Local\Google\Chrome\User Data\Default [2016-11-16]
CHR Extension: (Google Docs) - C:\Users\Shawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-30]
CHR Extension: (Google Drive) - C:\Users\Shawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-30]
CHR Extension: (YouTube) - C:\Users\Shawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-30]
CHR Extension: (Avast SafePrice) - C:\Users\Shawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-11-16]
CHR Extension: (Google Sheets) - C:\Users\Shawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-30]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Shawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2016-10-30]
CHR Extension: (Google Docs Offline) - C:\Users\Shawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-30]
CHR Extension: (Avast Online Security) - C:\Users\Shawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-10-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Shawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-30]
CHR Extension: (Gmail) - C:\Users\Shawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-30]
CHR Extension: (Chrome Media Router) - C:\Users\Shawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-30]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-10-30] (AVAST Software)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 aswHwid; C:\windows\system32\drivers\aswHwid.sys [37656 2016-10-30] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [108816 2016-10-30] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [103064 2016-10-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-10-30] (AVAST Software)
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [969184 2016-10-30] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [513632 2016-10-30] (AVAST Software)
R2 aswStm; C:\windows\system32\drivers\aswStm.sys [163416 2016-10-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-30] (AVAST Software)
S3 ebdrv; C:\windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 gfiutil; C:\windows\System32\drivers\gfiutil.sys [32400 2016-03-04] (ThreatTrack Security)
R2 sbapifs; C:\windows\System32\DRIVERS\sbapifs.sys [88928 2016-10-30] (ThreatTrack Security, Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-16 22:34 - 2016-11-16 22:34 - 00009671 _____ C:\Users\Shawn\Desktop\Fixlog.txt
2016-11-14 16:42 - 2016-11-14 16:42 - 03480040 _____ (McAfee, Inc.) C:\Users\Shawn\Downloads\MCPR.exe
2016-11-14 16:41 - 2016-11-14 16:41 - 03480040 _____ (McAfee, Inc.) C:\Users\Shawn\Downloads\Unconfirmed 251591.crdownload
2016-11-12 13:52 - 2016-11-12 13:53 - 00033711 _____ C:\Users\Shawn\Desktop\Addition.txt
2016-11-12 13:50 - 2016-11-16 22:53 - 00016628 _____ C:\Users\Shawn\Desktop\FRST.txt
2016-11-12 13:50 - 2016-11-16 22:34 - 00000000 ____D C:\Users\Shawn\Desktop\FRST-OlderVersion
2016-11-12 13:49 - 2016-11-12 13:49 - 02411520 _____ (Farbar) C:\Users\Shawn\Downloads\FRST64 (1).exe
2016-11-11 23:11 - 2016-11-16 22:52 - 00000000 ____D C:\FRST
2016-11-11 23:10 - 2016-11-16 22:34 - 02412032 _____ (Farbar) C:\Users\Shawn\Desktop\FRST64.exe
2016-11-11 04:30 - 2016-05-12 11:15 - 00105472 _____ (Microsoft Corporation) C:\windows\system32\winipsec.dll
2016-11-11 04:30 - 2016-05-12 11:14 - 00794624 _____ (Microsoft Corporation) C:\windows\system32\gpsvc.dll
2016-11-11 04:30 - 2016-05-12 11:14 - 00502272 _____ (Microsoft Corporation) C:\windows\system32\IPSECSVC.DLL
2016-11-11 04:30 - 2016-05-12 11:14 - 00373760 _____ (Microsoft Corporation) C:\windows\system32\polstore.dll
2016-11-11 04:30 - 2016-05-12 11:14 - 00096256 _____ (Microsoft Corporation) C:\windows\system32\gpapi.dll
2016-11-11 04:30 - 2016-05-12 11:14 - 00075776 _____ (Microsoft Corporation) C:\windows\system32\FwRemoteSvr.dll
2016-11-11 04:30 - 2016-05-12 09:18 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\polstore.dll
2016-11-11 04:30 - 2016-05-12 09:18 - 00079360 _____ (Microsoft Corporation) C:\windows\SysWOW64\gpapi.dll
2016-11-11 04:30 - 2016-05-12 09:18 - 00070144 _____ (Microsoft Corporation) C:\windows\SysWOW64\winipsec.dll
2016-11-11 04:30 - 2016-05-12 09:18 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\FwRemoteSvr.dll
2016-11-11 04:30 - 2015-12-20 12:50 - 03180544 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2016-11-11 04:30 - 2015-12-20 12:50 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2016-11-11 04:30 - 2015-12-20 08:08 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2016-11-11 04:30 - 2015-07-16 13:12 - 04922368 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2016-11-11 04:30 - 2015-07-16 13:12 - 00269824 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2016-11-11 04:30 - 2015-07-16 13:12 - 00037376 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2016-11-11 04:30 - 2015-07-16 13:11 - 05779456 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2016-11-11 04:30 - 2015-07-16 13:11 - 00322560 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll
2016-11-11 04:30 - 2015-07-16 13:11 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2016-11-11 04:30 - 2014-12-11 11:47 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2016-11-11 04:29 - 2014-08-28 20:06 - 01125888 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2016-11-11 04:29 - 2014-08-28 19:44 - 01050112 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2016-11-11 04:28 - 2016-11-02 09:36 - 00382696 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2016-11-11 04:28 - 2016-11-02 09:22 - 00308456 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2016-11-11 04:28 - 2016-10-27 21:59 - 00394440 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-11-11 04:28 - 2016-10-27 21:14 - 00346320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2016-11-11 04:28 - 2016-10-27 12:51 - 02896384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-11-11 04:28 - 2016-10-27 12:28 - 25763328 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-11-11 04:28 - 2016-10-27 12:28 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2016-11-11 04:28 - 2016-10-27 12:19 - 06047744 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-11-11 04:28 - 2016-10-27 11:46 - 00806912 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-11-11 04:28 - 2016-10-27 11:46 - 00725504 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2016-11-11 04:28 - 2016-10-27 11:44 - 02131456 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-11-11 04:28 - 2016-10-27 11:44 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2016-11-11 04:28 - 2016-10-27 11:17 - 15257088 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-11-11 04:28 - 2016-10-27 11:16 - 02920448 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-11-11 04:28 - 2016-10-27 11:03 - 01543680 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-11-11 04:28 - 2016-10-27 09:05 - 20304896 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-11-11 04:28 - 2016-10-25 09:02 - 03219456 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-11-11 04:28 - 2016-10-22 11:27 - 02287616 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2016-11-11 04:28 - 2016-10-22 10:44 - 04608000 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-11-11 04:28 - 2016-10-22 10:43 - 02055680 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2016-11-11 04:28 - 2016-10-22 10:43 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2016-11-11 04:28 - 2016-10-22 10:30 - 13654016 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-11-11 04:28 - 2016-10-22 10:12 - 02444800 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-11-11 04:28 - 2016-10-22 10:09 - 01312256 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-11-11 04:28 - 2016-10-15 09:31 - 00976896 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2016-11-11 04:28 - 2016-10-15 09:13 - 00741888 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2016-11-11 04:28 - 2016-10-11 09:37 - 00370920 _____ (Microsoft Corporation) C:\windows\system32\clfs.sys
2016-11-11 04:28 - 2016-10-11 09:31 - 01148416 _____ (Microsoft Corporation) C:\windows\system32\IMJP10.IME
2016-11-11 04:28 - 2016-10-11 09:31 - 01068544 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
2016-11-11 04:28 - 2016-10-11 09:31 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL
2016-11-11 04:28 - 2016-10-11 09:31 - 00176128 _____ (Microsoft Corporation) C:\windows\system32\tintlgnt.ime
2016-11-11 04:28 - 2016-10-11 09:31 - 00175104 _____ (Microsoft Corporation) C:\windows\system32\quick.ime
2016-11-11 04:28 - 2016-10-11 09:31 - 00175104 _____ (Microsoft Corporation) C:\windows\system32\qintlgnt.ime
2016-11-11 04:28 - 2016-10-11 09:31 - 00175104 _____ (Microsoft Corporation) C:\windows\system32\phon.ime
2016-11-11 04:28 - 2016-10-11 09:31 - 00175104 _____ (Microsoft Corporation) C:\windows\system32\cintlgnt.ime
2016-11-11 04:28 - 2016-10-11 09:31 - 00175104 _____ (Microsoft Corporation) C:\windows\system32\chajei.ime
2016-11-11 04:28 - 2016-10-11 09:31 - 00132608 _____ (Microsoft Corporation) C:\windows\system32\pintlgnt.ime
2016-11-11 04:28 - 2016-10-11 09:18 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\tintlgnt.ime
2016-11-11 04:28 - 2016-10-11 09:18 - 00125952 _____ (Microsoft Corporation) C:\windows\SysWOW64\cintlgnt.ime
2016-11-11 04:28 - 2016-10-11 09:18 - 00090112 _____ (Microsoft Corporation) C:\windows\SysWOW64\pintlgnt.ime
2016-11-11 04:28 - 2016-10-11 07:33 - 00187392 _____ (Microsoft Corporation) C:\windows\SysWOW64\UIAnimation.dll
2016-11-11 04:28 - 2016-10-11 07:06 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\UIAnimation.dll
2016-11-11 04:28 - 2016-10-10 09:33 - 01462272 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-11-11 04:28 - 2016-10-10 09:33 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2016-11-11 04:28 - 2016-10-10 09:16 - 00261120 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2016-11-11 04:28 - 2016-10-07 09:40 - 00631176 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2016-11-11 04:28 - 2016-10-07 09:37 - 05547752 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-11-11 04:28 - 2016-10-07 09:37 - 00706792 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2016-11-11 04:28 - 2016-10-07 09:35 - 01732864 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2016-11-11 04:28 - 2016-10-07 09:32 - 03649536 _____ (Microsoft Corporation) C:\windows\system32\MSVidCtl.dll
2016-11-11 04:28 - 2016-10-07 09:18 - 04000488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2016-11-11 04:28 - 2016-10-07 09:18 - 03944680 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2016-11-11 04:28 - 2016-10-07 09:15 - 01314112 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2016-11-11 04:28 - 2016-10-07 09:12 - 02291712 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSVidCtl.dll
2016-11-11 04:28 - 2016-10-05 08:54 - 00090112 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bowser.sys
2016-11-11 04:28 - 2016-09-15 08:56 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2016-11-11 04:28 - 2016-09-09 12:20 - 00756736 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2016-11-11 04:28 - 2016-09-09 12:00 - 00497152 _____ (Microsoft Corporation) C:\windows\SysWOW64\win32spl.dll
2016-11-11 04:27 - 2016-11-02 09:32 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2016-11-11 04:27 - 2016-11-02 09:32 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2016-11-11 04:27 - 2016-11-02 09:32 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2016-11-11 04:27 - 2016-11-02 09:32 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2016-11-11 04:27 - 2016-11-02 09:16 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2016-11-11 04:27 - 2016-11-02 09:16 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2016-11-11 04:27 - 2016-11-02 09:16 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2016-11-11 04:27 - 2016-11-02 08:53 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2016-11-11 04:27 - 2016-10-27 13:13 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2016-11-11 04:27 - 2016-10-27 13:13 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2016-11-11 04:27 - 2016-10-27 12:55 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2016-11-11 04:27 - 2016-10-27 12:54 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2016-11-11 04:27 - 2016-10-27 12:54 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2016-11-11 04:27 - 2016-10-27 12:53 - 00576000 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-11-11 04:27 - 2016-10-27 12:53 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2016-11-11 04:27 - 2016-10-27 12:44 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2016-11-11 04:27 - 2016-10-27 12:43 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2016-11-11 04:27 - 2016-10-27 12:38 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2016-11-11 04:27 - 2016-10-27 12:37 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-11-11 04:27 - 2016-10-27 12:37 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2016-11-11 04:27 - 2016-10-27 12:37 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2016-11-11 04:27 - 2016-10-27 12:37 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2016-11-11 04:27 - 2016-10-27 12:24 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2016-11-11 04:27 - 2016-10-27 12:15 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2016-11-11 04:27 - 2016-10-27 12:13 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2016-11-11 04:27 - 2016-10-27 12:09 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2016-11-11 04:27 - 2016-10-27 12:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-11-11 04:27 - 2016-10-27 12:05 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2016-11-11 04:27 - 2016-10-27 12:02 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2016-11-11 04:27 - 2016-10-27 11:49 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-11-11 04:27 - 2016-10-27 10:54 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-11-11 04:27 - 2016-10-22 11:54 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2016-11-11 04:27 - 2016-10-22 11:36 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2016-11-11 04:27 - 2016-10-22 11:36 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2016-11-11 04:27 - 2016-10-22 11:35 - 00498688 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-11-11 04:27 - 2016-10-22 11:35 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2016-11-11 04:27 - 2016-10-22 11:34 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2016-11-11 04:27 - 2016-10-22 11:27 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2016-11-11 04:27 - 2016-10-22 11:26 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2016-11-11 04:27 - 2016-10-22 11:22 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2016-11-11 04:27 - 2016-10-22 11:21 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-11-11 04:27 - 2016-10-22 11:21 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2016-11-11 04:27 - 2016-10-22 11:20 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2016-11-11 04:27 - 2016-10-22 11:09 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2016-11-11 04:27 - 2016-10-22 11:04 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-11-11 04:27 - 2016-10-22 11:03 - 00091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2016-11-11 04:27 - 2016-10-22 10:59 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2016-11-11 04:27 - 2016-10-22 10:58 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2016-11-11 04:27 - 2016-10-22 10:56 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2016-11-11 04:27 - 2016-10-22 10:54 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2016-11-11 04:27 - 2016-10-22 10:46 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2016-11-11 04:27 - 2016-10-22 10:45 - 00693248 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-11-11 04:27 - 2016-10-22 10:09 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-11-11 04:27 - 2016-10-15 09:31 - 00084480 _____ (Microsoft Corporation) C:\windows\system32\INETRES.dll
2016-11-11 04:27 - 2016-10-15 09:13 - 00084480 _____ (Microsoft Corporation) C:\windows\SysWOW64\INETRES.dll
2016-11-11 04:27 - 2016-10-11 09:31 - 00457216 _____ (Microsoft Corporation) C:\windows\system32\imkr80.ime
2016-11-11 04:27 - 2016-10-11 09:31 - 00246784 _____ (Microsoft Corporation) C:\windows\system32\input.dll
2016-11-11 04:27 - 2016-10-11 09:18 - 01027584 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10.IME
2016-11-11 04:27 - 2016-10-11 09:18 - 00829952 _____ (Microsoft Corporation) C:\windows\SysWOW64\msctf.dll
2016-11-11 04:27 - 2016-10-11 09:18 - 00701440 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10K.DLL
2016-11-11 04:27 - 2016-10-11 09:18 - 00430080 _____ (Microsoft Corporation) C:\windows\SysWOW64\imkr80.ime
2016-11-11 04:27 - 2016-10-11 09:18 - 00202240 _____ (Microsoft Corporation) C:\windows\SysWOW64\input.dll
2016-11-11 04:27 - 2016-10-11 09:18 - 00125952 _____ (Microsoft Corporation) C:\windows\SysWOW64\quick.ime
2016-11-11 04:27 - 2016-10-11 09:18 - 00125952 _____ (Microsoft Corporation) C:\windows\SysWOW64\qintlgnt.ime
2016-11-11 04:27 - 2016-10-11 09:18 - 00125952 _____ (Microsoft Corporation) C:\windows\SysWOW64\phon.ime
2016-11-11 04:27 - 2016-10-11 09:18 - 00125952 _____ (Microsoft Corporation) C:\windows\SysWOW64\chajei.ime
2016-11-11 04:27 - 2016-10-10 09:38 - 00154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-11-11 04:27 - 2016-10-10 09:38 - 00095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2016-11-11 04:27 - 2016-10-10 09:34 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2016-11-11 04:27 - 2016-10-10 09:34 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2016-11-11 04:27 - 2016-10-10 09:34 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2016-11-11 04:27 - 2016-10-10 09:34 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2016-11-11 04:27 - 2016-10-10 09:33 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2016-11-11 04:27 - 2016-10-10 09:33 - 00730624 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-11-11 04:27 - 2016-10-10 09:33 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2016-11-11 04:27 - 2016-10-10 09:33 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2016-11-11 04:27 - 2016-10-10 09:33 - 00345600 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-11-11 04:27 - 2016-10-10 09:33 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2016-11-11 04:27 - 2016-10-10 09:33 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2016-11-11 04:27 - 2016-10-10 09:33 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2016-11-11 04:27 - 2016-10-10 09:33 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2016-11-11 04:27 - 2016-10-10 09:33 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2016-11-11 04:27 - 2016-10-10 09:33 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2016-11-11 04:27 - 2016-10-10 09:33 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2016-11-11 04:27 - 2016-10-10 09:16 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2016-11-11 04:27 - 2016-10-10 09:16 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2016-11-11 04:27 - 2016-10-10 09:16 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2016-11-11 04:27 - 2016-10-10 09:16 - 00342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2016-11-11 04:27 - 2016-10-10 09:16 - 00254464 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2016-11-11 04:27 - 2016-10-10 09:16 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2016-11-11 04:27 - 2016-10-10 09:16 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2016-11-11 04:27 - 2016-10-10 09:16 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2016-11-11 04:27 - 2016-10-10 09:16 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2016-11-11 04:27 - 2016-10-10 09:16 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2016-11-11 04:27 - 2016-10-10 09:16 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2016-11-11 04:27 - 2016-10-10 09:16 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2016-11-11 04:27 - 2016-10-10 09:16 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2016-11-11 04:27 - 2016-10-10 09:16 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2016-11-11 04:27 - 2016-10-10 09:02 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2016-11-11 04:27 - 2016-10-10 08:56 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-11-11 04:27 - 2016-10-10 08:55 - 00291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-11-11 04:27 - 2016-10-10 08:55 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-11-11 04:27 - 2016-10-10 08:55 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2016-11-11 04:27 - 2016-10-10 08:54 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2016-11-11 04:27 - 2016-10-10 08:50 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00880640 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00877056 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\asycfilt.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00059904 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00034816 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00644096 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00581632 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\asycfilt.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:04 - 00148480 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2016-11-11 04:27 - 2016-10-07 09:04 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2016-11-11 04:27 - 2016-10-07 09:04 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2016-11-11 04:27 - 2016-10-07 09:01 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2016-11-11 04:27 - 2016-10-07 09:00 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2016-11-11 04:27 - 2016-10-07 08:56 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2016-11-11 04:27 - 2016-10-07 08:50 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2016-11-11 04:27 - 2016-10-07 08:50 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2016-11-11 04:27 - 2016-10-07 08:50 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2016-11-11 04:27 - 2016-10-07 08:50 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2016-11-11 04:27 - 2016-10-07 08:49 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 08:49 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 08:49 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 08:49 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-11-11 04:27 - 2016-09-13 09:37 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2016-11-11 04:27 - 2016-09-13 09:11 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2016-11-11 04:27 - 2016-08-22 10:19 - 01386496 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2016-11-10 23:14 - 2016-08-12 10:26 - 00464896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv.sys
2016-11-10 23:14 - 2016-08-12 10:26 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2016-11-10 23:14 - 2016-08-12 10:26 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2016-11-10 23:14 - 2016-06-25 18:27 - 00970240 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2016-11-10 23:14 - 2016-06-25 18:27 - 00344576 _____ (Microsoft Corporation) C:\windows\system32\ntprint.dll
2016-11-10 23:14 - 2016-06-25 18:27 - 00166400 _____ (Microsoft Corporation) C:\windows\system32\inetpp.dll
2016-11-10 23:14 - 2016-06-25 18:27 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\inetppui.dll
2016-11-10 23:14 - 2016-06-25 13:53 - 00297472 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntprint.dll
2016-11-10 23:14 - 2016-06-25 13:53 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\ntprint.exe
2016-11-10 23:14 - 2016-06-25 13:53 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\wpnpinst.exe
2016-11-10 23:14 - 2016-06-25 13:41 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntprint.exe
2016-11-10 23:13 - 2016-08-12 11:02 - 14632960 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2016-11-10 23:12 - 2016-09-12 15:08 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\adsmsext.dll
2016-11-10 23:12 - 2016-09-12 14:49 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\adsmsext.dll
2016-11-10 23:12 - 2016-09-12 13:08 - 01251328 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2016-11-10 23:12 - 2016-09-12 12:43 - 01648128 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2016-11-10 23:12 - 2016-09-12 12:43 - 01180160 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2016-11-10 23:12 - 2016-09-08 14:34 - 00263680 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2016-11-10 23:12 - 2016-09-08 14:34 - 00208896 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2016-11-10 23:12 - 2016-09-08 14:34 - 00108544 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2016-11-10 23:12 - 2016-09-08 14:34 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2016-11-10 23:12 - 2016-09-08 08:55 - 00142336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2016-11-10 23:12 - 2016-09-08 08:55 - 00106496 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dfsc.sys
2016-11-10 23:12 - 2016-08-12 11:02 - 12574720 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2016-11-10 23:12 - 2016-08-12 11:02 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2016-11-10 23:12 - 2016-08-12 11:02 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2016-11-10 23:12 - 2016-08-12 11:02 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2016-11-10 23:12 - 2016-08-12 10:47 - 12574208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2016-11-10 23:12 - 2016-08-12 10:47 - 11410432 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2016-11-10 23:12 - 2016-08-12 10:31 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll
2016-11-10 23:12 - 2016-08-12 10:31 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx
2016-11-10 23:12 - 2016-08-12 10:31 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll
2016-11-10 23:12 - 2016-08-12 10:26 - 00461312 _____ (Microsoft Corporation) C:\windows\system32\scavengeui.dll
2016-11-10 23:12 - 2016-08-06 09:31 - 02023424 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2016-11-10 23:12 - 2016-08-06 09:31 - 00347136 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll
2016-11-10 23:12 - 2016-08-06 09:31 - 00310784 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2016-11-10 23:12 - 2016-08-06 09:31 - 00182272 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll
2016-11-10 23:12 - 2016-08-06 09:31 - 00054272 _____ (Microsoft Corporation) C:\windows\system32\WsmRes.dll
2016-11-10 23:12 - 2016-08-06 09:31 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\wsmplpxy.dll
2016-11-10 23:12 - 2016-08-06 09:15 - 01178112 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2016-11-10 23:12 - 2016-08-06 09:15 - 00249344 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll
2016-11-10 23:12 - 2016-08-06 09:15 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
2016-11-10 23:12 - 2016-08-06 09:15 - 00146944 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll
2016-11-10 23:12 - 2016-08-06 09:15 - 00054272 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmRes.dll
2016-11-10 23:12 - 2016-08-06 09:01 - 00266752 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe
2016-11-10 23:12 - 2016-08-06 09:01 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\wsmprovhost.exe
2016-11-10 23:12 - 2016-08-06 08:53 - 00199168 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe
2016-11-10 23:12 - 2016-08-06 08:53 - 00012288 _____ (Microsoft Corporation) C:\windows\SysWOW64\wsmprovhost.exe
2016-11-10 23:12 - 2016-08-06 08:53 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\wsmplpxy.dll
2016-11-10 23:12 - 2016-06-14 11:21 - 00094440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2016-11-10 23:12 - 2016-06-14 11:16 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 01573888 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 01483264 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 01202176 _____ (Microsoft Corporation) C:\windows\system32\drmv2clt.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 01068544 _____ (Microsoft Corporation) C:\windows\system32\cryptui.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00842240 _____ (Microsoft Corporation) C:\windows\system32\blackbox.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00782848 _____ (Microsoft Corporation) C:\windows\system32\wmdrmsdk.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00680448 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00641024 _____ (Microsoft Corporation) C:\windows\system32\msscp.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00632320 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00499712 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00497664 _____ (Microsoft Corporation) C:\windows\system32\drmmgrtn.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00440320 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00433152 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00325632 _____ (Microsoft Corporation) C:\windows\system32\msnetobj.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00295936 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00190976 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00187904 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00141824 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00081920 _____ (Microsoft Corporation) C:\windows\system32\cryptsp.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\pcadm.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00008704 _____ (Microsoft Corporation) C:\windows\system32\pcaevts.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2016-11-10 23:12 - 2016-06-14 11:11 - 00663552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys
2016-11-10 23:12 - 2016-06-14 09:21 - 03209216 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2016-11-10 23:12 - 2016-06-14 09:21 - 01329664 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll
2016-11-10 23:12 - 2016-06-14 09:21 - 01176064 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2016-11-10 23:12 - 2016-06-14 09:21 - 01005056 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptui.dll
2016-11-10 23:12 - 2016-06-14 09:21 - 00988160 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmv2clt.dll
2016-11-10 23:12 - 2016-06-14 09:21 - 00744960 _____ (Microsoft Corporation) C:\windows\SysWOW64\blackbox.dll
2016-11-10 23:12 - 2016-06-14 09:21 - 00617984 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmdrmsdk.dll
2016-11-10 23:12 - 2016-06-14 09:21 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2016-11-10 23:12 - 2016-06-14 09:21 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msscp.dll
2016-11-10 23:12 - 2016-06-14 09:21 - 00489984 _____ (Microsoft Corporation) C:\windows\SysWOW64\evr.dll
2016-11-10 23:12 - 2016-06-14 09:21 - 00442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2016-11-10 23:12 - 2016-06-14 09:21 - 00406016 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmmgrtn.dll
2016-11-10 23:12 - 2016-06-14 09:21 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2016-11-10 23:12 - 2016-06-14 09:21 - 00354816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfplat.dll
2016-11-10 23:12 - 2016-06-14 09:21 - 00265216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msnetobj.dll
2016-11-10 23:12 - 2016-06-14 09:21 - 00195072 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2016-11-10 23:12 - 2016-06-14 09:21 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2016-11-10 23:12 - 2016-06-14 09:21 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2016-11-10 23:12 - 2016-06-14 09:21 - 00106496 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2016-11-10 23:12 - 2016-06-14 09:21 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2016-11-10 23:12 - 2016-06-14 09:21 - 00080896 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsp.dll
2016-11-10 23:12 - 2016-06-14 09:21 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2016-11-10 23:12 - 2016-06-14 09:15 - 00125952 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2016-11-10 23:12 - 2016-06-14 09:15 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2016-11-10 23:12 - 2016-06-14 09:15 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2016-11-10 23:12 - 2016-06-14 09:05 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2016-11-10 23:12 - 2016-06-14 09:05 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2016-11-10 23:12 - 2016-06-14 09:00 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\pcawrk.exe
2016-11-10 23:12 - 2016-06-14 09:00 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\pcalua.exe
2016-11-10 23:09 - 2016-09-12 15:17 - 00077032 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2016-11-10 23:09 - 2016-09-12 15:08 - 01226752 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2016-11-10 23:09 - 2016-09-09 09:54 - 01629184 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2016-11-10 23:09 - 2016-09-09 09:54 - 00586752 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2016-11-10 23:09 - 2016-09-09 09:54 - 00575488 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2016-11-10 23:09 - 2016-09-09 09:54 - 00314368 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2016-11-10 23:09 - 2016-09-09 09:54 - 00273408 _____ (Microsoft Corporation) C:\windows\system32\centel.dll
2016-11-10 23:09 - 2016-09-09 09:54 - 00224256 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2016-11-10 23:09 - 2016-09-09 09:54 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2016-11-10 23:08 - 2016-05-13 16:09 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2016-11-10 23:08 - 2016-05-13 16:09 - 00192512 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2016-11-10 23:08 - 2016-05-13 16:09 - 00098816 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2016-11-10 23:08 - 2016-05-13 16:07 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2016-11-10 23:08 - 2016-05-13 15:55 - 02607104 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2016-11-10 23:08 - 2016-05-13 15:53 - 00709120 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2016-11-10 23:08 - 2016-05-13 15:53 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2016-11-10 23:08 - 2016-05-13 15:52 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2016-11-10 23:08 - 2016-05-13 15:52 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2016-11-10 23:08 - 2016-05-13 15:52 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2016-11-10 23:08 - 2016-05-13 15:52 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2016-11-10 23:08 - 2016-05-13 15:50 - 00174080 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2016-11-10 23:08 - 2016-05-13 15:38 - 00573440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2016-11-10 23:08 - 2016-05-13 15:38 - 00093696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2016-11-10 23:08 - 2016-05-13 15:38 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2016-11-10 23:08 - 2016-05-13 15:38 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2016-11-10 23:08 - 2016-05-12 09:18 - 00090624 _____ (Microsoft Corporation) C:\windows\SysWOW64\olepro32.dll
2016-11-10 23:08 - 2016-05-12 07:05 - 00459640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2016-11-10 23:08 - 2016-05-12 07:05 - 00297984 _____ (Microsoft Corporation) C:\windows\system32\bcryptprimitives.dll
2016-11-10 23:08 - 2016-05-12 07:04 - 00249352 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcryptprimitives.dll
2016-11-10 23:08 - 2016-05-04 11:21 - 00114408 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2016-11-10 23:08 - 2016-05-04 11:17 - 03244032 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2016-11-10 23:08 - 2016-05-04 11:17 - 02365440 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2016-11-10 23:08 - 2016-05-04 11:17 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2016-11-10 23:08 - 2016-05-04 11:17 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2016-11-10 23:08 - 2016-05-04 11:17 - 00025088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msimsg.dll
2016-11-10 23:08 - 2016-05-04 11:17 - 00025088 _____ (Microsoft Corporation) C:\windows\system32\msimsg.dll
2016-11-10 23:08 - 2016-05-04 11:16 - 00070144 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2016-11-10 23:08 - 2016-05-04 09:04 - 00128512 _____ (Microsoft Corporation) C:\windows\system32\msiexec.exe
2016-11-10 23:08 - 2016-05-04 08:55 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msiexec.exe
2016-11-10 23:06 - 2016-08-16 11:36 - 01009152 _____ (Microsoft Corporation) C:\windows\system32\user32.dll
2016-11-10 23:06 - 2016-08-15 20:48 - 00833024 _____ (Microsoft Corporation) C:\windows\SysWOW64\user32.dll
2016-11-10 23:06 - 2016-07-07 09:36 - 01896168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2016-11-10 23:06 - 2016-07-07 09:36 - 00377576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2016-11-10 23:06 - 2016-07-07 09:36 - 00287976 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2016-11-10 23:06 - 2016-07-07 09:08 - 00046080 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpipreg.sys
2016-11-10 23:05 - 2016-08-29 09:31 - 14183424 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2016-11-10 23:05 - 2016-08-29 09:31 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2016-11-10 23:05 - 2016-08-29 09:31 - 01867776 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll
2016-11-10 23:05 - 2016-08-29 09:12 - 12880384 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2016-11-10 23:05 - 2016-08-29 09:12 - 01806848 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2016-11-10 23:05 - 2016-08-29 09:12 - 01499648 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll
2016-11-10 23:05 - 2016-08-29 09:04 - 03229696 _____ (Microsoft Corporation) C:\windows\explorer.exe
2016-11-10 23:05 - 2016-08-29 08:55 - 02972672 _____ (Microsoft Corporation) C:\windows\SysWOW64\explorer.exe
2016-11-10 23:05 - 2016-08-16 14:40 - 00343552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2016-11-10 23:05 - 2016-08-16 14:40 - 00327168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2016-11-10 23:05 - 2016-08-16 14:40 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2016-11-10 23:05 - 2016-08-16 14:40 - 00056320 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2016-11-10 23:05 - 2016-08-16 14:40 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2016-11-10 23:05 - 2016-08-16 14:40 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
2016-11-10 23:05 - 2016-08-16 14:40 - 00007808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2016-11-10 23:05 - 2016-05-11 11:02 - 00483840 _____ (Microsoft Corporation) C:\windows\system32\StructuredQuery.dll
2016-11-10 23:05 - 2016-05-11 11:02 - 00444928 _____ (Microsoft Corporation) C:\windows\system32\winhttp.dll
2016-11-10 23:05 - 2016-05-11 11:02 - 00327168 _____ (Microsoft Corporation) C:\windows\system32\mswsock.dll
2016-11-10 23:05 - 2016-05-11 11:02 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\ws2_32.dll
2016-11-10 23:05 - 2016-05-11 09:19 - 00363520 _____ (Microsoft Corporation) C:\windows\SysWOW64\StructuredQuery.dll
2016-11-10 23:05 - 2016-05-11 09:19 - 00351744 _____ (Microsoft Corporation) C:\windows\SysWOW64\winhttp.dll
2016-11-10 23:05 - 2016-05-11 09:19 - 00231424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mswsock.dll
2016-11-10 23:05 - 2016-05-11 09:19 - 00206336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ws2_32.dll
2016-11-10 23:05 - 2016-05-11 09:11 - 00025088 _____ (Microsoft Corporation) C:\windows\system32\netbtugc.exe
2016-11-10 23:05 - 2016-05-11 09:01 - 00026624 _____ (Microsoft Corporation) C:\windows\SysWOW64\netbtugc.exe
2016-11-10 23:05 - 2016-05-11 08:58 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netbt.sys
2016-11-10 23:04 - 2016-05-18 10:10 - 00312832 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2016-11-10 23:04 - 2016-05-18 10:09 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2016-11-10 22:30 - 2016-07-22 08:58 - 00142336 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe
2016-11-10 22:30 - 2016-07-22 08:51 - 00123904 _____ (Microsoft Corporation) C:\windows\SysWOW64\poqexec.exe
2016-11-10 22:30 - 2016-03-09 13:00 - 00396800 _____ (Microsoft Corporation) C:\windows\system32\webio.dll
2016-11-10 22:30 - 2016-03-09 12:40 - 00316416 _____ (Microsoft Corporation) C:\windows\SysWOW64\webio.dll
2016-11-06 23:01 - 2011-07-19 15:21 - 734355456 _____ C:\Users\Shawn\Downloads\exvid-jackass.3.5.avi
2016-11-06 23:01 - 2011-03-25 23:31 - 739594714 _____ C:\Users\Shawn\Downloads\Jane Austen's Mafia[1998]Eng.Swesub.DvDrip.NeRoZ.avi
2016-11-06 23:00 - 2013-05-12 11:05 - 227244533 _____ C:\Users\Shawn\Downloads\Anger.Management.S02E15.HDTV.x264-2HD.mp4
2016-11-06 23:00 - 2013-05-12 11:04 - 197406308 _____ C:\Users\Shawn\Downloads\Anger.Management.S02E14.HDTV.x264-EVOLVE.mp4
2016-11-06 23:00 - 2013-01-28 23:11 - 63384344 _____ C:\Users\Shawn\Downloads\American.Dad.S08E10.HDTV.x264-LOL.mp4
2016-11-06 23:00 - 2012-12-12 09:49 - 81854536 _____ C:\Users\Shawn\Downloads\American.Dad.S08E06.HDTV.x264-LOL.mp4
2016-11-06 23:00 - 2012-12-03 21:13 - 78329440 _____ C:\Users\Shawn\Downloads\American.Dad.S08E05.HDTV.x264-LOL.mp4
2016-11-06 23:00 - 2012-10-08 18:30 - 66870921 _____ C:\Users\Shawn\Downloads\American.Dad.S08E01.HDTV.x264-LOL.mp4
2016-11-06 23:00 - 2012-10-08 18:28 - 98249532 _____ C:\Users\Shawn\Downloads\American.Dad.S08E02.HDTV.x264-LOL.mp4
2016-11-06 23:00 - 2012-01-25 20:13 - 901257026 _____ C:\Users\Shawn\Downloads\Columbiana(2011)BRrip-720p_Xvid-859MB.avi
2016-11-06 22:59 - 2016-11-06 22:59 - 00000000 ____D C:\Users\Shawn\Downloads\ZZ Top - La Futura (2012)
2016-11-06 22:59 - 2016-11-06 22:59 - 00000000 ____D C:\Users\Shawn\Downloads\Zootopia (2016) 720p BrRip x264 - VPPV
2016-11-06 22:59 - 2016-05-23 01:34 - 841621541 _____ C:\Users\Shawn\Downloads\10.Cloverfield.Lane.2016.720p.HDRip.800MB.MkvCage.mkv
2016-11-06 22:58 - 2016-11-06 22:58 - 00000000 ____D C:\Users\Shawn\Downloads\Zoolander.2.2016.HDRip.XViD-ETRG
2016-11-06 22:58 - 2016-11-06 22:58 - 00000000 ____D C:\Users\Shawn\Downloads\Zero Dark Thirty (2012)
2016-11-06 22:57 - 2016-11-06 22:57 - 00000000 ____D C:\Users\Shawn\Downloads\X.Men.Apocalypse.2016.TC.x264.AAC-ETRG
2016-11-06 22:57 - 2016-11-06 22:57 - 00000000 ____D C:\Users\Shawn\Downloads\Volbeat - Beyond Hell Above Heaven (2010)
2016-11-06 22:56 - 2016-11-06 22:56 - 00000000 ____D C:\Users\Shawn\Downloads\Victor.Frankenstein.2015.HDRip.XViD-ETRG
2016-11-06 22:55 - 2016-11-06 22:56 - 00000000 ____D C:\Users\Shawn\Downloads\Universal Soldier Day of Reckoning (2012) [1080p]
2016-11-06 22:54 - 2016-11-06 22:54 - 00000000 ____D C:\Users\Shawn\Downloads\Underworld Awakening 2012 BRRiP XViD AbSurdiTy
2016-11-06 22:53 - 2013-05-19 15:00 - 1821918619 _____ C:\Users\Shawn\Downloads\The Place Beyond the Pines [2012]H264 DVDRip.mp4[Eng]BlueLady.mp4
2016-11-06 22:53 - 2012-11-08 15:14 - 81068794 _____ C:\Users\Shawn\Downloads\South.Park.S16E14.HDTV.x264-ASAP.mp4
2016-11-06 22:53 - 2012-10-11 19:42 - 86282801 _____ C:\Users\Shawn\Downloads\South.Park.S16E10.PROPER.HDTV.x264-2HD.mp4
2016-11-06 22:53 - 2012-09-29 11:35 - 91604020 _____ C:\Users\Shawn\Downloads\South.Park.S16E08.HDTV.x264-2HD.mp4
2016-11-06 22:52 - 2013-06-05 18:14 - 2646880589 _____ C:\Users\Shawn\Downloads\Snitch [2013]H264 DVDRip.mp4[Eng]BlueLady.mp4
2016-11-06 22:52 - 2011-06-18 09:44 - 734908642 _____ C:\Users\Shawn\Downloads\Robin.Williams.Weapons.Of.Self.Destruction.HDTV.XviD-CHGRP.avi
2016-11-06 22:51 - 2012-11-09 20:34 - 733659136 _____ C:\Users\Shawn\Downloads\Resident.Evil.Apocalypse.DVDRiP.XViD.avi
2016-11-06 22:51 - 2011-08-19 18:19 - 1468095404 _____ C:\Users\Shawn\Downloads\Rise.of.the.Planet.of.the.Apes.2011.TS.XviD-NOVA.avi
2016-11-06 22:50 - 2012-01-22 21:13 - 735442944 _____ C:\Users\Shawn\Downloads\Paranormal.Activity.3.2011.UNRATED.DVDRip.XviD-SPARKS.avi
2016-11-04 23:09 - 2016-11-04 23:09 - 00000000 ____D C:\Users\Shawn\Downloads\backups
2016-11-01 22:42 - 2016-11-01 23:31 - 00224738 _____ C:\windows\ntbtlog.txt
2016-11-01 00:28 - 2016-11-01 00:28 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2016-11-01 00:28 - 2016-11-01 00:28 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-11-01 00:28 - 2016-11-01 00:28 - 00000000 ____D C:\Users\Shawn\Tracing
2016-11-01 00:28 - 2016-11-01 00:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-10-31 03:31 - 2015-07-30 07:13 - 00124624 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2016-10-31 03:31 - 2015-07-30 07:13 - 00103120 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-10-30 15:57 - 2016-03-06 12:53 - 01885696 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2016-10-30 15:57 - 2016-03-06 12:53 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2016-10-30 15:57 - 2016-03-06 12:38 - 01240576 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2016-10-30 15:57 - 2016-03-06 12:38 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2016-10-30 15:56 - 2016-03-17 16:56 - 02084864 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
2016-10-30 15:56 - 2016-03-17 16:28 - 01414144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll
2016-10-30 15:54 - 2015-07-15 12:10 - 01743360 _____ (Microsoft Corporation) C:\windows\system32\sysmain.dll
2016-10-30 15:47 - 2016-01-20 18:51 - 00073664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\disk.sys
2016-10-30 15:47 - 2015-11-19 08:07 - 00994760 _____ (Microsoft Corporation) C:\windows\system32\ucrtbase.dll
2016-10-30 15:47 - 2015-11-19 08:07 - 00063840 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:07 - 00020832 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:07 - 00019808 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:07 - 00017760 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:07 - 00017760 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:07 - 00016224 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:07 - 00015712 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:07 - 00014176 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:07 - 00014176 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-10-30 15:47 - 2015-11-19 08:07 - 00013664 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:07 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:07 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:07 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:07 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:07 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:07 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:07 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-10-30 15:47 - 2015-11-19 08:07 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-10-30 15:47 - 2015-11-19 08:07 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:07 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:07 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:07 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00922432 _____ (Microsoft Corporation) C:\windows\SysWOW64\ucrtbase.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00066400 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00022368 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00019808 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00017760 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00017760 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00016224 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00015712 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00014176 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00014176 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00013664 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-10-30 15:47 - 2015-11-03 13:04 - 00802304 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
2016-10-30 15:47 - 2015-11-03 12:56 - 00627712 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll
2016-10-30 15:46 - 2015-07-09 11:58 - 01632256 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
2016-10-30 15:46 - 2015-07-09 11:58 - 00082944 _____ (Microsoft Corporation) C:\windows\system32\dwmapi.dll
2016-10-30 15:46 - 2015-07-09 11:42 - 01372160 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmcore.dll
2016-10-30 15:46 - 2015-07-09 11:42 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmapi.dll
2016-10-30 15:44 - 2015-07-14 21:19 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\basesrv.dll
2016-10-30 15:36 - 2016-11-01 00:28 - 00000000 ____D C:\Users\Shawn\AppData\Local\Skype
2016-10-30 15:36 - 2016-04-09 01:01 - 00986344 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2016-10-30 15:36 - 2016-04-09 01:01 - 00264936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgmms1.sys
2016-10-30 15:36 - 2016-04-09 00:57 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\cdd.dll
2016-10-30 15:36 - 2016-02-05 12:56 - 00020480 _____ (Microsoft Corporation) C:\windows\system32\tbs.dll
2016-10-30 15:36 - 2016-02-05 12:54 - 00109568 _____ (Microsoft Corporation) C:\windows\system32\fveapibase.dll
2016-10-30 15:36 - 2016-02-05 11:33 - 00015360 _____ (Microsoft Corporation) C:\windows\SysWOW64\tbs.dll
2016-10-30 15:36 - 2015-06-03 14:21 - 00451080 _____ (Microsoft Corporation) C:\windows\system32\fveapi.dll
2016-10-30 15:35 - 2016-11-01 00:29 - 00000000 ____D C:\Users\Shawn\AppData\Roaming\Skype
2016-10-30 15:34 - 2016-11-01 00:28 - 00000000 ____D C:\ProgramData\Skype
2016-10-30 15:34 - 2016-01-11 13:11 - 01684416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2016-10-30 15:22 - 2012-08-23 07:41 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2016-10-30 15:22 - 2012-08-23 07:40 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2016-10-30 15:21 - 2012-08-23 08:10 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpvideominiport.sys
2016-10-30 15:21 - 2012-08-23 08:07 - 00057856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2016-10-30 15:21 - 2012-08-23 07:47 - 00046592 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsRdpWebAccess.dll
2016-10-30 15:21 - 2012-08-23 07:46 - 00016896 _____ (Microsoft Corporation) C:\windows\SysWOW64\wksprtPS.dll
2016-10-30 15:21 - 2012-08-23 07:20 - 00054272 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2016-10-30 15:21 - 2012-08-23 07:17 - 00018432 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2016-10-30 15:21 - 2012-08-23 07:06 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2016-10-30 15:21 - 2012-08-23 05:14 - 00384000 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2016-10-30 15:21 - 2012-08-23 05:12 - 00192000 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdpendp_winip.dll
2016-10-30 15:21 - 2012-08-23 04:51 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\rdpendp_winip.dll
2016-10-30 14:31 - 2015-08-05 11:56 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\icaapi.dll
2016-10-30 14:31 - 2015-08-05 11:06 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2016-10-30 14:28 - 2015-12-16 12:55 - 00069120 _____ (Microsoft Corporation) C:\windows\system32\nlsbres.dll
2016-10-30 14:28 - 2015-12-16 12:53 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\kbdgeoqw.dll
2016-10-30 14:28 - 2015-12-16 12:53 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDAZEL.DLL
2016-10-30 14:28 - 2015-12-16 12:53 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDAZE.DLL
2016-10-30 14:28 - 2015-12-16 12:48 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDAZE.DLL
2016-10-30 14:28 - 2015-12-16 12:48 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\kbdgeoqw.dll
2016-10-30 14:28 - 2015-12-16 12:48 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDAZEL.DLL
2016-10-30 14:28 - 2015-12-16 12:47 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlsbres.dll
2016-10-30 14:28 - 2015-12-16 08:35 - 00419640 _____ C:\windows\SysWOW64\locale.nls
2016-10-30 14:28 - 2015-12-16 08:35 - 00419640 _____ C:\windows\system32\locale.nls
2016-10-30 02:39 - 2016-10-30 02:39 - 00000000 ____D C:\windows\pss
2016-10-30 02:28 - 2016-10-30 02:28 - 00281632 _____ C:\Users\Shawn\Documents\cc_20161030_022802.reg
2016-10-30 02:21 - 2016-10-30 02:47 - 00002792 _____ C:\windows\System32\Tasks\CCleanerSkipUAC
2016-10-30 02:21 - 2016-10-30 02:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-10-30 02:21 - 2016-10-30 02:21 - 00000000 ____D C:\Program Files\CCleaner
2016-10-30 02:17 - 2016-10-30 02:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
2016-10-30 02:17 - 2016-10-30 02:17 - 00000000 ____D C:\Program Files\Defraggler
2016-10-30 02:16 - 2016-10-30 02:16 - 00000000 ____D C:\Users\Shawn\AppData\Local\CEF
2016-10-30 02:15 - 2016-10-30 02:15 - 00000000 ____D C:\Users\Shawn\AppData\Roaming\AVAST Software
2016-10-30 02:14 - 2016-11-01 23:41 - 00004180 _____ C:\windows\System32\Tasks\avast! Emergency Update
2016-10-30 02:14 - 2016-10-30 02:14 - 00000000 ____D C:\windows\System32\Tasks\AVAST Software
2016-10-30 02:14 - 2016-10-30 02:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-10-30 02:13 - 2016-10-30 02:14 - 00969184 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys
2016-10-30 02:13 - 2016-10-30 02:14 - 00513632 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2016-10-30 02:13 - 2016-10-30 02:14 - 00293352 _____ (AVAST Software) C:\windows\system32\Drivers\aswvmm.sys
2016-10-30 02:13 - 2016-10-30 02:12 - 00391496 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2016-10-30 02:13 - 2016-10-30 02:12 - 00163416 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2016-10-30 02:13 - 2016-10-30 02:12 - 00108816 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2016-10-30 02:13 - 2016-10-30 02:12 - 00103064 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2016-10-30 02:13 - 2016-10-30 02:12 - 00074544 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2016-10-30 02:13 - 2016-10-30 02:12 - 00037656 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2016-10-30 02:12 - 2016-10-30 02:12 - 00053208 _____ (AVAST Software) C:\windows\avastSS.scr
2016-10-30 02:12 - 2016-10-30 02:12 - 00000920 _____ C:\ProgramData\Microsoft\Windows\Start Menu\µTorrent.lnk
2016-10-30 02:12 - 2016-10-30 02:12 - 00000914 _____ C:\Users\Public\Desktop\µTorrent.lnk
2016-10-30 02:12 - 2016-10-30 02:12 - 00000000 ____D C:\Program Files (x86)\uTorrent
2016-10-30 02:11 - 2016-10-30 02:11 - 00000000 ____D C:\Program Files\AVAST Software
2016-10-30 02:10 - 2016-10-30 02:10 - 00000898 _____ C:\Users\Shawn\Desktop\Downloads.lnk
2016-10-30 02:09 - 2016-10-30 02:09 - 00000000 ____D C:\ProgramData\AVAST Software
2016-10-30 02:07 - 2016-10-30 02:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-10-30 01:44 - 2016-10-30 01:44 - 00000000 ____D C:\SUPERDelete
2016-10-30 01:41 - 2016-03-04 10:26 - 00032400 _____ (ThreatTrack Security) C:\windows\system32\Drivers\gfiutil.sys
2016-10-30 01:28 - 2016-11-14 22:01 - 00002166 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-30 01:28 - 2016-11-14 22:01 - 00002154 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-10-30 01:15 - 2016-10-30 01:15 - 00536976 _____ (ThreatTrack Security, Inc.) C:\windows\SysWOW64\sbap.dll
2016-10-30 01:15 - 2016-10-30 01:15 - 00088928 _____ (ThreatTrack Security, Inc.) C:\windows\system32\Drivers\sbapifs.sys
2016-10-30 01:14 - 2016-10-30 01:41 - 00000000 ____D C:\ProgramData\AntiMalwareProData
2016-10-30 00:39 - 2016-11-01 22:44 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-10-30 00:38 - 2016-10-30 00:38 - 00001073 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-10-30 00:38 - 2016-10-30 00:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-10-30 00:38 - 2016-10-30 00:38 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-10-30 00:38 - 2016-10-30 00:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-10-30 00:38 - 2016-03-10 13:09 - 00064896 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2016-10-30 00:38 - 2016-03-10 13:08 - 00140672 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2016-10-30 00:38 - 2016-03-10 13:08 - 00027008 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2016-10-29 23:40 - 2016-10-30 02:14 - 00000000 ____D C:\Program Files\Common Files\AV
2016-10-29 23:25 - 2016-10-30 00:34 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-10-29 23:25 - 2016-10-29 23:40 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-10-29 23:25 - 2016-10-29 23:25 - 00001362 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-10-29 23:25 - 2016-10-29 23:25 - 00001350 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-10-29 23:25 - 2016-10-29 23:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-10-29 23:25 - 2013-09-20 09:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-16 22:44 - 2009-07-13 22:45 - 00016304 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-16 22:44 - 2009-07-13 22:45 - 00016304 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-16 22:38 - 2010-09-02 17:23 - 00000000 ____D C:\Users\Shawn\AppData\Local\CrashDumps
2016-11-16 22:35 - 2009-07-13 23:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-11-16 22:34 - 2010-10-12 13:14 - 00000000 ___SD C:\Users\Shawn\AppData\LocalLow\Temp
2016-11-12 04:41 - 2009-07-13 21:20 - 00000000 ____D C:\windows\rescache
2016-11-12 03:58 - 2009-07-13 23:13 - 00793654 _____ C:\windows\system32\PerfStringBackup.INI
2016-11-12 03:58 - 2009-07-13 21:20 - 00000000 ____D C:\windows\inf
2016-11-12 03:47 - 2009-07-13 22:45 - 00338960 _____ C:\windows\system32\FNTCACHE.DAT
2016-11-12 03:23 - 2013-09-02 08:17 - 00000000 ____D C:\windows\system32\MRT
2016-11-12 03:16 - 2010-08-31 20:21 - 141011376 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-11-11 23:09 - 2009-07-13 22:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-11-11 03:49 - 2013-03-14 06:41 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-11-11 03:49 - 2010-05-29 20:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-11-11 03:45 - 2015-02-10 22:04 - 00000000 ____D C:\windows\system32\appraiser
2016-11-11 03:45 - 2014-05-14 23:38 - 00000000 ___SD C:\windows\system32\CompatTel
2016-11-11 03:45 - 2009-07-13 21:20 - 00000000 ____D C:\windows\SysWOW64\Dism
2016-11-11 03:45 - 2009-07-13 21:20 - 00000000 ____D C:\windows\system32\Dism
2016-11-11 03:06 - 2013-03-20 13:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-11-04 22:31 - 2010-08-31 20:34 - 00000000 ____D C:\Users\Shawn\AppData\Local\Google
2016-11-01 23:41 - 2013-03-06 13:54 - 00000000 ____D C:\Users\Shawn\AppData\Local\ElevatedDiagnostics
2016-11-01 23:41 - 2009-07-13 21:20 - 00000000 ____D C:\windows\system32\NDF
2016-11-01 10:44 - 2011-07-05 22:18 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-11-01 00:28 - 2010-08-31 18:49 - 00000000 ____D C:\Users\Shawn
2016-10-31 04:01 - 2010-09-01 02:29 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-31 04:01 - 2010-09-01 02:29 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-31 03:56 - 2009-07-13 21:20 - 00000000 ____D C:\windows\PolicyDefinitions
2016-10-30 18:20 - 2012-06-03 09:16 - 00000000 ____D C:\Users\Shawn\AppData\LocalLow\Bcool
2016-10-30 14:56 - 2014-04-23 15:34 - 00777964 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2016-10-30 02:47 - 2010-09-01 02:29 - 00003906 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-10-30 02:47 - 2010-09-01 02:29 - 00003654 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-10-30 02:30 - 2010-05-29 20:49 - 00000000 ____D C:\Program Files (x86)\Windows Live
2016-10-30 02:27 - 2012-11-27 21:59 - 00000000 ____D C:\windows\Minidump
2016-10-30 02:27 - 2010-09-04 02:33 - 00000000 ____D C:\Users\Shawn\AppData\Roaming\uTorrent
2016-10-30 02:27 - 2010-03-23 00:43 - 00000000 ____D C:\windows\Panther
2016-10-30 02:07 - 2010-09-05 00:51 - 00000000 ____D C:\Users\Shawn\AppData\Roaming\vlc
2016-10-30 01:56 - 2012-05-18 01:55 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2016-10-30 01:56 - 2010-05-29 20:53 - 00000000 ____D C:\ProgramData\WildTangent
2016-10-30 01:56 - 2010-05-29 20:53 - 00000000 ____D C:\Program Files (x86)\TOSHIBA Games
2016-10-30 01:56 - 2009-07-13 23:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-10-30 01:54 - 2010-09-05 00:49 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2016-10-30 01:53 - 2010-09-05 00:49 - 00000000 ____D C:\ProgramData\Yahoo!
2016-10-30 01:44 - 2013-03-10 11:38 - 00000000 ____D C:\Users\Shawn\AppData\Roaming\Uniblue
2016-10-30 01:38 - 2014-06-04 23:46 - 00009043 _____ C:\windows\wininit.ini
2016-10-30 01:36 - 2010-05-29 20:52 - 00000000 ____D C:\Program Files\Google
2016-10-30 01:36 - 2010-05-29 20:52 - 00000000 ____D C:\Program Files (x86)\Google
2016-10-30 01:14 - 2010-05-29 20:52 - 00000000 ____D C:\ProgramData\Google
2016-10-30 01:04 - 2009-07-13 21:20 - 00000000 ____D C:\windows\system
2016-10-30 01:02 - 2012-03-19 15:06 - 00000000 ____D C:\ProgramData\InstallMate
2016-10-30 01:02 - 2010-09-25 19:57 - 00000000 ____D C:\Program Files (x86)\Zynga
2016-10-30 00:34 - 2013-03-10 11:48 - 00000000 ____D C:\Users\Shawn\AppData\Roaming\player
2016-10-29 23:21 - 2016-06-19 18:49 - 00000000 ____D C:\Users\Shawn\Downloads\The Conjuring 2 2016 HD-TS x264 AC3-CPG
2016-10-29 23:21 - 2016-02-19 09:09 - 00000000 ____D C:\Users\Shawn\Downloads\Its.Always.Sunny.in.Philadelphia.S11E07.HDTV.x264-KILLERS[rarbg]
2016-10-29 23:21 - 2016-02-19 09:09 - 00000000 ____D C:\Users\Shawn\Downloads\Its.Always.Sunny.in.Philadelphia.S11E06.HDTV.x264-FUM[ettv]
2016-10-29 23:21 - 2015-03-24 19:30 - 00000000 ____D C:\Users\Shawn\Downloads\American.Dad.S11E11.HDTV.x264-KILLERS[ettv]
2016-10-29 23:21 - 2015-03-23 13:22 - 00000000 ____D C:\Users\Shawn\Downloads\The.Walking.Dead.S05E15.PROPER.HDTV.x264-BATV[ettv]
2016-10-29 23:21 - 2015-03-11 17:39 - 00000000 ____D C:\Users\Shawn\Downloads\Exodus Gods and Kings (2014)
2016-10-29 23:21 - 2015-03-09 20:31 - 00000000 ____D C:\Users\Shawn\Downloads\The Hobbit The Battle of the Five Armies (2014) [1080p]
2016-10-29 23:21 - 2015-02-19 15:33 - 00000000 ____D C:\Users\Shawn\Downloads\The.Hunger.Games.Mockingjay.Part.1.2014.HDRip.XviD-EVO
2016-10-29 23:21 - 2015-02-19 15:29 - 00000000 ____D C:\Users\Shawn\Downloads\Saturday.Night.Live.40th.Anniversary.Special.HDTV.x264-KILLERS[ettv]
 
==================== Files in the root of some directories =======
 
2012-02-16 23:43 - 2012-02-16 23:43 - 0002634 _____ () C:\Users\Shawn\AppData\Roaming\result.db
2011-10-20 20:05 - 2011-10-20 20:05 - 0017408 _____ () C:\Users\Shawn\AppData\Local\WebpageIcons.db
2011-12-24 11:01 - 2011-12-24 11:01 - 0000000 _____ () C:\Users\Shawn\AppData\Local\{DF21128F-8731-4CC6-AED3-EB639974834F}
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-11-14 17:18
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-11-2016
Ran by Shawn (16-11-2016 22:54:25)
Running from C:\Users\Shawn\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2010-09-01 00:49:00)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3966840398-377389863-2040579310-500 - Administrator - Disabled)
Guest (S-1-5-21-3966840398-377389863-2040579310-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3966840398-377389863-2040579310-1002 - Limited - Enabled)
Mcx1-SHAWN-PC (S-1-5-21-3966840398-377389863-2040579310-1003 - Limited - Enabled) => C:\Users\Mcx1-SHAWN-PC
Shawn (S-1-5-21-3966840398-377389863-2040579310-1001 - Administrator - Enabled) => C:\Users\Shawn
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.0.1.152 - Adobe Systems Incorporated)
Adobe Reader 9.4.6 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A94000000001}) (Version: 9.4.6 - Adobe Systems Incorporated)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.27 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.23 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.111.0.64 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
iLivid (x32 Version: 1.92.0.118480 - Bandoo Media Inc.) Hidden <==== ATTENTION
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java™ 6 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.11 - TOSHIBA CORPORATION)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.07.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{607BE7BF-7C28-4ADB-A4A0-385962B901C3}) (Version: 8.0.28 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}) (Version: 2.00.06 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.3.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.4.9 - TOSHIBA CORPORATION)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM-x32\...\{073B89C3-BA88-41B5-965F-B35A88EAE838}) (Version: 2.00.03 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.3.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.15 - TOSHIBA Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1E924F5C-C0E7-4753-A17B-21863A69BE4D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {21F4C0E6-5677-4201-AEFE-FD6A00C08B63} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-SHAWN-PC => C:\windows\ehome\McxTask.exe [2009-07-13] (Microsoft Corporation)
Task: {2A07900F-B990-4610-88CC-E4F2FF6A0E47} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-02-22] (TOSHIBA CORPORATION)
Task: {4A240997-677C-4B42-9EC3-2C800B8C89B9} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-10-30] (AVAST Software)
Task: {68743DCF-CE53-4D5A-B809-1E090BBE24E6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {C61EDE7F-F2ED-4C2A-AE1E-097AB24A3222} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-10-30] (AVAST Software)
Task: {E058B934-F002-453A-A46C-7E033D9F590D} - System32\Tasks\Microsoft\Windows\PLA\System\{F25B30F0-C1DE-479A-AB4D-140F6257E37F}_System Diagnostics => Rundll32.exe C:\windows\system32\pla.dll,PlaHost "system\System Diagnostics" "$(Arg0)"
Task: {EBA97576-2485-44E9-BA9C-FF6CDBB9A0B4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-09-28] (Piriform Ltd)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2010-03-03 15:15 - 2010-03-03 15:15 - 08762680 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-11-03 14:26 - 2009-11-03 14:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-03 15:15 - 2010-03-03 15:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 15:15 - 2010-03-03 15:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2010-03-23 00:12 - 2009-06-22 16:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
2009-03-12 20:08 - 2009-03-12 20:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 18:38 - 2009-07-25 18:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2010-02-05 18:44 - 2010-02-05 18:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2016-10-30 02:12 - 2016-10-30 02:12 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-11-16 14:05 - 2016-11-16 14:05 - 03129808 _____ () C:\Program Files\AVAST Software\Avast\defs\16111601\algo.dll
2016-10-30 02:12 - 2016-10-30 02:12 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-10-29 23:25 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-10-29 23:25 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-10-29 23:25 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-10-29 23:25 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-10-29 23:25 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2016-10-30 02:12 - 2016-10-30 02:12 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-11-14 22:01 - 2016-11-08 14:29 - 01819240 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libglesv2.dll
2016-11-14 22:01 - 2016-11-08 14:29 - 00093288 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Shawn\Documents\Robin Williams - Live On Broadway.avi:TOC.WMV [130]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2016-11-16 22:34 - 00000035 ____A C:\windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3966840398-377389863-2040579310-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Shawn\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 172.16.1.254 - 142.165.21.5
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: MOBKbackup => 2
MSCONFIG\startupfolder: C:^Users^Shawn^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: SmartFaceVWatcher => %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
MSCONFIG\startupreg: Spybot-S&D Cleaning => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{F42F65F2-9F3B-47DD-BE52-36A1E8C44A79}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{23459075-287B-46B9-A45E-AD3A2719D35C}] => (Allow) svchost.exe
FirewallRules: [{980577AD-F082-4114-95A6-C16E284423BB}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6AB469E5-F05D-4B8C-B32E-A41491F4B93F}] => (Allow) LPort=2869
FirewallRules: [{78AE064E-AC73-4460-B9C3-3BD95DF1EDCB}] => (Allow) LPort=1900
FirewallRules: [{FE90D8ED-025F-4ACC-B096-DA9C05737D2C}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{EEAC36B5-E98D-4A7B-9F67-BF13CB55FEF1}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{CBBE2EFC-E537-4161-8B0D-CF9154DC46C7}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{3E568DC9-586E-4CBA-930D-ECF74DF2127A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Restore Points =========================
 
11-11-2016 03:01:14 Windows Update
12-11-2016 03:00:38 Windows Update
13-11-2016 03:00:14 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/16/2016 10:38:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.18525, time stamp: 0x58122f46
Faulting module name: mshtml.dll, version: 11.0.9600.18525, time stamp: 0x5812433c
Exception code: 0x80000003
Fault offset: 0x0000000001063702
Faulting process id: 0x10cc
Faulting application start time: 0x01d2408c4758f148
Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe
Faulting module path: C:\Windows\System32\mshtml.dll
Report Id: 9ecaee22-ac7f-11e6-a6bb-00266c4fa490
 
Error: (11/16/2016 10:36:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Dwm.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc541
Faulting module name: d3d11.dll, version: 6.2.9200.16570, time stamp: 0x5153b56b
Exception code: 0xc0000005
Fault offset: 0x000000000001e354
Faulting process id: 0x864
Faulting application start time: 0x01d2408c1c057e09
Faulting application path: C:\windows\system32\Dwm.exe
Faulting module path: C:\windows\system32\d3d11.dll
Report Id: 677e8300-ac7f-11e6-a6bb-00266c4fa490
 
Error: (11/16/2016 03:46:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_GeneralTel.dll, version: 6.1.7600.16385, time stamp: 0x4a5bc9e0
Faulting module name: D3D11.dll, version: 6.2.9200.16570, time stamp: 0x5153b56b
Exception code: 0xc0000005
Fault offset: 0x000000000001e354
Faulting process id: 0x1028
Faulting application start time: 0x01d23fee4624131e
Faulting application path: C:\windows\system32\rundll32.exe
Faulting module path: C:\windows\system32\D3D11.dll
Report Id: 87b19fe1-abe1-11e6-8fa8-00266c4fa490
 
Error: (11/15/2016 03:13:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_GeneralTel.dll, version: 6.1.7600.16385, time stamp: 0x4a5bc9e0
Faulting module name: D3D11.dll, version: 6.2.9200.16570, time stamp: 0x5153b56b
Exception code: 0xc0000005
Fault offset: 0x000000000001e354
Faulting process id: 0xd54
Faulting application start time: 0x01d23f208a49cbd4
Faulting application path: C:\windows\system32\rundll32.exe
Faulting module path: C:\windows\system32\D3D11.dll
Report Id: cc6c47c5-ab13-11e6-8fa8-00266c4fa490
 
Error: (11/14/2016 09:44:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Dwm.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc541
Faulting module name: d3d11.dll, version: 6.2.9200.16570, time stamp: 0x5153b56b
Exception code: 0xc0000005
Fault offset: 0x000000000001e354
Faulting process id: 0x80c
Faulting application start time: 0x01d23ef284bedc4b
Faulting application path: C:\windows\system32\Dwm.exe
Faulting module path: C:\windows\system32\d3d11.dll
Report Id: c36edd29-aae5-11e6-8fa8-00266c4fa490
 
Error: (11/14/2016 04:41:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_GeneralTel.dll, version: 6.1.7600.16385, time stamp: 0x4a5bc9e0
Faulting module name: D3D11.dll, version: 6.2.9200.16570, time stamp: 0x5153b56b
Exception code: 0xc0000005
Fault offset: 0x000000000001e354
Faulting process id: 0x15b0
Faulting application start time: 0x01d23ec845ceeca1
Faulting application path: C:\windows\system32\rundll32.exe
Faulting module path: C:\windows\system32\D3D11.dll
Report Id: 8b595876-aabb-11e6-9e20-00266c4fa490
 
Error: (11/14/2016 04:36:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Dwm.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc541
Faulting module name: d3d11.dll, version: 6.2.9200.16570, time stamp: 0x5153b56b
Exception code: 0xc0000005
Fault offset: 0x000000000001e354
Faulting process id: 0xdd0
Faulting application start time: 0x01d23ec7829c32a9
Faulting application path: C:\windows\system32\Dwm.exe
Faulting module path: C:\windows\system32\d3d11.dll
Report Id: c30954db-aaba-11e6-9e20-00266c4fa490
 
Error: (11/13/2016 04:32:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_GeneralTel.dll, version: 6.1.7600.16385, time stamp: 0x4a5bc9e0
Faulting module name: D3D11.dll, version: 6.2.9200.16570, time stamp: 0x5153b56b
Exception code: 0xc0000005
Fault offset: 0x000000000001e354
Faulting process id: 0x10f0
Faulting application start time: 0x01d23d992662bef3
Faulting application path: C:\windows\system32\rundll32.exe
Faulting module path: C:\windows\system32\D3D11.dll
Report Id: 6af3d302-a98c-11e6-94df-00266c4fa490
 
Error: (11/12/2016 01:49:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Dwm.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc541
Faulting module name: d3d11.dll, version: 6.2.9200.16570, time stamp: 0x5153b56b
Exception code: 0xc0000005
Fault offset: 0x000000000001e354
Faulting process id: 0xaac
Faulting application start time: 0x01d23d1dcff3637e
Faulting application path: C:\windows\system32\Dwm.exe
Faulting module path: C:\windows\system32\d3d11.dll
Report Id: 1067a9d0-a911-11e6-94df-00266c4fa490
 
Error: (11/12/2016 03:34:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_GeneralTel.dll, version: 6.1.7600.16385, time stamp: 0x4a5bc9e0
Faulting module name: D3D11.dll, version: 6.2.9200.16570, time stamp: 0x5153b56b
Exception code: 0xc0000005
Fault offset: 0x000000000001e354
Faulting process id: 0x1160
Faulting application start time: 0x01d23cc7e066da2a
Faulting application path: C:\windows\system32\rundll32.exe
Faulting module path: C:\windows\system32\D3D11.dll
Report Id: 2d97b2cd-a8bb-11e6-9ed4-00266c4fa490
 
 
System errors:
=============
Error: (11/16/2016 10:36:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (11/16/2016 10:36:23 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
 
Error: (11/14/2016 04:37:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Network Agent service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (11/14/2016 04:37:21 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Network Agent service to connect.
 
Error: (11/14/2016 04:37:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee VirusScan Announcer service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (11/14/2016 04:37:21 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee VirusScan Announcer service to connect.
 
Error: (11/14/2016 04:37:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Services service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (11/14/2016 04:37:21 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Services service to connect.
 
Error: (11/14/2016 04:35:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Anti-Spam Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (11/14/2016 04:35:17 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Anti-Spam Service service to connect.
 
 
CodeIntegrity:
===================================
  Date: 2014-06-20 02:50:40.380
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-20 02:50:40.375
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-20 02:50:11.069
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2010-10-12 16:21:17.336
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ks.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2010-10-12 16:21:17.336
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ks.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2010-10-12 16:21:13.686
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ks.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2010-10-12 16:21:13.670
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ks.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2010-10-12 16:21:10.067
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ks.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2010-10-12 16:21:10.051
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ks.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU T4500 @ 2.30GHz
Percentage of memory in use: 50%
Total physical RAM: 3963.97 MB
Available physical RAM: 1969.44 MB
Total Virtual: 7926.12 MB
Available Virtual: 5636.46 MB
 
==================== Drives ================================
 
Drive c: (S3A8944D003) (Fixed) (Total:267.93 GB) (Free:11.5 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 54882370)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=267.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=18.1 GB) - (Type=17)
Partition 4: (Not Active) - (Size=10.6 GB) - (Type=17)
 
==================== End of Addition.txt ============================

Edited by decon21, 17 November 2016 - 04:37 PM.


#9 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:05:22 AM

Posted 17 November 2016 - 01:27 PM

Hi decon21

Spybot - Search & Destroy is still installed on the system.

AV: Avast Antivirus (Enabled - Up to date)
AS: Windows Defender (Disabled - Up to date)
AS: Spybot - Search and Destroy (Enabled - Out of date)
AS: Avast Antivirus (Enabled - Up to date)


This running with Avast will cause problems/conflicts.
If you want to keep Avast, then please uninstall Spybot.

I'm a bit confused here:
At the beginning of the post you said:

mcafee is gone

then at the end of the post you added:

Can not uninstall mcafee

But McAfee is not showing in the uninstall list now.

You forgot to post the fixlog.txt.
It's located here:....C:\Users\Shawn\Desktop\Fixlog.txt

Please remove Spybot
Post the fixlog.txt
and then run another scan with FRST so that i can see the fresh report after removing Spybot.

Thanks.

BBPP6nz.png


#10 decon21

decon21
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 17 November 2016 - 04:56 PM

sorry about that. i think i got it right this time.
 

Fix result of Farbar Recovery Scan Tool (x64) Version: 16-11-2016
Ran by Shawn (16-11-2016 22:34:09) Run:1
Running from C:\Users\Shawn\Desktop
Loaded Profiles: Shawn (Available Profiles: Shawn & Mcx1-SHAWN-PC)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start hxxp://www.avg.com/ww.special-uninstallation-feedback-app?lic=SUFXV0ktWFpMVjItTllGTjMtUURQTUgtNFdGVFMtSg"&"inst=NzYtOTI0ODQzNzk1LVFJWDErNC1YMjAxMCsyLU4xKzEtVklQKzEtVFVHKzMtRERUKzUzNzk (the data entry has 167 more characters).
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3966840398-377389863-2040579310-1001\...\MountPoints2: {4e8e1299-09ee-11e2-a6cb-00266c4fa490} - E:\StartClickFreeBackup.exe
SearchScopes: HKU\S-1-5-21-3966840398-377389863-2040579310-1001 -> URL hxxp://ca.yhs.search.yahoo.com/avg/search?fr=yhs-avgb-chrome&type=yahoo_avg_hs2-tb-web_chrome_ca&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3966840398-377389863-2040579310-1001 -> {31C088A7-5097-4CB6-83EE-5E5F66D7B6C5} URL = hxxp://search.avg.com/route/?d=4e4aeb5b&v=7.7.26.1&i=26&tp=chrome&q={searchTerms}&lng={language}&iy=b&ychte=us
SearchScopes: HKU\S-1-5-21-3966840398-377389863-2040579310-1001 -> {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = hxxp://start.iplay.com/searchresults.aspx?o=chrome&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3966840398-377389863-2040579310-1001 -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=b&ychte=ca
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: No Name -> {CC3C8D60-29D6-4880-B9D8-443C4CBA2BEC} -> No File
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\S-1-5-21-3966840398-377389863-2040579310-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3966840398-377389863-2040579310-1001 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\S-1-5-21-3966840398-377389863-2040579310-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
2016-11-12 13:49 - 2013-06-05 12:57 - 00000350 _____ C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2016-10-30 00:34 - 2010-09-25 19:57 - 00000000 ____D C:\Program Files (x86)\Conduit
C:\ProgramData\sprunst.exe
Task: {12854118-C3E2-472B-9608-9CA72C8ED477} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\windows\TEMP\{015A9D8E-EA66-4BE0-AB60-2F74C33B0AFE}.exe <==== ATTENTION
Task: {FB2FA92F-8E72-4E39-BD90-794358A32318} - System32\Tasks\{217E40A0-9E31-4AD3-A260-465E8937EDC1} => pcalua.exe -a "C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe" -c /AppMode=SETUP /Uninstall
Task: C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\windows\TEMP\{015A9D8E-EA66-4BE0-AB60-2F74C33B0AFE}.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4 [151]
AlternateDataStreams: C:\ProgramData\TEMP:B16047B8 [296]
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1 [112]
FirewallRules: [{743FA328-0459-4543-B944-B1F90045D90D}] => (Allow) C:\Program Files (x86)\FrostWire 5\FrostWire.exe
FirewallRules: [{541A2C32-38C8-45B2-8370-A8D4159521E9}] => (Allow) C:\Program Files (x86)\FrostWire 5\FrostWire.exe
C:\Program Files (x86)\FrostWire 5
CMD: ipconfig /flushdns
Hosts:
EmptyTemp:
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\AvgUninstallURL => value removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => key removed successfully
"HKU\S-1-5-21-3966840398-377389863-2040579310-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4e8e1299-09ee-11e2-a6cb-00266c4fa490}" => key removed successfully
HKCR\CLSID\{4e8e1299-09ee-11e2-a6cb-00266c4fa490} => key not found. 
HKU\S-1-5-21-3966840398-377389863-2040579310-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => value removed successfully
"HKU\S-1-5-21-3966840398-377389863-2040579310-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31C088A7-5097-4CB6-83EE-5E5F66D7B6C5}" => key removed successfully
HKCR\CLSID\{31C088A7-5097-4CB6-83EE-5E5F66D7B6C5} => key not found. 
"HKU\S-1-5-21-3966840398-377389863-2040579310-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}" => key removed successfully
HKCR\CLSID\{36377DD7-B3EB-42f5-986F-680BAF59BA9D} => key not found. 
"HKU\S-1-5-21-3966840398-377389863-2040579310-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" => key removed successfully
HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => key removed successfully
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key removed successfully
HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC3C8D60-29D6-4880-B9D8-443C4CBA2BEC}" => key removed successfully
HKCR\Wow6432Node\CLSID\{CC3C8D60-29D6-4880-B9D8-443C4CBA2BEC} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value removed successfully
HKCR\Wow6432Node\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => key not found. 
HKU\S-1-5-21-3966840398-377389863-2040579310-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found. 
HKU\S-1-5-21-3966840398-377389863-2040579310-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value removed successfully
HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => key not found. 
HKU\S-1-5-21-3966840398-377389863-2040579310-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value removed successfully
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => key not found. 
C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => moved successfully
C:\Program Files (x86)\Conduit => moved successfully
C:\ProgramData\sprunst.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{12854118-C3E2-472B-9608-9CA72C8ED477}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{12854118-C3E2-472B-9608-9CA72C8ED477}" => key removed successfully
C:\windows\System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-Secure-Search-Update_JUNE2013_TB_rmv" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FB2FA92F-8E72-4E39-BD90-794358A32318}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB2FA92F-8E72-4E39-BD90-794358A32318}" => key removed successfully
C:\windows\System32\Tasks\{217E40A0-9E31-4AD3-A260-465E8937EDC1} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{217E40A0-9E31-4AD3-A260-465E8937EDC1}" => key removed successfully
C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => not found.
C:\ProgramData\TEMP => ":0B4227B4" ADS removed successfully.
C:\ProgramData\TEMP => ":B16047B8" ADS removed successfully.
C:\ProgramData\TEMP => ":D1B5B4F1" ADS removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{743FA328-0459-4543-B944-B1F90045D90D} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{541A2C32-38C8-45B2-8370-A8D4159521E9} => value removed successfully
C:\Program Files (x86)\FrostWire 5 => moved successfully
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 7985353 B
Java, Flash, Steam htmlcache => 501 B
Windows/system/drivers => 68991216 B
Edge => 0 B
Chrome => 93305618 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 71482710 B
systemprofile32 => 1597306 B
LocalService => 132244 B
NetworkService => 66228 B
Shawn => 185605013 B
Mcx1-SHAWN-PC => 121101 B
 
RecycleBin => 402311 B
EmptyTemp: => 417.8 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 22:34:25 ====

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-11-2016
Ran by Shawn (administrator) on SHAWN-PC (17-11-2016 15:42:56)
Running from C:\Users\Shawn\Desktop
Loaded Profiles: Shawn (Available Profiles: Shawn & Mcx1-SHAWN-PC)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\TOSHIBA Web Camera Application\TWebCamera.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [520760 2010-03-10] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-15] (AVAST Software)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-18\...\RunOnce: [{91120000-002F-0000-0000-0000000FF1CE}] => C:\windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18\...\RunOnce: [{90120000-006E-0409-0000-0000000FF1CE}] => C:\windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-10-30] (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 172.16.1.254 142.165.21.5
Tcpip\..\Interfaces\{32190FDF-D106-47AD-A6BE-AE4AA606D184}: [DhcpNameServer] 172.16.1.254
Tcpip\..\Interfaces\{4F43E652-8F57-4562-9BF6-DC8F939389B0}: [DhcpNameServer] 172.16.1.254 142.165.21.5
 
Internet Explorer:
==================
HKU\S-1-5-21-3966840398-377389863-2040579310-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\S-1-5-21-3966840398-377389863-2040579310-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.toshiba.ca/welcome
URLSearchHook: HKU\S-1-5-21-3966840398-377389863-2040579310-1001 - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-3966840398-377389863-2040579310-1001 -> DefaultScope {1B22A0CB-B47F-425C-B59D-F86B0263B4FB} URL = hxxp://ca.search.yahoo.com/search?fr=mcafee&type=A011CA0&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-3966840398-377389863-2040579310-1001 -> {1B22A0CB-B47F-425C-B59D-F86B0263B4FB} URL = hxxp://ca.search.yahoo.com/search?fr=mcafee&type=A011CA0&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-3966840398-377389863-2040579310-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA_en___CA395
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22] (Adobe Systems Incorporated)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-03-23] (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-03-02] (<TOSHIBA>)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll [2014-05-07] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2011-06-07] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Shawn\AppData\Local\Google\Chrome\User Data\Default [2016-11-17]
CHR Extension: (Google Docs) - C:\Users\Shawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-30]
CHR Extension: (Google Drive) - C:\Users\Shawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-30]
CHR Extension: (YouTube) - C:\Users\Shawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-30]
CHR Extension: (Avast SafePrice) - C:\Users\Shawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-11-16]
CHR Extension: (Google Sheets) - C:\Users\Shawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-30]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Shawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2016-10-30]
CHR Extension: (Google Docs Offline) - C:\Users\Shawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-30]
CHR Extension: (Avast Online Security) - C:\Users\Shawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-10-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Shawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-30]
CHR Extension: (Gmail) - C:\Users\Shawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-30]
CHR Extension: (Chrome Media Router) - C:\Users\Shawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-30]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-10-30] (AVAST Software)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 aswHwid; C:\windows\system32\drivers\aswHwid.sys [37656 2016-10-30] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [108816 2016-10-30] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [103064 2016-10-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-10-30] (AVAST Software)
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [969184 2016-10-30] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [513632 2016-10-30] (AVAST Software)
R2 aswStm; C:\windows\system32\drivers\aswStm.sys [163416 2016-10-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-30] (AVAST Software)
S3 ebdrv; C:\windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 gfiutil; C:\windows\System32\drivers\gfiutil.sys [32400 2016-03-04] (ThreatTrack Security)
R2 sbapifs; C:\windows\System32\DRIVERS\sbapifs.sys [88928 2016-10-30] (ThreatTrack Security, Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-17 15:39 - 2016-11-17 15:39 - 00000000 ____D C:\windows\System32\Tasks\Safer-Networking
2016-11-16 22:34 - 2016-11-16 22:34 - 00009671 _____ C:\Users\Shawn\Desktop\Fixlog.txt
2016-11-14 16:42 - 2016-11-14 16:42 - 03480040 _____ (McAfee, Inc.) C:\Users\Shawn\Downloads\MCPR.exe
2016-11-14 16:41 - 2016-11-14 16:41 - 03480040 _____ (McAfee, Inc.) C:\Users\Shawn\Downloads\Unconfirmed 251591.crdownload
2016-11-12 13:52 - 2016-11-16 23:04 - 00031288 _____ C:\Users\Shawn\Desktop\Addition.txt
2016-11-12 13:50 - 2016-11-17 15:44 - 00014913 _____ C:\Users\Shawn\Desktop\FRST.txt
2016-11-12 13:50 - 2016-11-16 22:34 - 00000000 ____D C:\Users\Shawn\Desktop\FRST-OlderVersion
2016-11-12 13:49 - 2016-11-12 13:49 - 02411520 _____ (Farbar) C:\Users\Shawn\Downloads\FRST64 (1).exe
2016-11-11 23:11 - 2016-11-17 15:42 - 00000000 ____D C:\FRST
2016-11-11 23:10 - 2016-11-16 22:34 - 02412032 _____ (Farbar) C:\Users\Shawn\Desktop\FRST64.exe
2016-11-11 04:30 - 2016-05-12 11:15 - 00105472 _____ (Microsoft Corporation) C:\windows\system32\winipsec.dll
2016-11-11 04:30 - 2016-05-12 11:14 - 00794624 _____ (Microsoft Corporation) C:\windows\system32\gpsvc.dll
2016-11-11 04:30 - 2016-05-12 11:14 - 00502272 _____ (Microsoft Corporation) C:\windows\system32\IPSECSVC.DLL
2016-11-11 04:30 - 2016-05-12 11:14 - 00373760 _____ (Microsoft Corporation) C:\windows\system32\polstore.dll
2016-11-11 04:30 - 2016-05-12 11:14 - 00096256 _____ (Microsoft Corporation) C:\windows\system32\gpapi.dll
2016-11-11 04:30 - 2016-05-12 11:14 - 00075776 _____ (Microsoft Corporation) C:\windows\system32\FwRemoteSvr.dll
2016-11-11 04:30 - 2016-05-12 09:18 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\polstore.dll
2016-11-11 04:30 - 2016-05-12 09:18 - 00079360 _____ (Microsoft Corporation) C:\windows\SysWOW64\gpapi.dll
2016-11-11 04:30 - 2016-05-12 09:18 - 00070144 _____ (Microsoft Corporation) C:\windows\SysWOW64\winipsec.dll
2016-11-11 04:30 - 2016-05-12 09:18 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\FwRemoteSvr.dll
2016-11-11 04:30 - 2015-12-20 12:50 - 03180544 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2016-11-11 04:30 - 2015-12-20 12:50 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2016-11-11 04:30 - 2015-12-20 08:08 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2016-11-11 04:30 - 2015-07-16 13:12 - 04922368 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2016-11-11 04:30 - 2015-07-16 13:12 - 00269824 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2016-11-11 04:30 - 2015-07-16 13:12 - 00037376 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2016-11-11 04:30 - 2015-07-16 13:11 - 05779456 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2016-11-11 04:30 - 2015-07-16 13:11 - 00322560 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll
2016-11-11 04:30 - 2015-07-16 13:11 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2016-11-11 04:30 - 2014-12-11 11:47 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2016-11-11 04:29 - 2014-08-28 20:06 - 01125888 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2016-11-11 04:29 - 2014-08-28 19:44 - 01050112 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2016-11-11 04:28 - 2016-11-02 09:36 - 00382696 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2016-11-11 04:28 - 2016-11-02 09:22 - 00308456 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2016-11-11 04:28 - 2016-10-27 21:59 - 00394440 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-11-11 04:28 - 2016-10-27 21:14 - 00346320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2016-11-11 04:28 - 2016-10-27 12:51 - 02896384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-11-11 04:28 - 2016-10-27 12:28 - 25763328 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-11-11 04:28 - 2016-10-27 12:28 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2016-11-11 04:28 - 2016-10-27 12:19 - 06047744 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-11-11 04:28 - 2016-10-27 11:46 - 00806912 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-11-11 04:28 - 2016-10-27 11:46 - 00725504 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2016-11-11 04:28 - 2016-10-27 11:44 - 02131456 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-11-11 04:28 - 2016-10-27 11:44 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2016-11-11 04:28 - 2016-10-27 11:17 - 15257088 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-11-11 04:28 - 2016-10-27 11:16 - 02920448 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-11-11 04:28 - 2016-10-27 11:03 - 01543680 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-11-11 04:28 - 2016-10-27 09:05 - 20304896 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-11-11 04:28 - 2016-10-25 09:02 - 03219456 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-11-11 04:28 - 2016-10-22 11:27 - 02287616 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2016-11-11 04:28 - 2016-10-22 10:44 - 04608000 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-11-11 04:28 - 2016-10-22 10:43 - 02055680 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2016-11-11 04:28 - 2016-10-22 10:43 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2016-11-11 04:28 - 2016-10-22 10:30 - 13654016 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-11-11 04:28 - 2016-10-22 10:12 - 02444800 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-11-11 04:28 - 2016-10-22 10:09 - 01312256 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-11-11 04:28 - 2016-10-15 09:31 - 00976896 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2016-11-11 04:28 - 2016-10-15 09:13 - 00741888 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2016-11-11 04:28 - 2016-10-11 09:37 - 00370920 _____ (Microsoft Corporation) C:\windows\system32\clfs.sys
2016-11-11 04:28 - 2016-10-11 09:31 - 01148416 _____ (Microsoft Corporation) C:\windows\system32\IMJP10.IME
2016-11-11 04:28 - 2016-10-11 09:31 - 01068544 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
2016-11-11 04:28 - 2016-10-11 09:31 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL
2016-11-11 04:28 - 2016-10-11 09:31 - 00176128 _____ (Microsoft Corporation) C:\windows\system32\tintlgnt.ime
2016-11-11 04:28 - 2016-10-11 09:31 - 00175104 _____ (Microsoft Corporation) C:\windows\system32\quick.ime
2016-11-11 04:28 - 2016-10-11 09:31 - 00175104 _____ (Microsoft Corporation) C:\windows\system32\qintlgnt.ime
2016-11-11 04:28 - 2016-10-11 09:31 - 00175104 _____ (Microsoft Corporation) C:\windows\system32\phon.ime
2016-11-11 04:28 - 2016-10-11 09:31 - 00175104 _____ (Microsoft Corporation) C:\windows\system32\cintlgnt.ime
2016-11-11 04:28 - 2016-10-11 09:31 - 00175104 _____ (Microsoft Corporation) C:\windows\system32\chajei.ime
2016-11-11 04:28 - 2016-10-11 09:31 - 00132608 _____ (Microsoft Corporation) C:\windows\system32\pintlgnt.ime
2016-11-11 04:28 - 2016-10-11 09:18 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\tintlgnt.ime
2016-11-11 04:28 - 2016-10-11 09:18 - 00125952 _____ (Microsoft Corporation) C:\windows\SysWOW64\cintlgnt.ime
2016-11-11 04:28 - 2016-10-11 09:18 - 00090112 _____ (Microsoft Corporation) C:\windows\SysWOW64\pintlgnt.ime
2016-11-11 04:28 - 2016-10-11 07:33 - 00187392 _____ (Microsoft Corporation) C:\windows\SysWOW64\UIAnimation.dll
2016-11-11 04:28 - 2016-10-11 07:06 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\UIAnimation.dll
2016-11-11 04:28 - 2016-10-10 09:33 - 01462272 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-11-11 04:28 - 2016-10-10 09:33 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2016-11-11 04:28 - 2016-10-10 09:16 - 00261120 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2016-11-11 04:28 - 2016-10-07 09:40 - 00631176 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2016-11-11 04:28 - 2016-10-07 09:37 - 05547752 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-11-11 04:28 - 2016-10-07 09:37 - 00706792 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2016-11-11 04:28 - 2016-10-07 09:35 - 01732864 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2016-11-11 04:28 - 2016-10-07 09:32 - 03649536 _____ (Microsoft Corporation) C:\windows\system32\MSVidCtl.dll
2016-11-11 04:28 - 2016-10-07 09:18 - 04000488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2016-11-11 04:28 - 2016-10-07 09:18 - 03944680 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2016-11-11 04:28 - 2016-10-07 09:15 - 01314112 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2016-11-11 04:28 - 2016-10-07 09:12 - 02291712 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSVidCtl.dll
2016-11-11 04:28 - 2016-10-05 08:54 - 00090112 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bowser.sys
2016-11-11 04:28 - 2016-09-15 08:56 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2016-11-11 04:28 - 2016-09-09 12:20 - 00756736 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2016-11-11 04:28 - 2016-09-09 12:00 - 00497152 _____ (Microsoft Corporation) C:\windows\SysWOW64\win32spl.dll
2016-11-11 04:27 - 2016-11-02 09:32 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2016-11-11 04:27 - 2016-11-02 09:32 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2016-11-11 04:27 - 2016-11-02 09:32 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2016-11-11 04:27 - 2016-11-02 09:32 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2016-11-11 04:27 - 2016-11-02 09:16 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2016-11-11 04:27 - 2016-11-02 09:16 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2016-11-11 04:27 - 2016-11-02 09:16 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2016-11-11 04:27 - 2016-11-02 08:53 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2016-11-11 04:27 - 2016-10-27 13:13 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2016-11-11 04:27 - 2016-10-27 13:13 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2016-11-11 04:27 - 2016-10-27 12:55 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2016-11-11 04:27 - 2016-10-27 12:54 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2016-11-11 04:27 - 2016-10-27 12:54 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2016-11-11 04:27 - 2016-10-27 12:53 - 00576000 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-11-11 04:27 - 2016-10-27 12:53 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2016-11-11 04:27 - 2016-10-27 12:44 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2016-11-11 04:27 - 2016-10-27 12:43 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2016-11-11 04:27 - 2016-10-27 12:38 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2016-11-11 04:27 - 2016-10-27 12:37 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-11-11 04:27 - 2016-10-27 12:37 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2016-11-11 04:27 - 2016-10-27 12:37 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2016-11-11 04:27 - 2016-10-27 12:37 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2016-11-11 04:27 - 2016-10-27 12:24 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2016-11-11 04:27 - 2016-10-27 12:15 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2016-11-11 04:27 - 2016-10-27 12:13 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2016-11-11 04:27 - 2016-10-27 12:09 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2016-11-11 04:27 - 2016-10-27 12:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-11-11 04:27 - 2016-10-27 12:05 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2016-11-11 04:27 - 2016-10-27 12:02 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2016-11-11 04:27 - 2016-10-27 11:49 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-11-11 04:27 - 2016-10-27 10:54 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-11-11 04:27 - 2016-10-22 11:54 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2016-11-11 04:27 - 2016-10-22 11:36 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2016-11-11 04:27 - 2016-10-22 11:36 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2016-11-11 04:27 - 2016-10-22 11:35 - 00498688 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-11-11 04:27 - 2016-10-22 11:35 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2016-11-11 04:27 - 2016-10-22 11:34 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2016-11-11 04:27 - 2016-10-22 11:27 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2016-11-11 04:27 - 2016-10-22 11:26 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2016-11-11 04:27 - 2016-10-22 11:22 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2016-11-11 04:27 - 2016-10-22 11:21 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-11-11 04:27 - 2016-10-22 11:21 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2016-11-11 04:27 - 2016-10-22 11:20 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2016-11-11 04:27 - 2016-10-22 11:09 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2016-11-11 04:27 - 2016-10-22 11:04 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-11-11 04:27 - 2016-10-22 11:03 - 00091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2016-11-11 04:27 - 2016-10-22 10:59 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2016-11-11 04:27 - 2016-10-22 10:58 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2016-11-11 04:27 - 2016-10-22 10:56 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2016-11-11 04:27 - 2016-10-22 10:54 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2016-11-11 04:27 - 2016-10-22 10:46 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2016-11-11 04:27 - 2016-10-22 10:45 - 00693248 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-11-11 04:27 - 2016-10-22 10:09 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-11-11 04:27 - 2016-10-15 09:31 - 00084480 _____ (Microsoft Corporation) C:\windows\system32\INETRES.dll
2016-11-11 04:27 - 2016-10-15 09:13 - 00084480 _____ (Microsoft Corporation) C:\windows\SysWOW64\INETRES.dll
2016-11-11 04:27 - 2016-10-11 09:31 - 00457216 _____ (Microsoft Corporation) C:\windows\system32\imkr80.ime
2016-11-11 04:27 - 2016-10-11 09:31 - 00246784 _____ (Microsoft Corporation) C:\windows\system32\input.dll
2016-11-11 04:27 - 2016-10-11 09:18 - 01027584 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10.IME
2016-11-11 04:27 - 2016-10-11 09:18 - 00829952 _____ (Microsoft Corporation) C:\windows\SysWOW64\msctf.dll
2016-11-11 04:27 - 2016-10-11 09:18 - 00701440 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10K.DLL
2016-11-11 04:27 - 2016-10-11 09:18 - 00430080 _____ (Microsoft Corporation) C:\windows\SysWOW64\imkr80.ime
2016-11-11 04:27 - 2016-10-11 09:18 - 00202240 _____ (Microsoft Corporation) C:\windows\SysWOW64\input.dll
2016-11-11 04:27 - 2016-10-11 09:18 - 00125952 _____ (Microsoft Corporation) C:\windows\SysWOW64\quick.ime
2016-11-11 04:27 - 2016-10-11 09:18 - 00125952 _____ (Microsoft Corporation) C:\windows\SysWOW64\qintlgnt.ime
2016-11-11 04:27 - 2016-10-11 09:18 - 00125952 _____ (Microsoft Corporation) C:\windows\SysWOW64\phon.ime
2016-11-11 04:27 - 2016-10-11 09:18 - 00125952 _____ (Microsoft Corporation) C:\windows\SysWOW64\chajei.ime
2016-11-11 04:27 - 2016-10-10 09:38 - 00154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-11-11 04:27 - 2016-10-10 09:38 - 00095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2016-11-11 04:27 - 2016-10-10 09:34 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2016-11-11 04:27 - 2016-10-10 09:34 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2016-11-11 04:27 - 2016-10-10 09:34 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2016-11-11 04:27 - 2016-10-10 09:34 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2016-11-11 04:27 - 2016-10-10 09:33 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2016-11-11 04:27 - 2016-10-10 09:33 - 00730624 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-11-11 04:27 - 2016-10-10 09:33 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2016-11-11 04:27 - 2016-10-10 09:33 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2016-11-11 04:27 - 2016-10-10 09:33 - 00345600 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-11-11 04:27 - 2016-10-10 09:33 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2016-11-11 04:27 - 2016-10-10 09:33 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2016-11-11 04:27 - 2016-10-10 09:33 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2016-11-11 04:27 - 2016-10-10 09:33 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2016-11-11 04:27 - 2016-10-10 09:33 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2016-11-11 04:27 - 2016-10-10 09:33 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2016-11-11 04:27 - 2016-10-10 09:33 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2016-11-11 04:27 - 2016-10-10 09:16 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2016-11-11 04:27 - 2016-10-10 09:16 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2016-11-11 04:27 - 2016-10-10 09:16 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2016-11-11 04:27 - 2016-10-10 09:16 - 00342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2016-11-11 04:27 - 2016-10-10 09:16 - 00254464 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2016-11-11 04:27 - 2016-10-10 09:16 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2016-11-11 04:27 - 2016-10-10 09:16 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2016-11-11 04:27 - 2016-10-10 09:16 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2016-11-11 04:27 - 2016-10-10 09:16 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2016-11-11 04:27 - 2016-10-10 09:16 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2016-11-11 04:27 - 2016-10-10 09:16 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2016-11-11 04:27 - 2016-10-10 09:16 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2016-11-11 04:27 - 2016-10-10 09:16 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2016-11-11 04:27 - 2016-10-10 09:16 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2016-11-11 04:27 - 2016-10-10 09:02 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2016-11-11 04:27 - 2016-10-10 08:56 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-11-11 04:27 - 2016-10-10 08:55 - 00291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-11-11 04:27 - 2016-10-10 08:55 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-11-11 04:27 - 2016-10-10 08:55 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2016-11-11 04:27 - 2016-10-10 08:54 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2016-11-11 04:27 - 2016-10-10 08:50 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00880640 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00877056 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\asycfilt.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00059904 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00034816 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00644096 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00581632 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\asycfilt.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:12 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 09:04 - 00148480 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2016-11-11 04:27 - 2016-10-07 09:04 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2016-11-11 04:27 - 2016-10-07 09:04 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2016-11-11 04:27 - 2016-10-07 09:01 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2016-11-11 04:27 - 2016-10-07 09:00 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2016-11-11 04:27 - 2016-10-07 08:56 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2016-11-11 04:27 - 2016-10-07 08:50 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2016-11-11 04:27 - 2016-10-07 08:50 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2016-11-11 04:27 - 2016-10-07 08:50 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2016-11-11 04:27 - 2016-10-07 08:50 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2016-11-11 04:27 - 2016-10-07 08:49 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 08:49 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 08:49 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-11-11 04:27 - 2016-10-07 08:49 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-11-11 04:27 - 2016-09-13 09:37 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2016-11-11 04:27 - 2016-09-13 09:11 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2016-11-11 04:27 - 2016-08-22 10:19 - 01386496 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2016-11-10 23:14 - 2016-08-12 10:26 - 00464896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv.sys
2016-11-10 23:14 - 2016-08-12 10:26 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2016-11-10 23:14 - 2016-08-12 10:26 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2016-11-10 23:14 - 2016-06-25 18:27 - 00970240 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2016-11-10 23:14 - 2016-06-25 18:27 - 00344576 _____ (Microsoft Corporation) C:\windows\system32\ntprint.dll
2016-11-10 23:14 - 2016-06-25 18:27 - 00166400 _____ (Microsoft Corporation) C:\windows\system32\inetpp.dll
2016-11-10 23:14 - 2016-06-25 18:27 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\inetppui.dll
2016-11-10 23:14 - 2016-06-25 13:53 - 00297472 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntprint.dll
2016-11-10 23:14 - 2016-06-25 13:53 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\ntprint.exe
2016-11-10 23:14 - 2016-06-25 13:53 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\wpnpinst.exe
2016-11-10 23:14 - 2016-06-25 13:41 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntprint.exe
2016-11-10 23:13 - 2016-08-12 11:02 - 14632960 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2016-11-10 23:12 - 2016-09-12 15:08 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\adsmsext.dll
2016-11-10 23:12 - 2016-09-12 14:49 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\adsmsext.dll
2016-11-10 23:12 - 2016-09-12 13:08 - 01251328 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2016-11-10 23:12 - 2016-09-12 12:43 - 01648128 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2016-11-10 23:12 - 2016-09-12 12:43 - 01180160 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2016-11-10 23:12 - 2016-09-08 14:34 - 00263680 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2016-11-10 23:12 - 2016-09-08 14:34 - 00208896 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2016-11-10 23:12 - 2016-09-08 14:34 - 00108544 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2016-11-10 23:12 - 2016-09-08 14:34 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2016-11-10 23:12 - 2016-09-08 08:55 - 00142336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2016-11-10 23:12 - 2016-09-08 08:55 - 00106496 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dfsc.sys
2016-11-10 23:12 - 2016-08-12 11:02 - 12574720 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2016-11-10 23:12 - 2016-08-12 11:02 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2016-11-10 23:12 - 2016-08-12 11:02 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2016-11-10 23:12 - 2016-08-12 11:02 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2016-11-10 23:12 - 2016-08-12 10:47 - 12574208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2016-11-10 23:12 - 2016-08-12 10:47 - 11410432 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2016-11-10 23:12 - 2016-08-12 10:31 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll
2016-11-10 23:12 - 2016-08-12 10:31 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx
2016-11-10 23:12 - 2016-08-12 10:31 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll
2016-11-10 23:12 - 2016-08-12 10:26 - 00461312 _____ (Microsoft Corporation) C:\windows\system32\scavengeui.dll
2016-11-10 23:12 - 2016-08-06 09:31 - 02023424 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2016-11-10 23:12 - 2016-08-06 09:31 - 00347136 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll
2016-11-10 23:12 - 2016-08-06 09:31 - 00310784 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2016-11-10 23:12 - 2016-08-06 09:31 - 00182272 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll
2016-11-10 23:12 - 2016-08-06 09:31 - 00054272 _____ (Microsoft Corporation) C:\windows\system32\WsmRes.dll
2016-11-10 23:12 - 2016-08-06 09:31 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\wsmplpxy.dll
2016-11-10 23:12 - 2016-08-06 09:15 - 01178112 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2016-11-10 23:12 - 2016-08-06 09:15 - 00249344 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll
2016-11-10 23:12 - 2016-08-06 09:15 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
2016-11-10 23:12 - 2016-08-06 09:15 - 00146944 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll
2016-11-10 23:12 - 2016-08-06 09:15 - 00054272 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmRes.dll
2016-11-10 23:12 - 2016-08-06 09:01 - 00266752 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe
2016-11-10 23:12 - 2016-08-06 09:01 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\wsmprovhost.exe
2016-11-10 23:12 - 2016-08-06 08:53 - 00199168 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe
2016-11-10 23:12 - 2016-08-06 08:53 - 00012288 _____ (Microsoft Corporation) C:\windows\SysWOW64\wsmprovhost.exe
2016-11-10 23:12 - 2016-08-06 08:53 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\wsmplpxy.dll
2016-11-10 23:12 - 2016-06-14 11:21 - 00094440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2016-11-10 23:12 - 2016-06-14 11:16 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 01573888 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 01483264 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 01202176 _____ (Microsoft Corporation) C:\windows\system32\drmv2clt.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 01068544 _____ (Microsoft Corporation) C:\windows\system32\cryptui.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00842240 _____ (Microsoft Corporation) C:\windows\system32\blackbox.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00782848 _____ (Microsoft Corporation) C:\windows\system32\wmdrmsdk.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00680448 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00641024 _____ (Microsoft Corporation) C:\windows\system32\msscp.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00632320 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00499712 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00497664 _____ (Microsoft Corporation) C:\windows\system32\drmmgrtn.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00440320 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00433152 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00325632 _____ (Microsoft Corporation) C:\windows\system32\msnetobj.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00295936 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00190976 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00187904 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00141824 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00081920 _____ (Microsoft Corporation) C:\windows\system32\cryptsp.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\pcadm.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00008704 _____ (Microsoft Corporation) C:\windows\system32\pcaevts.dll
2016-11-10 23:12 - 2016-06-14 11:16 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2016-11-10 23:12 - 2016-06-14 11:11 - 00663552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys
2016-11-10 23:12 - 2016-06-14 09:21 - 03209216 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2016-11-10 23:12 - 2016-06-14 09:21 - 01329664 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll
2016-11-10 23:12 - 2016-06-14 09:21 - 01176064 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2016-11-10 23:12 - 2016-06-14 09:21 - 01005056 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptui.dll
2016-11-10 23:12 - 2016-06-14 09:21 - 00988160 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmv2clt.dll
2016-11-10 23:12 - 2016-06-14 09:21 - 00744960 _____ (Microsoft Corporation) C:\windows\SysWOW64\blackbox.dll
2016-11-10 23:12 - 2016-06-14 09:21 - 00617984 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmdrmsdk.dll
2016-11-10 23:12 - 2016-06-14 09:21 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2016-11-10 23:12 - 2016-06-14 09:21 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msscp.dll
2016-11-10 23:12 - 2016-06-14 09:21 - 00489984 _____ (Microsoft Corporation) C:\windows\SysWOW64\evr.dll
2016-11-10 23:12 - 2016-06-14 09:21 - 00442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2016-11-10 23:12 - 2016-06-14 09:21 - 00406016 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmmgrtn.dll
2016-11-10 23:12 - 2016-06-14 09:21 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2016-11-10 23:12 - 2016-06-14 09:21 - 00354816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfplat.dll
2016-11-10 23:12 - 2016-06-14 09:21 - 00265216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msnetobj.dll
2016-11-10 23:12 - 2016-06-14 09:21 - 00195072 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2016-11-10 23:12 - 2016-06-14 09:21 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2016-11-10 23:12 - 2016-06-14 09:21 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2016-11-10 23:12 - 2016-06-14 09:21 - 00106496 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2016-11-10 23:12 - 2016-06-14 09:21 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2016-11-10 23:12 - 2016-06-14 09:21 - 00080896 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsp.dll
2016-11-10 23:12 - 2016-06-14 09:21 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2016-11-10 23:12 - 2016-06-14 09:15 - 00125952 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2016-11-10 23:12 - 2016-06-14 09:15 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2016-11-10 23:12 - 2016-06-14 09:15 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2016-11-10 23:12 - 2016-06-14 09:05 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2016-11-10 23:12 - 2016-06-14 09:05 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2016-11-10 23:12 - 2016-06-14 09:00 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\pcawrk.exe
2016-11-10 23:12 - 2016-06-14 09:00 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\pcalua.exe
2016-11-10 23:09 - 2016-09-12 15:17 - 00077032 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2016-11-10 23:09 - 2016-09-12 15:08 - 01226752 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2016-11-10 23:09 - 2016-09-09 09:54 - 01629184 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2016-11-10 23:09 - 2016-09-09 09:54 - 00586752 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2016-11-10 23:09 - 2016-09-09 09:54 - 00575488 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2016-11-10 23:09 - 2016-09-09 09:54 - 00314368 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2016-11-10 23:09 - 2016-09-09 09:54 - 00273408 _____ (Microsoft Corporation) C:\windows\system32\centel.dll
2016-11-10 23:09 - 2016-09-09 09:54 - 00224256 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2016-11-10 23:09 - 2016-09-09 09:54 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2016-11-10 23:08 - 2016-05-13 16:09 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2016-11-10 23:08 - 2016-05-13 16:09 - 00192512 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2016-11-10 23:08 - 2016-05-13 16:09 - 00098816 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2016-11-10 23:08 - 2016-05-13 16:07 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2016-11-10 23:08 - 2016-05-13 15:55 - 02607104 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2016-11-10 23:08 - 2016-05-13 15:53 - 00709120 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2016-11-10 23:08 - 2016-05-13 15:53 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2016-11-10 23:08 - 2016-05-13 15:52 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2016-11-10 23:08 - 2016-05-13 15:52 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2016-11-10 23:08 - 2016-05-13 15:52 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2016-11-10 23:08 - 2016-05-13 15:52 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2016-11-10 23:08 - 2016-05-13 15:50 - 00174080 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2016-11-10 23:08 - 2016-05-13 15:38 - 00573440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2016-11-10 23:08 - 2016-05-13 15:38 - 00093696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2016-11-10 23:08 - 2016-05-13 15:38 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2016-11-10 23:08 - 2016-05-13 15:38 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2016-11-10 23:08 - 2016-05-12 09:18 - 00090624 _____ (Microsoft Corporation) C:\windows\SysWOW64\olepro32.dll
2016-11-10 23:08 - 2016-05-12 07:05 - 00459640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2016-11-10 23:08 - 2016-05-12 07:05 - 00297984 _____ (Microsoft Corporation) C:\windows\system32\bcryptprimitives.dll
2016-11-10 23:08 - 2016-05-12 07:04 - 00249352 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcryptprimitives.dll
2016-11-10 23:08 - 2016-05-04 11:21 - 00114408 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2016-11-10 23:08 - 2016-05-04 11:17 - 03244032 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2016-11-10 23:08 - 2016-05-04 11:17 - 02365440 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2016-11-10 23:08 - 2016-05-04 11:17 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2016-11-10 23:08 - 2016-05-04 11:17 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2016-11-10 23:08 - 2016-05-04 11:17 - 00025088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msimsg.dll
2016-11-10 23:08 - 2016-05-04 11:17 - 00025088 _____ (Microsoft Corporation) C:\windows\system32\msimsg.dll
2016-11-10 23:08 - 2016-05-04 11:16 - 00070144 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2016-11-10 23:08 - 2016-05-04 09:04 - 00128512 _____ (Microsoft Corporation) C:\windows\system32\msiexec.exe
2016-11-10 23:08 - 2016-05-04 08:55 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msiexec.exe
2016-11-10 23:06 - 2016-08-16 11:36 - 01009152 _____ (Microsoft Corporation) C:\windows\system32\user32.dll
2016-11-10 23:06 - 2016-08-15 20:48 - 00833024 _____ (Microsoft Corporation) C:\windows\SysWOW64\user32.dll
2016-11-10 23:06 - 2016-07-07 09:36 - 01896168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2016-11-10 23:06 - 2016-07-07 09:36 - 00377576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2016-11-10 23:06 - 2016-07-07 09:36 - 00287976 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2016-11-10 23:06 - 2016-07-07 09:08 - 00046080 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpipreg.sys
2016-11-10 23:05 - 2016-08-29 09:31 - 14183424 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2016-11-10 23:05 - 2016-08-29 09:31 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2016-11-10 23:05 - 2016-08-29 09:31 - 01867776 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll
2016-11-10 23:05 - 2016-08-29 09:12 - 12880384 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2016-11-10 23:05 - 2016-08-29 09:12 - 01806848 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2016-11-10 23:05 - 2016-08-29 09:12 - 01499648 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll
2016-11-10 23:05 - 2016-08-29 09:04 - 03229696 _____ (Microsoft Corporation) C:\windows\explorer.exe
2016-11-10 23:05 - 2016-08-29 08:55 - 02972672 _____ (Microsoft Corporation) C:\windows\SysWOW64\explorer.exe
2016-11-10 23:05 - 2016-08-16 14:40 - 00343552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2016-11-10 23:05 - 2016-08-16 14:40 - 00327168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2016-11-10 23:05 - 2016-08-16 14:40 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2016-11-10 23:05 - 2016-08-16 14:40 - 00056320 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2016-11-10 23:05 - 2016-08-16 14:40 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2016-11-10 23:05 - 2016-08-16 14:40 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
2016-11-10 23:05 - 2016-08-16 14:40 - 00007808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2016-11-10 23:05 - 2016-05-11 11:02 - 00483840 _____ (Microsoft Corporation) C:\windows\system32\StructuredQuery.dll
2016-11-10 23:05 - 2016-05-11 11:02 - 00444928 _____ (Microsoft Corporation) C:\windows\system32\winhttp.dll
2016-11-10 23:05 - 2016-05-11 11:02 - 00327168 _____ (Microsoft Corporation) C:\windows\system32\mswsock.dll
2016-11-10 23:05 - 2016-05-11 11:02 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\ws2_32.dll
2016-11-10 23:05 - 2016-05-11 09:19 - 00363520 _____ (Microsoft Corporation) C:\windows\SysWOW64\StructuredQuery.dll
2016-11-10 23:05 - 2016-05-11 09:19 - 00351744 _____ (Microsoft Corporation) C:\windows\SysWOW64\winhttp.dll
2016-11-10 23:05 - 2016-05-11 09:19 - 00231424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mswsock.dll
2016-11-10 23:05 - 2016-05-11 09:19 - 00206336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ws2_32.dll
2016-11-10 23:05 - 2016-05-11 09:11 - 00025088 _____ (Microsoft Corporation) C:\windows\system32\netbtugc.exe
2016-11-10 23:05 - 2016-05-11 09:01 - 00026624 _____ (Microsoft Corporation) C:\windows\SysWOW64\netbtugc.exe
2016-11-10 23:05 - 2016-05-11 08:58 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netbt.sys
2016-11-10 23:04 - 2016-05-18 10:10 - 00312832 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2016-11-10 23:04 - 2016-05-18 10:09 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2016-11-10 22:30 - 2016-07-22 08:58 - 00142336 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe
2016-11-10 22:30 - 2016-07-22 08:51 - 00123904 _____ (Microsoft Corporation) C:\windows\SysWOW64\poqexec.exe
2016-11-10 22:30 - 2016-03-09 13:00 - 00396800 _____ (Microsoft Corporation) C:\windows\system32\webio.dll
2016-11-10 22:30 - 2016-03-09 12:40 - 00316416 _____ (Microsoft Corporation) C:\windows\SysWOW64\webio.dll
2016-11-06 23:01 - 2011-07-19 15:21 - 734355456 _____ C:\Users\Shawn\Downloads\exvid-jackass.3.5.avi
2016-11-06 23:01 - 2011-03-25 23:31 - 739594714 _____ C:\Users\Shawn\Downloads\Jane Austen's Mafia[1998]Eng.Swesub.DvDrip.NeRoZ.avi
2016-11-06 23:00 - 2013-05-12 11:05 - 227244533 _____ C:\Users\Shawn\Downloads\Anger.Management.S02E15.HDTV.x264-2HD.mp4
2016-11-06 23:00 - 2013-05-12 11:04 - 197406308 _____ C:\Users\Shawn\Downloads\Anger.Management.S02E14.HDTV.x264-EVOLVE.mp4
2016-11-06 23:00 - 2013-01-28 23:11 - 63384344 _____ C:\Users\Shawn\Downloads\American.Dad.S08E10.HDTV.x264-LOL.mp4
2016-11-06 23:00 - 2012-12-12 09:49 - 81854536 _____ C:\Users\Shawn\Downloads\American.Dad.S08E06.HDTV.x264-LOL.mp4
2016-11-06 23:00 - 2012-12-03 21:13 - 78329440 _____ C:\Users\Shawn\Downloads\American.Dad.S08E05.HDTV.x264-LOL.mp4
2016-11-06 23:00 - 2012-10-08 18:30 - 66870921 _____ C:\Users\Shawn\Downloads\American.Dad.S08E01.HDTV.x264-LOL.mp4
2016-11-06 23:00 - 2012-10-08 18:28 - 98249532 _____ C:\Users\Shawn\Downloads\American.Dad.S08E02.HDTV.x264-LOL.mp4
2016-11-06 23:00 - 2012-01-25 20:13 - 901257026 _____ C:\Users\Shawn\Downloads\Columbiana(2011)BRrip-720p_Xvid-859MB.avi
2016-11-06 22:59 - 2016-11-06 22:59 - 00000000 ____D C:\Users\Shawn\Downloads\ZZ Top - La Futura (2012)
2016-11-06 22:59 - 2016-11-06 22:59 - 00000000 ____D C:\Users\Shawn\Downloads\Zootopia (2016) 720p BrRip x264 - VPPV
2016-11-06 22:59 - 2016-05-23 01:34 - 841621541 _____ C:\Users\Shawn\Downloads\10.Cloverfield.Lane.2016.720p.HDRip.800MB.MkvCage.mkv
2016-11-06 22:58 - 2016-11-06 22:58 - 00000000 ____D C:\Users\Shawn\Downloads\Zoolander.2.2016.HDRip.XViD-ETRG
2016-11-06 22:58 - 2016-11-06 22:58 - 00000000 ____D C:\Users\Shawn\Downloads\Zero Dark Thirty (2012)
2016-11-06 22:57 - 2016-11-06 22:57 - 00000000 ____D C:\Users\Shawn\Downloads\X.Men.Apocalypse.2016.TC.x264.AAC-ETRG
2016-11-06 22:57 - 2016-11-06 22:57 - 00000000 ____D C:\Users\Shawn\Downloads\Volbeat - Beyond Hell Above Heaven (2010)
2016-11-06 22:56 - 2016-11-06 22:56 - 00000000 ____D C:\Users\Shawn\Downloads\Victor.Frankenstein.2015.HDRip.XViD-ETRG
2016-11-06 22:55 - 2016-11-06 22:56 - 00000000 ____D C:\Users\Shawn\Downloads\Universal Soldier Day of Reckoning (2012) [1080p]
2016-11-06 22:54 - 2016-11-06 22:54 - 00000000 ____D C:\Users\Shawn\Downloads\Underworld Awakening 2012 BRRiP XViD AbSurdiTy
2016-11-06 22:53 - 2013-05-19 15:00 - 1821918619 _____ C:\Users\Shawn\Downloads\The Place Beyond the Pines [2012]H264 DVDRip.mp4[Eng]BlueLady.mp4
2016-11-06 22:53 - 2012-11-08 15:14 - 81068794 _____ C:\Users\Shawn\Downloads\South.Park.S16E14.HDTV.x264-ASAP.mp4
2016-11-06 22:53 - 2012-10-11 19:42 - 86282801 _____ C:\Users\Shawn\Downloads\South.Park.S16E10.PROPER.HDTV.x264-2HD.mp4
2016-11-06 22:53 - 2012-09-29 11:35 - 91604020 _____ C:\Users\Shawn\Downloads\South.Park.S16E08.HDTV.x264-2HD.mp4
2016-11-06 22:52 - 2013-06-05 18:14 - 2646880589 _____ C:\Users\Shawn\Downloads\Snitch [2013]H264 DVDRip.mp4[Eng]BlueLady.mp4
2016-11-06 22:52 - 2011-06-18 09:44 - 734908642 _____ C:\Users\Shawn\Downloads\Robin.Williams.Weapons.Of.Self.Destruction.HDTV.XviD-CHGRP.avi
2016-11-06 22:51 - 2012-11-09 20:34 - 733659136 _____ C:\Users\Shawn\Downloads\Resident.Evil.Apocalypse.DVDRiP.XViD.avi
2016-11-06 22:51 - 2011-08-19 18:19 - 1468095404 _____ C:\Users\Shawn\Downloads\Rise.of.the.Planet.of.the.Apes.2011.TS.XviD-NOVA.avi
2016-11-06 22:50 - 2012-01-22 21:13 - 735442944 _____ C:\Users\Shawn\Downloads\Paranormal.Activity.3.2011.UNRATED.DVDRip.XviD-SPARKS.avi
2016-11-04 23:09 - 2016-11-04 23:09 - 00000000 ____D C:\Users\Shawn\Downloads\backups
2016-11-01 22:42 - 2016-11-01 23:31 - 00224738 _____ C:\windows\ntbtlog.txt
2016-11-01 00:28 - 2016-11-01 00:28 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2016-11-01 00:28 - 2016-11-01 00:28 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-11-01 00:28 - 2016-11-01 00:28 - 00000000 ____D C:\Users\Shawn\Tracing
2016-11-01 00:28 - 2016-11-01 00:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-10-31 03:31 - 2015-07-30 07:13 - 00124624 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2016-10-31 03:31 - 2015-07-30 07:13 - 00103120 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-10-30 15:57 - 2016-03-06 12:53 - 01885696 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2016-10-30 15:57 - 2016-03-06 12:53 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2016-10-30 15:57 - 2016-03-06 12:38 - 01240576 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2016-10-30 15:57 - 2016-03-06 12:38 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2016-10-30 15:56 - 2016-03-17 16:56 - 02084864 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
2016-10-30 15:56 - 2016-03-17 16:28 - 01414144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll
2016-10-30 15:54 - 2015-07-15 12:10 - 01743360 _____ (Microsoft Corporation) C:\windows\system32\sysmain.dll
2016-10-30 15:47 - 2016-01-20 18:51 - 00073664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\disk.sys
2016-10-30 15:47 - 2015-11-19 08:07 - 00994760 _____ (Microsoft Corporation) C:\windows\system32\ucrtbase.dll
2016-10-30 15:47 - 2015-11-19 08:07 - 00063840 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:07 - 00020832 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:07 - 00019808 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:07 - 00017760 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:07 - 00017760 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:07 - 00016224 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:07 - 00015712 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:07 - 00014176 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:07 - 00014176 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-10-30 15:47 - 2015-11-19 08:07 - 00013664 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:07 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:07 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:07 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:07 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:07 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:07 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:07 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-10-30 15:47 - 2015-11-19 08:07 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-10-30 15:47 - 2015-11-19 08:07 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:07 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:07 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:07 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00922432 _____ (Microsoft Corporation) C:\windows\SysWOW64\ucrtbase.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00066400 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00022368 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00019808 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00017760 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00017760 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00016224 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00015712 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00014176 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00014176 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00013664 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-10-30 15:47 - 2015-11-19 08:06 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-10-30 15:47 - 2015-11-03 13:04 - 00802304 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
2016-10-30 15:47 - 2015-11-03 12:56 - 00627712 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll
2016-10-30 15:46 - 2015-07-09 11:58 - 01632256 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
2016-10-30 15:46 - 2015-07-09 11:58 - 00082944 _____ (Microsoft Corporation) C:\windows\system32\dwmapi.dll
2016-10-30 15:46 - 2015-07-09 11:42 - 01372160 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmcore.dll
2016-10-30 15:46 - 2015-07-09 11:42 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmapi.dll
2016-10-30 15:44 - 2015-07-14 21:19 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\basesrv.dll
2016-10-30 15:36 - 2016-11-01 00:28 - 00000000 ____D C:\Users\Shawn\AppData\Local\Skype
2016-10-30 15:36 - 2016-04-09 01:01 - 00986344 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2016-10-30 15:36 - 2016-04-09 01:01 - 00264936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgmms1.sys
2016-10-30 15:36 - 2016-04-09 00:57 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\cdd.dll
2016-10-30 15:36 - 2016-02-05 12:56 - 00020480 _____ (Microsoft Corporation) C:\windows\system32\tbs.dll
2016-10-30 15:36 - 2016-02-05 12:54 - 00109568 _____ (Microsoft Corporation) C:\windows\system32\fveapibase.dll
2016-10-30 15:36 - 2016-02-05 11:33 - 00015360 _____ (Microsoft Corporation) C:\windows\SysWOW64\tbs.dll
2016-10-30 15:36 - 2015-06-03 14:21 - 00451080 _____ (Microsoft Corporation) C:\windows\system32\fveapi.dll
2016-10-30 15:35 - 2016-11-01 00:29 - 00000000 ____D C:\Users\Shawn\AppData\Roaming\Skype
2016-10-30 15:34 - 2016-11-01 00:28 - 00000000 ____D C:\ProgramData\Skype
2016-10-30 15:34 - 2016-01-11 13:11 - 01684416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2016-10-30 15:22 - 2012-08-23 07:41 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2016-10-30 15:22 - 2012-08-23 07:40 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2016-10-30 15:21 - 2012-08-23 08:10 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpvideominiport.sys
2016-10-30 15:21 - 2012-08-23 08:07 - 00057856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2016-10-30 15:21 - 2012-08-23 07:47 - 00046592 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsRdpWebAccess.dll
2016-10-30 15:21 - 2012-08-23 07:46 - 00016896 _____ (Microsoft Corporation) C:\windows\SysWOW64\wksprtPS.dll
2016-10-30 15:21 - 2012-08-23 07:20 - 00054272 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2016-10-30 15:21 - 2012-08-23 07:17 - 00018432 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2016-10-30 15:21 - 2012-08-23 07:06 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2016-10-30 15:21 - 2012-08-23 05:14 - 00384000 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2016-10-30 15:21 - 2012-08-23 05:12 - 00192000 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdpendp_winip.dll
2016-10-30 15:21 - 2012-08-23 04:51 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\rdpendp_winip.dll
2016-10-30 14:31 - 2015-08-05 11:56 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\icaapi.dll
2016-10-30 14:31 - 2015-08-05 11:06 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2016-10-30 14:28 - 2015-12-16 12:55 - 00069120 _____ (Microsoft Corporation) C:\windows\system32\nlsbres.dll
2016-10-30 14:28 - 2015-12-16 12:53 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\kbdgeoqw.dll
2016-10-30 14:28 - 2015-12-16 12:53 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDAZEL.DLL
2016-10-30 14:28 - 2015-12-16 12:53 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDAZE.DLL
2016-10-30 14:28 - 2015-12-16 12:48 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDAZE.DLL
2016-10-30 14:28 - 2015-12-16 12:48 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\kbdgeoqw.dll
2016-10-30 14:28 - 2015-12-16 12:48 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDAZEL.DLL
2016-10-30 14:28 - 2015-12-16 12:47 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlsbres.dll
2016-10-30 14:28 - 2015-12-16 08:35 - 00419640 _____ C:\windows\SysWOW64\locale.nls
2016-10-30 14:28 - 2015-12-16 08:35 - 00419640 _____ C:\windows\system32\locale.nls
2016-10-30 02:39 - 2016-10-30 02:39 - 00000000 ____D C:\windows\pss
2016-10-30 02:28 - 2016-10-30 02:28 - 00281632 _____ C:\Users\Shawn\Documents\cc_20161030_022802.reg
2016-10-30 02:21 - 2016-10-30 02:47 - 00002792 _____ C:\windows\System32\Tasks\CCleanerSkipUAC
2016-10-30 02:21 - 2016-10-30 02:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-10-30 02:21 - 2016-10-30 02:21 - 00000000 ____D C:\Program Files\CCleaner
2016-10-30 02:17 - 2016-10-30 02:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
2016-10-30 02:17 - 2016-10-30 02:17 - 00000000 ____D C:\Program Files\Defraggler
2016-10-30 02:16 - 2016-10-30 02:16 - 00000000 ____D C:\Users\Shawn\AppData\Local\CEF
2016-10-30 02:15 - 2016-10-30 02:15 - 00000000 ____D C:\Users\Shawn\AppData\Roaming\AVAST Software
2016-10-30 02:14 - 2016-11-01 23:41 - 00004180 _____ C:\windows\System32\Tasks\avast! Emergency Update
2016-10-30 02:14 - 2016-10-30 02:14 - 00000000 ____D C:\windows\System32\Tasks\AVAST Software
2016-10-30 02:14 - 2016-10-30 02:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-10-30 02:13 - 2016-10-30 02:14 - 00969184 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys
2016-10-30 02:13 - 2016-10-30 02:14 - 00513632 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2016-10-30 02:13 - 2016-10-30 02:14 - 00293352 _____ (AVAST Software) C:\windows\system32\Drivers\aswvmm.sys
2016-10-30 02:13 - 2016-10-30 02:12 - 00391496 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2016-10-30 02:13 - 2016-10-30 02:12 - 00163416 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2016-10-30 02:13 - 2016-10-30 02:12 - 00108816 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2016-10-30 02:13 - 2016-10-30 02:12 - 00103064 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2016-10-30 02:13 - 2016-10-30 02:12 - 00074544 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2016-10-30 02:13 - 2016-10-30 02:12 - 00037656 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2016-10-30 02:12 - 2016-10-30 02:12 - 00053208 _____ (AVAST Software) C:\windows\avastSS.scr
2016-10-30 02:12 - 2016-10-30 02:12 - 00000920 _____ C:\ProgramData\Microsoft\Windows\Start Menu\µTorrent.lnk
2016-10-30 02:12 - 2016-10-30 02:12 - 00000914 _____ C:\Users\Public\Desktop\µTorrent.lnk
2016-10-30 02:12 - 2016-10-30 02:12 - 00000000 ____D C:\Program Files (x86)\uTorrent
2016-10-30 02:11 - 2016-10-30 02:11 - 00000000 ____D C:\Program Files\AVAST Software
2016-10-30 02:10 - 2016-10-30 02:10 - 00000898 _____ C:\Users\Shawn\Desktop\Downloads.lnk
2016-10-30 02:09 - 2016-10-30 02:09 - 00000000 ____D C:\ProgramData\AVAST Software
2016-10-30 02:07 - 2016-10-30 02:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-10-30 01:44 - 2016-10-30 01:44 - 00000000 ____D C:\SUPERDelete
2016-10-30 01:41 - 2016-03-04 10:26 - 00032400 _____ (ThreatTrack Security) C:\windows\system32\Drivers\gfiutil.sys
2016-10-30 01:28 - 2016-11-14 22:01 - 00002166 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-30 01:28 - 2016-11-14 22:01 - 00002154 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-10-30 01:15 - 2016-10-30 01:15 - 00536976 _____ (ThreatTrack Security, Inc.) C:\windows\SysWOW64\sbap.dll
2016-10-30 01:15 - 2016-10-30 01:15 - 00088928 _____ (ThreatTrack Security, Inc.) C:\windows\system32\Drivers\sbapifs.sys
2016-10-30 01:14 - 2016-10-30 01:41 - 00000000 ____D C:\ProgramData\AntiMalwareProData
2016-10-30 00:39 - 2016-11-01 22:44 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-10-30 00:38 - 2016-10-30 00:38 - 00001073 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-10-30 00:38 - 2016-10-30 00:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-10-30 00:38 - 2016-10-30 00:38 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-10-30 00:38 - 2016-10-30 00:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-10-30 00:38 - 2016-03-10 13:09 - 00064896 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2016-10-30 00:38 - 2016-03-10 13:08 - 00140672 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2016-10-30 00:38 - 2016-03-10 13:08 - 00027008 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2016-10-29 23:40 - 2016-10-30 02:14 - 00000000 ____D C:\Program Files\Common Files\AV
2016-10-29 23:25 - 2016-11-17 15:41 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-10-29 23:25 - 2016-11-17 15:39 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-17 15:41 - 2010-09-02 17:23 - 00000000 ____D C:\Users\Shawn\AppData\Local\CrashDumps
2016-11-17 15:41 - 2009-07-13 23:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-11-17 15:39 - 2014-06-04 23:46 - 00009072 _____ C:\windows\wininit.ini
2016-11-17 12:01 - 2009-07-13 23:13 - 00793654 _____ C:\windows\system32\PerfStringBackup.INI
2016-11-17 12:01 - 2009-07-13 21:20 - 00000000 ____D C:\windows\inf
2016-11-16 22:44 - 2009-07-13 22:45 - 00016304 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-16 22:44 - 2009-07-13 22:45 - 00016304 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-16 22:34 - 2010-10-12 13:14 - 00000000 ___SD C:\Users\Shawn\AppData\LocalLow\Temp
2016-11-12 04:41 - 2009-07-13 21:20 - 00000000 ____D C:\windows\rescache
2016-11-12 03:47 - 2009-07-13 22:45 - 00338960 _____ C:\windows\system32\FNTCACHE.DAT
2016-11-12 03:23 - 2013-09-02 08:17 - 00000000 ____D C:\windows\system32\MRT
2016-11-12 03:16 - 2010-08-31 20:21 - 141011376 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-11-11 23:09 - 2009-07-13 22:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-11-11 03:49 - 2013-03-14 06:41 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-11-11 03:49 - 2010-05-29 20:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-11-11 03:45 - 2015-02-10 22:04 - 00000000 ____D C:\windows\system32\appraiser
2016-11-11 03:45 - 2014-05-14 23:38 - 00000000 ___SD C:\windows\system32\CompatTel
2016-11-11 03:45 - 2009-07-13 21:20 - 00000000 ____D C:\windows\SysWOW64\Dism
2016-11-11 03:45 - 2009-07-13 21:20 - 00000000 ____D C:\windows\system32\Dism
2016-11-11 03:06 - 2013-03-20 13:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-11-04 22:31 - 2010-08-31 20:34 - 00000000 ____D C:\Users\Shawn\AppData\Local\Google
2016-11-01 23:41 - 2013-03-06 13:54 - 00000000 ____D C:\Users\Shawn\AppData\Local\ElevatedDiagnostics
2016-11-01 23:41 - 2009-07-13 21:20 - 00000000 ____D C:\windows\system32\NDF
2016-11-01 10:44 - 2011-07-05 22:18 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-11-01 00:28 - 2010-08-31 18:49 - 00000000 ____D C:\Users\Shawn
2016-10-31 04:01 - 2010-09-01 02:29 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-31 04:01 - 2010-09-01 02:29 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-31 03:56 - 2009-07-13 21:20 - 00000000 ____D C:\windows\PolicyDefinitions
2016-10-30 18:20 - 2012-06-03 09:16 - 00000000 ____D C:\Users\Shawn\AppData\LocalLow\Bcool
2016-10-30 14:56 - 2014-04-23 15:34 - 00777964 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2016-10-30 02:47 - 2010-09-01 02:29 - 00003906 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-10-30 02:47 - 2010-09-01 02:29 - 00003654 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-10-30 02:30 - 2010-05-29 20:49 - 00000000 ____D C:\Program Files (x86)\Windows Live
2016-10-30 02:27 - 2012-11-27 21:59 - 00000000 ____D C:\windows\Minidump
2016-10-30 02:27 - 2010-09-04 02:33 - 00000000 ____D C:\Users\Shawn\AppData\Roaming\uTorrent
2016-10-30 02:27 - 2010-03-23 00:43 - 00000000 ____D C:\windows\Panther
2016-10-30 02:07 - 2010-09-05 00:51 - 00000000 ____D C:\Users\Shawn\AppData\Roaming\vlc
2016-10-30 01:56 - 2012-05-18 01:55 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2016-10-30 01:56 - 2010-05-29 20:53 - 00000000 ____D C:\ProgramData\WildTangent
2016-10-30 01:56 - 2010-05-29 20:53 - 00000000 ____D C:\Program Files (x86)\TOSHIBA Games
2016-10-30 01:56 - 2009-07-13 23:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-10-30 01:54 - 2010-09-05 00:49 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2016-10-30 01:53 - 2010-09-05 00:49 - 00000000 ____D C:\ProgramData\Yahoo!
2016-10-30 01:44 - 2013-03-10 11:38 - 00000000 ____D C:\Users\Shawn\AppData\Roaming\Uniblue
2016-10-30 01:36 - 2010-05-29 20:52 - 00000000 ____D C:\Program Files\Google
2016-10-30 01:36 - 2010-05-29 20:52 - 00000000 ____D C:\Program Files (x86)\Google
2016-10-30 01:14 - 2010-05-29 20:52 - 00000000 ____D C:\ProgramData\Google
2016-10-30 01:04 - 2009-07-13 21:20 - 00000000 ____D C:\windows\system
2016-10-30 01:02 - 2012-03-19 15:06 - 00000000 ____D C:\ProgramData\InstallMate
2016-10-30 01:02 - 2010-09-25 19:57 - 00000000 ____D C:\Program Files (x86)\Zynga
2016-10-30 00:34 - 2013-03-10 11:48 - 00000000 ____D C:\Users\Shawn\AppData\Roaming\player
2016-10-29 23:21 - 2016-06-19 18:49 - 00000000 ____D C:\Users\Shawn\Downloads\The Conjuring 2 2016 HD-TS x264 AC3-CPG
2016-10-29 23:21 - 2016-02-19 09:09 - 00000000 ____D C:\Users\Shawn\Downloads\Its.Always.Sunny.in.Philadelphia.S11E07.HDTV.x264-KILLERS[rarbg]
2016-10-29 23:21 - 2016-02-19 09:09 - 00000000 ____D C:\Users\Shawn\Downloads\Its.Always.Sunny.in.Philadelphia.S11E06.HDTV.x264-FUM[ettv]
2016-10-29 23:21 - 2015-03-24 19:30 - 00000000 ____D C:\Users\Shawn\Downloads\American.Dad.S11E11.HDTV.x264-KILLERS[ettv]
2016-10-29 23:21 - 2015-03-23 13:22 - 00000000 ____D C:\Users\Shawn\Downloads\The.Walking.Dead.S05E15.PROPER.HDTV.x264-BATV[ettv]
2016-10-29 23:21 - 2015-03-11 17:39 - 00000000 ____D C:\Users\Shawn\Downloads\Exodus Gods and Kings (2014)
2016-10-29 23:21 - 2015-03-09 20:31 - 00000000 ____D C:\Users\Shawn\Downloads\The Hobbit The Battle of the Five Armies (2014) [1080p]
2016-10-29 23:21 - 2015-02-19 15:33 - 00000000 ____D C:\Users\Shawn\Downloads\The.Hunger.Games.Mockingjay.Part.1.2014.HDRip.XviD-EVO
2016-10-29 23:21 - 2015-02-19 15:29 - 00000000 ____D C:\Users\Shawn\Downloads\Saturday.Night.Live.40th.Anniversary.Special.HDTV.x264-KILLERS[ettv]
 
==================== Files in the root of some directories =======
 
2012-02-16 23:43 - 2012-02-16 23:43 - 0002634 _____ () C:\Users\Shawn\AppData\Roaming\result.db
2011-10-20 20:05 - 2011-10-20 20:05 - 0017408 _____ () C:\Users\Shawn\AppData\Local\WebpageIcons.db
2011-12-24 11:01 - 2011-12-24 11:01 - 0000000 _____ () C:\Users\Shawn\AppData\Local\{DF21128F-8731-4CC6-AED3-EB639974834F}
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-11-14 17:18
 
==================== End of FRST.txt ============================


#11 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:05:22 AM

Posted 17 November 2016 - 06:30 PM

Hi decon21

Thanks for that.
I'm in the process of writing a fix to clean up the leftovers..... but it seems you forgot to post the new Addition.txt from FRST.
On hindsight this may have been down to my omission..... I didn't specifically ask for it.
Sorry about that.
Once I have that I can continue with the fix.

It should be on your Desktop.

Thanks.

Edited by Starbuck, 17 November 2016 - 06:53 PM.

BBPP6nz.png


#12 decon21

decon21
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 17 November 2016 - 07:22 PM

oh my. sorry about that
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-11-2016
Ran by Shawn (17-11-2016 15:46:08)
Running from C:\Users\Shawn\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2010-09-01 00:49:00)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3966840398-377389863-2040579310-500 - Administrator - Disabled)
Guest (S-1-5-21-3966840398-377389863-2040579310-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3966840398-377389863-2040579310-1002 - Limited - Enabled)
Mcx1-SHAWN-PC (S-1-5-21-3966840398-377389863-2040579310-1003 - Limited - Enabled) => C:\Users\Mcx1-SHAWN-PC
Shawn (S-1-5-21-3966840398-377389863-2040579310-1001 - Administrator - Enabled) => C:\Users\Shawn
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.0.1.152 - Adobe Systems Incorporated)
Adobe Reader 9.4.6 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A94000000001}) (Version: 9.4.6 - Adobe Systems Incorporated)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.27 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.23 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.111.0.64 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
iLivid (x32 Version: 1.92.0.118480 - Bandoo Media Inc.) Hidden <==== ATTENTION
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java™ 6 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.11 - TOSHIBA CORPORATION)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.07.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{607BE7BF-7C28-4ADB-A4A0-385962B901C3}) (Version: 8.0.28 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}) (Version: 2.00.06 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.3.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.4.9 - TOSHIBA CORPORATION)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM-x32\...\{073B89C3-BA88-41B5-965F-B35A88EAE838}) (Version: 2.00.03 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.3.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.15 - TOSHIBA Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1E924F5C-C0E7-4753-A17B-21863A69BE4D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {21F4C0E6-5677-4201-AEFE-FD6A00C08B63} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-SHAWN-PC => C:\windows\ehome\McxTask.exe [2009-07-13] (Microsoft Corporation)
Task: {2A07900F-B990-4610-88CC-E4F2FF6A0E47} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-02-22] (TOSHIBA CORPORATION)
Task: {4A240997-677C-4B42-9EC3-2C800B8C89B9} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-10-30] (AVAST Software)
Task: {68743DCF-CE53-4D5A-B809-1E090BBE24E6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {C61EDE7F-F2ED-4C2A-AE1E-097AB24A3222} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-10-30] (AVAST Software)
Task: {E058B934-F002-453A-A46C-7E033D9F590D} - System32\Tasks\Microsoft\Windows\PLA\System\{F25B30F0-C1DE-479A-AB4D-140F6257E37F}_System Diagnostics => Rundll32.exe C:\windows\system32\pla.dll,PlaHost "system\System Diagnostics" "$(Arg0)"
Task: {EBA97576-2485-44E9-BA9C-FF6CDBB9A0B4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-09-28] (Piriform Ltd)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2010-03-03 15:15 - 2010-03-03 15:15 - 08762680 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-11-03 14:26 - 2009-11-03 14:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-03 15:15 - 2010-03-03 15:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 15:15 - 2010-03-03 15:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2010-03-23 00:12 - 2009-06-22 16:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
2009-03-12 20:08 - 2009-03-12 20:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 18:38 - 2009-07-25 18:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2016-10-30 02:12 - 2016-10-30 02:12 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-11-17 11:59 - 2016-11-17 11:59 - 03129808 _____ () C:\Program Files\AVAST Software\Avast\defs\16111700\algo.dll
2016-10-30 02:12 - 2016-10-30 02:12 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-10-30 02:12 - 2016-10-30 02:12 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Shawn\Documents\Robin Williams - Live On Broadway.avi:TOC.WMV [130]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2016-11-16 22:34 - 00000035 ____A C:\windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3966840398-377389863-2040579310-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Shawn\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 172.16.1.254 - 142.165.21.5
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: MOBKbackup => 2
MSCONFIG\startupfolder: C:^Users^Shawn^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: SmartFaceVWatcher => %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
MSCONFIG\startupreg: Spybot-S&D Cleaning => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{F42F65F2-9F3B-47DD-BE52-36A1E8C44A79}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{23459075-287B-46B9-A45E-AD3A2719D35C}] => (Allow) svchost.exe
FirewallRules: [{980577AD-F082-4114-95A6-C16E284423BB}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6AB469E5-F05D-4B8C-B32E-A41491F4B93F}] => (Allow) LPort=2869
FirewallRules: [{78AE064E-AC73-4460-B9C3-3BD95DF1EDCB}] => (Allow) LPort=1900
FirewallRules: [{FE90D8ED-025F-4ACC-B096-DA9C05737D2C}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{EEAC36B5-E98D-4A7B-9F67-BF13CB55FEF1}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{CBBE2EFC-E537-4161-8B0D-CF9154DC46C7}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{3E568DC9-586E-4CBA-930D-ECF74DF2127A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
11-11-2016 03:01:14 Windows Update
12-11-2016 03:00:38 Windows Update
13-11-2016 03:00:14 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/17/2016 03:41:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Dwm.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc541
Faulting module name: d3d11.dll, version: 6.2.9200.16570, time stamp: 0x5153b56b
Exception code: 0xc0000005
Fault offset: 0x000000000001e354
Faulting process id: 0x8b8
Faulting application start time: 0x01d2411b5fb207ae
Faulting application path: C:\windows\system32\Dwm.exe
Faulting module path: C:\windows\system32\d3d11.dll
Report Id: 9f60bbca-ad0e-11e6-9a44-00266c4fa490
 
Error: (11/16/2016 10:38:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.18525, time stamp: 0x58122f46
Faulting module name: mshtml.dll, version: 11.0.9600.18525, time stamp: 0x5812433c
Exception code: 0x80000003
Fault offset: 0x0000000001063702
Faulting process id: 0x10cc
Faulting application start time: 0x01d2408c4758f148
Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe
Faulting module path: C:\Windows\System32\mshtml.dll
Report Id: 9ecaee22-ac7f-11e6-a6bb-00266c4fa490
 
Error: (11/16/2016 10:36:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Dwm.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc541
Faulting module name: d3d11.dll, version: 6.2.9200.16570, time stamp: 0x5153b56b
Exception code: 0xc0000005
Fault offset: 0x000000000001e354
Faulting process id: 0x864
Faulting application start time: 0x01d2408c1c057e09
Faulting application path: C:\windows\system32\Dwm.exe
Faulting module path: C:\windows\system32\d3d11.dll
Report Id: 677e8300-ac7f-11e6-a6bb-00266c4fa490
 
Error: (11/16/2016 03:46:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_GeneralTel.dll, version: 6.1.7600.16385, time stamp: 0x4a5bc9e0
Faulting module name: D3D11.dll, version: 6.2.9200.16570, time stamp: 0x5153b56b
Exception code: 0xc0000005
Fault offset: 0x000000000001e354
Faulting process id: 0x1028
Faulting application start time: 0x01d23fee4624131e
Faulting application path: C:\windows\system32\rundll32.exe
Faulting module path: C:\windows\system32\D3D11.dll
Report Id: 87b19fe1-abe1-11e6-8fa8-00266c4fa490
 
Error: (11/15/2016 03:13:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_GeneralTel.dll, version: 6.1.7600.16385, time stamp: 0x4a5bc9e0
Faulting module name: D3D11.dll, version: 6.2.9200.16570, time stamp: 0x5153b56b
Exception code: 0xc0000005
Fault offset: 0x000000000001e354
Faulting process id: 0xd54
Faulting application start time: 0x01d23f208a49cbd4
Faulting application path: C:\windows\system32\rundll32.exe
Faulting module path: C:\windows\system32\D3D11.dll
Report Id: cc6c47c5-ab13-11e6-8fa8-00266c4fa490
 
Error: (11/14/2016 09:44:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Dwm.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc541
Faulting module name: d3d11.dll, version: 6.2.9200.16570, time stamp: 0x5153b56b
Exception code: 0xc0000005
Fault offset: 0x000000000001e354
Faulting process id: 0x80c
Faulting application start time: 0x01d23ef284bedc4b
Faulting application path: C:\windows\system32\Dwm.exe
Faulting module path: C:\windows\system32\d3d11.dll
Report Id: c36edd29-aae5-11e6-8fa8-00266c4fa490
 
Error: (11/14/2016 04:41:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_GeneralTel.dll, version: 6.1.7600.16385, time stamp: 0x4a5bc9e0
Faulting module name: D3D11.dll, version: 6.2.9200.16570, time stamp: 0x5153b56b
Exception code: 0xc0000005
Fault offset: 0x000000000001e354
Faulting process id: 0x15b0
Faulting application start time: 0x01d23ec845ceeca1
Faulting application path: C:\windows\system32\rundll32.exe
Faulting module path: C:\windows\system32\D3D11.dll
Report Id: 8b595876-aabb-11e6-9e20-00266c4fa490
 
Error: (11/14/2016 04:36:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Dwm.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc541
Faulting module name: d3d11.dll, version: 6.2.9200.16570, time stamp: 0x5153b56b
Exception code: 0xc0000005
Fault offset: 0x000000000001e354
Faulting process id: 0xdd0
Faulting application start time: 0x01d23ec7829c32a9
Faulting application path: C:\windows\system32\Dwm.exe
Faulting module path: C:\windows\system32\d3d11.dll
Report Id: c30954db-aaba-11e6-9e20-00266c4fa490
 
Error: (11/13/2016 04:32:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_GeneralTel.dll, version: 6.1.7600.16385, time stamp: 0x4a5bc9e0
Faulting module name: D3D11.dll, version: 6.2.9200.16570, time stamp: 0x5153b56b
Exception code: 0xc0000005
Fault offset: 0x000000000001e354
Faulting process id: 0x10f0
Faulting application start time: 0x01d23d992662bef3
Faulting application path: C:\windows\system32\rundll32.exe
Faulting module path: C:\windows\system32\D3D11.dll
Report Id: 6af3d302-a98c-11e6-94df-00266c4fa490
 
Error: (11/12/2016 01:49:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Dwm.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc541
Faulting module name: d3d11.dll, version: 6.2.9200.16570, time stamp: 0x5153b56b
Exception code: 0xc0000005
Fault offset: 0x000000000001e354
Faulting process id: 0xaac
Faulting application start time: 0x01d23d1dcff3637e
Faulting application path: C:\windows\system32\Dwm.exe
Faulting module path: C:\windows\system32\d3d11.dll
Report Id: 1067a9d0-a911-11e6-94df-00266c4fa490
 
 
System errors:
=============
Error: (11/16/2016 10:36:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (11/16/2016 10:36:23 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
 
Error: (11/14/2016 04:37:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Network Agent service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (11/14/2016 04:37:21 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Network Agent service to connect.
 
Error: (11/14/2016 04:37:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee VirusScan Announcer service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (11/14/2016 04:37:21 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee VirusScan Announcer service to connect.
 
Error: (11/14/2016 04:37:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Services service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (11/14/2016 04:37:21 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Services service to connect.
 
Error: (11/14/2016 04:35:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Anti-Spam Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (11/14/2016 04:35:17 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Anti-Spam Service service to connect.
 
 
CodeIntegrity:
===================================
  Date: 2014-06-20 02:50:40.380
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-20 02:50:40.375
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-20 02:50:11.069
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2010-10-12 16:21:17.336
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ks.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2010-10-12 16:21:17.336
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ks.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2010-10-12 16:21:13.686
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ks.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2010-10-12 16:21:13.670
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ks.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2010-10-12 16:21:10.067
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ks.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2010-10-12 16:21:10.051
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ks.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU T4500 @ 2.30GHz
Percentage of memory in use: 36%
Total physical RAM: 3963.97 MB
Available physical RAM: 2526.43 MB
Total Virtual: 7926.12 MB
Available Virtual: 6451.86 MB
 
==================== Drives ================================
 
Drive c: (S3A8944D003) (Fixed) (Total:267.93 GB) (Free:11.6 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 54882370)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=267.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=18.1 GB) - (Type=17)
Partition 4: (Not Active) - (Size=10.6 GB) - (Type=17)
 
==================== End of Addition.txt ============================


#13 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:05:22 AM

Posted 18 November 2016 - 03:30 AM

Hi decon21

Thanks for the Addition.txt

Step 1
Please download the attached fixlist.txt file (bottom of this post) and save it to the Desktop.
NOTE.
It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.

frstfix_zps7db0c905.png

The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply.


Step 2
This may well be the cause of your IE problem:

Error: (11/16/2016 10:38:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.18525, time stamp: 0x58122f46
Faulting module name: mshtml.dll, version: 11.0.9600.18525, time stamp: 0x5812433c
Exception code: 0x80000003
Fault offset: 0x0000000001063702
Faulting process id: 0x10cc
Faulting application start time: 0x01d2408c4758f148
Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe
Faulting module path: C:\Windows\System32\mshtml.dll
Report Id: 9ecaee22-ac7f-11e6-a6bb-00266c4fa490

Let's try the easy way to fix this first....

It may be best to uninstall IE and download a fresh copy.

When you uninstall Internet Explorer 11 from your system..... The system will restore the previous version of Internet Explorer that was installed.
This can be IE8,9 or 10 depending on whether the browser has been upgraded in the past.
Which ever it is, you will still have a working copy of IE.
  • Click on the start menu and select Control Panel from the menu that opens up.
  • Select Uninstall a program under Programs.
  • Internet Explorer 11 is not listed in the installed programs listing.
    It is listed as an update, so select View installed updates from the left sidebar.
  • The browser is listed in the Microsoft Windows group.
  • Right click on Internet Explorer 11 and select Uninstall.
uninstall-internet-explorer11_zpsujqzuwc

This removes Internet Explorer 11 from the Windows 7 system and replaces it with the version of the browser that was installed before it.
You can then keep using that browser, or update back to IE11 from this link: Internet Explorer 11 for Windows 7
I would recommend updating back to IE 11.


In your next reply, please submit:
New fixlog.txt
and let me know if reinstalling IE has made any difference.


Thanks.

Attached Files


BBPP6nz.png


#14 decon21

decon21
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 19 November 2016 - 12:36 AM

thanks so much for all your help. all seems right now!
 

Fix result of Farbar Recovery Scan Tool (x64) Version: 16-11-2016
Ran by Shawn (18-11-2016 22:00:07) Run:2
Running from C:\Users\Shawn\Desktop
Loaded Profiles: Shawn (Available Profiles: Shawn & Mcx1-SHAWN-PC)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
HKU\S-1-5-18\...\RunOnce: [{91120000-002F-0000-0000-0000000FF1CE}] => C:\windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18\...\RunOnce: [{90120000-006E-0409-0000-0000000FF1CE}] => C:\windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
BootExecute: autocheck autochk * sdnclean64.exe
URLSearchHook: HKU\S-1-5-21-3966840398-377389863-2040579310-1001 - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => not found
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll [No File]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Shawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2016-10-30]
S3 gfiutil; C:\windows\System32\drivers\gfiutil.sys [32400 2016-03-04] (ThreatTrack Security)
R2 sbapifs; C:\windows\System32\DRIVERS\sbapifs.sys [88928 2016-10-30] (ThreatTrack Security, Inc.)
MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Spybot-S&D Cleaning => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
EmptyTemp:
*****************
 
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\{91120000-002F-0000-0000-0000000FF1CE} => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\{90120000-006E-0409-0000-0000000FF1CE} => value removed successfully
hklm\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully
HKU\S-1-5-21-3966840398-377389863-2040579310-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} => value removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}" => key removed successfully
HKCR\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}" => key removed successfully
HKCR\Wow6432Node\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} => key not found. 
"HKCR\PROTOCOLS\Handler\dssrequest" => key removed successfully
HKCR\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => key not found. 
"HKCR\PROTOCOLS\Handler\sacore" => key removed successfully
HKCR\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => key not found. 
"HKCR\PROTOCOLS\Filter\application/x-mfe-ipt" => key removed successfully
HKCR\CLSID\{3EF5086B-5478-4598-A054-786C45D75692} => key not found. 
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92} => value removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@oberon-media.com/ONCAdapter" => key removed successfully
C:\Users\Shawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho => moved successfully
gfiutil => service removed successfully
sbapifs => Service stopped successfully.
sbapifs => service removed successfully
"HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mcui_exe" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SDTray" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spybot-S&D Cleaning" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpybotPostWindows10UpgradeReInstall" => key removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 4193095 B
Java, Flash, Steam htmlcache => 456 B
Windows/system/drivers => 40 B
Edge => 0 B
Chrome => 50569096 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
Shawn => 6635426 B
Mcx1-SHAWN-PC => 0 B
 
RecycleBin => 0 B
EmptyTemp: => 66.6 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 22:00:17 ====


#15 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:05:22 AM

Posted 19 November 2016 - 07:49 AM

Hi decon21

I'd just like to double check everything now.

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
Thanks

BBPP6nz.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users