Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FF Not Loading or Slow to Load Some Websites


  • This topic is locked This topic is locked
24 replies to this topic

#1 bob3165

bob3165

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:55 AM

Posted 15 November 2016 - 12:05 PM

When I had to download the farbar recovery scan tool from your website, it would not load. I clicked the end of the address in the address bar and hit enter to get to website. This doesn't always work though. Buddy215 recommended I post here and attach these logs.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2016
Ran by Robert (administrator) on ROBERT-PC (15-11-2016 11:51:58)
Running from C:\Users\Robert\Downloads
Loaded Profiles: Robert (Available Profiles: Robert)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxServer64.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.5\bin\pg_ctl.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Synaptics Incorporated) C:\Windows\System32\valWbioSyncSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Ericsson AB) C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.5\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.5\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.5\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.5\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.5\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.5\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.5\bin\postgres.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
() C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynFP\Shared\SensorDBSynch.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tposd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(WordWeb Software) C:\Program Files (x86)\WordWeb\wweb32.exe
(Lenovo) C:\Users\Robert\AppData\Local\Apps\2.0\HD7DE6YX.02Y\NYOTL02N.LR4\lsb...tion_91a10ba61c75c82d_0001.0005_a24d0d716055ed94\LSB.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1608.2213.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.251.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
(Google) C:\Users\Robert\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.350_none_43278ee965418581\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [935104 2014-11-25] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM\...\Run: [RtsCM] => C:\WINDOWS\RTSCM64.EXE [140872 2013-03-21] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Enhanced Performance Keyboard] => C:\Program Files\Lenovo\USB Enhanced Performance Keyboard\SKDaemon.exe [4013056 2014-08-17] (LITE-ON TECHNOLOGY CORP.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [464608 2014-09-08] ()
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-06] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-26] (Apple Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-21] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [134616 2013-05-14] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-07-05] (Apple Inc.)
HKLM-x32\...\Run: [WordWeb] => C:\Program Files (x86)\WordWeb\wweb32.exe [81120 2016-02-12] (WordWeb Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-1060743938-440540994-1790496421-1000\...\Run: [EEDSpeedLauncher] => rundll32.exe C:\WINDOWS\system32\eed_ec.dll,SpeedLauncher
HKU\S-1-5-21-1060743938-440540994-1790496421-1000\...\Run: [Google Update] => C:\Users\Robert\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-11-15] (Google Inc.)
HKU\S-1-5-21-1060743938-440540994-1790496421-1000\...\RunOnce: [Uninstall C:\Users\Robert\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Robert\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Network PC Fax.lnk [2016-05-22]
ShortcutTarget: Samsung Network PC Fax.lnk -> C:\Windows\System32\spool\drivers\x64\3\NetFaxTray64.exe (Samsung Electronics Co., Ltd.)
Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2016-07-07]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-08-14]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c2fed0e2-15af-4584-99b5-cc738493fc6f}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{c2fed0e2-15af-4584-99b5-cc738493fc6f}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-10-21] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-10-22] (Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-10-21] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-22] (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2016-07-30] (IvoSoft)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-10-21] (Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-22] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2016-06-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-10-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-22] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-21] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-21] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-21] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-21] (Microsoft Corporation)

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-1060743938-440540994-1790496421-1000 -> hxxps://google.com/

FireFox:
========
FF DefaultProfile: 3t95sp79.gtestprofile
FF ProfilePath: C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\dfb8lkl0.default [2016-11-13]
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\dfb8lkl0.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\dfb8lkl0.default -> hxxps://www.google.com
FF Extension: (Forecastfox (fix version)) - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\dfb8lkl0.default\Extensions\forecastfox@s3_fix_version.xpi [2016-02-23]
FF Extension: (Gmail™ Notifier (restartless)) - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\dfb8lkl0.default\Extensions\jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack.xpi [2016-02-20]
FF Extension: (YouTube™ AdBlock) - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\dfb8lkl0.default\Extensions\jid1-w4wG5nJhx4LJZr@jetpack.xpi [2015-12-28]
FF Extension: (Send to Kindle for Mozilla Firefox) - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\dfb8lkl0.default\Extensions\sendtokindle@amazon.com.xpi [2015-11-06]
FF Extension: (FEBE) - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\dfb8lkl0.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2016-02-20]
FF Extension: (New Tab Homepage) - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\dfb8lkl0.default\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2016-02-12]
FF Extension: (ReminderFox) - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\dfb8lkl0.default\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2016-01-03]
FF Extension: (Adblock Plus) - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\dfb8lkl0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-24]
FF ProfilePath: C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\3t95sp79.gtestprofile [2016-11-15]
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\3t95sp79.gtestprofile -> Google
FF Homepage: Mozilla\Firefox\Profiles\3t95sp79.gtestprofile -> hxxps://google.com
FF NetworkProxy: Mozilla\Firefox\Profiles\3t95sp79.gtestprofile -> backup.ftp", "127.0.0.1"
FF NetworkProxy: Mozilla\Firefox\Profiles\3t95sp79.gtestprofile -> backup.ftp_port", 80
FF NetworkProxy: Mozilla\Firefox\Profiles\3t95sp79.gtestprofile -> backup.socks", "127.0.0.1"
FF NetworkProxy: Mozilla\Firefox\Profiles\3t95sp79.gtestprofile -> backup.socks_port", 80
FF NetworkProxy: Mozilla\Firefox\Profiles\3t95sp79.gtestprofile -> backup.ssl", "127.0.0.1"
FF NetworkProxy: Mozilla\Firefox\Profiles\3t95sp79.gtestprofile -> backup.ssl_port", 80
FF NetworkProxy: Mozilla\Firefox\Profiles\3t95sp79.gtestprofile -> ftp", "108.59.10.129"
FF NetworkProxy: Mozilla\Firefox\Profiles\3t95sp79.gtestprofile -> ftp_port", 55555
FF NetworkProxy: Mozilla\Firefox\Profiles\3t95sp79.gtestprofile -> http", "108.59.10.129"
FF NetworkProxy: Mozilla\Firefox\Profiles\3t95sp79.gtestprofile -> http_port", 55555
FF NetworkProxy: Mozilla\Firefox\Profiles\3t95sp79.gtestprofile -> no_proxies_on", ""
FF NetworkProxy: Mozilla\Firefox\Profiles\3t95sp79.gtestprofile -> share_proxy_settings", true
FF NetworkProxy: Mozilla\Firefox\Profiles\3t95sp79.gtestprofile -> socks", "108.59.10.129"
FF NetworkProxy: Mozilla\Firefox\Profiles\3t95sp79.gtestprofile -> socks_port", 55555
FF NetworkProxy: Mozilla\Firefox\Profiles\3t95sp79.gtestprofile -> ssl", "108.59.10.129"
FF NetworkProxy: Mozilla\Firefox\Profiles\3t95sp79.gtestprofile -> ssl_port", 55555
FF NetworkProxy: Mozilla\Firefox\Profiles\3t95sp79.gtestprofile -> type", 0
FF Extension: (Grammarly for Firefox) - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\3t95sp79.gtestprofile\Extensions\87677a2c52b84ad3a151a4a72f5bd3c4@jetpack.xpi [2016-11-03]
FF Extension: (Forecastfox (fix version)) - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\3t95sp79.gtestprofile\Extensions\forecastfox@s3_fix_version.xpi [2016-08-18]
FF Extension: (Gmail™ Notifier (restartless)) - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\3t95sp79.gtestprofile\Extensions\jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack.xpi [2016-10-14]
FF Extension: (Send to Kindle for Mozilla Firefox) - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\3t95sp79.gtestprofile\Extensions\sendtokindle@amazon.com.xpi [2016-04-12]
FF Extension: (FEBE) - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\3t95sp79.gtestprofile\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2016-11-12]
FF Extension: (New Tab Homepage) - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\3t95sp79.gtestprofile\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2016-02-23]
FF Extension: (NoScript) - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\3t95sp79.gtestprofile\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-08-08]
FF Extension: (ReminderFox) - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\3t95sp79.gtestprofile\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}.xpi [2016-07-21]
FF Extension: (Adblock Plus) - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\3t95sp79.gtestprofile\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-10-29]
FF Extension: (No Name) - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\3t95sp79.gtestprofile\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}.xpi [2016-07-21] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-13] ()
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-22] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-13] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-10-21] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-10-21] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1060743938-440540994-1790496421-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Robert\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1060743938-440540994-1790496421-1000: @talk.google.com/O1DPlugin -> C:\Users\Robert\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1060743938-440540994-1790496421-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Robert\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-1060743938-440540994-1790496421-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Robert\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-1060743938-440540994-1790496421-1000: tdameritrade.com/thinkorswim -> C:\Program Files\thinkorswim\npthinkorswim.dll [2016-08-09] (TD Ameritrade)
FF Plugin HKU\S-1-5-21-1060743938-440540994-1790496421-1000: tdameritrade.com/tossc -> C:\Program Files\thinkorswim\nptossc.dll [2016-08-09] (TD Ameritrade)
FF Plugin ProgramFiles/Appdata: C:\Users\Robert\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Robert\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome:
=======
CHR Profile: C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default [2016-11-15]
CHR Extension: (Google Slides) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-21]
CHR Extension: (Google Docs) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-21]
CHR Extension: (Google Drive) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-21]
CHR Extension: (YouTube) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-21]
CHR Extension: (Google Cast) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-04-09]
CHR Extension: (Adblock for Youtube™) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2016-03-18]
CHR Extension: (Google Search) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-21]
CHR Extension: (Gmail™ Notifier) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcjichoefijpinlfnjghokpkojhlhkgl [2016-10-29]
CHR Extension: (Google Sheets) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-21]
CHR Extension: (Google Docs Offline) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]
CHR Extension: (New Tab Redirect) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna [2016-11-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-09]
CHR Extension: (Gmail) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-21]
CHR Extension: (Chrome Media Router) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-22]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3291848 2016-10-08] (Microsoft Corporation)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [319096 2016-01-13] (Intel Corporation)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [61256 2016-10-05] (Lenovo Group Limited)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-14] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-05-14] (Intel Corporation)
S2 LPlatSvc; C:\WINDOWS\system32\LPlatSvc.exe [710144 2016-07-13] (Lenovo.)
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-06-02] (Lenovo)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 postgresql-x64-9.5; C:\Program Files\PostgreSQL\9.5\bin\pg_ctl.exe [94208 2016-03-28] (PostgreSQL Global Development Group) [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 Samsung Network Fax Server; C:\WINDOWS\system32\spool\drivers\x64\3\NetFaxServer64.exe [793280 2014-11-04] (Samsung Electronics Co., Ltd.)
R3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28544 2016-09-10] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255096 2015-11-23] (Synaptics Incorporated)
R2 valWBFPolicyService; C:\WINDOWS\system32\valWBFPolicyService.exe [86544 2016-07-13] (Synaptics Incorporated)
R2 valWbioSyncSvc; C:\WINDOWS\system32\valWbioSyncSvc.exe [56848 2016-07-13] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [689560 2012-10-18] (Ericsson AB)
S3 WsAppService; C:\Program Files (x86)\Wondershare\WAF\WsAppService.exe [252816 2015-04-30] (Wondershare)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 DFX11_1; C:\WINDOWS\system32\drivers\dfx11_1x64.sys [28008 2015-08-31] (Windows ® Win 7 DDK provider)
S3 DFX12; C:\WINDOWS\system32\drivers\dfx12x64.sys [39048 2015-11-14] (Windows ® Win 7 DDK provider)
R2 IntelHaxm; C:\WINDOWS\system32\DRIVERS\IntelHaxm.sys [93192 2016-06-12] (Intel  Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-11-15] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNe64; C:\WINDOWS\system32\DRIVERS\Netwew01.sys [3363112 2015-07-28] (Intel Corporation)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-12-11] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [8243272 2013-03-21] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [51320 2015-11-23] (Synaptics Incorporated)
R1 SMIDriver; C:\WINDOWS\system32\DRIVERS\smi.sys [39488 2016-07-13] (Synaptics Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-15 11:51 - 2016-11-15 11:52 - 00031243 _____ C:\Users\Robert\Downloads\FRST.txt
2016-11-15 11:51 - 2016-11-15 11:51 - 00000000 ____D C:\FRST
2016-11-15 11:50 - 2016-11-15 11:50 - 02411520 _____ (Farbar) C:\Users\Robert\Downloads\FRST64.exe
2016-11-13 15:15 - 2016-11-13 15:15 - 02870984 _____ (ESET) C:\Users\Robert\Downloads\esetsmartinstaller_enu.exe
2016-11-13 15:15 - 2016-11-13 15:15 - 00000000 ____D C:\Program Files (x86)\ESET
2016-11-13 15:08 - 2016-11-13 15:09 - 01631928 _____ (Malwarebytes) C:\Users\Robert\Downloads\JRT.exe
2016-11-13 14:40 - 2016-11-13 14:46 - 00000000 ____D C:\Users\Robert\Downloads\ffbups
2016-11-12 20:32 - 2016-11-12 20:32 - 02261443 _____ C:\Users\Robert\Downloads\sfuserguide2_0.pdf
2016-11-12 11:13 - 2016-11-12 12:34 - 00027748 _____ C:\Users\Robert\Desktop\Notes-Bigalow-T-Line.txt
2016-11-11 18:42 - 2016-11-11 18:42 - 09014355 _____ C:\Users\Robert\Downloads\wiley_1_-profitable_candlestick.pdf
2016-11-11 18:39 - 2016-11-11 18:39 - 09682040 _____ C:\Users\Robert\Downloads\Bigalow-Stephen.pdf
2016-11-10 00:03 - 2016-11-02 06:04 - 00596832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2016-11-10 00:03 - 2016-11-02 06:01 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-11-10 00:03 - 2016-11-02 06:01 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\input.dll
2016-11-10 00:03 - 2016-11-02 05:48 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2016-11-10 00:03 - 2016-11-02 05:42 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sud.dll
2016-11-10 00:03 - 2016-11-02 05:31 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-11-10 00:03 - 2016-11-02 05:29 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-11-10 00:03 - 2016-11-02 05:27 - 02458112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2016-11-10 00:03 - 2016-11-02 05:26 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-11-10 00:02 - 2016-11-02 07:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-11-10 00:02 - 2016-11-02 07:01 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-11-10 00:02 - 2016-11-02 06:22 - 01570672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-11-10 00:02 - 2016-11-02 06:22 - 00601712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2016-11-10 00:02 - 2016-11-02 06:12 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-11-10 00:02 - 2016-11-02 06:10 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-11-10 00:02 - 2016-11-02 06:09 - 02257104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-11-10 00:02 - 2016-11-02 06:08 - 00602464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-11-10 00:02 - 2016-11-02 06:08 - 00576408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-11-10 00:02 - 2016-11-02 06:08 - 00186424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll
2016-11-10 00:02 - 2016-11-02 06:08 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-11-10 00:02 - 2016-11-02 06:05 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-11-10 00:02 - 2016-11-02 06:05 - 06657176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-11-10 00:02 - 2016-11-02 06:05 - 03892352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-11-10 00:02 - 2016-11-02 06:05 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-11-10 00:02 - 2016-11-02 06:05 - 00951904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-11-10 00:02 - 2016-11-02 06:04 - 04312248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-11-10 00:02 - 2016-11-02 06:01 - 01425000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2016-11-10 00:02 - 2016-11-02 06:01 - 01415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-11-10 00:02 - 2016-11-02 06:01 - 00545936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-11-10 00:02 - 2016-11-02 05:50 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-11-10 00:02 - 2016-11-02 05:49 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-11-10 00:02 - 2016-11-02 05:49 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-11-10 00:02 - 2016-11-02 05:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2016-11-10 00:02 - 2016-11-02 05:48 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efsext.dll
2016-11-10 00:02 - 2016-11-02 05:47 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2016-11-10 00:02 - 2016-11-02 05:47 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-11-10 00:02 - 2016-11-02 05:47 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-11-10 00:02 - 2016-11-02 05:46 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-11-10 00:02 - 2016-11-02 05:46 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-11-10 00:02 - 2016-11-02 05:45 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-11-10 00:02 - 2016-11-02 05:45 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2016-11-10 00:02 - 2016-11-02 05:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2016-11-10 00:02 - 2016-11-02 05:44 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-11-10 00:02 - 2016-11-02 05:44 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-11-10 00:02 - 2016-11-02 05:44 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthExt.dll
2016-11-10 00:02 - 2016-11-02 05:43 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8.dll
2016-11-10 00:02 - 2016-11-02 05:43 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-11-10 00:02 - 2016-11-02 05:43 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-11-10 00:02 - 2016-11-02 05:43 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2016-11-10 00:02 - 2016-11-02 05:43 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-11-10 00:02 - 2016-11-02 05:42 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-11-10 00:02 - 2016-11-02 05:42 - 00549376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenterCPL.dll
2016-11-10 00:02 - 2016-11-02 05:42 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2016-11-10 00:02 - 2016-11-02 05:42 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-11-10 00:02 - 2016-11-02 05:42 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-11-10 00:02 - 2016-11-02 05:42 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2016-11-10 00:02 - 2016-11-02 05:41 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-11-10 00:02 - 2016-11-02 05:40 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontext.dll
2016-11-10 00:02 - 2016-11-02 05:40 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ddraw.dll
2016-11-10 00:02 - 2016-11-02 05:40 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-11-10 00:02 - 2016-11-02 05:39 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2016-11-10 00:02 - 2016-11-02 05:39 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2016-11-10 00:02 - 2016-11-02 05:39 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAnimation.dll
2016-11-10 00:02 - 2016-11-02 05:38 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2016-11-10 00:02 - 2016-11-02 05:37 - 19415040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-11-10 00:02 - 2016-11-02 05:36 - 19415552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-11-10 00:02 - 2016-11-02 05:36 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-11-10 00:02 - 2016-11-02 05:36 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetailsUpdate.dll
2016-11-10 00:02 - 2016-11-02 05:35 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2016-11-10 00:02 - 2016-11-02 05:33 - 12349952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-11-10 00:02 - 2016-11-02 05:33 - 03307520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-11-10 00:02 - 2016-11-02 05:31 - 03196416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-11-10 00:02 - 2016-11-02 05:31 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-11-10 00:02 - 2016-11-02 05:30 - 12175360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-11-10 00:02 - 2016-11-02 05:30 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll
2016-11-10 00:02 - 2016-11-02 05:29 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-11-10 00:02 - 2016-11-02 05:29 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2016-11-10 00:02 - 2016-11-02 05:29 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-11-10 00:02 - 2016-11-02 05:29 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2016-11-10 00:02 - 2016-11-02 05:28 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-11-10 00:02 - 2016-11-02 05:28 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-11-10 00:02 - 2016-11-02 05:28 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2016-11-10 00:02 - 2016-11-02 05:28 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chartv.dll
2016-11-10 00:02 - 2016-11-02 05:28 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-11-10 00:02 - 2016-11-02 05:27 - 00580608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2016-11-10 00:02 - 2016-11-02 05:27 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2016-11-10 00:02 - 2016-11-02 05:26 - 02747392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2016-11-10 00:02 - 2016-11-02 05:26 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2016-11-10 00:02 - 2016-11-02 05:26 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-11-10 00:02 - 2016-11-02 05:26 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-11-10 00:02 - 2016-11-02 05:26 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-11-10 00:02 - 2016-11-02 05:26 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2016-11-10 00:02 - 2016-11-02 05:26 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-11-10 00:02 - 2016-11-02 05:26 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-11-10 00:02 - 2016-11-02 05:25 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-11-10 00:02 - 2016-11-02 05:25 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-11-10 00:02 - 2016-11-02 05:25 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-11-10 00:02 - 2016-11-02 05:25 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2016-11-10 00:02 - 2016-11-02 05:23 - 03106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2016-11-10 00:02 - 2016-11-02 05:23 - 02356736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2016-11-10 00:02 - 2016-11-02 05:23 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2016-11-10 00:02 - 2016-11-02 04:11 - 00788624 _____ C:\WINDOWS\SysWOW64\locale.nls
2016-11-10 00:02 - 2016-11-02 04:11 - 00788624 _____ C:\WINDOWS\system32\locale.nls
2016-11-10 00:02 - 2016-08-01 23:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-11-09 23:56 - 2016-11-02 06:13 - 00423776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-11-09 23:56 - 2016-11-02 06:00 - 08156080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-11-09 23:56 - 2016-11-02 05:56 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\input.dll
2016-11-09 23:56 - 2016-11-02 05:34 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-11-09 23:56 - 2016-11-02 05:33 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-11-09 23:56 - 2016-11-02 05:30 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-11-09 23:56 - 2016-11-02 05:30 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2016-11-09 23:56 - 2016-11-02 05:30 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-11-09 23:56 - 2016-11-02 05:29 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2016-11-09 23:56 - 2016-11-02 05:29 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-11-09 23:56 - 2016-11-02 05:28 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-11-09 23:56 - 2016-11-02 05:28 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-11-09 23:56 - 2016-11-02 05:28 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2016-11-09 23:56 - 2016-11-02 05:27 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-11-09 23:56 - 2016-11-02 05:27 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2016-11-09 23:56 - 2016-11-02 05:26 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-11-09 23:56 - 2016-11-02 05:26 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAnimation.dll
2016-11-09 23:56 - 2016-11-02 05:26 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-11-09 23:56 - 2016-11-02 05:23 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-11-09 23:56 - 2016-11-02 05:19 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-11-09 23:56 - 2016-11-02 05:17 - 01282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-11-09 23:56 - 2016-11-02 05:17 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-11-09 23:56 - 2016-11-02 05:16 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-11-09 23:56 - 2016-11-02 05:16 - 02512384 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2016-11-09 23:56 - 2016-11-02 05:16 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-11-09 23:56 - 2016-11-02 05:15 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-11-09 23:56 - 2016-11-02 05:15 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-11-09 23:56 - 2016-11-02 05:15 - 01348608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-11-09 23:56 - 2016-11-02 05:15 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2016-11-09 23:56 - 2016-11-02 05:14 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-11-09 23:56 - 2016-11-02 05:13 - 03496960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2016-11-09 23:56 - 2016-11-02 05:13 - 03299840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2016-11-09 23:56 - 2016-11-02 03:20 - 00446896 _____ C:\WINDOWS\system32\ApnDatabase.xml
2016-11-09 23:55 - 2016-11-02 06:20 - 00378720 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-11-09 23:55 - 2016-11-02 06:14 - 07816544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-11-09 23:55 - 2016-11-02 06:13 - 01883784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-11-09 23:55 - 2016-11-02 06:13 - 00773720 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2016-11-09 23:55 - 2016-11-02 06:12 - 02255712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-11-09 23:55 - 2016-11-02 06:12 - 00376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-11-09 23:55 - 2016-11-02 06:05 - 00405856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-11-09 23:55 - 2016-11-02 06:04 - 02678056 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-11-09 23:55 - 2016-11-02 06:03 - 02750936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-11-09 23:55 - 2016-11-02 06:02 - 00848736 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-11-09 23:55 - 2016-11-02 06:02 - 00682816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-11-09 23:55 - 2016-11-02 06:02 - 00238056 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2016-11-09 23:55 - 2016-11-02 06:02 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-11-09 23:55 - 2016-11-02 06:01 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-11-09 23:55 - 2016-11-02 06:00 - 22223968 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-11-09 23:55 - 2016-11-02 06:00 - 04130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-11-09 23:55 - 2016-11-02 06:00 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-11-09 23:55 - 2016-11-02 06:00 - 01061968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-11-09 23:55 - 2016-11-02 05:59 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-11-09 23:55 - 2016-11-02 05:56 - 01609920 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2016-11-09 23:55 - 2016-11-02 05:56 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-11-09 23:55 - 2016-11-02 05:56 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-11-09 23:55 - 2016-11-02 05:56 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-11-09 23:55 - 2016-11-02 05:55 - 00048992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\iorate.sys
2016-11-09 23:55 - 2016-11-02 05:38 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-11-09 23:55 - 2016-11-02 05:34 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-11-09 23:55 - 2016-11-02 05:32 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-11-09 23:55 - 2016-11-02 05:32 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\efsext.dll
2016-11-09 23:55 - 2016-11-02 05:31 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2016-11-09 23:55 - 2016-11-02 05:31 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2016-11-09 23:55 - 2016-11-02 05:31 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-11-09 23:55 - 2016-11-02 05:30 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2016-11-09 23:55 - 2016-11-02 05:30 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-11-09 23:55 - 2016-11-02 05:30 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-11-09 23:55 - 2016-11-02 05:30 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2016-11-09 23:55 - 2016-11-02 05:29 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2016-11-09 23:55 - 2016-11-02 05:29 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2016-11-09 23:55 - 2016-11-02 05:29 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2016-11-09 23:55 - 2016-11-02 05:29 - 00276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-11-09 23:55 - 2016-11-02 05:29 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-11-09 23:55 - 2016-11-02 05:28 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-11-09 23:55 - 2016-11-02 05:28 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenterCPL.dll
2016-11-09 23:55 - 2016-11-02 05:28 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2016-11-09 23:55 - 2016-11-02 05:28 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCenter.dll
2016-11-09 23:55 - 2016-11-02 05:28 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.dll
2016-11-09 23:55 - 2016-11-02 05:28 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
2016-11-09 23:55 - 2016-11-02 05:28 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-11-09 23:55 - 2016-11-02 05:28 - 00240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
2016-11-09 23:55 - 2016-11-02 05:28 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-11-09 23:55 - 2016-11-02 05:28 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-11-09 23:55 - 2016-11-02 05:27 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-11-09 23:55 - 2016-11-02 05:27 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2016-11-09 23:55 - 2016-11-02 05:27 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-11-09 23:55 - 2016-11-02 05:27 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-11-09 23:55 - 2016-11-02 05:26 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddraw.dll
2016-11-09 23:55 - 2016-11-02 05:26 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2016-11-09 23:55 - 2016-11-02 05:25 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll
2016-11-09 23:55 - 2016-11-02 05:25 - 00541696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-11-09 23:55 - 2016-11-02 05:25 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-11-09 23:55 - 2016-11-02 05:24 - 03778560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-11-09 23:55 - 2016-11-02 05:24 - 00940032 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontext.dll
2016-11-09 23:55 - 2016-11-02 05:22 - 13441024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-11-09 23:55 - 2016-11-02 05:22 - 13081600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-11-09 23:55 - 2016-11-02 05:22 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-11-09 23:55 - 2016-11-02 05:22 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2016-11-09 23:55 - 2016-11-02 05:21 - 05111296 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-11-09 23:55 - 2016-11-02 05:19 - 08127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-11-09 23:55 - 2016-11-02 05:19 - 01586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2016-11-09 23:55 - 2016-11-02 05:19 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-11-09 23:55 - 2016-11-02 05:19 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2016-11-09 23:55 - 2016-11-02 05:19 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2016-11-09 23:55 - 2016-11-02 05:19 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\chartv.dll
2016-11-09 23:55 - 2016-11-02 05:19 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-11-09 23:55 - 2016-11-02 05:18 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2016-11-09 23:55 - 2016-11-02 05:18 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2016-11-09 23:55 - 2016-11-02 05:18 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2016-11-09 23:55 - 2016-11-02 05:17 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-11-09 23:55 - 2016-11-02 05:17 - 00982528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-11-09 23:55 - 2016-11-02 05:17 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-11-09 23:55 - 2016-11-02 05:16 - 04148736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-11-09 23:55 - 2016-11-02 05:16 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2016-11-09 23:55 - 2016-11-02 05:16 - 03133440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2016-11-09 23:55 - 2016-11-02 05:16 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-11-09 23:55 - 2016-11-02 05:16 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-11-09 23:55 - 2016-11-02 05:16 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-11-09 23:55 - 2016-11-02 05:16 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-11-09 23:55 - 2016-11-02 05:16 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2016-11-09 23:55 - 2016-11-02 05:16 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2016-11-09 23:55 - 2016-11-02 05:16 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2016-11-09 23:55 - 2016-11-02 05:16 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-11-09 23:55 - 2016-11-02 05:15 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-11-09 23:55 - 2016-11-02 05:15 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-11-09 23:55 - 2016-11-02 05:15 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-11-09 23:55 - 2016-11-02 05:13 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2016-11-09 23:54 - 2016-11-02 06:20 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-11-09 23:54 - 2016-11-02 06:15 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-11-09 23:54 - 2016-11-02 06:15 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-11-09 23:54 - 2016-11-02 06:13 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-11-09 23:54 - 2016-11-02 06:13 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-11-09 23:54 - 2016-11-02 06:03 - 00714592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2016-11-09 23:54 - 2016-11-02 06:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-11-09 23:54 - 2016-11-02 05:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2016-11-09 23:54 - 2016-11-02 05:31 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-11-09 23:54 - 2016-11-02 05:31 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-11-09 23:54 - 2016-11-02 05:31 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-11-09 23:54 - 2016-11-02 05:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-11-09 23:54 - 2016-11-02 05:27 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-11-09 23:54 - 2016-11-02 05:25 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-11-09 23:54 - 2016-11-02 05:23 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2016-11-09 23:54 - 2016-11-02 05:23 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetailsUpdate.dll
2016-11-09 23:54 - 2016-11-02 05:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-11-09 23:54 - 2016-11-02 05:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-11-09 23:54 - 2016-11-02 05:20 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-11-09 23:54 - 2016-11-02 05:20 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2016-11-09 23:54 - 2016-11-02 05:18 - 01690112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-11-09 23:54 - 2016-11-02 05:17 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2016-11-09 23:54 - 2016-11-02 05:16 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-11-09 23:54 - 2016-11-02 05:16 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-11-08 14:57 - 2016-11-08 14:57 - 00569282 _____ C:\Users\Robert\Desktop\CVS-warns-of-lower-profit-rx-losses.pdf
2016-11-03 17:39 - 2016-11-03 17:39 - 03608408 _____ C:\Users\Robert\Downloads\Stock-Comparison-Spreadsheet-UNLOCKED.zip
2016-10-31 13:10 - 2016-10-31 13:10 - 00034906 _____ C:\Users\Robert\Downloads\Original
2016-10-28 09:08 - 2016-10-14 23:51 - 02186896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2016-10-28 09:08 - 2016-10-14 23:51 - 01637728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-10-28 09:08 - 2016-10-14 23:51 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-10-28 09:08 - 2016-10-14 23:51 - 00595296 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-10-28 09:08 - 2016-10-14 23:51 - 00584032 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-10-28 09:08 - 2016-10-14 23:51 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-10-28 09:08 - 2016-10-14 23:51 - 00232800 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-10-28 09:08 - 2016-10-14 23:51 - 00137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-10-28 09:08 - 2016-10-14 23:51 - 00078688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-10-28 09:08 - 2016-10-14 23:48 - 00498952 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2016-10-28 09:08 - 2016-10-14 23:38 - 00500064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2016-10-28 09:08 - 2016-10-14 23:37 - 00063328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2016-10-28 09:08 - 2016-10-14 23:33 - 00455040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2016-10-28 09:08 - 2016-10-14 23:30 - 00509280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-10-28 09:08 - 2016-10-14 23:30 - 00341936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2016-10-28 09:08 - 2016-10-14 23:29 - 00908640 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvstore.dll
2016-10-28 09:08 - 2016-10-14 23:29 - 00079200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys
2016-10-28 09:08 - 2016-10-14 23:26 - 01990648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-10-28 09:08 - 2016-10-14 23:26 - 01472536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-10-28 09:08 - 2016-10-14 23:26 - 00811416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-10-28 09:08 - 2016-10-14 23:26 - 00691080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2016-10-28 09:08 - 2016-10-14 23:22 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-10-28 09:08 - 2016-10-14 23:21 - 00292872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpeffects.dll
2016-10-28 09:08 - 2016-10-14 23:18 - 00749920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvstore.dll
2016-10-28 09:08 - 2016-10-14 23:15 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2016-10-28 09:08 - 2016-10-14 23:10 - 00254656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpeffects.dll
2016-10-28 09:08 - 2016-10-14 23:01 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-10-28 09:08 - 2016-10-14 23:00 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2016-10-28 09:08 - 2016-10-14 23:00 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stdole2.tlb
2016-10-28 09:08 - 2016-10-14 22:59 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfksproxy.dll
2016-10-28 09:08 - 2016-10-14 22:59 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfksproxy.dll
2016-10-28 09:08 - 2016-10-14 22:59 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2016-10-28 09:08 - 2016-10-14 22:58 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-10-28 09:08 - 2016-10-14 22:57 - 00217600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpdxm.dll
2016-10-28 09:08 - 2016-10-14 22:57 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-10-28 09:08 - 2016-10-14 22:57 - 00175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpdxm.dll
2016-10-28 09:08 - 2016-10-14 22:56 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-10-28 09:08 - 2016-10-14 22:56 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2016-10-28 09:08 - 2016-10-14 22:56 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-10-28 09:08 - 2016-10-14 22:55 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2016-10-28 09:08 - 2016-10-14 22:55 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpshell.dll
2016-10-28 09:08 - 2016-10-14 22:54 - 00717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskbarcpl.dll
2016-10-28 09:08 - 2016-10-14 22:54 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairingFolder.dll
2016-10-28 09:08 - 2016-10-14 22:54 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-10-28 09:08 - 2016-10-14 22:53 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-10-28 09:08 - 2016-10-14 22:52 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-10-28 09:08 - 2016-10-14 22:52 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoplay.dll
2016-10-28 09:08 - 2016-10-14 22:51 - 13868544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-10-28 09:08 - 2016-10-14 22:50 - 17188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-10-28 09:08 - 2016-10-14 22:50 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-10-28 09:08 - 2016-10-14 22:50 - 00967168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-10-28 09:08 - 2016-10-14 22:50 - 00509440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2016-10-28 09:08 - 2016-10-14 22:50 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-10-28 09:08 - 2016-10-14 22:50 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-10-28 09:08 - 2016-10-14 22:49 - 01913344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2016-10-28 09:08 - 2016-10-14 22:49 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-10-28 09:08 - 2016-10-14 22:49 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-10-28 09:08 - 2016-10-14 22:49 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2016-10-28 09:08 - 2016-10-14 22:48 - 01554944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2016-10-28 09:08 - 2016-10-14 22:48 - 01323008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2016-10-28 09:08 - 2016-10-14 22:48 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2016-10-28 09:08 - 2016-10-14 22:47 - 01113600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2016-10-28 09:08 - 2016-10-14 22:47 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2016-10-28 09:08 - 2016-10-14 22:46 - 03287552 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2016-10-28 09:08 - 2016-10-14 22:46 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2016-10-28 09:08 - 2016-10-14 22:45 - 00406016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-10-28 09:08 - 2016-10-14 22:44 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2016-10-28 09:08 - 2016-10-14 22:44 - 00470016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2016-10-28 09:08 - 2016-10-14 22:44 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\powercfg.exe
2016-10-28 09:08 - 2016-10-14 22:43 - 02748928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2016-10-28 09:08 - 2016-10-14 22:43 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\energy.dll
2016-10-28 09:08 - 2016-10-14 22:43 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsiwmi.dll
2016-10-28 09:08 - 2016-10-14 22:42 - 06108672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-10-28 09:08 - 2016-10-14 22:42 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-10-28 09:08 - 2016-10-14 22:42 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2016-10-28 09:08 - 2016-10-14 22:41 - 05376000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-10-28 09:08 - 2016-10-14 22:41 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsiwmi.dll
2016-10-28 09:08 - 2016-10-14 22:39 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Geolocation.dll
2016-10-28 09:08 - 2016-10-14 22:38 - 01993216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-10-28 09:08 - 2016-10-14 22:38 - 00913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-10-28 09:08 - 2016-10-14 22:38 - 00675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-10-28 09:08 - 2016-10-14 22:37 - 01980416 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-10-28 09:08 - 2016-10-14 22:37 - 01643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-10-28 09:08 - 2016-10-14 22:37 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-10-28 09:08 - 2016-10-14 22:37 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmifw.dll
2016-10-28 09:08 - 2016-10-14 22:36 - 02290176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-10-28 09:08 - 2016-10-14 22:36 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2016-10-28 09:08 - 2016-10-14 22:36 - 00542208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-10-28 09:08 - 2016-10-14 22:36 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2016-10-28 09:08 - 2016-10-14 22:36 - 00338944 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
2016-10-28 09:08 - 2016-10-14 22:36 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmifw.dll
2016-10-28 09:08 - 2016-10-14 22:35 - 03054080 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-10-28 09:08 - 2016-10-14 22:35 - 02708992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-10-28 09:08 - 2016-10-14 22:35 - 02315264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-10-28 09:08 - 2016-10-14 22:35 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-10-28 09:08 - 2016-10-14 22:35 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-10-28 09:08 - 2016-10-14 22:35 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-10-28 09:08 - 2016-10-14 22:31 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2016-10-28 09:08 - 2016-09-10 08:21 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys
2016-10-28 09:08 - 2016-08-27 00:12 - 00244816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-10-28 09:07 - 2016-10-14 23:51 - 00283488 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-10-28 09:07 - 2016-10-14 23:43 - 01356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2016-10-28 09:07 - 2016-10-14 23:41 - 05622088 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2016-10-28 09:07 - 2016-10-14 23:38 - 00409952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2016-10-28 09:07 - 2016-10-14 23:34 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2016-10-28 09:07 - 2016-10-14 23:31 - 02827864 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-10-28 09:07 - 2016-10-14 23:31 - 02190688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-10-28 09:07 - 2016-10-14 23:31 - 00658272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-10-28 09:07 - 2016-10-14 23:31 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-10-28 09:07 - 2016-10-14 23:30 - 01851696 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-10-28 09:07 - 2016-10-14 23:30 - 00557408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2016-10-28 09:07 - 2016-10-14 23:29 - 02913104 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-10-28 09:07 - 2016-10-14 23:29 - 01267504 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-10-28 09:07 - 2016-10-14 23:29 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-10-28 09:07 - 2016-10-14 23:26 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2016-10-28 09:07 - 2016-10-14 23:26 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-10-28 09:07 - 2016-10-14 23:26 - 00160096 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2016-10-28 09:07 - 2016-10-14 23:25 - 00882680 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2016-10-28 09:07 - 2016-10-14 23:25 - 00742704 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-10-28 09:07 - 2016-10-14 23:21 - 02537824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-10-28 09:07 - 2016-10-14 23:21 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-10-28 09:07 - 2016-10-14 23:21 - 00584032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2016-10-28 09:07 - 2016-10-14 23:20 - 02276736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-10-28 09:07 - 2016-10-14 23:19 - 00272720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2016-10-28 09:07 - 2016-10-14 23:18 - 02166232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-10-28 09:07 - 2016-10-14 23:18 - 01556712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-10-28 09:07 - 2016-10-14 23:18 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-10-28 09:07 - 2016-10-14 23:15 - 01853776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-10-28 09:07 - 2016-10-14 23:15 - 01123368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-10-28 09:07 - 2016-10-14 23:15 - 00687936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2016-10-28 09:07 - 2016-10-14 23:11 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-10-28 09:07 - 2016-10-14 23:06 - 05685760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-10-28 09:07 - 2016-10-14 23:05 - 07216640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-10-28 09:07 - 2016-10-14 23:00 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2016-10-28 09:07 - 2016-10-14 23:00 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-10-28 09:07 - 2016-10-14 22:59 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\stdole2.tlb
2016-10-28 09:07 - 2016-10-14 22:57 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2016-10-28 09:07 - 2016-10-14 22:56 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\esentutl.exe
2016-10-28 09:07 - 2016-10-14 22:56 - 00327680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2016-10-28 09:07 - 2016-10-14 22:56 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esentutl.exe
2016-10-28 09:07 - 2016-10-14 22:56 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-10-28 09:07 - 2016-10-14 22:56 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSrvPolicyManager.dll
2016-10-28 09:07 - 2016-10-14 22:56 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFi.dll
2016-10-28 09:07 - 2016-10-14 22:56 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-10-28 09:07 - 2016-10-14 22:56 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2016-10-28 09:07 - 2016-10-14 22:55 - 00329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2016-10-28 09:07 - 2016-10-14 22:55 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2016-10-28 09:07 - 2016-10-14 22:55 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-10-28 09:07 - 2016-10-14 22:55 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll
2016-10-28 09:07 - 2016-10-14 22:54 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2016-10-28 09:07 - 2016-10-14 22:54 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2016-10-28 09:07 - 2016-10-14 22:54 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-10-28 09:07 - 2016-10-14 22:54 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoplay.dll
2016-10-28 09:07 - 2016-10-14 22:54 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpshell.dll
2016-10-28 09:07 - 2016-10-14 22:53 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-10-28 09:07 - 2016-10-14 22:52 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-10-28 09:07 - 2016-10-14 22:52 - 00410624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2016-10-28 09:07 - 2016-10-14 22:52 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2016-10-28 09:07 - 2016-10-14 22:52 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\systemcpl.dll
2016-10-28 09:07 - 2016-10-14 22:51 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2016-10-28 09:07 - 2016-10-14 22:51 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2016-10-28 09:07 - 2016-10-14 22:50 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2016-10-28 09:07 - 2016-10-14 22:50 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
2016-10-28 09:07 - 2016-10-14 22:50 - 00310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-10-28 09:07 - 2016-10-14 22:49 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-10-28 09:07 - 2016-10-14 22:49 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2016-10-28 09:07 - 2016-10-14 22:47 - 07792640 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-10-28 09:07 - 2016-10-14 22:47 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-10-28 09:07 - 2016-10-14 22:47 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2016-10-28 09:07 - 2016-10-14 22:46 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2016-10-28 09:07 - 2016-10-14 22:45 - 01790464 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2016-10-28 09:07 - 2016-10-14 22:45 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2016-10-28 09:07 - 2016-10-14 22:44 - 00636928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-10-28 09:07 - 2016-10-14 22:43 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-10-28 09:07 - 2016-10-14 22:42 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Geolocation.dll
2016-10-28 09:07 - 2016-10-14 22:42 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\powercfg.exe
2016-10-28 09:07 - 2016-10-14 22:41 - 07654912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-10-28 09:07 - 2016-10-14 22:41 - 00945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2016-10-28 09:07 - 2016-10-14 22:41 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2016-10-28 09:07 - 2016-10-14 22:39 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2016-10-28 09:07 - 2016-10-14 22:39 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-10-28 09:07 - 2016-10-14 22:39 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2016-10-28 09:07 - 2016-10-14 22:39 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-10-28 09:07 - 2016-10-14 22:39 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-10-28 09:07 - 2016-10-14 22:39 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2016-10-28 09:07 - 2016-10-14 22:39 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2016-10-28 09:07 - 2016-10-14 22:37 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2016-10-28 09:07 - 2016-10-14 22:37 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-10-28 09:07 - 2016-10-14 22:37 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2016-10-28 09:07 - 2016-10-14 22:36 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-10-28 09:07 - 2016-10-14 22:36 - 00983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-10-28 09:07 - 2016-10-14 22:36 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-10-28 09:07 - 2016-10-14 22:35 - 02005504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2016-10-28 09:07 - 2016-10-14 22:35 - 00905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-10-28 09:07 - 2016-10-14 22:34 - 02476544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2016-10-28 09:07 - 2016-10-14 22:34 - 01840640 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2016-10-28 09:07 - 2016-10-14 22:34 - 00936448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-10-28 09:07 - 2016-10-14 22:32 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2016-10-28 09:07 - 2016-08-05 23:17 - 00619368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-10-23 18:25 - 2016-10-23 18:25 - 00000000 ___RD C:\Users\Robert\Documents\Scanned Documents
2016-10-23 18:25 - 2016-10-23 18:25 - 00000000 ____D C:\Users\Robert\Documents\Fax
2016-10-22 08:54 - 2016-10-22 08:54 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2016-10-22 08:51 - 2016-10-22 08:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-10-22 08:51 - 2016-10-22 08:51 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-10-22 08:51 - 2016-10-22 08:51 - 00000000 ____D C:\Program Files (x86)\Java
2016-10-19 18:18 - 2016-10-19 18:18 - 02365296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WudfUpdate_01011.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-15 11:26 - 2015-10-03 10:17 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-11-15 10:16 - 2015-10-01 15:29 - 00000000 ____D C:\Users\Robert\AppData\Local\ClassicShell
2016-11-15 10:14 - 2016-08-06 15:58 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-11-15 06:58 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-11-15 06:58 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-11-14 10:02 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
2016-11-13 20:29 - 2016-08-07 08:25 - 00000000 ____D C:\Users\Robert\AppData\Local\Deployment
2016-11-13 20:27 - 2016-08-06 16:05 - 00000000 ____D C:\Users\Robert
2016-11-13 20:27 - 2015-10-01 06:14 - 00000000 __SHD C:\Users\Robert\IntelGraphicsProfiles
2016-11-13 15:05 - 2016-08-10 14:10 - 00000000 ____D C:\WINDOWS\Minidump
2016-11-13 15:05 - 2016-08-06 19:56 - 00000000 ___DC C:\WINDOWS\Panther
2016-11-13 11:48 - 2016-08-06 16:02 - 00000000 ____D C:\ProgramData\Synaptics
2016-11-13 10:11 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-11-13 10:11 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-11-13 10:11 - 2015-09-30 17:21 - 00000000 ____D C:\Users\Robert\AppData\Local\Adobe
2016-11-13 10:10 - 2016-08-06 16:05 - 01463900 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-11-13 10:06 - 2016-08-06 16:20 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-11-13 10:05 - 2016-07-16 01:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2016-11-12 11:49 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\rescache
2016-11-10 16:54 - 2015-11-21 15:54 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-10 07:56 - 2015-09-10 00:42 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-11-10 07:54 - 2016-08-06 15:57 - 00337064 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-11-10 07:50 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-11-10 07:50 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-11-10 07:50 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-11-10 07:50 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-11-10 07:50 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-11-10 07:50 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-11-10 00:22 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-11-10 00:16 - 2015-09-30 17:57 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-11-10 00:10 - 2015-09-30 17:57 - 141011376 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-11-09 11:01 - 2016-08-06 16:20 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-11-09 10:45 - 2016-05-26 16:39 - 00000000 ____D C:\AdwCleaner
2016-11-08 20:38 - 2015-11-15 12:56 - 00000000 ____D C:\Users\Robert\AppData\Local\Google
2016-11-08 10:11 - 2016-07-23 09:34 - 00000000 ____D C:\Users\Robert\Desktop\Medical
2016-11-06 14:23 - 2015-03-05 20:30 - 03331252 _____ C:\Users\Robert\Desktop\Stock Comparison Spreadsheet - UNLOCKED.xlsm
2016-11-05 09:01 - 2015-11-02 19:50 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-11-02 10:56 - 2015-09-30 15:16 - 00389408 __RSH C:\bootmgr
2016-10-29 05:34 - 2015-09-30 17:22 - 00000000 ____D C:\ProgramData\Lenovo
2016-10-29 05:29 - 2015-09-30 16:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-10-29 05:26 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-10-29 05:25 - 2016-07-16 06:47 - 00015425 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-10-28 18:56 - 2016-07-16 06:49 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-10-28 18:56 - 2016-07-16 06:49 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-10-28 08:49 - 2015-09-30 16:39 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-10-22 08:54 - 2016-08-23 10:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2016-10-22 08:54 - 2016-08-06 08:40 - 00000000 ____D C:\Program Files\Java
2016-10-22 08:51 - 2015-10-05 13:49 - 00000000 ____D C:\ProgramData\Oracle
2016-10-21 06:37 - 2016-07-16 06:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-10-21 06:35 - 2016-07-18 16:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-10-20 20:43 - 2015-09-30 16:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-10-18 12:57 - 2015-12-18 11:53 - 00000000 ____D C:\Users\Robert\AppData\LocalLow\Lenovo
2016-10-16 17:03 - 2016-08-06 16:20 - 00000000 ____D C:\WINDOWS\System32\Tasks\TVT
2016-10-16 17:03 - 2016-06-16 16:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2016-10-16 17:03 - 2015-12-16 20:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2016-10-16 17:03 - 2015-09-30 17:22 - 00000000 ____D C:\Program Files (x86)\Lenovo

==================== Files in the root of some directories =======

2016-01-16 16:13 - 2016-01-16 16:13 - 0001759 _____ () C:\Users\Robert\AppData\Local\recently-used.xbel
2016-08-09 07:03 - 2016-08-09 07:03 - 0007597 _____ () C:\Users\Robert\AppData\Local\Resmon.ResmonCfg
2016-08-06 15:59 - 2016-08-06 15:59 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-11-10 00:06

==================== End of FRST.txt ============================

Attached Files


Edited by bob3165, 15 November 2016 - 12:16 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:55 AM

Posted 20 November 2016 - 11:45 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zoek tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.
===

Also, please provide an update on how the computer is behaving after running the above script.

P.S.
Please run the Farbar tool again and post fresh FRST and Addition.txt files for my review.

#3 bob3165

bob3165
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:55 AM

Posted 20 November 2016 - 01:40 PM

Thanks for your help Nasdaq. Hard to say how much better system is running, since sometimes links would not load or take a long time to load. Doesn't seem any worse that it was working. I noticed sometimes I will type something and it will take a second or two to appear in display. Here are the logs you wanted:

 

Zoek.exe v5.0.0.1 Updated 19-September-2016
Tool run by Robert on Sun 11/20/2016 at 12:54:56.02.
Microsoft Windows 10 Home 10.0.14393  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Robert\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

11/20/2016 12:57:18 PM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\Cisco deleted successfully
C:\Program Files\Common Files\Intel deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\Users\Robert\AppData\Local\ActiveSync deleted successfully
C:\Users\Robert\AppData\Local\NetworkTiles deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Maps deleted successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\NetworkTiles deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1060743938-440540994-1790496421-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F4E39681-15F8-4fda-B8A3-B5C98378F2F3} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\3t95sp79.gtestprofile\prefs.js:
user_pref("browser.startup.homepage", "https://google.com");
user_pref("browser.search.defaultenginename.US", "Google");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\3t95sp79.gtestprofile\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\dfb8lkl0.default\prefs.js:
user_pref("browser.startup.homepage", "https://www.google.com");
user_pref("browser.search.defaultenginename.US", "Google");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\dfb8lkl0.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\3t95sp79.gtestprofile

user.js not found
---- Lines yahoo removed from prefs.js ----
user_pref("capability.policy.maonoscript.sites", "addons.mozilla.org advance.net afx.ms ajax.aspnetcdn.com ajax.googleapis.com amazon.com boatloadpuzz
---- FireFox user.js and prefs.js backups ----

prefs_20161120_0111_.backup

ProfilePath: C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\dfb8lkl0.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_20161120_0111_.backup

==== Batch Command(s) Run By Tool======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\Cisco not found
C:\PROGRA~2\Minimal ADB and Fastboot deleted
C:\Users\Robert\.android deleted
C:\PROGRA~2\SamsungPrinterLiveUpdateInstaller deleted
C:\PROGRA~2\Wondershare deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\3t95sp79.gtestprofile\jetpack deleted
C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\dfb8lkl0.default\jetpack deleted
"C:\Users\Robert\AppData\Roaming\WordWeb" deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\3t95sp79.gtestprofile
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\dfb8lkl0.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

ProfilePath: C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\3t95sp79.gtestprofile
- FEBE - %ProfilePath%\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
- Grammarly for Firefox - %ProfilePath%\extensions\87677a2c52b84ad3a151a4a72f5bd3c4@jetpack.xpi
- anonymoX - %ProfilePath%\extensions\client@anonymox.net.xpi
- Forecastfox version corrige - %ProfilePath%\extensions\forecastfox@s3_fix_version.xpi
- Gmail Notifier restartless - %ProfilePath%\extensions\jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack.xpi
- Send to Kindle for Mozilla Firefox - %ProfilePath%\extensions\sendtokindle@amazon.com.xpi
- New Tab Homepage - %ProfilePath%\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi
- NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
- ReminderFox - %ProfilePath%\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

ProfilePath: C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\dfb8lkl0.default
- FEBE - %ProfilePath%\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
- ReminderFox - %ProfilePath%\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
- Forecastfox version corrige - %ProfilePath%\extensions\forecastfox@s3_fix_version.xpi
- Gmail Notifier restartless - %ProfilePath%\extensions\jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack.xpi
- YouTube AdBlock - %ProfilePath%\extensions\jid1-w4wG5nJhx4LJZr@jetpack.xpi
- Send to Kindle for Mozilla Firefox - %ProfilePath%\extensions\sendtokindle@amazon.com.xpi
- New Tab Homepage - %ProfilePath%\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\3t95sp79.gtestprofile
83FCFA3C1E0D7523C21CCFBF336D2687    - C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_23_0_0_207.dll -    Shockwave Flash
CDD464A05245006900B8DE4A1D9B8A5C    - C:\Program Files\thinkorswim\nptossc.dll -    tossc
8DBC6056E367E72C9DE4E471C8E72B19    - C:\Program Files\thinkorswim\npthinkorswim.dll -    thinkorswim
3EE8AE0ECFE5D79DE1737A855AD1E84C    - C:\Users\Robert\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll -    Google Update
20FF20FBC1F20ADEC0AD6AF98ABE9545    - C:\Users\Robert\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll -    Google Talk Plugin
57D28190C994AD5E9B1007FB2259393A    - C:\Users\Robert\AppData\Roaming\Mozilla\plugins\npo1d.dll -    Google Talk Plugin Video Renderer

Profilepath: C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\dfb8lkl0.default
20FF20FBC1F20ADEC0AD6AF98ABE9545    - C:\Users\Robert\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll -    Google Talk Plugin
57D28190C994AD5E9B1007FB2259393A    - C:\Users\Robert\AppData\Roaming\Mozilla\plugins\npo1d.dll -    Google Talk Plugin Video Renderer


==== Chromium Look ======================

Google Chrome Version: 46.0.2490.86


Google Cast - Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd
ignotifier - Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcjichoefijpinlfnjghokpkojhlhkgl
Chrome Media Router - Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02

==== Reset Google Chrome ======================

C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Robert\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Robert\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Robert\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Robert\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Robert\AppData\Local\Mozilla\Firefox\Profiles\3t95sp79.gtestprofile\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=176 folders=141 291376018 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\Robert\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Sun 11/20/2016 at 13:18:48.42 ======================
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-11-2016
Ran by Robert (administrator) on ROBERT-PC (20-11-2016 13:25:13)
Running from C:\Users\Robert\Desktop
Loaded Profiles: Robert (Available Profiles: Robert)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Lenovo.) C:\Windows\System32\LPlatSvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxServer64.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.5\bin\pg_ctl.exe
(Synaptics Incorporated) C:\Windows\System32\valWbioSyncSvc.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Ericsson AB) C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.5\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.5\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.5\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.5\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.5\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.5\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.5\bin\postgres.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Lenovo.) C:\Windows\System32\LPlatSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynFP\Shared\SensorDBSynch.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tposd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(WordWeb Software) C:\Program Files (x86)\WordWeb\wweb32.exe
() C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Lenovo) C:\Users\Robert\AppData\Local\Apps\2.0\HD7DE6YX.02Y\NYOTL02N.LR4\lsb...tion_91a10ba61c75c82d_0001.0005_a24d0d716055ed94\LSB.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [935104 2014-11-25] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM\...\Run: [RtsCM] => C:\WINDOWS\RTSCM64.EXE [140872 2013-03-21] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Enhanced Performance Keyboard] => C:\Program Files\Lenovo\USB Enhanced Performance Keyboard\SKDaemon.exe [4013056 2014-08-17] (LITE-ON TECHNOLOGY CORP.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [464608 2014-09-08] ()
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-06] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-26] (Apple Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-21] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [134616 2013-05-14] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-07-05] (Apple Inc.)
HKLM-x32\...\Run: [WordWeb] => C:\Program Files (x86)\WordWeb\wweb32.exe [81120 2016-02-12] (WordWeb Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-1060743938-440540994-1790496421-1000\...\Run: [EEDSpeedLauncher] => rundll32.exe C:\WINDOWS\system32\eed_ec.dll,SpeedLauncher
HKU\S-1-5-21-1060743938-440540994-1790496421-1000\...\Run: [Google Update] => C:\Users\Robert\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-11-15] (Google Inc.)
HKU\S-1-5-21-1060743938-440540994-1790496421-1000\...\RunOnce: [Uninstall C:\Users\Robert\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Robert\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Network PC Fax.lnk [2016-05-22]
ShortcutTarget: Samsung Network PC Fax.lnk -> C:\Windows\System32\spool\drivers\x64\3\NetFaxTray64.exe (Samsung Electronics Co., Ltd.)
Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2016-07-07]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-08-14]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c2fed0e2-15af-4584-99b5-cc738493fc6f}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{c2fed0e2-15af-4584-99b5-cc738493fc6f}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-1060743938-440540994-1790496421-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-10-21] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-10-22] (Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-10-21] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-22] (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2016-07-30] (IvoSoft)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-10-21] (Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-22] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2016-06-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-10-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-22] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-21] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-21] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-21] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-21] (Microsoft Corporation)

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-1060743938-440540994-1790496421-1000 -> hxxps://google.com/

FireFox:
========
FF DefaultProfile: 3t95sp79.gtestprofile
FF ProfilePath: C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\dfb8lkl0.default [2016-11-20]
FF NewTab: Mozilla\Firefox\Profiles\dfb8lkl0.default -> about:newtab
FF Homepage: Mozilla\Firefox\Profiles\dfb8lkl0.default -> about:home
FF Extension: (Forecastfox (fix version)) - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\dfb8lkl0.default\Extensions\forecastfox@s3_fix_version.xpi [2016-02-23]
FF Extension: (Gmail™ Notifier (restartless)) - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\dfb8lkl0.default\Extensions\jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack.xpi [2016-02-20]
FF Extension: (YouTube™ AdBlock) - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\dfb8lkl0.default\Extensions\jid1-w4wG5nJhx4LJZr@jetpack.xpi [2015-12-28]
FF Extension: (Send to Kindle for Mozilla Firefox) - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\dfb8lkl0.default\Extensions\sendtokindle@amazon.com.xpi [2015-11-06]
FF Extension: (FEBE) - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\dfb8lkl0.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2016-02-20]
FF Extension: (New Tab Homepage) - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\dfb8lkl0.default\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2016-02-12]
FF Extension: (ReminderFox) - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\dfb8lkl0.default\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2016-01-03]
FF Extension: (Adblock Plus) - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\dfb8lkl0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-24]
FF ProfilePath: C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\3t95sp79.gtestprofile [2016-11-20]
FF NewTab: Mozilla\Firefox\Profiles\3t95sp79.gtestprofile -> about:newtab
FF Homepage: Mozilla\Firefox\Profiles\3t95sp79.gtestprofile -> about:home
FF NetworkProxy: Mozilla\Firefox\Profiles\3t95sp79.gtestprofile -> backup.ftp", "127.0.0.1"
FF NetworkProxy: Mozilla\Firefox\Profiles\3t95sp79.gtestprofile -> backup.ftp_port", 80
FF NetworkProxy: Mozilla\Firefox\Profiles\3t95sp79.gtestprofile -> backup.socks", "127.0.0.1"
FF NetworkProxy: Mozilla\Firefox\Profiles\3t95sp79.gtestprofile -> backup.socks_port", 80
FF NetworkProxy: Mozilla\Firefox\Profiles\3t95sp79.gtestprofile -> backup.ssl", "127.0.0.1"
FF NetworkProxy: Mozilla\Firefox\Profiles\3t95sp79.gtestprofile -> backup.ssl_port", 80
FF NetworkProxy: Mozilla\Firefox\Profiles\3t95sp79.gtestprofile -> ftp", "108.59.10.129"
FF NetworkProxy: Mozilla\Firefox\Profiles\3t95sp79.gtestprofile -> ftp_port", 55555
FF NetworkProxy: Mozilla\Firefox\Profiles\3t95sp79.gtestprofile -> http", "108.59.10.129"
FF NetworkProxy: Mozilla\Firefox\Profiles\3t95sp79.gtestprofile -> http_port", 55555
FF NetworkProxy: Mozilla\Firefox\Profiles\3t95sp79.gtestprofile -> no_proxies_on", ""
FF NetworkProxy: Mozilla\Firefox\Profiles\3t95sp79.gtestprofile -> share_proxy_settings", true
FF NetworkProxy: Mozilla\Firefox\Profiles\3t95sp79.gtestprofile -> socks", "108.59.10.129"
FF NetworkProxy: Mozilla\Firefox\Profiles\3t95sp79.gtestprofile -> socks_port", 55555
FF NetworkProxy: Mozilla\Firefox\Profiles\3t95sp79.gtestprofile -> ssl", "108.59.10.129"
FF NetworkProxy: Mozilla\Firefox\Profiles\3t95sp79.gtestprofile -> ssl_port", 55555
FF NetworkProxy: Mozilla\Firefox\Profiles\3t95sp79.gtestprofile -> type", 0
FF Extension: (Grammarly for Firefox) - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\3t95sp79.gtestprofile\Extensions\87677a2c52b84ad3a151a4a72f5bd3c4@jetpack.xpi [2016-11-03]
FF Extension: (anonymoX) - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\3t95sp79.gtestprofile\Extensions\client@anonymox.net.xpi [2016-11-15]
FF Extension: (Forecastfox (fix version)) - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\3t95sp79.gtestprofile\Extensions\forecastfox@s3_fix_version.xpi [2016-08-18]
FF Extension: (Gmail™ Notifier (restartless)) - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\3t95sp79.gtestprofile\Extensions\jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack.xpi [2016-10-14]
FF Extension: (Send to Kindle for Mozilla Firefox) - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\3t95sp79.gtestprofile\Extensions\sendtokindle@amazon.com.xpi [2016-04-12]
FF Extension: (FEBE) - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\3t95sp79.gtestprofile\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2016-11-12]
FF Extension: (New Tab Homepage) - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\3t95sp79.gtestprofile\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2016-02-23]
FF Extension: (NoScript) - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\3t95sp79.gtestprofile\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-08-08]
FF Extension: (ReminderFox) - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\3t95sp79.gtestprofile\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}.xpi [2016-07-21]
FF Extension: (Adblock Plus) - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\3t95sp79.gtestprofile\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-10-29]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-13] ()
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-22] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-13] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-10-21] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-10-21] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1060743938-440540994-1790496421-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Robert\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1060743938-440540994-1790496421-1000: @talk.google.com/O1DPlugin -> C:\Users\Robert\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1060743938-440540994-1790496421-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Robert\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-1060743938-440540994-1790496421-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Robert\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-1060743938-440540994-1790496421-1000: tdameritrade.com/thinkorswim -> C:\Program Files\thinkorswim\npthinkorswim.dll [2016-08-09] (TD Ameritrade)
FF Plugin HKU\S-1-5-21-1060743938-440540994-1790496421-1000: tdameritrade.com/tossc -> C:\Program Files\thinkorswim\nptossc.dll [2016-08-09] (TD Ameritrade)
FF Plugin ProgramFiles/Appdata: C:\Users\Robert\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Robert\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3291848 2016-10-08] (Microsoft Corporation)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [319096 2016-01-13] (Intel Corporation)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [61256 2016-10-05] (Lenovo Group Limited)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-14] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-05-14] (Intel Corporation)
R2 LPlatSvc; C:\WINDOWS\system32\LPlatSvc.exe [710144 2016-07-13] (Lenovo.)
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-06-02] (Lenovo)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 postgresql-x64-9.5; C:\Program Files\PostgreSQL\9.5\bin\pg_ctl.exe [94208 2016-03-28] (PostgreSQL Global Development Group) [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 Samsung Network Fax Server; C:\WINDOWS\system32\spool\drivers\x64\3\NetFaxServer64.exe [793280 2014-11-04] (Samsung Electronics Co., Ltd.)
R3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28544 2016-09-10] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255096 2015-11-23] (Synaptics Incorporated)
R2 valWBFPolicyService; C:\WINDOWS\system32\valWBFPolicyService.exe [86544 2016-07-13] (Synaptics Incorporated)
R2 valWbioSyncSvc; C:\WINDOWS\system32\valWbioSyncSvc.exe [56848 2016-07-13] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [689560 2012-10-18] (Ericsson AB)
S3 WsAppService; "C:\Program Files (x86)\Wondershare\WAF\WsAppService.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 DFX11_1; C:\WINDOWS\system32\drivers\dfx11_1x64.sys [28008 2015-08-31] (Windows ® Win 7 DDK provider)
S3 DFX12; C:\WINDOWS\system32\drivers\dfx12x64.sys [39048 2015-11-14] (Windows ® Win 7 DDK provider)
R2 IntelHaxm; C:\WINDOWS\system32\DRIVERS\IntelHaxm.sys [93192 2016-06-12] (Intel  Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-11-20] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNe64; C:\WINDOWS\system32\DRIVERS\Netwew01.sys [3363112 2015-07-28] (Intel Corporation)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-12-11] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [8243272 2013-03-21] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [51320 2015-11-23] (Synaptics Incorporated)
R1 SMIDriver; C:\WINDOWS\system32\DRIVERS\smi.sys [39488 2016-07-13] (Synaptics Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-20 13:25 - 2016-11-20 13:25 - 00028311 _____ C:\Users\Robert\Desktop\FRST.txt
2016-11-20 13:25 - 2016-11-20 13:25 - 00000000 ____D C:\Users\Robert\Desktop\FRST-OlderVersion
2016-11-20 13:24 - 2016-11-20 13:25 - 02413056 _____ (Farbar) C:\Users\Robert\Desktop\FRST64.exe
2016-11-20 13:23 - 2016-11-20 13:23 - 00000852 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
2016-11-20 13:22 - 2016-11-20 13:22 - 00010801 _____ C:\Users\Robert\Desktop\zoek-results.txt
2016-11-20 13:22 - 2016-11-20 13:22 - 00000000 ____D C:\Users\Robert\AppData\Local\NetworkTiles
2016-11-20 13:14 - 2016-11-20 12:54 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2016-11-20 12:44 - 2016-11-20 13:11 - 00000000 ____D C:\zoek_backup
2016-11-15 17:22 - 2016-11-15 17:18 - 00041251 _____ C:\Users\Robert\Desktop\preopbloodwork backup.pdf
2016-11-15 17:18 - 2016-11-15 17:22 - 00148085 _____ C:\Users\Robert\Desktop\preopbloodwork.pdf
2016-11-15 16:36 - 2016-11-20 13:19 - 00000000 ____D C:\Users\Robert\AppData\LocalLow\Mozilla
2016-11-15 11:53 - 2016-11-15 12:03 - 00052369 _____ C:\Users\Robert\Downloads\Addition.txt
2016-11-15 11:51 - 2016-11-20 13:25 - 00000000 ____D C:\FRST
2016-11-15 11:51 - 2016-11-15 12:03 - 00092041 _____ C:\Users\Robert\Downloads\FRST.txt
2016-11-15 11:50 - 2016-11-15 11:50 - 02411520 _____ (Farbar) C:\Users\Robert\Downloads\FRST64.exe
2016-11-13 15:15 - 2016-11-13 15:15 - 02870984 _____ (ESET) C:\Users\Robert\Downloads\esetsmartinstaller_enu.exe
2016-11-13 15:08 - 2016-11-13 15:09 - 01631928 _____ (Malwarebytes) C:\Users\Robert\Downloads\JRT.exe
2016-11-13 14:40 - 2016-11-13 14:46 - 00000000 ____D C:\Users\Robert\Downloads\ffbups
2016-11-12 20:32 - 2016-11-12 20:32 - 02261443 _____ C:\Users\Robert\Downloads\sfuserguide2_0.pdf
2016-11-12 11:13 - 2016-11-12 12:34 - 00027748 _____ C:\Users\Robert\Desktop\Notes-Bigalow-T-Line.txt
2016-11-11 18:42 - 2016-11-11 18:42 - 09014355 _____ C:\Users\Robert\Downloads\wiley_1_-profitable_candlestick.pdf
2016-11-11 18:39 - 2016-11-11 18:39 - 09682040 _____ C:\Users\Robert\Downloads\Bigalow-Stephen.pdf
2016-11-10 00:03 - 2016-11-02 06:04 - 00596832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2016-11-10 00:03 - 2016-11-02 06:01 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-11-10 00:03 - 2016-11-02 06:01 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\input.dll
2016-11-10 00:03 - 2016-11-02 05:48 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2016-11-10 00:03 - 2016-11-02 05:42 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sud.dll
2016-11-10 00:03 - 2016-11-02 05:31 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-11-10 00:03 - 2016-11-02 05:29 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-11-10 00:03 - 2016-11-02 05:27 - 02458112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2016-11-10 00:03 - 2016-11-02 05:26 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-11-10 00:02 - 2016-11-02 07:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-11-10 00:02 - 2016-11-02 07:01 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-11-10 00:02 - 2016-11-02 06:22 - 01570672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-11-10 00:02 - 2016-11-02 06:22 - 00601712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2016-11-10 00:02 - 2016-11-02 06:12 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-11-10 00:02 - 2016-11-02 06:10 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-11-10 00:02 - 2016-11-02 06:09 - 02257104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-11-10 00:02 - 2016-11-02 06:08 - 00602464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-11-10 00:02 - 2016-11-02 06:08 - 00576408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-11-10 00:02 - 2016-11-02 06:08 - 00186424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll
2016-11-10 00:02 - 2016-11-02 06:08 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-11-10 00:02 - 2016-11-02 06:05 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-11-10 00:02 - 2016-11-02 06:05 - 06657176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-11-10 00:02 - 2016-11-02 06:05 - 03892352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-11-10 00:02 - 2016-11-02 06:05 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-11-10 00:02 - 2016-11-02 06:05 - 00951904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-11-10 00:02 - 2016-11-02 06:04 - 04312248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-11-10 00:02 - 2016-11-02 06:01 - 01425000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2016-11-10 00:02 - 2016-11-02 06:01 - 01415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-11-10 00:02 - 2016-11-02 06:01 - 00545936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-11-10 00:02 - 2016-11-02 05:50 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-11-10 00:02 - 2016-11-02 05:49 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-11-10 00:02 - 2016-11-02 05:49 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-11-10 00:02 - 2016-11-02 05:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2016-11-10 00:02 - 2016-11-02 05:48 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efsext.dll
2016-11-10 00:02 - 2016-11-02 05:47 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2016-11-10 00:02 - 2016-11-02 05:47 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-11-10 00:02 - 2016-11-02 05:47 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-11-10 00:02 - 2016-11-02 05:46 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-11-10 00:02 - 2016-11-02 05:46 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-11-10 00:02 - 2016-11-02 05:45 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-11-10 00:02 - 2016-11-02 05:45 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2016-11-10 00:02 - 2016-11-02 05:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2016-11-10 00:02 - 2016-11-02 05:44 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-11-10 00:02 - 2016-11-02 05:44 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-11-10 00:02 - 2016-11-02 05:44 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthExt.dll
2016-11-10 00:02 - 2016-11-02 05:43 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8.dll
2016-11-10 00:02 - 2016-11-02 05:43 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-11-10 00:02 - 2016-11-02 05:43 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-11-10 00:02 - 2016-11-02 05:43 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2016-11-10 00:02 - 2016-11-02 05:43 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-11-10 00:02 - 2016-11-02 05:42 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-11-10 00:02 - 2016-11-02 05:42 - 00549376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenterCPL.dll
2016-11-10 00:02 - 2016-11-02 05:42 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2016-11-10 00:02 - 2016-11-02 05:42 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-11-10 00:02 - 2016-11-02 05:42 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-11-10 00:02 - 2016-11-02 05:42 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2016-11-10 00:02 - 2016-11-02 05:41 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-11-10 00:02 - 2016-11-02 05:40 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontext.dll
2016-11-10 00:02 - 2016-11-02 05:40 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ddraw.dll
2016-11-10 00:02 - 2016-11-02 05:40 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-11-10 00:02 - 2016-11-02 05:39 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2016-11-10 00:02 - 2016-11-02 05:39 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2016-11-10 00:02 - 2016-11-02 05:39 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAnimation.dll
2016-11-10 00:02 - 2016-11-02 05:38 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2016-11-10 00:02 - 2016-11-02 05:37 - 19415040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-11-10 00:02 - 2016-11-02 05:36 - 19415552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-11-10 00:02 - 2016-11-02 05:36 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-11-10 00:02 - 2016-11-02 05:36 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetailsUpdate.dll
2016-11-10 00:02 - 2016-11-02 05:35 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2016-11-10 00:02 - 2016-11-02 05:33 - 12349952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-11-10 00:02 - 2016-11-02 05:33 - 03307520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-11-10 00:02 - 2016-11-02 05:31 - 03196416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-11-10 00:02 - 2016-11-02 05:31 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-11-10 00:02 - 2016-11-02 05:30 - 12175360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-11-10 00:02 - 2016-11-02 05:30 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll
2016-11-10 00:02 - 2016-11-02 05:29 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-11-10 00:02 - 2016-11-02 05:29 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2016-11-10 00:02 - 2016-11-02 05:29 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-11-10 00:02 - 2016-11-02 05:29 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2016-11-10 00:02 - 2016-11-02 05:28 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-11-10 00:02 - 2016-11-02 05:28 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-11-10 00:02 - 2016-11-02 05:28 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2016-11-10 00:02 - 2016-11-02 05:28 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chartv.dll
2016-11-10 00:02 - 2016-11-02 05:28 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-11-10 00:02 - 2016-11-02 05:27 - 00580608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2016-11-10 00:02 - 2016-11-02 05:27 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2016-11-10 00:02 - 2016-11-02 05:26 - 02747392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2016-11-10 00:02 - 2016-11-02 05:26 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2016-11-10 00:02 - 2016-11-02 05:26 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-11-10 00:02 - 2016-11-02 05:26 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-11-10 00:02 - 2016-11-02 05:26 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-11-10 00:02 - 2016-11-02 05:26 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2016-11-10 00:02 - 2016-11-02 05:26 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-11-10 00:02 - 2016-11-02 05:26 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-11-10 00:02 - 2016-11-02 05:25 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-11-10 00:02 - 2016-11-02 05:25 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-11-10 00:02 - 2016-11-02 05:25 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-11-10 00:02 - 2016-11-02 05:25 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2016-11-10 00:02 - 2016-11-02 05:23 - 03106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2016-11-10 00:02 - 2016-11-02 05:23 - 02356736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2016-11-10 00:02 - 2016-11-02 05:23 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2016-11-10 00:02 - 2016-11-02 04:11 - 00788624 _____ C:\WINDOWS\SysWOW64\locale.nls
2016-11-10 00:02 - 2016-11-02 04:11 - 00788624 _____ C:\WINDOWS\system32\locale.nls
2016-11-10 00:02 - 2016-08-01 23:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-11-09 23:56 - 2016-11-02 06:13 - 00423776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-11-09 23:56 - 2016-11-02 06:00 - 08156080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-11-09 23:56 - 2016-11-02 05:56 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\input.dll
2016-11-09 23:56 - 2016-11-02 05:34 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-11-09 23:56 - 2016-11-02 05:33 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-11-09 23:56 - 2016-11-02 05:30 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-11-09 23:56 - 2016-11-02 05:30 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2016-11-09 23:56 - 2016-11-02 05:30 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-11-09 23:56 - 2016-11-02 05:29 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2016-11-09 23:56 - 2016-11-02 05:29 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-11-09 23:56 - 2016-11-02 05:28 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-11-09 23:56 - 2016-11-02 05:28 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-11-09 23:56 - 2016-11-02 05:28 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2016-11-09 23:56 - 2016-11-02 05:27 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-11-09 23:56 - 2016-11-02 05:27 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2016-11-09 23:56 - 2016-11-02 05:26 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-11-09 23:56 - 2016-11-02 05:26 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAnimation.dll
2016-11-09 23:56 - 2016-11-02 05:26 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-11-09 23:56 - 2016-11-02 05:23 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-11-09 23:56 - 2016-11-02 05:19 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-11-09 23:56 - 2016-11-02 05:17 - 01282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-11-09 23:56 - 2016-11-02 05:17 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-11-09 23:56 - 2016-11-02 05:16 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-11-09 23:56 - 2016-11-02 05:16 - 02512384 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2016-11-09 23:56 - 2016-11-02 05:16 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-11-09 23:56 - 2016-11-02 05:15 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-11-09 23:56 - 2016-11-02 05:15 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-11-09 23:56 - 2016-11-02 05:15 - 01348608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-11-09 23:56 - 2016-11-02 05:15 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2016-11-09 23:56 - 2016-11-02 05:14 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-11-09 23:56 - 2016-11-02 05:13 - 03496960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2016-11-09 23:56 - 2016-11-02 05:13 - 03299840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2016-11-09 23:56 - 2016-11-02 03:20 - 00446896 _____ C:\WINDOWS\system32\ApnDatabase.xml
2016-11-09 23:55 - 2016-11-02 06:20 - 00378720 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-11-09 23:55 - 2016-11-02 06:14 - 07816544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-11-09 23:55 - 2016-11-02 06:13 - 01883784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-11-09 23:55 - 2016-11-02 06:13 - 00773720 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2016-11-09 23:55 - 2016-11-02 06:12 - 02255712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-11-09 23:55 - 2016-11-02 06:12 - 00376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-11-09 23:55 - 2016-11-02 06:05 - 00405856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-11-09 23:55 - 2016-11-02 06:04 - 02678056 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-11-09 23:55 - 2016-11-02 06:03 - 02750936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-11-09 23:55 - 2016-11-02 06:02 - 00848736 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-11-09 23:55 - 2016-11-02 06:02 - 00682816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-11-09 23:55 - 2016-11-02 06:02 - 00238056 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2016-11-09 23:55 - 2016-11-02 06:02 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-11-09 23:55 - 2016-11-02 06:01 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-11-09 23:55 - 2016-11-02 06:00 - 22223968 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-11-09 23:55 - 2016-11-02 06:00 - 04130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-11-09 23:55 - 2016-11-02 06:00 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-11-09 23:55 - 2016-11-02 06:00 - 01061968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-11-09 23:55 - 2016-11-02 05:59 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-11-09 23:55 - 2016-11-02 05:56 - 01609920 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2016-11-09 23:55 - 2016-11-02 05:56 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-11-09 23:55 - 2016-11-02 05:56 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-11-09 23:55 - 2016-11-02 05:56 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-11-09 23:55 - 2016-11-02 05:55 - 00048992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\iorate.sys
2016-11-09 23:55 - 2016-11-02 05:38 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-11-09 23:55 - 2016-11-02 05:34 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-11-09 23:55 - 2016-11-02 05:32 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-11-09 23:55 - 2016-11-02 05:32 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\efsext.dll
2016-11-09 23:55 - 2016-11-02 05:31 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2016-11-09 23:55 - 2016-11-02 05:31 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2016-11-09 23:55 - 2016-11-02 05:31 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-11-09 23:55 - 2016-11-02 05:30 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2016-11-09 23:55 - 2016-11-02 05:30 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-11-09 23:55 - 2016-11-02 05:30 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-11-09 23:55 - 2016-11-02 05:30 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2016-11-09 23:55 - 2016-11-02 05:29 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2016-11-09 23:55 - 2016-11-02 05:29 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2016-11-09 23:55 - 2016-11-02 05:29 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2016-11-09 23:55 - 2016-11-02 05:29 - 00276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-11-09 23:55 - 2016-11-02 05:29 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-11-09 23:55 - 2016-11-02 05:28 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-11-09 23:55 - 2016-11-02 05:28 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenterCPL.dll
2016-11-09 23:55 - 2016-11-02 05:28 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2016-11-09 23:55 - 2016-11-02 05:28 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCenter.dll
2016-11-09 23:55 - 2016-11-02 05:28 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.dll
2016-11-09 23:55 - 2016-11-02 05:28 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
2016-11-09 23:55 - 2016-11-02 05:28 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-11-09 23:55 - 2016-11-02 05:28 - 00240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
2016-11-09 23:55 - 2016-11-02 05:28 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-11-09 23:55 - 2016-11-02 05:28 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-11-09 23:55 - 2016-11-02 05:27 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-11-09 23:55 - 2016-11-02 05:27 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2016-11-09 23:55 - 2016-11-02 05:27 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-11-09 23:55 - 2016-11-02 05:27 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-11-09 23:55 - 2016-11-02 05:26 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddraw.dll
2016-11-09 23:55 - 2016-11-02 05:26 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2016-11-09 23:55 - 2016-11-02 05:25 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll
2016-11-09 23:55 - 2016-11-02 05:25 - 00541696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-11-09 23:55 - 2016-11-02 05:25 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-11-09 23:55 - 2016-11-02 05:24 - 03778560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-11-09 23:55 - 2016-11-02 05:24 - 00940032 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontext.dll
2016-11-09 23:55 - 2016-11-02 05:22 - 13441024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-11-09 23:55 - 2016-11-02 05:22 - 13081600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-11-09 23:55 - 2016-11-02 05:22 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-11-09 23:55 - 2016-11-02 05:22 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2016-11-09 23:55 - 2016-11-02 05:21 - 05111296 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-11-09 23:55 - 2016-11-02 05:19 - 08127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-11-09 23:55 - 2016-11-02 05:19 - 01586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2016-11-09 23:55 - 2016-11-02 05:19 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-11-09 23:55 - 2016-11-02 05:19 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2016-11-09 23:55 - 2016-11-02 05:19 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2016-11-09 23:55 - 2016-11-02 05:19 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\chartv.dll
2016-11-09 23:55 - 2016-11-02 05:19 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-11-09 23:55 - 2016-11-02 05:18 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2016-11-09 23:55 - 2016-11-02 05:18 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2016-11-09 23:55 - 2016-11-02 05:18 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2016-11-09 23:55 - 2016-11-02 05:17 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-11-09 23:55 - 2016-11-02 05:17 - 00982528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-11-09 23:55 - 2016-11-02 05:17 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-11-09 23:55 - 2016-11-02 05:16 - 04148736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-11-09 23:55 - 2016-11-02 05:16 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2016-11-09 23:55 - 2016-11-02 05:16 - 03133440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2016-11-09 23:55 - 2016-11-02 05:16 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-11-09 23:55 - 2016-11-02 05:16 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-11-09 23:55 - 2016-11-02 05:16 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-11-09 23:55 - 2016-11-02 05:16 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-11-09 23:55 - 2016-11-02 05:16 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2016-11-09 23:55 - 2016-11-02 05:16 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2016-11-09 23:55 - 2016-11-02 05:16 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2016-11-09 23:55 - 2016-11-02 05:16 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-11-09 23:55 - 2016-11-02 05:15 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-11-09 23:55 - 2016-11-02 05:15 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-11-09 23:55 - 2016-11-02 05:15 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-11-09 23:55 - 2016-11-02 05:13 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2016-11-09 23:54 - 2016-11-02 06:20 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-11-09 23:54 - 2016-11-02 06:15 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-11-09 23:54 - 2016-11-02 06:15 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-11-09 23:54 - 2016-11-02 06:13 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-11-09 23:54 - 2016-11-02 06:13 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-11-09 23:54 - 2016-11-02 06:03 - 00714592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2016-11-09 23:54 - 2016-11-02 06:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-11-09 23:54 - 2016-11-02 05:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2016-11-09 23:54 - 2016-11-02 05:31 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-11-09 23:54 - 2016-11-02 05:31 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-11-09 23:54 - 2016-11-02 05:31 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-11-09 23:54 - 2016-11-02 05:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-11-09 23:54 - 2016-11-02 05:27 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-11-09 23:54 - 2016-11-02 05:25 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-11-09 23:54 - 2016-11-02 05:23 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2016-11-09 23:54 - 2016-11-02 05:23 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetailsUpdate.dll
2016-11-09 23:54 - 2016-11-02 05:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-11-09 23:54 - 2016-11-02 05:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-11-09 23:54 - 2016-11-02 05:20 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-11-09 23:54 - 2016-11-02 05:20 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2016-11-09 23:54 - 2016-11-02 05:18 - 01690112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-11-09 23:54 - 2016-11-02 05:17 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2016-11-09 23:54 - 2016-11-02 05:16 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-11-09 23:54 - 2016-11-02 05:16 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-11-08 14:57 - 2016-11-08 14:57 - 00569282 _____ C:\Users\Robert\Desktop\CVS-warns-of-lower-profit-rx-losses.pdf
2016-11-03 17:39 - 2016-11-03 17:39 - 03608408 _____ C:\Users\Robert\Downloads\Stock-Comparison-Spreadsheet-UNLOCKED.zip
2016-10-31 13:10 - 2016-10-31 13:10 - 00034906 _____ C:\Users\Robert\Downloads\Original
2016-10-28 09:08 - 2016-10-14 23:51 - 02186896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2016-10-28 09:08 - 2016-10-14 23:51 - 01637728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-10-28 09:08 - 2016-10-14 23:51 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-10-28 09:08 - 2016-10-14 23:51 - 00595296 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-10-28 09:08 - 2016-10-14 23:51 - 00584032 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-10-28 09:08 - 2016-10-14 23:51 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-10-28 09:08 - 2016-10-14 23:51 - 00232800 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-10-28 09:08 - 2016-10-14 23:51 - 00137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-10-28 09:08 - 2016-10-14 23:51 - 00078688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-10-28 09:08 - 2016-10-14 23:48 - 00498952 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2016-10-28 09:08 - 2016-10-14 23:38 - 00500064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2016-10-28 09:08 - 2016-10-14 23:37 - 00063328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2016-10-28 09:08 - 2016-10-14 23:33 - 00455040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2016-10-28 09:08 - 2016-10-14 23:30 - 00509280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-10-28 09:08 - 2016-10-14 23:30 - 00341936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2016-10-28 09:08 - 2016-10-14 23:29 - 00908640 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvstore.dll
2016-10-28 09:08 - 2016-10-14 23:29 - 00079200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys
2016-10-28 09:08 - 2016-10-14 23:26 - 01990648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-10-28 09:08 - 2016-10-14 23:26 - 01472536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-10-28 09:08 - 2016-10-14 23:26 - 00811416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-10-28 09:08 - 2016-10-14 23:26 - 00691080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2016-10-28 09:08 - 2016-10-14 23:22 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-10-28 09:08 - 2016-10-14 23:21 - 00292872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpeffects.dll
2016-10-28 09:08 - 2016-10-14 23:18 - 00749920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvstore.dll
2016-10-28 09:08 - 2016-10-14 23:15 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2016-10-28 09:08 - 2016-10-14 23:10 - 00254656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpeffects.dll
2016-10-28 09:08 - 2016-10-14 23:01 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-10-28 09:08 - 2016-10-14 23:00 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2016-10-28 09:08 - 2016-10-14 23:00 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stdole2.tlb
2016-10-28 09:08 - 2016-10-14 22:59 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfksproxy.dll
2016-10-28 09:08 - 2016-10-14 22:59 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfksproxy.dll
2016-10-28 09:08 - 2016-10-14 22:59 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2016-10-28 09:08 - 2016-10-14 22:58 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-10-28 09:08 - 2016-10-14 22:57 - 00217600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpdxm.dll
2016-10-28 09:08 - 2016-10-14 22:57 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-10-28 09:08 - 2016-10-14 22:57 - 00175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpdxm.dll
2016-10-28 09:08 - 2016-10-14 22:56 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-10-28 09:08 - 2016-10-14 22:56 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2016-10-28 09:08 - 2016-10-14 22:56 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-10-28 09:08 - 2016-10-14 22:55 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2016-10-28 09:08 - 2016-10-14 22:55 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpshell.dll
2016-10-28 09:08 - 2016-10-14 22:54 - 00717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskbarcpl.dll
2016-10-28 09:08 - 2016-10-14 22:54 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairingFolder.dll
2016-10-28 09:08 - 2016-10-14 22:54 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-10-28 09:08 - 2016-10-14 22:53 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-10-28 09:08 - 2016-10-14 22:52 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-10-28 09:08 - 2016-10-14 22:52 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoplay.dll
2016-10-28 09:08 - 2016-10-14 22:51 - 13868544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-10-28 09:08 - 2016-10-14 22:50 - 17188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-10-28 09:08 - 2016-10-14 22:50 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-10-28 09:08 - 2016-10-14 22:50 - 00967168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-10-28 09:08 - 2016-10-14 22:50 - 00509440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2016-10-28 09:08 - 2016-10-14 22:50 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-10-28 09:08 - 2016-10-14 22:50 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-10-28 09:08 - 2016-10-14 22:49 - 01913344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2016-10-28 09:08 - 2016-10-14 22:49 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-10-28 09:08 - 2016-10-14 22:49 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-10-28 09:08 - 2016-10-14 22:49 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2016-10-28 09:08 - 2016-10-14 22:48 - 01554944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2016-10-28 09:08 - 2016-10-14 22:48 - 01323008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2016-10-28 09:08 - 2016-10-14 22:48 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2016-10-28 09:08 - 2016-10-14 22:47 - 01113600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2016-10-28 09:08 - 2016-10-14 22:47 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2016-10-28 09:08 - 2016-10-14 22:46 - 03287552 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2016-10-28 09:08 - 2016-10-14 22:46 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2016-10-28 09:08 - 2016-10-14 22:45 - 00406016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-10-28 09:08 - 2016-10-14 22:44 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2016-10-28 09:08 - 2016-10-14 22:44 - 00470016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2016-10-28 09:08 - 2016-10-14 22:44 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\powercfg.exe
2016-10-28 09:08 - 2016-10-14 22:43 - 02748928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2016-10-28 09:08 - 2016-10-14 22:43 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\energy.dll
2016-10-28 09:08 - 2016-10-14 22:43 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsiwmi.dll
2016-10-28 09:08 - 2016-10-14 22:42 - 06108672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-10-28 09:08 - 2016-10-14 22:42 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-10-28 09:08 - 2016-10-14 22:42 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2016-10-28 09:08 - 2016-10-14 22:41 - 05376000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-10-28 09:08 - 2016-10-14 22:41 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsiwmi.dll
2016-10-28 09:08 - 2016-10-14 22:39 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Geolocation.dll
2016-10-28 09:08 - 2016-10-14 22:38 - 01993216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-10-28 09:08 - 2016-10-14 22:38 - 00913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-10-28 09:08 - 2016-10-14 22:38 - 00675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-10-28 09:08 - 2016-10-14 22:37 - 01980416 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-10-28 09:08 - 2016-10-14 22:37 - 01643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-10-28 09:08 - 2016-10-14 22:37 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-10-28 09:08 - 2016-10-14 22:37 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmifw.dll
2016-10-28 09:08 - 2016-10-14 22:36 - 02290176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-10-28 09:08 - 2016-10-14 22:36 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2016-10-28 09:08 - 2016-10-14 22:36 - 00542208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-10-28 09:08 - 2016-10-14 22:36 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2016-10-28 09:08 - 2016-10-14 22:36 - 00338944 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
2016-10-28 09:08 - 2016-10-14 22:36 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmifw.dll
2016-10-28 09:08 - 2016-10-14 22:35 - 03054080 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-10-28 09:08 - 2016-10-14 22:35 - 02708992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-10-28 09:08 - 2016-10-14 22:35 - 02315264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-10-28 09:08 - 2016-10-14 22:35 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-10-28 09:08 - 2016-10-14 22:35 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-10-28 09:08 - 2016-10-14 22:35 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-10-28 09:08 - 2016-10-14 22:31 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2016-10-28 09:08 - 2016-09-10 08:21 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys
2016-10-28 09:08 - 2016-08-27 00:12 - 00244816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-10-28 09:07 - 2016-10-14 23:51 - 00283488 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-10-28 09:07 - 2016-10-14 23:43 - 01356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2016-10-28 09:07 - 2016-10-14 23:41 - 05622088 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2016-10-28 09:07 - 2016-10-14 23:38 - 00409952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2016-10-28 09:07 - 2016-10-14 23:34 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2016-10-28 09:07 - 2016-10-14 23:31 - 02827864 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-10-28 09:07 - 2016-10-14 23:31 - 02190688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-10-28 09:07 - 2016-10-14 23:31 - 00658272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-10-28 09:07 - 2016-10-14 23:31 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-10-28 09:07 - 2016-10-14 23:30 - 01851696 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-10-28 09:07 - 2016-10-14 23:30 - 00557408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2016-10-28 09:07 - 2016-10-14 23:29 - 02913104 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-10-28 09:07 - 2016-10-14 23:29 - 01267504 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-10-28 09:07 - 2016-10-14 23:29 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-10-28 09:07 - 2016-10-14 23:26 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2016-10-28 09:07 - 2016-10-14 23:26 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-10-28 09:07 - 2016-10-14 23:26 - 00160096 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2016-10-28 09:07 - 2016-10-14 23:25 - 00882680 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2016-10-28 09:07 - 2016-10-14 23:25 - 00742704 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-10-28 09:07 - 2016-10-14 23:21 - 02537824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-10-28 09:07 - 2016-10-14 23:21 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-10-28 09:07 - 2016-10-14 23:21 - 00584032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2016-10-28 09:07 - 2016-10-14 23:20 - 02276736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-10-28 09:07 - 2016-10-14 23:19 - 00272720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2016-10-28 09:07 - 2016-10-14 23:18 - 02166232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-10-28 09:07 - 2016-10-14 23:18 - 01556712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-10-28 09:07 - 2016-10-14 23:18 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-10-28 09:07 - 2016-10-14 23:15 - 01853776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-10-28 09:07 - 2016-10-14 23:15 - 01123368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-10-28 09:07 - 2016-10-14 23:15 - 00687936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2016-10-28 09:07 - 2016-10-14 23:11 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-10-28 09:07 - 2016-10-14 23:06 - 05685760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-10-28 09:07 - 2016-10-14 23:05 - 07216640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-10-28 09:07 - 2016-10-14 23:00 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2016-10-28 09:07 - 2016-10-14 23:00 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-10-28 09:07 - 2016-10-14 22:59 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\stdole2.tlb
2016-10-28 09:07 - 2016-10-14 22:57 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2016-10-28 09:07 - 2016-10-14 22:56 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\esentutl.exe
2016-10-28 09:07 - 2016-10-14 22:56 - 00327680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2016-10-28 09:07 - 2016-10-14 22:56 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esentutl.exe
2016-10-28 09:07 - 2016-10-14 22:56 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-10-28 09:07 - 2016-10-14 22:56 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSrvPolicyManager.dll
2016-10-28 09:07 - 2016-10-14 22:56 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFi.dll
2016-10-28 09:07 - 2016-10-14 22:56 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-10-28 09:07 - 2016-10-14 22:56 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2016-10-28 09:07 - 2016-10-14 22:55 - 00329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2016-10-28 09:07 - 2016-10-14 22:55 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2016-10-28 09:07 - 2016-10-14 22:55 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-10-28 09:07 - 2016-10-14 22:55 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll
2016-10-28 09:07 - 2016-10-14 22:54 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2016-10-28 09:07 - 2016-10-14 22:54 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2016-10-28 09:07 - 2016-10-14 22:54 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-10-28 09:07 - 2016-10-14 22:54 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoplay.dll
2016-10-28 09:07 - 2016-10-14 22:54 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpshell.dll
2016-10-28 09:07 - 2016-10-14 22:53 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-10-28 09:07 - 2016-10-14 22:52 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-10-28 09:07 - 2016-10-14 22:52 - 00410624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2016-10-28 09:07 - 2016-10-14 22:52 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2016-10-28 09:07 - 2016-10-14 22:52 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\systemcpl.dll
2016-10-28 09:07 - 2016-10-14 22:51 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2016-10-28 09:07 - 2016-10-14 22:51 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2016-10-28 09:07 - 2016-10-14 22:50 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2016-10-28 09:07 - 2016-10-14 22:50 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
2016-10-28 09:07 - 2016-10-14 22:50 - 00310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-10-28 09:07 - 2016-10-14 22:49 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-10-28 09:07 - 2016-10-14 22:49 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2016-10-28 09:07 - 2016-10-14 22:47 - 07792640 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-10-28 09:07 - 2016-10-14 22:47 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-10-28 09:07 - 2016-10-14 22:47 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2016-10-28 09:07 - 2016-10-14 22:46 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2016-10-28 09:07 - 2016-10-14 22:45 - 01790464 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2016-10-28 09:07 - 2016-10-14 22:45 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2016-10-28 09:07 - 2016-10-14 22:44 - 00636928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-10-28 09:07 - 2016-10-14 22:43 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-10-28 09:07 - 2016-10-14 22:42 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Geolocation.dll
2016-10-28 09:07 - 2016-10-14 22:42 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\powercfg.exe
2016-10-28 09:07 - 2016-10-14 22:41 - 07654912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-10-28 09:07 - 2016-10-14 22:41 - 00945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2016-10-28 09:07 - 2016-10-14 22:41 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2016-10-28 09:07 - 2016-10-14 22:39 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2016-10-28 09:07 - 2016-10-14 22:39 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-10-28 09:07 - 2016-10-14 22:39 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2016-10-28 09:07 - 2016-10-14 22:39 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-10-28 09:07 - 2016-10-14 22:39 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-10-28 09:07 - 2016-10-14 22:39 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2016-10-28 09:07 - 2016-10-14 22:39 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2016-10-28 09:07 - 2016-10-14 22:37 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2016-10-28 09:07 - 2016-10-14 22:37 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-10-28 09:07 - 2016-10-14 22:37 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2016-10-28 09:07 - 2016-10-14 22:36 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-10-28 09:07 - 2016-10-14 22:36 - 00983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-10-28 09:07 - 2016-10-14 22:36 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-10-28 09:07 - 2016-10-14 22:35 - 02005504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2016-10-28 09:07 - 2016-10-14 22:35 - 00905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-10-28 09:07 - 2016-10-14 22:34 - 02476544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2016-10-28 09:07 - 2016-10-14 22:34 - 01840640 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2016-10-28 09:07 - 2016-10-14 22:34 - 00936448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-10-28 09:07 - 2016-10-14 22:32 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2016-10-28 09:07 - 2016-08-05 23:17 - 00619368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-10-23 18:25 - 2016-10-23 18:25 - 00000000 ___RD C:\Users\Robert\Documents\Scanned Documents
2016-10-23 18:25 - 2016-10-23 18:25 - 00000000 ____D C:\Users\Robert\Documents\Fax
2016-10-22 08:54 - 2016-10-22 08:54 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2016-10-22 08:51 - 2016-10-22 08:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-10-22 08:51 - 2016-10-22 08:51 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-10-22 08:51 - 2016-10-22 08:51 - 00000000 ____D C:\Program Files (x86)\Java

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-20 13:22 - 2015-10-01 15:29 - 00000000 ____D C:\Users\Robert\AppData\Local\ClassicShell
2016-11-20 13:20 - 2016-08-06 16:05 - 01502992 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-11-20 13:19 - 2016-08-07 08:25 - 00000000 ____D C:\Users\Robert\AppData\Local\Deployment
2016-11-20 13:17 - 2015-10-03 10:17 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-11-20 13:17 - 2015-10-01 06:14 - 00000000 __SHD C:\Users\Robert\IntelGraphicsProfiles
2016-11-20 13:16 - 2016-08-06 16:20 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-11-20 13:16 - 2016-08-06 16:02 - 00000000 ____D C:\ProgramData\Synaptics
2016-11-20 13:15 - 2016-07-16 01:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2016-11-20 13:11 - 2016-08-06 16:05 - 00000000 ____D C:\Users\Robert
2016-11-20 12:48 - 2015-09-30 16:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-11-20 12:14 - 2016-08-06 15:58 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-11-20 08:52 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-11-19 07:32 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-11-16 16:58 - 2015-10-22 13:45 - 00000878 _____ C:\Users\Public\Desktop\Medved Trader.lnk
2016-11-16 16:58 - 2015-10-03 18:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Medved Trader
2016-11-16 16:58 - 2015-10-03 18:32 - 00000000 ____D C:\Program Files\Medved Trader
2016-11-15 16:36 - 2015-09-30 16:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-11-15 13:23 - 2016-04-02 09:18 - 00000000 ____D C:\Users\Robert\AppData\Local\Microsoft Games
2016-11-14 10:02 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
2016-11-13 15:05 - 2016-08-10 14:10 - 00000000 ____D C:\WINDOWS\Minidump
2016-11-13 15:05 - 2016-08-06 19:56 - 00000000 ___DC C:\WINDOWS\Panther
2016-11-13 10:11 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-11-13 10:11 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-11-13 10:11 - 2015-09-30 17:21 - 00000000 ____D C:\Users\Robert\AppData\Local\Adobe
2016-11-12 11:49 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\rescache
2016-11-10 16:54 - 2015-11-21 15:54 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-10 07:56 - 2015-09-10 00:42 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-11-10 07:54 - 2016-08-06 15:57 - 00337064 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-11-10 07:50 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-11-10 07:50 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-11-10 07:50 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-11-10 07:50 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-11-10 07:50 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-11-10 07:50 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-11-10 00:22 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-11-10 00:16 - 2015-09-30 17:57 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-11-10 00:10 - 2015-09-30 17:57 - 141011376 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-11-09 11:01 - 2016-08-06 16:20 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-11-09 10:45 - 2016-05-26 16:39 - 00000000 ____D C:\AdwCleaner
2016-11-08 20:38 - 2015-11-15 12:56 - 00000000 ____D C:\Users\Robert\AppData\Local\Google
2016-11-08 10:11 - 2016-07-23 09:34 - 00000000 ____D C:\Users\Robert\Desktop\Medical
2016-11-06 14:23 - 2015-03-05 20:30 - 03331252 _____ C:\Users\Robert\Desktop\Stock Comparison Spreadsheet - UNLOCKED.xlsm
2016-11-05 09:01 - 2015-11-02 19:50 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-11-02 10:56 - 2015-09-30 15:16 - 00389408 __RSH C:\bootmgr
2016-10-29 05:34 - 2015-09-30 17:22 - 00000000 ____D C:\ProgramData\Lenovo
2016-10-29 05:26 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-10-29 05:25 - 2016-07-16 06:47 - 00015425 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-10-28 18:56 - 2016-07-16 06:49 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-10-28 18:56 - 2016-07-16 06:49 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-10-28 08:49 - 2015-09-30 16:39 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-10-22 08:54 - 2016-08-23 10:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2016-10-22 08:54 - 2016-08-06 08:40 - 00000000 ____D C:\Program Files\Java
2016-10-22 08:51 - 2015-10-05 13:49 - 00000000 ____D C:\ProgramData\Oracle
2016-10-21 06:37 - 2016-07-16 06:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-10-21 06:35 - 2016-07-18 16:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Office

==================== Files in the root of some directories =======

2016-01-16 16:13 - 2016-01-16 16:13 - 0001759 _____ () C:\Users\Robert\AppData\Local\recently-used.xbel
2016-08-09 07:03 - 2016-08-09 07:03 - 0007597 _____ () C:\Users\Robert\AppData\Local\Resmon.ResmonCfg
2016-08-06 15:59 - 2016-08-06 15:59 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-11-19 18:26

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-11-2016
Ran by Robert (20-11-2016 13:26:16)
Running from C:\Users\Robert\Desktop
Windows 10 Home Version 1607 (X64) (2016-08-06 21:32:02)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1060743938-440540994-1790496421-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1060743938-440540994-1790496421-503 - Limited - Disabled)
Guest (S-1-5-21-1060743938-440540994-1790496421-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1060743938-440540994-1790496421-1002 - Limited - Enabled)
Robert (S-1-5-21-1060743938-440540994-1790496421-1000 - Administrator - Enabled) => C:\Users\Robert

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.00 (HKLM-x32\...\7-Zip) (Version: 16.00 - Igor Pavlov)
7-Zip 16.00 (x64) (HKLM\...\7-Zip) (Version: 16.00 - Igor Pavlov)
7-Zip 16.02 (HKLM-x32\...\{23170F69-40C1-2701-1602-000001000000}) (Version: 16.02.00.0 - Igor Pavlov)
7-Zip 16.02 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1602-000001000000}) (Version: 16.02.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.1 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-1060743938-440540994-1790496421-1000\...\Amazon Kindle) (Version: 1.15.0.43061 - Amazon)
Amazon Send to Kindle (HKLM-x32\...\SendToKindle) (Version: 1.1.0.243 - Amazon)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Anki (HKLM-x32\...\Anki) (Version:  - )
Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
AutoHotkey 1.1.22.09 (HKLM\...\AutoHotkey) (Version: 1.1.22.09 - Lexikos)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.16.50 - Conexant)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.6.5.1 - Dolby Laboratories Inc)
Efficient Address Book Free 5.22 (HKLM-x32\...\Efficient Address Book Free_is1) (Version:  - Efficient Software)
Evernote v. 6.1.2 (HKLM-x32\...\{A46ABD1E-2837-11E6-9E7C-005056951CAD}) (Version: 6.1.2.2292 - Evernote Corp.)
Foxit Advanced PDF Editor 3 (HKLM-x32\...\B521582C-6BE3-491D-BCC8-FFB8301298E9_is1) (Version: 3.1.0.0 - Foxit Corporation)
FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 1.0.1 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
IIS 10.0 Express (HKLM\...\{5984D8DA-C1AF-4284-9C88-D7150425B315}) (Version: 10.0.1734 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - )
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Integrated Camera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10224 - Realtek Semiconductor Corp.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel® Driver Update Utility 2.4 (x32 Version: 2.4.0.7 - Intel) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4358 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{DA2600C1-6BDF-4FD1-1212-148929CC1385}) (Version: 2.6.1212.0302 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{561b5fb5-1d4d-40e8-b3e4-ad52858b217c}) (Version: 2.4.0.7 - Intel)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{6F73FF93-0B55-4194-AE45-C19DA1F33E97}) (Version: 6.0.3 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{fad118b4-798f-4755-9e67-a622eec95b62}) (Version: 15.6.1 - Intel Corporation)
iTunes (HKLM\...\{955524E7-79EB-4CA9-BA4D-FD2DF587651B}) (Version: 12.4.3.1 - Apple Inc.)
Java 8 Update 111 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java SE Development Kit 8 Update 102 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180102}) (Version: 8.0.1020.14 - Oracle Corporation)
Lenovo On Screen Display (Version: 8.80.10 - Lenovo) Hidden
Lenovo Power Management Driver (Version: 1.67.12.14 - Lenovo) Hidden
Lenovo Service Bridge (HKU\S-1-5-21-1060743938-440540994-1790496421-1000\...\cbe8636f7dd0cf1d) (Version: 1.5.1.0 - Lenovo)
Lenovo Settings - Power (x32 Version: 2.00.000 - Lenovo) Hidden
Lenovo Solution Center (HKLM\...\{C1FC707B-AE6B-4DC4-89A5-6628A01F8103}) (Version: 3.3.003.00 - Lenovo)
Lenovo System Interface Foundation (HKLM\...\{C2E5CA37-C862-4A69-AC6D-24F450A20C16}) (Version: 1.0.067.00 - Lenovo)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.07.0037 - Lenovo)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Max Recorder (HKLM-x32\...\Max Recorder) (Version: 2.006.0.0 - Silver Vine, LLC)
Medved Trader version 1.1.2700.521 (HKLM\...\{528BD475-95CE-47B6-B40A-1136FED0D462}_is1) (Version: 1.1.2700.521 - 2GK, Inc.)
Metric Collection SDK (x32 Version: 1.1.0008.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0011.00 - Lenovo Group Limited) Hidden
Microsoft Games for Windows 8 x64 (HKLM\...\{B6047A78-062F-4C6F-A82D-B94DAF72FB73}) (Version: 1.2 - Microsoft)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.7369.2038 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.50616.0) (HKLM-x32\...\{58246C80-3941-4B69-AE31-264644E2ADB8}) (Version: 14.0.50616.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{68BA34E8-9B9D-4A74-83F0-7D366B532D75}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ Compiler Package for Python 2.7 (HKLM-x32\...\{692514A8-5484-45FC-B0AE-BE2DF7A75891}) (Version: 9.0.1.30729 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{ED4CC1E5-043E-4157-8452-B5E533FE2BA1}) (Version: 3.1238.1955 - Microsoft Corporation)
Minimal ADB and Fastboot version 1.3.1 (HKLM-x32\...\{26AC9666-A2C6-4D33-8370-A50F50F277C4}_is1) (Version: 1.3.1 - Sam Rodberg)
Mobile Broadband Drivers (HKLM-x32\...\{EA9640BE-414E-4195-B53B-7905BF1A5A09}) (Version: 7.2.5.4 - Ericsson AB)
Mozilla Firefox 50.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.0 (x86 en-US)) (Version: 50.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.0.0.6152 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.6 - Notepad++ Team)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
OverDrive for Windows (HKLM-x32\...\{6D84D59B-38CD-41B1-A73A-9AB4C4C009BF}) (Version: 3.4.2 - OverDrive, Inc.)
PostgreSQL 9.5  (HKLM\...\PostgreSQL 9.5) (Version: 9.5 - PostgreSQL Global Development Group)
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
PSPad editor (HKLM-x32\...\PSPad editor_is1) (Version: 4.6.1.2730 - Jan Fiala)
Python 2.7.11 (64-bit) (HKLM\...\{16E52445-1392-469F-9ADB-FC03AF00CD62}) (Version: 2.7.11150 - Python Software Foundation)
Python 3.4.3 (64-bit) (HKLM\...\{9529565f-e693-3f11-b3bf-8cd545f5f9a0}) (Version: 3.4.3150 - Python Software Foundation)
Python 3.5.0 (64-bit) (HKU\S-1-5-21-1060743938-440540994-1790496421-1000\...\{e599f76f-2b95-44da-a280-77548b1b2a21}) (Version: 3.5.150.0 - Python Software Foundation)
Python 3.5.0 Add to Path (64-bit) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Core Interpreter (64-bit) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Development Libraries (64-bit) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Documentation (64-bit) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Executables (64-bit) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Launcher (32-bit) (x32 Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 pip Bootstrap (64-bit) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Standard Library (64-bit) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Tcl/Tk Support (64-bit) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Test Suite (64-bit) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Utility Scripts (64-bit) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.29064 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.61.612.2012 - Realtek)
Samsung Easy Document Creator (HKLM-x32\...\Samsung Easy Document Creator) (Version: 1.06.46 (10/30/2014) - Samsung Electronics Co., Ltd.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.05.81.00(5/25/2015) - Samsung Electronics Co., Ltd.)
Samsung M2070 Series (HKLM-x32\...\Samsung M2070 Series) (Version: 1.22 (9/7/2015) - Samsung Electronics Co., Ltd.)
Samsung M262x 282x Series (HKLM-x32\...\Samsung M262x 282x Series) (Version: 1.24 (12/18/2013) - Samsung Electronics Co., Ltd.)
Samsung Network PC Fax (HKLM-x32\...\Samsung Network PC Fax) (Version: 1.11.14 (11/4/2014) - Samsung Electronics Co., Ltd.)
Samsung OCR Software (HKLM-x32\...\Samsung OCR Software) (Version: 1.00.14 (8/2/2013) - Samsung Electronics Co., Ltd.)
Samsung Printer Diagnostics (HKLM-x32\...\Samsung Printer Diagnostics) (Version: 1.0.1.6.02 - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Samsung Scan Process Machine (x32 Version: 1.03.05.18 - Samsung Electronics Co., Ltd.) Hidden
Scrivener (HKLM-x32\...\Scrivener 1900) (Version: 1900 - Literature and Latte)
SNS Upload for Easy Document Creator (HKLM-x32\...\{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}) (Version: 1.0.0 - Samsung Electronics Co.,Ltd)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.27 - Synaptics Incorporated)
Synaptics WBF DDK 5011 (Advanced) (HKLM\...\{D342A8F4-B82B-4348-A407-F1F91CF44128}) (Version: 4.5.505.0 - Synaptics)
thinkorswim (HKLM\...\9968-4488-2169-7623) (Version: desktop - thinkorswim, Inc)
ThinkPad Settings Dependency (Version: 3.0.1.32 - Lenovo) Hidden
USB Enhanced Performance Keyboard (HKLM\...\{989DC5D9-A776-430D-9E16-D36E5B81CD86}) (Version: 2.0.2.2 - Lenovo)
View User's Guide (HKLM-x32\...\View User Guide) (Version: 3.60.45.0 - )
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17349 - Microsoft Corporation)
Windows 7 Games for Windows 10 and 8 (HKLM\...\Win7Games) (Version: 2.0 - hxxp://winaero.com)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wireshark 1.12.9 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.12.9 - The Wireshark developer community, hxxp://www.wireshark.org)
WordWeb (HKLM-x32\...\WordWeb) (Version: 8 - WordWeb Software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1060743938-440540994-1790496421-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Robert\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1060743938-440540994-1790496421-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Robert\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1060743938-440540994-1790496421-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Robert\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1060743938-440540994-1790496421-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1060743938-440540994-1790496421-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Robert\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1060743938-440540994-1790496421-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Robert\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1060743938-440540994-1790496421-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Robert\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1060743938-440540994-1790496421-1000_Classes\CLSID\{ED90173A-3B4C-4E7E-B9CF-79714425D4B5}\InprocServer32 -> C:\Program Files (x86)\PSPad editor\pspshellx64.dll ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01478298-429E-4E94-9EAB-8A89FC60AF51} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {036980FA-2D59-45B9-9095-2E2C3C1CEDA2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-10-21] (Microsoft Corporation)
Task: {15BE55E3-8857-4C75-8E06-EAEABDD28592} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1B2733CD-0AC7-4F90-A93B-2B8AD8EAED9C} - \Lenovo\Lenovo Service Bridge\S-1-5-21-1060743938-440540994-1790496421-1000 -> No File <==== ATTENTION
Task: {1BE3FF26-71FE-4E3A-A672-184C0CB3C685} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {23B3B3F6-DF1C-4B3B-AA1D-C93A34F85F81} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {252DF45E-91A3-432E-82B6-30932A13B1C5} - System32\Tasks\Lenovo\Lenovo Settings Power => Rundll32.exe "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.dll",PwrMgrBkGndMonitor
Task: {2E99F6F6-95B2-4BB1-9AD1-9F3EDB912627} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {2F8465CD-D727-4414-BC2E-3858A7AD4C78} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler  /v start /t reg_dword /d 1 /f /reg:32
Task: {37D7DD77-6AF9-408D-9CFB-2892BF1D8CCE} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {3A7F7370-97A2-4D22-9AD2-1C94CF322BE6} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-01] (Lenovo)
Task: {46F9E139-218E-4D84-B377-02E448B0FF77} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe
Task: {4DB44CA8-A5B7-4E95-90EA-05D9605D5FA6} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-08] (Microsoft Corporation)
Task: {5E04CAD9-8591-4AFF-9EA0-1FB310C40979} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {5FBB7785-F132-4DF5-AC86-2414BFF714BB} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {60588CBA-BF98-4BDB-B842-4BC1016E868F} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-06-02] (Lenovo)
Task: {6123FF6C-079D-4EED-A0DA-5EC60AE9D868} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {63E0E94B-D1AE-429C-99A4-2E5EDADDD520} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {654A3987-CAE9-4FB6-9CEB-CE66DCE4874C} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6A83DB06-4EAE-4442-B721-829E12A2229B} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {6DB304DE-3D26-4172-AFC6-C7D06BA9AD2F} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2016-09-10] ()
Task: {7401E6B3-F71A-46D4-881C-E0D6EA6D1AF7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-10-21] (Microsoft Corporation)
Task: {77FE7DCA-BAF4-476B-985A-BD68BEF5ED86} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-06-02] (Lenovo)
Task: {838AC5A1-4511-4127-987C-1D4CEF86DFA1} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {893B9361-050A-4091-9EB9-B76CE274B03B} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8D3C52FA-1E94-428F-8F0D-5B1C57B7F371} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSC.Services.UpdateStatusService.exe [2016-06-02] ()
Task: {9251BB97-A2C7-4390-9911-469826E72BB8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {9EBD2BD6-CFBB-4835-B8EF-B6A7EF6CA689} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-08] (Microsoft Corporation)
Task: {A3AA8F2D-492D-47EA-8A8D-666EE2B64C17} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {A3FC8B04-A7CB-4FFB-814F-D11928C7F095} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AC454CF5-3083-4E5E-B648-6324F164F6DD} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AE264B25-2FF5-4D87-BB76-C674BE8F4B61} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BB4C0CA4-E35C-4FE0-B3AA-925E999E7F4F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-21] (Google Inc.)
Task: {BF5224AA-BCCD-4078-BF40-14F83AA0B7C9} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BFB2C671-0F8E-4ABD-AB27-51FC42808BDF} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {C70F8002-F306-407A-9FD8-A92A7798F7C3} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-11-10] (Microsoft Corporation)
Task: {DFB3432D-8D2F-4DF2-AF1C-AFFB169B769C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E13BED85-5C7B-4C22-AB47-D2D7D270B32A} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {E1D592E5-8A58-40EC-99D7-DBA97D28F11B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EE4BD5DA-45ED-402F-B940-4E314DED20A0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1060743938-440540994-1790496421-1000UA => C:\Users\Robert\AppData\Local\Google\Update\GoogleUpdate.exe [2015-11-15] (Google Inc.)
Task: {EF2F49EC-0CE1-4EB6-98CF-AEBEADD10904} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F4423F66-1666-42BF-A0BD-D084ACD07BDA} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => Sc.exe START ImControllerService
Task: {F505BE7A-7108-49C0-A761-A73A29854C90} - System32\Tasks\{AC00FE22-9D52-45F8-BD63-D43F5F3519A9} => pcalua.exe -a C:\Users\Robert\Downloads\LSBsetup.exe -d C:\Users\Robert\Downloads
Task: {F829E170-D396-4751-9F7B-B7991F676F06} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2016-09-10] ()
Task: {FAB8FAEC-8140-4F56-ADAA-A93549882083} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {FBE161D5-FA0D-47C2-AE00-A724F0204C36} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {FFBBD512-B980-48DC-AE9D-A1E5D558161D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-21] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1060743938-440540994-1790496421-1000UA.job => C:\Users\Robert\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Visual C++ Compiler Package for Python 2.7\Visual C++ 2008 32-bit Command Prompt.lnk -> C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) -> /k ""C:\Users\Robert\AppData\Local\Programs\Common\Microsoft\Visual C++ for Python\9.0\vcvarsall.bat" x86"
ShortcutWithArgument: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Visual C++ Compiler Package for Python 2.7\Visual C++ 2008 64-bit Command Prompt.lnk -> C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) -> /k ""C:\Users\Robert\AppData\Local\Programs\Common\Microsoft\Visual C++ for Python\9.0\vcvarsall.bat" amd64"
ShortcutWithArgument: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Visual C++ Compiler Package for Python 2.7\Visual C++ 2008 64-bit Cross Tools Command Prompt.lnk -> C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) -> /k ""C:\Users\Robert\AppData\Local\Programs\Common\Microsoft\Visual C++ for Python\9.0\vcvarsall.bat" x86_amd64"

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-09-30 08:42 - 2016-09-15 12:25 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-31 14:36 - 2012-11-14 11:48 - 00034304 _____ () C:\WINDOWS\System32\ssk4mlm.dll
2016-05-17 11:57 - 2015-06-11 08:58 - 00022528 _____ () C:\WINDOWS\System32\ssm4mlm.dll
2016-02-15 20:01 - 2016-02-15 20:01 - 00031256 _____ () C:\WINDOWS\System32\us008lm.dll
2016-07-05 14:23 - 2016-07-05 14:23 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-07-05 14:23 - 2016-07-05 14:23 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-04-11 11:03 - 2016-03-28 23:18 - 00183296 _____ () C:\Program Files\PostgreSQL\9.5\bin\LIBPQ.dll
2016-04-11 11:04 - 2015-08-26 03:40 - 02257408 _____ () C:\Program Files\PostgreSQL\9.5\bin\libxml2.dll
2016-08-03 19:29 - 2016-08-23 07:02 - 00200520 _____ () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2016-09-30 08:42 - 2016-09-15 12:25 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-08-23 15:11 - 2016-08-23 15:11 - 00959168 _____ () C:\Users\Robert\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-07-18 16:05 - 2016-10-21 06:23 - 08923840 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-08-08 15:08 - 2014-11-02 17:45 - 00029184 _____ () C:\Program Files (x86)\PSPad editor\pspshellx64.dll
2015-04-15 15:13 - 2015-04-15 15:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2016-09-14 05:33 - 2016-09-06 23:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-11-09 23:56 - 2016-11-02 05:30 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-09 23:55 - 2016-11-02 05:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-09 23:55 - 2016-11-02 05:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-09 23:55 - 2016-11-02 05:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-09 23:55 - 2016-11-02 05:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-11-09 23:55 - 2016-11-02 05:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-09 23:55 - 2016-11-02 05:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2014-09-08 12:39 - 2014-09-08 12:39 - 00464608 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2014-09-08 12:38 - 2014-09-08 12:38 - 00051200 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2016-10-16 17:03 - 2016-09-10 11:13 - 00028544 _____ () C:\Program Files (x86)\Lenovo\System Update\SUService.exe
2016-05-17 11:57 - 2015-06-11 08:58 - 01604096 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\ssm4mdu.dll
2015-10-31 14:36 - 2013-11-13 23:53 - 01244160 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\ssk4mdu.dll
2016-11-19 07:31 - 2016-11-19 07:31 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-11-19 07:31 - 2016-11-19 07:31 - 00178688 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-11-19 07:31 - 2016-11-19 07:31 - 41609728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2015-09-30 11:32 - 2011-07-13 09:10 - 00065576 ____R () C:\Program Files (x86)\Mobile Broadband drivers\WMCore\MBMDebug.dll
2016-07-18 16:05 - 2016-10-21 06:22 - 08923840 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2015-09-30 12:34 - 2013-05-14 05:15 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1060743938-440540994-1790496421-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 208.67.222.222 - 208.67.220.220
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "Samsung Network PC Fax.lnk"
HKLM\...\StartupApproved\Run: => "SynTPEnh"
HKLM\...\StartupApproved\Run: => "RtsCM"
HKLM\...\StartupApproved\Run: => "cAudioFilterAgent"
HKLM\...\StartupApproved\Run: => "ForteConfig"
HKLM\...\StartupApproved\Run: => "Enhanced Performance Keyboard"
HKLM\...\StartupApproved\Run: => "SmartAudio"
HKLM\...\StartupApproved\Run32: => "USB3MON"
HKLM\...\StartupApproved\Run32: => "IMSS"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKU\S-1-5-21-1060743938-440540994-1790496421-1000\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk"
HKU\S-1-5-21-1060743938-440540994-1790496421-1000\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-1060743938-440540994-1790496421-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1060743938-440540994-1790496421-1000\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-1060743938-440540994-1790496421-1000\...\StartupApproved\Run: => "EEDSpeedLauncher"
HKU\S-1-5-21-1060743938-440540994-1790496421-1000\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{171BBC50-042A-4A69-8EC9-0EB2DBCBACF6}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{BD86591C-9B39-4B99-808D-FB2727C16F8B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{2208AD94-6AEE-4D29-BDF9-D8CE664512A5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{BC28A0C5-BA2A-413D-B3CF-7D5E562B2883}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{97EDAE0B-50F8-43DC-A3A3-65CEBF537FAE}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{01F39294-5139-42BC-B13A-9990FDE15167}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe
FirewallRules: [{00DD5B4F-78DD-441C-A749-D0B7D3CF349B}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe
FirewallRules: [{F71B646D-9ECF-4CE7-8FA3-ACEF26C38C1D}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe
FirewallRules: [{154BD9D6-6776-4BDA-808E-5FECEC5FDC2C}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe
FirewallRules: [{AB7FF7DB-CC00-49B8-8F94-3CC005534BC4}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{D176B9FB-B8C7-4490-BA2F-72D2D8B587FE}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{879658D1-0B9F-4402-BC05-777029AEF8D2}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{D8043EDC-5DE8-4B99-9565-63DB6071C230}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{C09CA6CA-91CE-4448-B8C7-85FAA05AAD19}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{163DCC5C-E32A-4972-A12F-5CA9931BA7CB}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{0A2A8E85-AC3E-4348-8DFF-52098F7C08D8}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{0265051F-F5CC-4DAA-AA82-885890A7BE16}] => (Allow) C:\Windows\twain_32\Samsung\SLM2070\ScanCDLM\ScanCDLM.exe
FirewallRules: [{A80D9996-D907-4E7F-9D7B-B65558AC7EA7}] => (Allow) C:\Windows\twain_32\Samsung\SLM2070\ScanCDLM\ScanCDLM.exe
FirewallRules: [{505505DF-B511-4D70-9A6B-CFA7BEFF040B}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{22742CBC-4B86-4B7F-8E17-62DA35ED0DEC}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{651B2A1D-EE96-4845-8E20-DBBBB792B745}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Audio Recorder\ApowersoftVideoHelper.dll
FirewallRules: [{259B95E8-5A9D-451D-8230-FEE5127B0955}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Audio Recorder\ApowersoftVideoHelper.dll
FirewallRules: [{CFCE8587-4893-406F-88CB-717A8449B398}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Audio Recorder\Streaming Audio Recorder.exe
FirewallRules: [{7CDEA274-58DC-4705-8AEA-0AE77D05763E}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Audio Recorder\Streaming Audio Recorder.exe
FirewallRules: [UDP Query User{BCFD254F-4597-4A32-9F5A-878F3E4154C7}C:\program files (x86)\ratajik software\stationripper\stationripperconsole.exe] => (Allow) C:\program files (x86)\ratajik software\stationripper\stationripperconsole.exe
FirewallRules: [TCP Query User{45ECA0DC-6CDB-408D-A68A-B012F95DC6CC}C:\program files (x86)\ratajik software\stationripper\stationripperconsole.exe] => (Allow) C:\program files (x86)\ratajik software\stationripper\stationripperconsole.exe
FirewallRules: [{7A4308CD-F20B-478F-9544-3EC5E5B26955}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{70322D16-E1BE-4A88-BA1B-6FD39E701073}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D1E7AE0D-1511-4893-8406-B009B015BCB5}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{50D3D09F-1EC6-453C-ABF9-1E4471959DAB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{67667EDB-E8CC-4B3B-9626-FE27FA3002DE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{29899CFE-7598-44FB-8743-663C79121F86}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2B3D76C5-84FE-492B-941F-D71211D79B34}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FDCA076E-268A-400A-947B-347592590953}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2E2947BF-A303-41C2-9963-EF368A12D12F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3F640E22-26BA-4F5A-A5E6-46FED81542A6}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{F9A60053-769A-411A-AAD1-2D12EAADE4CB}C:\program files\java\jdk1.8.0_102\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_102\bin\java.exe
FirewallRules: [UDP Query User{953976A8-050D-4851-AFE5-137FD0B73752}C:\program files\java\jdk1.8.0_102\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_102\bin\java.exe
FirewallRules: [TCP Query User{E193D163-CA02-4719-8C9C-E513CDB9A129}C:\program files\common files\common desktop agent\cdasrv.exe] => (Block) C:\program files\common files\common desktop agent\cdasrv.exe
FirewallRules: [UDP Query User{F7F50B31-BB97-4D65-9735-929674680BDB}C:\program files\common files\common desktop agent\cdasrv.exe] => (Block) C:\program files\common files\common desktop agent\cdasrv.exe
FirewallRules: [{01238DAA-91BC-4AB8-914A-EC7087BF9B7C}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{79BEDB7C-074D-4901-9275-70A7E4F47EC0}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{B50D0377-6DC8-48F4-9893-F53FCDE42742}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

13-11-2016 15:09:40 JRT Pre-Junkware Removal
20-11-2016 12:56:54 zoek.exe restore point

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/20/2016 12:57:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (11/20/2016 12:29:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 461531

Error: (11/20/2016 12:29:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 461531

Error: (11/20/2016 12:29:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/20/2016 09:58:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1505250

Error: (11/20/2016 09:58:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1505250

Error: (11/20/2016 09:58:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/20/2016 09:31:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1022750

Error: (11/20/2016 09:31:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1022750

Error: (11/20/2016 09:31:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (11/20/2016 01:16:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/20/2016 01:16:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/20/2016 01:16:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/20/2016 01:16:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SAService service failed to start due to the following error:
The system cannot find the file specified.

Error: (11/20/2016 01:16:33 PM) (Source: IntelHaxm) (EventID: 10) (User: )
Description: HAXM can't work on system with VT disabled

Error: (11/20/2016 01:11:47 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (11/20/2016 01:11:46 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (11/20/2016 01:11:46 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (11/20/2016 01:11:46 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (11/20/2016 01:11:45 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.


CodeIntegrity:
===================================
  Date: 2016-11-20 11:54:09.194
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-11-20 11:54:09.192
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-11-20 11:54:09.188
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-11-20 11:54:08.153
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-11-20 11:54:08.151
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-11-20 11:54:08.148
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-11-20 11:54:06.892
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-11-20 11:54:06.880
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-11-20 11:54:06.853
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-11-20 11:54:06.843
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i7-3632QM CPU @ 2.20GHz
Percentage of memory in use: 38%
Total physical RAM: 7757.52 MB
Available physical RAM: 4785.16 MB
Total Virtual: 9622.52 MB
Available Virtual: 6347.64 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:464.81 GB) (Free:400.1 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 967E08F5)
Partition 1: (Active) - (Size=464.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=492 MB) - (Type=27)

==================== End of Addition.txt ============================



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:55 AM

Posted 21 November 2016 - 10:00 AM

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:


ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [No File]
S3 WsAppService; "C:\Program Files (x86)\Wondershare\WAF\WsAppService.exe" [X]
U3 idsvc; no ImagePath
CustomCLSID: HKU\S-1-5-21-1060743938-440540994-1790496421-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Robert\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1060743938-440540994-1790496421-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Robert\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1060743938-440540994-1790496421-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Robert\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1060743938-440540994-1790496421-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Robert\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
Task: {1B2733CD-0AC7-4F90-A93B-2B8AD8EAED9C} - \Lenovo\Lenovo Service Bridge\S-1-5-21-1060743938-440540994-1790496421-1000 -> No File <==== ATTENTION

reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old version(s) of Java via the Control Panel > Programs and Features.
Java 8 Update 111 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java SE Development Kit 8 Update 102 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180102}) (Version: 8.0.1020.14 - Oracle Corporation)

===

This service may be the culprit.
R2 LPlatSvc; C:\WINDOWS\system32\LPlatSvc.exe [710144 2016-07-13] (Lenovo.)

Issues reported here.
https://forums.lenovo.com/t5/ThinkPad-X-Series-Laptops/Lenovo-platform-service/td-p/3337637

You can disable the service as suggested here.
http://www.windowsvc.com/bbs/board.php?bo_table=windowsvc&wr_id=86861

If the problem is solved then look at topic no 14 on the second page of the Lenovo topic above.
Get the latest driver for your system.

Make sure the service is restarted.


Keep me posted.

#5 bob3165

bob3165
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:55 AM

Posted 21 November 2016 - 10:55 AM

Hi Nasdaq, I don't understand the last part of your post regarding the utility Windowexallkiller. I used the instructions for removing LPlatSvc using the command prompt. Is that okay? I upgraded Javas and removed Java development kit.

 

Here is log you requested:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-11-2016 01
Ran by Robert (21-11-2016 10:23:59) Run:1
Running from C:\Users\Robert\Desktop
Loaded Profiles: Robert (Available Profiles: Robert)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:


ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [No File]
S3 WsAppService; "C:\Program Files (x86)\Wondershare\WAF\WsAppService.exe" [X]
U3 idsvc; no ImagePath
CustomCLSID: HKU\S-1-5-21-1060743938-440540994-1790496421-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Robert\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1060743938-440540994-1790496421-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Robert\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1060743938-440540994-1790496421-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Robert\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1060743938-440540994-1790496421-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Robert\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
Task: {1B2733CD-0AC7-4F90-A93B-2B8AD8EAED9C} - \Lenovo\Lenovo Service Bridge\S-1-5-21-1060743938-440540994-1790496421-1000 -> No File <==== ATTENTION

reboot:

End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater" => key removed successfully
WsAppService => service removed successfully
idsvc => service removed successfully
"HKU\S-1-5-21-1060743938-440540994-1790496421-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}" => key removed successfully
"HKU\S-1-5-21-1060743938-440540994-1790496421-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}" => key removed successfully
"HKU\S-1-5-21-1060743938-440540994-1790496421-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}" => key removed successfully
"HKU\S-1-5-21-1060743938-440540994-1790496421-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1B2733CD-0AC7-4F90-A93B-2B8AD8EAED9C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B2733CD-0AC7-4F90-A93B-2B8AD8EAED9C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Lenovo Service Bridge\S-1-5-21-1060743938-440540994-1790496421-1000" => key removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 90082014 B
Java, Flash, Steam htmlcache => 16114 B
Windows/system/drivers => 165378 B
Edge => 21996281 B
Chrome => 11100765 B
Firefox => 117311870 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6144 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 682730 B
Robert => 45923615 B

RecycleBin => 0 B
EmptyTemp: => 274 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 10:24:12 ====



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:55 AM

Posted 21 November 2016 - 11:40 AM



I don't understand the last part of your post regarding the utility Windowexallkiller.

What tool are you talking about?

Did you disable the service or remove it?

How is the computer running?

#7 bob3165

bob3165
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:55 AM

Posted 21 November 2016 - 12:06 PM

I used the command prompt and pasted the lines mentioned in the Lenovo link you sent. After that, it asks me to download winexallkiller tool and remove the same service. I didn't do the latter because I didn't understand the instructions, and was confused as to why I would be removing the same service again. Is there anyway I can check that the service has been removed?

 

Computer seems to be running better. Typing is appearing right away on screen as I type. Have not had trouble with FF not going to links I click on.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:55 AM

Posted 22 November 2016 - 09:00 AM

Run the Farbar tool and post fresh FRST and Addition.txt file for my review.

#9 bob3165

bob3165
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:55 AM

Posted 22 November 2016 - 10:18 AM

Computer seems to stall out randomly. First when I tried waking from sleep, then when I tried to turn off AV to do FRST logs. I had to wait for it to start working again. I tried using taskmgr to end tasks, but couldn't even get that to come up. Here are the logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-11-2016 01
Ran by Robert (administrator) on ROBERT-PC (22-11-2016 10:11:04)
Running from C:\Users\Robert\Desktop
Loaded Profiles: Robert (Available Profiles: Robert)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.5\bin\pg_ctl.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxServer64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Ericsson AB) C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Synaptics Incorporated) C:\Windows\System32\valWbioSyncSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.5\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.5\bin\postgres.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynFP\Shared\SensorDBSynch.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.5\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.5\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.5\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.5\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.5\bin\postgres.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tposd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1611.3123.0_x64__8wekyb3d8bbwe\Calculator.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1111.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(WordWeb Software) C:\Program Files (x86)\WordWeb\wweb32.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [935104 2014-11-25] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM\...\Run: [RtsCM] => C:\WINDOWS\RTSCM64.EXE [140872 2013-03-21] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Enhanced Performance Keyboard] => C:\Program Files\Lenovo\USB Enhanced Performance Keyboard\SKDaemon.exe [4013056 2014-08-17] (LITE-ON TECHNOLOGY CORP.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [464608 2014-09-08] ()
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-06] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-26] (Apple Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-21] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [134616 2013-05-14] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-07-05] (Apple Inc.)
HKLM-x32\...\Run: [WordWeb] => C:\Program Files (x86)\WordWeb\wweb32.exe [81120 2016-02-12] (WordWeb Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-1060743938-440540994-1790496421-1000\...\Run: [EEDSpeedLauncher] => rundll32.exe C:\WINDOWS\system32\eed_ec.dll,SpeedLauncher
HKU\S-1-5-21-1060743938-440540994-1790496421-1000\...\Run: [Google Update] => C:\Users\Robert\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-11-15] (Google Inc.)
HKU\S-1-5-21-1060743938-440540994-1790496421-1000\...\RunOnce: [Uninstall C:\Users\Robert\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Robert\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Network PC Fax.lnk [2016-05-22]
ShortcutTarget: Samsung Network PC Fax.lnk -> C:\Windows\System32\spool\drivers\x64\3\NetFaxTray64.exe (Samsung Electronics Co., Ltd.)
Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2016-07-07]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-08-14]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c2fed0e2-15af-4584-99b5-cc738493fc6f}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{c2fed0e2-15af-4584-99b5-cc738493fc6f}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-1060743938-440540994-1790496421-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-10-30] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-11-21] (Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-10-30] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-21] (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2016-07-30] (IvoSoft)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-10-30] (Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-11-21] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2016-06-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-10-30] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-21] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-30] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-30] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-30] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-30] (Microsoft Corporation)

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-1060743938-440540994-1790496421-1000 -> hxxps://google.com/

FireFox:
========
FF DefaultProfile: 3t95sp79.gtestprofile
FF ProfilePath: C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\dfb8lkl0.default [2016-11-21]
FF NewTab: Mozilla\Firefox\Profiles\dfb8lkl0.default -> about:newtab
FF Homepage: Mozilla\Firefox\Profiles\dfb8lkl0.default -> about:home
FF Extension: (Forecastfox (fix version)) - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\dfb8lkl0.default\Extensions\forecastfox@s3_fix_version.xpi [2016-02-23]
FF Extension: (Gmail™ Notifier (restartless)) - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\dfb8lkl0.default\Extensions\jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack.xpi [2016-02-20]
FF Extension: (YouTube™ AdBlock) - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\dfb8lkl0.default\Extensions\jid1-w4wG5nJhx4LJZr@jetpack.xpi [2015-12-28]
FF Extension: (Send to Kindle for Mozilla Firefox) - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\dfb8lkl0.default\Extensions\sendtokindle@amazon.com.xpi [2015-11-06]
FF Extension: (FEBE) - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\dfb8lkl0.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2016-02-20]
FF Extension: (New Tab Homepage) - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\dfb8lkl0.default\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2016-02-12]
FF Extension: (ReminderFox) - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\dfb8lkl0.default\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2016-01-03]
FF Extension: (Adblock Plus) - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\dfb8lkl0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-24]
FF ProfilePath: C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\3t95sp79.gtestprofile [2016-11-22]
FF NewTab: Mozilla\Firefox\Profiles\3t95sp79.gtestprofile -> about:newtab
FF Homepage: Mozilla\Firefox\Profiles\3t95sp79.gtestprofile -> hxxps://google.com
FF NetworkProxy: Mozilla\Firefox\Profiles\3t95sp79.gtestprofile -> backup.ftp", "127.0.0.1"
FF NetworkProxy: Mozilla\Firefox\Profiles\3t95sp79.gtestprofile -> backup.ftp_port", 80
FF NetworkProxy: Mozilla\Firefox\Profiles\3t95sp79.gtestprofile -> backup.socks", "127.0.0.1"
FF NetworkProxy: Mozilla\Firefox\Profiles\3t95sp79.gtestprofile -> backup.socks_port", 80
FF NetworkProxy: Mozilla\Firefox\Profiles\3t95sp79.gtestprofile -> backup.ssl", "127.0.0.1"
FF NetworkProxy: Mozilla\Firefox\Profiles\3t95sp79.gtestprofile -> backup.ssl_port", 80
FF NetworkProxy: Mozilla\Firefox\Profiles\3t95sp79.gtestprofile -> ftp", "108.59.10.129"
FF NetworkProxy: Mozilla\Firefox\Profiles\3t95sp79.gtestprofile -> ftp_port", 55555
FF NetworkProxy: Mozilla\Firefox\Profiles\3t95sp79.gtestprofile -> http", "108.59.10.129"
FF NetworkProxy: Mozilla\Firefox\Profiles\3t95sp79.gtestprofile -> http_port", 55555
FF NetworkProxy: Mozilla\Firefox\Profiles\3t95sp79.gtestprofile -> no_proxies_on", ""
FF NetworkProxy: Mozilla\Firefox\Profiles\3t95sp79.gtestprofile -> share_proxy_settings", true
FF NetworkProxy: Mozilla\Firefox\Profiles\3t95sp79.gtestprofile -> socks", "108.59.10.129"
FF NetworkProxy: Mozilla\Firefox\Profiles\3t95sp79.gtestprofile -> socks_port", 55555
FF NetworkProxy: Mozilla\Firefox\Profiles\3t95sp79.gtestprofile -> ssl", "108.59.10.129"
FF NetworkProxy: Mozilla\Firefox\Profiles\3t95sp79.gtestprofile -> ssl_port", 55555
FF NetworkProxy: Mozilla\Firefox\Profiles\3t95sp79.gtestprofile -> type", 0
FF Extension: (Grammarly for Firefox) - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\3t95sp79.gtestprofile\Extensions\87677a2c52b84ad3a151a4a72f5bd3c4@jetpack.xpi [2016-11-03]
FF Extension: (anonymoX) - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\3t95sp79.gtestprofile\Extensions\client@anonymox.net.xpi [2016-11-15]
FF Extension: (Forecastfox (fix version)) - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\3t95sp79.gtestprofile\Extensions\forecastfox@s3_fix_version.xpi [2016-08-18]
FF Extension: (Gmail™ Notifier (restartless)) - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\3t95sp79.gtestprofile\Extensions\jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack.xpi [2016-10-14]
FF Extension: (Send to Kindle for Mozilla Firefox) - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\3t95sp79.gtestprofile\Extensions\sendtokindle@amazon.com.xpi [2016-04-12]
FF Extension: (FEBE) - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\3t95sp79.gtestprofile\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2016-11-12]
FF Extension: (New Tab Homepage) - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\3t95sp79.gtestprofile\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2016-02-23]
FF Extension: (NoScript) - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\3t95sp79.gtestprofile\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-08-08]
FF Extension: (ReminderFox) - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\3t95sp79.gtestprofile\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}.xpi [2016-07-21]
FF Extension: (Adblock Plus) - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\3t95sp79.gtestprofile\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-10-29]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-13] ()
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-21] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-13] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-10-30] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-10-30] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1060743938-440540994-1790496421-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Robert\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1060743938-440540994-1790496421-1000: @talk.google.com/O1DPlugin -> C:\Users\Robert\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1060743938-440540994-1790496421-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Robert\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-1060743938-440540994-1790496421-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Robert\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-1060743938-440540994-1790496421-1000: tdameritrade.com/thinkorswim -> C:\Program Files\thinkorswim\npthinkorswim.dll [2016-08-09] (TD Ameritrade)
FF Plugin HKU\S-1-5-21-1060743938-440540994-1790496421-1000: tdameritrade.com/tossc -> C:\Program Files\thinkorswim\nptossc.dll [2016-08-09] (TD Ameritrade)
FF Plugin ProgramFiles/Appdata: C:\Users\Robert\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Robert\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3294912 2016-10-30] (Microsoft Corporation)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [319096 2016-01-13] (Intel Corporation)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [61256 2016-10-05] (Lenovo Group Limited)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-14] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-05-14] (Intel Corporation)
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-06-02] (Lenovo)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 postgresql-x64-9.5; C:\Program Files\PostgreSQL\9.5\bin\pg_ctl.exe [94208 2016-03-28] (PostgreSQL Global Development Group) [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 Samsung Network Fax Server; C:\WINDOWS\system32\spool\drivers\x64\3\NetFaxServer64.exe [793280 2014-11-04] (Samsung Electronics Co., Ltd.)
R3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28544 2016-09-10] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255096 2015-11-23] (Synaptics Incorporated)
R2 valWBFPolicyService; C:\WINDOWS\system32\valWBFPolicyService.exe [86544 2016-07-13] (Synaptics Incorporated)
R2 valWbioSyncSvc; C:\WINDOWS\system32\valWbioSyncSvc.exe [56848 2016-07-13] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [689560 2012-10-18] (Ericsson AB)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 DFX11_1; C:\WINDOWS\system32\drivers\dfx11_1x64.sys [28008 2015-08-31] (Windows ® Win 7 DDK provider)
S3 DFX12; C:\WINDOWS\system32\drivers\dfx12x64.sys [39048 2015-11-14] (Windows ® Win 7 DDK provider)
R2 IntelHaxm; C:\WINDOWS\system32\DRIVERS\IntelHaxm.sys [93192 2016-06-12] (Intel  Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-11-22] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNe64; C:\WINDOWS\system32\DRIVERS\Netwew01.sys [3363112 2015-07-28] (Intel Corporation)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-12-11] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [8243272 2013-03-21] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [51320 2015-11-23] (Synaptics Incorporated)
R1 SMIDriver; C:\WINDOWS\system32\DRIVERS\smi.sys [39488 2016-07-13] (Synaptics Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-22 10:11 - 2016-11-22 10:11 - 00027896 _____ C:\Users\Robert\Desktop\FRST.txt
2016-11-21 10:44 - 2016-11-21 10:44 - 00000000 ____D C:\Users\Robert\Desktop\log
2016-11-21 10:44 - 2016-11-21 10:44 - 00000000 ____D C:\Users\Robert\Desktop\Backup
2016-11-21 10:42 - 2016-11-21 10:42 - 00176224 _____ C:\Users\Robert\Downloads\WindowexeAllkiller.zip
2016-11-21 10:34 - 2016-11-21 10:34 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2016-11-21 10:32 - 2016-11-21 10:31 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-11-21 10:31 - 2016-11-21 10:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-11-21 10:31 - 2016-11-21 10:31 - 00000000 ____D C:\Program Files (x86)\Java
2016-11-21 10:30 - 2016-11-21 10:33 - 63235648 _____ (Oracle Corporation) C:\Users\Robert\Downloads\jre-8u111-windows-x64.exe
2016-11-21 10:30 - 2016-11-21 10:30 - 56134208 _____ (Oracle Corporation) C:\Users\Robert\Downloads\jre-8u111-windows-i586.exe
2016-11-21 10:23 - 2016-11-21 10:24 - 00004255 _____ C:\Users\Robert\Desktop\Fixlog.txt
2016-11-20 13:25 - 2016-11-21 10:23 - 00000000 ____D C:\Users\Robert\Desktop\FRST-OlderVersion
2016-11-20 13:24 - 2016-11-21 10:23 - 02412544 _____ (Farbar) C:\Users\Robert\Desktop\FRST64.exe
2016-11-20 13:23 - 2016-11-21 10:31 - 00001809 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
2016-11-20 13:22 - 2016-11-20 13:22 - 00010801 _____ C:\Users\Robert\Desktop\zoek-results.txt
2016-11-20 13:22 - 2016-11-20 13:22 - 00000000 ____D C:\Users\Robert\AppData\Local\NetworkTiles
2016-11-20 13:14 - 2016-11-20 12:54 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2016-11-20 12:44 - 2016-11-20 13:11 - 00000000 ____D C:\zoek_backup
2016-11-15 17:22 - 2016-11-15 17:18 - 00041251 _____ C:\Users\Robert\Desktop\preopbloodwork backup.pdf
2016-11-15 17:18 - 2016-11-15 17:22 - 00148085 _____ C:\Users\Robert\Desktop\preopbloodwork.pdf
2016-11-15 16:36 - 2016-11-22 10:07 - 00000000 ____D C:\Users\Robert\AppData\LocalLow\Mozilla
2016-11-15 11:53 - 2016-11-15 12:03 - 00052369 _____ C:\Users\Robert\Downloads\Addition.txt
2016-11-15 11:51 - 2016-11-22 10:11 - 00000000 ____D C:\FRST
2016-11-15 11:51 - 2016-11-15 12:03 - 00092041 _____ C:\Users\Robert\Downloads\FRST.txt
2016-11-15 11:50 - 2016-11-15 11:50 - 02411520 _____ (Farbar) C:\Users\Robert\Downloads\FRST64.exe
2016-11-13 15:15 - 2016-11-13 15:15 - 02870984 _____ (ESET) C:\Users\Robert\Downloads\esetsmartinstaller_enu.exe
2016-11-13 15:08 - 2016-11-13 15:09 - 01631928 _____ (Malwarebytes) C:\Users\Robert\Downloads\JRT.exe
2016-11-13 14:40 - 2016-11-13 14:46 - 00000000 ____D C:\Users\Robert\Downloads\ffbups
2016-11-12 20:32 - 2016-11-12 20:32 - 02261443 _____ C:\Users\Robert\Downloads\sfuserguide2_0.pdf
2016-11-12 11:13 - 2016-11-12 12:34 - 00027748 _____ C:\Users\Robert\Desktop\Notes-Bigalow-T-Line.txt
2016-11-11 18:42 - 2016-11-11 18:42 - 09014355 _____ C:\Users\Robert\Downloads\wiley_1_-profitable_candlestick.pdf
2016-11-11 18:39 - 2016-11-11 18:39 - 09682040 _____ C:\Users\Robert\Downloads\Bigalow-Stephen.pdf
2016-11-10 00:03 - 2016-11-02 06:04 - 00596832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2016-11-10 00:03 - 2016-11-02 06:01 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-11-10 00:03 - 2016-11-02 06:01 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\input.dll
2016-11-10 00:03 - 2016-11-02 05:48 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2016-11-10 00:03 - 2016-11-02 05:42 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sud.dll
2016-11-10 00:03 - 2016-11-02 05:31 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-11-10 00:03 - 2016-11-02 05:29 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-11-10 00:03 - 2016-11-02 05:27 - 02458112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2016-11-10 00:03 - 2016-11-02 05:26 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-11-10 00:02 - 2016-11-02 07:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-11-10 00:02 - 2016-11-02 07:01 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-11-10 00:02 - 2016-11-02 06:22 - 01570672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-11-10 00:02 - 2016-11-02 06:22 - 00601712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2016-11-10 00:02 - 2016-11-02 06:12 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-11-10 00:02 - 2016-11-02 06:10 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-11-10 00:02 - 2016-11-02 06:09 - 02257104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-11-10 00:02 - 2016-11-02 06:08 - 00602464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-11-10 00:02 - 2016-11-02 06:08 - 00576408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-11-10 00:02 - 2016-11-02 06:08 - 00186424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll
2016-11-10 00:02 - 2016-11-02 06:08 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-11-10 00:02 - 2016-11-02 06:05 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-11-10 00:02 - 2016-11-02 06:05 - 06657176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-11-10 00:02 - 2016-11-02 06:05 - 03892352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-11-10 00:02 - 2016-11-02 06:05 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-11-10 00:02 - 2016-11-02 06:05 - 00951904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-11-10 00:02 - 2016-11-02 06:04 - 04312248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-11-10 00:02 - 2016-11-02 06:01 - 01425000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2016-11-10 00:02 - 2016-11-02 06:01 - 01415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-11-10 00:02 - 2016-11-02 06:01 - 00545936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-11-10 00:02 - 2016-11-02 05:50 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-11-10 00:02 - 2016-11-02 05:49 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-11-10 00:02 - 2016-11-02 05:49 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-11-10 00:02 - 2016-11-02 05:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2016-11-10 00:02 - 2016-11-02 05:48 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efsext.dll
2016-11-10 00:02 - 2016-11-02 05:47 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2016-11-10 00:02 - 2016-11-02 05:47 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-11-10 00:02 - 2016-11-02 05:47 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-11-10 00:02 - 2016-11-02 05:46 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-11-10 00:02 - 2016-11-02 05:46 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-11-10 00:02 - 2016-11-02 05:45 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-11-10 00:02 - 2016-11-02 05:45 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2016-11-10 00:02 - 2016-11-02 05:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2016-11-10 00:02 - 2016-11-02 05:44 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-11-10 00:02 - 2016-11-02 05:44 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-11-10 00:02 - 2016-11-02 05:44 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthExt.dll
2016-11-10 00:02 - 2016-11-02 05:43 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8.dll
2016-11-10 00:02 - 2016-11-02 05:43 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-11-10 00:02 - 2016-11-02 05:43 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-11-10 00:02 - 2016-11-02 05:43 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2016-11-10 00:02 - 2016-11-02 05:43 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-11-10 00:02 - 2016-11-02 05:42 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-11-10 00:02 - 2016-11-02 05:42 - 00549376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenterCPL.dll
2016-11-10 00:02 - 2016-11-02 05:42 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2016-11-10 00:02 - 2016-11-02 05:42 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-11-10 00:02 - 2016-11-02 05:42 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-11-10 00:02 - 2016-11-02 05:42 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2016-11-10 00:02 - 2016-11-02 05:41 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-11-10 00:02 - 2016-11-02 05:40 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontext.dll
2016-11-10 00:02 - 2016-11-02 05:40 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ddraw.dll
2016-11-10 00:02 - 2016-11-02 05:40 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-11-10 00:02 - 2016-11-02 05:39 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2016-11-10 00:02 - 2016-11-02 05:39 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2016-11-10 00:02 - 2016-11-02 05:39 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAnimation.dll
2016-11-10 00:02 - 2016-11-02 05:38 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2016-11-10 00:02 - 2016-11-02 05:37 - 19415040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-11-10 00:02 - 2016-11-02 05:36 - 19415552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-11-10 00:02 - 2016-11-02 05:36 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-11-10 00:02 - 2016-11-02 05:36 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetailsUpdate.dll
2016-11-10 00:02 - 2016-11-02 05:35 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2016-11-10 00:02 - 2016-11-02 05:33 - 12349952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-11-10 00:02 - 2016-11-02 05:33 - 03307520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-11-10 00:02 - 2016-11-02 05:31 - 03196416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-11-10 00:02 - 2016-11-02 05:31 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-11-10 00:02 - 2016-11-02 05:30 - 12175360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-11-10 00:02 - 2016-11-02 05:30 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll
2016-11-10 00:02 - 2016-11-02 05:29 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-11-10 00:02 - 2016-11-02 05:29 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2016-11-10 00:02 - 2016-11-02 05:29 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-11-10 00:02 - 2016-11-02 05:29 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2016-11-10 00:02 - 2016-11-02 05:28 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-11-10 00:02 - 2016-11-02 05:28 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-11-10 00:02 - 2016-11-02 05:28 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2016-11-10 00:02 - 2016-11-02 05:28 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chartv.dll
2016-11-10 00:02 - 2016-11-02 05:28 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-11-10 00:02 - 2016-11-02 05:27 - 00580608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2016-11-10 00:02 - 2016-11-02 05:27 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2016-11-10 00:02 - 2016-11-02 05:26 - 02747392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2016-11-10 00:02 - 2016-11-02 05:26 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2016-11-10 00:02 - 2016-11-02 05:26 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-11-10 00:02 - 2016-11-02 05:26 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-11-10 00:02 - 2016-11-02 05:26 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-11-10 00:02 - 2016-11-02 05:26 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2016-11-10 00:02 - 2016-11-02 05:26 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-11-10 00:02 - 2016-11-02 05:26 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-11-10 00:02 - 2016-11-02 05:25 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-11-10 00:02 - 2016-11-02 05:25 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-11-10 00:02 - 2016-11-02 05:25 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-11-10 00:02 - 2016-11-02 05:25 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2016-11-10 00:02 - 2016-11-02 05:23 - 03106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2016-11-10 00:02 - 2016-11-02 05:23 - 02356736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2016-11-10 00:02 - 2016-11-02 05:23 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2016-11-10 00:02 - 2016-11-02 04:11 - 00788624 _____ C:\WINDOWS\SysWOW64\locale.nls
2016-11-10 00:02 - 2016-11-02 04:11 - 00788624 _____ C:\WINDOWS\system32\locale.nls
2016-11-10 00:02 - 2016-08-01 23:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-11-09 23:56 - 2016-11-02 06:13 - 00423776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-11-09 23:56 - 2016-11-02 06:00 - 08156080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-11-09 23:56 - 2016-11-02 05:56 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\input.dll
2016-11-09 23:56 - 2016-11-02 05:34 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-11-09 23:56 - 2016-11-02 05:33 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-11-09 23:56 - 2016-11-02 05:30 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-11-09 23:56 - 2016-11-02 05:30 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2016-11-09 23:56 - 2016-11-02 05:30 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-11-09 23:56 - 2016-11-02 05:29 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2016-11-09 23:56 - 2016-11-02 05:29 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-11-09 23:56 - 2016-11-02 05:28 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-11-09 23:56 - 2016-11-02 05:28 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-11-09 23:56 - 2016-11-02 05:28 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2016-11-09 23:56 - 2016-11-02 05:27 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-11-09 23:56 - 2016-11-02 05:27 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2016-11-09 23:56 - 2016-11-02 05:26 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-11-09 23:56 - 2016-11-02 05:26 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAnimation.dll
2016-11-09 23:56 - 2016-11-02 05:26 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-11-09 23:56 - 2016-11-02 05:23 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-11-09 23:56 - 2016-11-02 05:19 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-11-09 23:56 - 2016-11-02 05:17 - 01282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-11-09 23:56 - 2016-11-02 05:17 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-11-09 23:56 - 2016-11-02 05:16 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-11-09 23:56 - 2016-11-02 05:16 - 02512384 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2016-11-09 23:56 - 2016-11-02 05:16 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-11-09 23:56 - 2016-11-02 05:15 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-11-09 23:56 - 2016-11-02 05:15 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-11-09 23:56 - 2016-11-02 05:15 - 01348608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-11-09 23:56 - 2016-11-02 05:15 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2016-11-09 23:56 - 2016-11-02 05:14 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-11-09 23:56 - 2016-11-02 05:13 - 03496960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2016-11-09 23:56 - 2016-11-02 05:13 - 03299840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2016-11-09 23:56 - 2016-11-02 03:20 - 00446896 _____ C:\WINDOWS\system32\ApnDatabase.xml
2016-11-09 23:55 - 2016-11-02 06:20 - 00378720 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-11-09 23:55 - 2016-11-02 06:14 - 07816544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-11-09 23:55 - 2016-11-02 06:13 - 01883784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-11-09 23:55 - 2016-11-02 06:13 - 00773720 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2016-11-09 23:55 - 2016-11-02 06:12 - 02255712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-11-09 23:55 - 2016-11-02 06:12 - 00376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-11-09 23:55 - 2016-11-02 06:05 - 00405856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-11-09 23:55 - 2016-11-02 06:04 - 02678056 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-11-09 23:55 - 2016-11-02 06:03 - 02750936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-11-09 23:55 - 2016-11-02 06:02 - 00848736 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-11-09 23:55 - 2016-11-02 06:02 - 00682816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-11-09 23:55 - 2016-11-02 06:02 - 00238056 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2016-11-09 23:55 - 2016-11-02 06:02 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-11-09 23:55 - 2016-11-02 06:01 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-11-09 23:55 - 2016-11-02 06:00 - 22223968 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-11-09 23:55 - 2016-11-02 06:00 - 04130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-11-09 23:55 - 2016-11-02 06:00 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-11-09 23:55 - 2016-11-02 06:00 - 01061968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-11-09 23:55 - 2016-11-02 05:59 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-11-09 23:55 - 2016-11-02 05:56 - 01609920 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2016-11-09 23:55 - 2016-11-02 05:56 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-11-09 23:55 - 2016-11-02 05:56 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-11-09 23:55 - 2016-11-02 05:56 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-11-09 23:55 - 2016-11-02 05:55 - 00048992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\iorate.sys
2016-11-09 23:55 - 2016-11-02 05:38 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-11-09 23:55 - 2016-11-02 05:34 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-11-09 23:55 - 2016-11-02 05:32 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-11-09 23:55 - 2016-11-02 05:32 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\efsext.dll
2016-11-09 23:55 - 2016-11-02 05:31 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2016-11-09 23:55 - 2016-11-02 05:31 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2016-11-09 23:55 - 2016-11-02 05:31 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-11-09 23:55 - 2016-11-02 05:30 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2016-11-09 23:55 - 2016-11-02 05:30 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-11-09 23:55 - 2016-11-02 05:30 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-11-09 23:55 - 2016-11-02 05:30 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2016-11-09 23:55 - 2016-11-02 05:29 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2016-11-09 23:55 - 2016-11-02 05:29 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2016-11-09 23:55 - 2016-11-02 05:29 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2016-11-09 23:55 - 2016-11-02 05:29 - 00276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-11-09 23:55 - 2016-11-02 05:29 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-11-09 23:55 - 2016-11-02 05:28 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-11-09 23:55 - 2016-11-02 05:28 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenterCPL.dll
2016-11-09 23:55 - 2016-11-02 05:28 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2016-11-09 23:55 - 2016-11-02 05:28 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCenter.dll
2016-11-09 23:55 - 2016-11-02 05:28 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.dll
2016-11-09 23:55 - 2016-11-02 05:28 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
2016-11-09 23:55 - 2016-11-02 05:28 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-11-09 23:55 - 2016-11-02 05:28 - 00240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
2016-11-09 23:55 - 2016-11-02 05:28 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-11-09 23:55 - 2016-11-02 05:28 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-11-09 23:55 - 2016-11-02 05:27 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-11-09 23:55 - 2016-11-02 05:27 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2016-11-09 23:55 - 2016-11-02 05:27 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-11-09 23:55 - 2016-11-02 05:27 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-11-09 23:55 - 2016-11-02 05:26 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddraw.dll
2016-11-09 23:55 - 2016-11-02 05:26 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2016-11-09 23:55 - 2016-11-02 05:25 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll
2016-11-09 23:55 - 2016-11-02 05:25 - 00541696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-11-09 23:55 - 2016-11-02 05:25 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-11-09 23:55 - 2016-11-02 05:24 - 03778560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-11-09 23:55 - 2016-11-02 05:24 - 00940032 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontext.dll
2016-11-09 23:55 - 2016-11-02 05:22 - 13441024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-11-09 23:55 - 2016-11-02 05:22 - 13081600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-11-09 23:55 - 2016-11-02 05:22 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-11-09 23:55 - 2016-11-02 05:22 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2016-11-09 23:55 - 2016-11-02 05:21 - 05111296 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-11-09 23:55 - 2016-11-02 05:19 - 08127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-11-09 23:55 - 2016-11-02 05:19 - 01586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2016-11-09 23:55 - 2016-11-02 05:19 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-11-09 23:55 - 2016-11-02 05:19 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2016-11-09 23:55 - 2016-11-02 05:19 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2016-11-09 23:55 - 2016-11-02 05:19 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\chartv.dll
2016-11-09 23:55 - 2016-11-02 05:19 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-11-09 23:55 - 2016-11-02 05:18 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2016-11-09 23:55 - 2016-11-02 05:18 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2016-11-09 23:55 - 2016-11-02 05:18 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2016-11-09 23:55 - 2016-11-02 05:17 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-11-09 23:55 - 2016-11-02 05:17 - 00982528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-11-09 23:55 - 2016-11-02 05:17 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-11-09 23:55 - 2016-11-02 05:16 - 04148736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-11-09 23:55 - 2016-11-02 05:16 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2016-11-09 23:55 - 2016-11-02 05:16 - 03133440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2016-11-09 23:55 - 2016-11-02 05:16 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-11-09 23:55 - 2016-11-02 05:16 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-11-09 23:55 - 2016-11-02 05:16 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-11-09 23:55 - 2016-11-02 05:16 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-11-09 23:55 - 2016-11-02 05:16 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2016-11-09 23:55 - 2016-11-02 05:16 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2016-11-09 23:55 - 2016-11-02 05:16 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2016-11-09 23:55 - 2016-11-02 05:16 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-11-09 23:55 - 2016-11-02 05:15 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-11-09 23:55 - 2016-11-02 05:15 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-11-09 23:55 - 2016-11-02 05:15 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-11-09 23:55 - 2016-11-02 05:13 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2016-11-09 23:54 - 2016-11-02 06:20 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-11-09 23:54 - 2016-11-02 06:15 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-11-09 23:54 - 2016-11-02 06:15 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-11-09 23:54 - 2016-11-02 06:13 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-11-09 23:54 - 2016-11-02 06:13 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-11-09 23:54 - 2016-11-02 06:03 - 00714592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2016-11-09 23:54 - 2016-11-02 06:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-11-09 23:54 - 2016-11-02 05:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2016-11-09 23:54 - 2016-11-02 05:31 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-11-09 23:54 - 2016-11-02 05:31 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-11-09 23:54 - 2016-11-02 05:31 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-11-09 23:54 - 2016-11-02 05:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-11-09 23:54 - 2016-11-02 05:27 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-11-09 23:54 - 2016-11-02 05:25 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-11-09 23:54 - 2016-11-02 05:23 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2016-11-09 23:54 - 2016-11-02 05:23 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetailsUpdate.dll
2016-11-09 23:54 - 2016-11-02 05:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-11-09 23:54 - 2016-11-02 05:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-11-09 23:54 - 2016-11-02 05:20 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-11-09 23:54 - 2016-11-02 05:20 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2016-11-09 23:54 - 2016-11-02 05:18 - 01690112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-11-09 23:54 - 2016-11-02 05:17 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2016-11-09 23:54 - 2016-11-02 05:16 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-11-09 23:54 - 2016-11-02 05:16 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-11-08 14:57 - 2016-11-08 14:57 - 00569282 _____ C:\Users\Robert\Desktop\CVS-warns-of-lower-profit-rx-losses.pdf
2016-11-03 17:39 - 2016-11-03 17:39 - 03608408 _____ C:\Users\Robert\Downloads\Stock-Comparison-Spreadsheet-UNLOCKED.zip
2016-10-31 13:10 - 2016-10-31 13:10 - 00034906 _____ C:\Users\Robert\Downloads\Original
2016-10-28 09:08 - 2016-10-14 23:51 - 02186896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2016-10-28 09:08 - 2016-10-14 23:51 - 01637728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-10-28 09:08 - 2016-10-14 23:51 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-10-28 09:08 - 2016-10-14 23:51 - 00595296 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-10-28 09:08 - 2016-10-14 23:51 - 00584032 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-10-28 09:08 - 2016-10-14 23:51 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-10-28 09:08 - 2016-10-14 23:51 - 00232800 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-10-28 09:08 - 2016-10-14 23:51 - 00137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-10-28 09:08 - 2016-10-14 23:51 - 00078688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-10-28 09:08 - 2016-10-14 23:48 - 00498952 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2016-10-28 09:08 - 2016-10-14 23:38 - 00500064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2016-10-28 09:08 - 2016-10-14 23:37 - 00063328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2016-10-28 09:08 - 2016-10-14 23:33 - 00455040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2016-10-28 09:08 - 2016-10-14 23:30 - 00509280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-10-28 09:08 - 2016-10-14 23:30 - 00341936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2016-10-28 09:08 - 2016-10-14 23:29 - 00908640 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvstore.dll
2016-10-28 09:08 - 2016-10-14 23:29 - 00079200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys
2016-10-28 09:08 - 2016-10-14 23:26 - 01990648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-10-28 09:08 - 2016-10-14 23:26 - 01472536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-10-28 09:08 - 2016-10-14 23:26 - 00811416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-10-28 09:08 - 2016-10-14 23:26 - 00691080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2016-10-28 09:08 - 2016-10-14 23:22 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-10-28 09:08 - 2016-10-14 23:21 - 00292872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpeffects.dll
2016-10-28 09:08 - 2016-10-14 23:18 - 00749920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvstore.dll
2016-10-28 09:08 - 2016-10-14 23:15 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2016-10-28 09:08 - 2016-10-14 23:10 - 00254656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpeffects.dll
2016-10-28 09:08 - 2016-10-14 23:01 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-10-28 09:08 - 2016-10-14 23:00 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2016-10-28 09:08 - 2016-10-14 23:00 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stdole2.tlb
2016-10-28 09:08 - 2016-10-14 22:59 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfksproxy.dll
2016-10-28 09:08 - 2016-10-14 22:59 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfksproxy.dll
2016-10-28 09:08 - 2016-10-14 22:59 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2016-10-28 09:08 - 2016-10-14 22:58 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-10-28 09:08 - 2016-10-14 22:57 - 00217600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpdxm.dll
2016-10-28 09:08 - 2016-10-14 22:57 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-10-28 09:08 - 2016-10-14 22:57 - 00175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpdxm.dll
2016-10-28 09:08 - 2016-10-14 22:56 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-10-28 09:08 - 2016-10-14 22:56 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2016-10-28 09:08 - 2016-10-14 22:56 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-10-28 09:08 - 2016-10-14 22:55 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2016-10-28 09:08 - 2016-10-14 22:55 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpshell.dll
2016-10-28 09:08 - 2016-10-14 22:54 - 00717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskbarcpl.dll
2016-10-28 09:08 - 2016-10-14 22:54 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairingFolder.dll
2016-10-28 09:08 - 2016-10-14 22:54 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-10-28 09:08 - 2016-10-14 22:53 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-10-28 09:08 - 2016-10-14 22:52 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-10-28 09:08 - 2016-10-14 22:52 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoplay.dll
2016-10-28 09:08 - 2016-10-14 22:51 - 13868544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-10-28 09:08 - 2016-10-14 22:50 - 17188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-10-28 09:08 - 2016-10-14 22:50 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-10-28 09:08 - 2016-10-14 22:50 - 00967168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-10-28 09:08 - 2016-10-14 22:50 - 00509440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2016-10-28 09:08 - 2016-10-14 22:50 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-10-28 09:08 - 2016-10-14 22:50 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-10-28 09:08 - 2016-10-14 22:49 - 01913344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2016-10-28 09:08 - 2016-10-14 22:49 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-10-28 09:08 - 2016-10-14 22:49 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-10-28 09:08 - 2016-10-14 22:49 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2016-10-28 09:08 - 2016-10-14 22:48 - 01554944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2016-10-28 09:08 - 2016-10-14 22:48 - 01323008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2016-10-28 09:08 - 2016-10-14 22:48 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2016-10-28 09:08 - 2016-10-14 22:47 - 01113600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2016-10-28 09:08 - 2016-10-14 22:47 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2016-10-28 09:08 - 2016-10-14 22:46 - 03287552 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2016-10-28 09:08 - 2016-10-14 22:46 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2016-10-28 09:08 - 2016-10-14 22:45 - 00406016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-10-28 09:08 - 2016-10-14 22:44 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2016-10-28 09:08 - 2016-10-14 22:44 - 00470016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2016-10-28 09:08 - 2016-10-14 22:44 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\powercfg.exe
2016-10-28 09:08 - 2016-10-14 22:43 - 02748928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2016-10-28 09:08 - 2016-10-14 22:43 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\energy.dll
2016-10-28 09:08 - 2016-10-14 22:43 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsiwmi.dll
2016-10-28 09:08 - 2016-10-14 22:42 - 06108672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-10-28 09:08 - 2016-10-14 22:42 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-10-28 09:08 - 2016-10-14 22:42 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2016-10-28 09:08 - 2016-10-14 22:41 - 05376000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-10-28 09:08 - 2016-10-14 22:41 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsiwmi.dll
2016-10-28 09:08 - 2016-10-14 22:39 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Geolocation.dll
2016-10-28 09:08 - 2016-10-14 22:38 - 01993216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-10-28 09:08 - 2016-10-14 22:38 - 00913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-10-28 09:08 - 2016-10-14 22:38 - 00675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-10-28 09:08 - 2016-10-14 22:37 - 01980416 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-10-28 09:08 - 2016-10-14 22:37 - 01643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-10-28 09:08 - 2016-10-14 22:37 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-10-28 09:08 - 2016-10-14 22:37 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmifw.dll
2016-10-28 09:08 - 2016-10-14 22:36 - 02290176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-10-28 09:08 - 2016-10-14 22:36 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2016-10-28 09:08 - 2016-10-14 22:36 - 00542208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-10-28 09:08 - 2016-10-14 22:36 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2016-10-28 09:08 - 2016-10-14 22:36 - 00338944 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
2016-10-28 09:08 - 2016-10-14 22:36 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmifw.dll
2016-10-28 09:08 - 2016-10-14 22:35 - 03054080 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-10-28 09:08 - 2016-10-14 22:35 - 02708992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-10-28 09:08 - 2016-10-14 22:35 - 02315264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-10-28 09:08 - 2016-10-14 22:35 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-10-28 09:08 - 2016-10-14 22:35 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-10-28 09:08 - 2016-10-14 22:35 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-10-28 09:08 - 2016-10-14 22:31 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2016-10-28 09:08 - 2016-09-10 08:21 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys
2016-10-28 09:08 - 2016-08-27 00:12 - 00244816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-10-28 09:07 - 2016-10-14 23:51 - 00283488 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-10-28 09:07 - 2016-10-14 23:43 - 01356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2016-10-28 09:07 - 2016-10-14 23:41 - 05622088 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2016-10-28 09:07 - 2016-10-14 23:38 - 00409952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2016-10-28 09:07 - 2016-10-14 23:34 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2016-10-28 09:07 - 2016-10-14 23:31 - 02827864 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-10-28 09:07 - 2016-10-14 23:31 - 02190688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-10-28 09:07 - 2016-10-14 23:31 - 00658272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-10-28 09:07 - 2016-10-14 23:31 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-10-28 09:07 - 2016-10-14 23:30 - 01851696 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-10-28 09:07 - 2016-10-14 23:30 - 00557408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2016-10-28 09:07 - 2016-10-14 23:29 - 02913104 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-10-28 09:07 - 2016-10-14 23:29 - 01267504 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-10-28 09:07 - 2016-10-14 23:29 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-10-28 09:07 - 2016-10-14 23:26 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2016-10-28 09:07 - 2016-10-14 23:26 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-10-28 09:07 - 2016-10-14 23:26 - 00160096 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2016-10-28 09:07 - 2016-10-14 23:25 - 00882680 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2016-10-28 09:07 - 2016-10-14 23:25 - 00742704 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-10-28 09:07 - 2016-10-14 23:21 - 02537824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-10-28 09:07 - 2016-10-14 23:21 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-10-28 09:07 - 2016-10-14 23:21 - 00584032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2016-10-28 09:07 - 2016-10-14 23:20 - 02276736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-10-28 09:07 - 2016-10-14 23:19 - 00272720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2016-10-28 09:07 - 2016-10-14 23:18 - 02166232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-10-28 09:07 - 2016-10-14 23:18 - 01556712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-10-28 09:07 - 2016-10-14 23:18 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-10-28 09:07 - 2016-10-14 23:15 - 01853776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-10-28 09:07 - 2016-10-14 23:15 - 01123368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-10-28 09:07 - 2016-10-14 23:15 - 00687936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2016-10-28 09:07 - 2016-10-14 23:11 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-10-28 09:07 - 2016-10-14 23:06 - 05685760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-10-28 09:07 - 2016-10-14 23:05 - 07216640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-10-28 09:07 - 2016-10-14 23:00 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2016-10-28 09:07 - 2016-10-14 23:00 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-10-28 09:07 - 2016-10-14 22:59 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\stdole2.tlb
2016-10-28 09:07 - 2016-10-14 22:57 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2016-10-28 09:07 - 2016-10-14 22:56 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\esentutl.exe
2016-10-28 09:07 - 2016-10-14 22:56 - 00327680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2016-10-28 09:07 - 2016-10-14 22:56 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esentutl.exe
2016-10-28 09:07 - 2016-10-14 22:56 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-10-28 09:07 - 2016-10-14 22:56 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSrvPolicyManager.dll
2016-10-28 09:07 - 2016-10-14 22:56 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFi.dll
2016-10-28 09:07 - 2016-10-14 22:56 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-10-28 09:07 - 2016-10-14 22:56 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2016-10-28 09:07 - 2016-10-14 22:55 - 00329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2016-10-28 09:07 - 2016-10-14 22:55 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2016-10-28 09:07 - 2016-10-14 22:55 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-10-28 09:07 - 2016-10-14 22:55 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll
2016-10-28 09:07 - 2016-10-14 22:54 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2016-10-28 09:07 - 2016-10-14 22:54 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2016-10-28 09:07 - 2016-10-14 22:54 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-10-28 09:07 - 2016-10-14 22:54 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoplay.dll
2016-10-28 09:07 - 2016-10-14 22:54 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpshell.dll
2016-10-28 09:07 - 2016-10-14 22:53 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-10-28 09:07 - 2016-10-14 22:52 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-10-28 09:07 - 2016-10-14 22:52 - 00410624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2016-10-28 09:07 - 2016-10-14 22:52 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2016-10-28 09:07 - 2016-10-14 22:52 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\systemcpl.dll
2016-10-28 09:07 - 2016-10-14 22:51 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2016-10-28 09:07 - 2016-10-14 22:51 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2016-10-28 09:07 - 2016-10-14 22:50 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2016-10-28 09:07 - 2016-10-14 22:50 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
2016-10-28 09:07 - 2016-10-14 22:50 - 00310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-10-28 09:07 - 2016-10-14 22:49 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-10-28 09:07 - 2016-10-14 22:49 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2016-10-28 09:07 - 2016-10-14 22:47 - 07792640 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-10-28 09:07 - 2016-10-14 22:47 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-10-28 09:07 - 2016-10-14 22:47 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2016-10-28 09:07 - 2016-10-14 22:46 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2016-10-28 09:07 - 2016-10-14 22:45 - 01790464 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2016-10-28 09:07 - 2016-10-14 22:45 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2016-10-28 09:07 - 2016-10-14 22:44 - 00636928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-10-28 09:07 - 2016-10-14 22:43 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-10-28 09:07 - 2016-10-14 22:42 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Geolocation.dll
2016-10-28 09:07 - 2016-10-14 22:42 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\powercfg.exe
2016-10-28 09:07 - 2016-10-14 22:41 - 07654912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-10-28 09:07 - 2016-10-14 22:41 - 00945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2016-10-28 09:07 - 2016-10-14 22:41 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2016-10-28 09:07 - 2016-10-14 22:39 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2016-10-28 09:07 - 2016-10-14 22:39 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-10-28 09:07 - 2016-10-14 22:39 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2016-10-28 09:07 - 2016-10-14 22:39 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-10-28 09:07 - 2016-10-14 22:39 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-10-28 09:07 - 2016-10-14 22:39 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2016-10-28 09:07 - 2016-10-14 22:39 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2016-10-28 09:07 - 2016-10-14 22:37 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2016-10-28 09:07 - 2016-10-14 22:37 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-10-28 09:07 - 2016-10-14 22:37 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2016-10-28 09:07 - 2016-10-14 22:36 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-10-28 09:07 - 2016-10-14 22:36 - 00983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-10-28 09:07 - 2016-10-14 22:36 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-10-28 09:07 - 2016-10-14 22:35 - 02005504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2016-10-28 09:07 - 2016-10-14 22:35 - 00905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-10-28 09:07 - 2016-10-14 22:34 - 02476544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2016-10-28 09:07 - 2016-10-14 22:34 - 01840640 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2016-10-28 09:07 - 2016-10-14 22:34 - 00936448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-10-28 09:07 - 2016-10-14 22:32 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2016-10-28 09:07 - 2016-08-05 23:17 - 00619368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-10-23 18:25 - 2016-10-23 18:25 - 00000000 ___RD C:\Users\Robert\Documents\Scanned Documents
2016-10-23 18:25 - 2016-10-23 18:25 - 00000000 ____D C:\Users\Robert\Documents\Fax

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-22 10:10 - 2015-10-01 15:29 - 00000000 ____D C:\Users\Robert\AppData\Local\ClassicShell
2016-11-22 10:01 - 2015-10-03 10:17 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-11-22 10:00 - 2016-08-06 15:58 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-11-22 07:53 - 2016-07-16 06:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-11-22 07:51 - 2016-07-18 16:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-11-22 07:51 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-11-22 07:51 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-11-22 07:49 - 2015-09-30 19:34 - 00000000 ____D C:\Users\Robert\AppData\Local\Packages
2016-11-21 10:36 - 2016-08-06 08:40 - 00000000 ____D C:\Program Files\Java
2016-11-21 10:32 - 2015-10-05 13:49 - 00000000 ____D C:\ProgramData\Oracle
2016-11-21 10:29 - 2016-08-06 16:05 - 01522538 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-11-21 10:25 - 2016-08-06 16:20 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-11-21 10:25 - 2016-08-06 16:02 - 00000000 ____D C:\ProgramData\Synaptics
2016-11-21 10:25 - 2015-10-01 06:14 - 00000000 __SHD C:\Users\Robert\IntelGraphicsProfiles
2016-11-21 10:24 - 2016-07-16 01:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2016-11-21 10:24 - 2015-12-20 11:46 - 00000000 ____D C:\Users\Robert\AppData\LocalLow\Temp
2016-11-20 13:19 - 2016-08-07 08:25 - 00000000 ____D C:\Users\Robert\AppData\Local\Deployment
2016-11-20 13:11 - 2016-08-06 16:05 - 00000000 ____D C:\Users\Robert
2016-11-20 12:48 - 2015-09-30 16:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-11-16 16:58 - 2015-10-22 13:45 - 00000878 _____ C:\Users\Public\Desktop\Medved Trader.lnk
2016-11-16 16:58 - 2015-10-03 18:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Medved Trader
2016-11-16 16:58 - 2015-10-03 18:32 - 00000000 ____D C:\Program Files\Medved Trader
2016-11-15 16:36 - 2015-09-30 16:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-11-15 13:23 - 2016-04-02 09:18 - 00000000 ____D C:\Users\Robert\AppData\Local\Microsoft Games
2016-11-14 10:02 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
2016-11-13 15:05 - 2016-08-10 14:10 - 00000000 ____D C:\WINDOWS\Minidump
2016-11-13 15:05 - 2016-08-06 19:56 - 00000000 ___DC C:\WINDOWS\Panther
2016-11-13 10:11 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-11-13 10:11 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-11-13 10:11 - 2015-09-30 17:21 - 00000000 ____D C:\Users\Robert\AppData\Local\Adobe
2016-11-12 11:49 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\rescache
2016-11-10 16:54 - 2015-11-21 15:54 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-10 07:56 - 2015-09-10 00:42 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-11-10 07:54 - 2016-08-06 15:57 - 00337064 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-11-10 07:50 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-11-10 07:50 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-11-10 07:50 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-11-10 07:50 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-11-10 07:50 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-11-10 07:50 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-11-10 00:22 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-11-10 00:16 - 2015-09-30 17:57 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-11-10 00:10 - 2015-09-30 17:57 - 141011376 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-11-09 11:01 - 2016-08-06 16:20 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-11-09 10:45 - 2016-05-26 16:39 - 00000000 ____D C:\AdwCleaner
2016-11-08 20:38 - 2015-11-15 12:56 - 00000000 ____D C:\Users\Robert\AppData\Local\Google
2016-11-08 10:11 - 2016-07-23 09:34 - 00000000 ____D C:\Users\Robert\Desktop\Medical
2016-11-06 14:23 - 2015-03-05 20:30 - 03331252 _____ C:\Users\Robert\Desktop\Stock Comparison Spreadsheet - UNLOCKED.xlsm
2016-11-05 09:01 - 2015-11-02 19:50 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-11-02 10:56 - 2015-09-30 15:16 - 00389408 __RSH C:\bootmgr
2016-10-29 05:34 - 2015-09-30 17:22 - 00000000 ____D C:\ProgramData\Lenovo
2016-10-29 05:26 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-10-29 05:25 - 2016-07-16 06:47 - 00015425 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-10-28 18:56 - 2016-07-16 06:49 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-10-28 18:56 - 2016-07-16 06:49 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-10-28 08:49 - 2015-09-30 16:39 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2016-01-16 16:13 - 2016-01-16 16:13 - 0001759 _____ () C:\Users\Robert\AppData\Local\recently-used.xbel
2016-08-09 07:03 - 2016-08-09 07:03 - 0007597 _____ () C:\Users\Robert\AppData\Local\Resmon.ResmonCfg
2016-08-06 15:59 - 2016-08-06 15:59 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-11-19 18:26

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-11-2016 01
Ran by Robert (22-11-2016 10:11:59)
Running from C:\Users\Robert\Desktop
Windows 10 Home Version 1607 (X64) (2016-08-06 21:32:02)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1060743938-440540994-1790496421-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1060743938-440540994-1790496421-503 - Limited - Disabled)
Guest (S-1-5-21-1060743938-440540994-1790496421-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1060743938-440540994-1790496421-1002 - Limited - Enabled)
Robert (S-1-5-21-1060743938-440540994-1790496421-1000 - Administrator - Enabled) => C:\Users\Robert

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.00 (HKLM-x32\...\7-Zip) (Version: 16.00 - Igor Pavlov)
7-Zip 16.00 (x64) (HKLM\...\7-Zip) (Version: 16.00 - Igor Pavlov)
7-Zip 16.02 (HKLM-x32\...\{23170F69-40C1-2701-1602-000001000000}) (Version: 16.02.00.0 - Igor Pavlov)
7-Zip 16.02 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1602-000001000000}) (Version: 16.02.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.1 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-1060743938-440540994-1790496421-1000\...\Amazon Kindle) (Version: 1.15.0.43061 - Amazon)
Amazon Send to Kindle (HKLM-x32\...\SendToKindle) (Version: 1.1.0.243 - Amazon)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Anki (HKLM-x32\...\Anki) (Version:  - )
Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
AutoHotkey 1.1.22.09 (HKLM\...\AutoHotkey) (Version: 1.1.22.09 - Lexikos)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.16.50 - Conexant)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.6.5.1 - Dolby Laboratories Inc)
Efficient Address Book Free 5.22 (HKLM-x32\...\Efficient Address Book Free_is1) (Version:  - Efficient Software)
Evernote v. 6.1.2 (HKLM-x32\...\{A46ABD1E-2837-11E6-9E7C-005056951CAD}) (Version: 6.1.2.2292 - Evernote Corp.)
Foxit Advanced PDF Editor 3 (HKLM-x32\...\B521582C-6BE3-491D-BCC8-FFB8301298E9_is1) (Version: 3.1.0.0 - Foxit Corporation)
FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 1.0.1 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
IIS 10.0 Express (HKLM\...\{5984D8DA-C1AF-4284-9C88-D7150425B315}) (Version: 10.0.1734 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - )
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Integrated Camera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10224 - Realtek Semiconductor Corp.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel® Driver Update Utility 2.4 (x32 Version: 2.4.0.7 - Intel) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4358 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{DA2600C1-6BDF-4FD1-1212-148929CC1385}) (Version: 2.6.1212.0302 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{561b5fb5-1d4d-40e8-b3e4-ad52858b217c}) (Version: 2.4.0.7 - Intel)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{6F73FF93-0B55-4194-AE45-C19DA1F33E97}) (Version: 6.0.3 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{fad118b4-798f-4755-9e67-a622eec95b62}) (Version: 15.6.1 - Intel Corporation)
iTunes (HKLM\...\{955524E7-79EB-4CA9-BA4D-FD2DF587651B}) (Version: 12.4.3.1 - Apple Inc.)
Java 8 Update 111 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Lenovo On Screen Display (Version: 8.80.10 - Lenovo) Hidden
Lenovo Power Management Driver (Version: 1.67.12.14 - Lenovo) Hidden
Lenovo Service Bridge (HKU\S-1-5-21-1060743938-440540994-1790496421-1000\...\cbe8636f7dd0cf1d) (Version: 1.5.1.0 - Lenovo)
Lenovo Settings - Power (x32 Version: 2.00.000 - Lenovo) Hidden
Lenovo Solution Center (HKLM\...\{C1FC707B-AE6B-4DC4-89A5-6628A01F8103}) (Version: 3.3.003.00 - Lenovo)
Lenovo System Interface Foundation (HKLM\...\{C2E5CA37-C862-4A69-AC6D-24F450A20C16}) (Version: 1.0.067.00 - Lenovo)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.07.0037 - Lenovo)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Max Recorder (HKLM-x32\...\Max Recorder) (Version: 2.006.0.0 - Silver Vine, LLC)
Medved Trader version 1.1.2700.521 (HKLM\...\{528BD475-95CE-47B6-B40A-1136FED0D462}_is1) (Version: 1.1.2700.521 - 2GK, Inc.)
Metric Collection SDK (x32 Version: 1.1.0008.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0011.00 - Lenovo Group Limited) Hidden
Microsoft Games for Windows 8 x64 (HKLM\...\{B6047A78-062F-4C6F-A82D-B94DAF72FB73}) (Version: 1.2 - Microsoft)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.7466.2038 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.50616.0) (HKLM-x32\...\{58246C80-3941-4B69-AE31-264644E2ADB8}) (Version: 14.0.50616.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{68BA34E8-9B9D-4A74-83F0-7D366B532D75}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ Compiler Package for Python 2.7 (HKLM-x32\...\{692514A8-5484-45FC-B0AE-BE2DF7A75891}) (Version: 9.0.1.30729 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{ED4CC1E5-043E-4157-8452-B5E533FE2BA1}) (Version: 3.1238.1955 - Microsoft Corporation)
Minimal ADB and Fastboot version 1.3.1 (HKLM-x32\...\{26AC9666-A2C6-4D33-8370-A50F50F277C4}_is1) (Version: 1.3.1 - Sam Rodberg)
Mobile Broadband Drivers (HKLM-x32\...\{EA9640BE-414E-4195-B53B-7905BF1A5A09}) (Version: 7.2.5.4 - Ericsson AB)
Mozilla Firefox 50.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.0 (x86 en-US)) (Version: 50.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.0.0.6152 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.6 - Notepad++ Team)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7466.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7426.1015 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7466.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7466.2038 - Microsoft Corporation) Hidden
OverDrive for Windows (HKLM-x32\...\{6D84D59B-38CD-41B1-A73A-9AB4C4C009BF}) (Version: 3.4.2 - OverDrive, Inc.)
PostgreSQL 9.5  (HKLM\...\PostgreSQL 9.5) (Version: 9.5 - PostgreSQL Global Development Group)
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
PSPad editor (HKLM-x32\...\PSPad editor_is1) (Version: 4.6.1.2730 - Jan Fiala)
Python 2.7.11 (64-bit) (HKLM\...\{16E52445-1392-469F-9ADB-FC03AF00CD62}) (Version: 2.7.11150 - Python Software Foundation)
Python 3.4.3 (64-bit) (HKLM\...\{9529565f-e693-3f11-b3bf-8cd545f5f9a0}) (Version: 3.4.3150 - Python Software Foundation)
Python 3.5.0 (64-bit) (HKU\S-1-5-21-1060743938-440540994-1790496421-1000\...\{e599f76f-2b95-44da-a280-77548b1b2a21}) (Version: 3.5.150.0 - Python Software Foundation)
Python 3.5.0 Add to Path (64-bit) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Core Interpreter (64-bit) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Development Libraries (64-bit) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Documentation (64-bit) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Executables (64-bit) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Launcher (32-bit) (x32 Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 pip Bootstrap (64-bit) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Standard Library (64-bit) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Tcl/Tk Support (64-bit) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Test Suite (64-bit) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Utility Scripts (64-bit) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.29064 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.61.612.2012 - Realtek)
Samsung Easy Document Creator (HKLM-x32\...\Samsung Easy Document Creator) (Version: 1.06.46 (10/30/2014) - Samsung Electronics Co., Ltd.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.05.81.00(5/25/2015) - Samsung Electronics Co., Ltd.)
Samsung M2070 Series (HKLM-x32\...\Samsung M2070 Series) (Version: 1.22 (9/7/2015) - Samsung Electronics Co., Ltd.)
Samsung M262x 282x Series (HKLM-x32\...\Samsung M262x 282x Series) (Version: 1.24 (12/18/2013) - Samsung Electronics Co., Ltd.)
Samsung Network PC Fax (HKLM-x32\...\Samsung Network PC Fax) (Version: 1.11.14 (11/4/2014) - Samsung Electronics Co., Ltd.)
Samsung OCR Software (HKLM-x32\...\Samsung OCR Software) (Version: 1.00.14 (8/2/2013) - Samsung Electronics Co., Ltd.)
Samsung Printer Diagnostics (HKLM-x32\...\Samsung Printer Diagnostics) (Version: 1.0.1.6.02 - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Samsung Scan Process Machine (x32 Version: 1.03.05.18 - Samsung Electronics Co., Ltd.) Hidden
Scrivener (HKLM-x32\...\Scrivener 1900) (Version: 1900 - Literature and Latte)
SNS Upload for Easy Document Creator (HKLM-x32\...\{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}) (Version: 1.0.0 - Samsung Electronics Co.,Ltd)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.27 - Synaptics Incorporated)
Synaptics WBF DDK 5011 (Advanced) (HKLM\...\{D342A8F4-B82B-4348-A407-F1F91CF44128}) (Version: 4.5.505.0 - Synaptics)
thinkorswim (HKLM\...\9968-4488-2169-7623) (Version: desktop - thinkorswim, Inc)
ThinkPad Settings Dependency (Version: 3.0.1.32 - Lenovo) Hidden
USB Enhanced Performance Keyboard (HKLM\...\{989DC5D9-A776-430D-9E16-D36E5B81CD86}) (Version: 2.0.2.2 - Lenovo)
View User's Guide (HKLM-x32\...\View User Guide) (Version: 3.60.45.0 - )
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17349 - Microsoft Corporation)
Windows 7 Games for Windows 10 and 8 (HKLM\...\Win7Games) (Version: 2.0 - hxxp://winaero.com)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wireshark 1.12.9 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.12.9 - The Wireshark developer community, hxxp://www.wireshark.org)
WordWeb (HKLM-x32\...\WordWeb) (Version: 8 - WordWeb Software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1060743938-440540994-1790496421-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Robert\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1060743938-440540994-1790496421-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1060743938-440540994-1790496421-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Robert\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1060743938-440540994-1790496421-1000_Classes\CLSID\{ED90173A-3B4C-4E7E-B9CF-79714425D4B5}\InprocServer32 -> C:\Program Files (x86)\PSPad editor\pspshellx64.dll ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01478298-429E-4E94-9EAB-8A89FC60AF51} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {15BE55E3-8857-4C75-8E06-EAEABDD28592} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {185F27AE-D945-41D9-BAD1-C5819ACC525C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-11-01] (Microsoft Corporation)
Task: {1BE3FF26-71FE-4E3A-A672-184C0CB3C685} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {23B3B3F6-DF1C-4B3B-AA1D-C93A34F85F81} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {252DF45E-91A3-432E-82B6-30932A13B1C5} - System32\Tasks\Lenovo\Lenovo Settings Power => Rundll32.exe "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.dll",PwrMgrBkGndMonitor
Task: {2E99F6F6-95B2-4BB1-9AD1-9F3EDB912627} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {2F8465CD-D727-4414-BC2E-3858A7AD4C78} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler  /v start /t reg_dword /d 1 /f /reg:32
Task: {37D7DD77-6AF9-408D-9CFB-2892BF1D8CCE} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {3A7F7370-97A2-4D22-9AD2-1C94CF322BE6} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-01] (Lenovo)
Task: {46F9E139-218E-4D84-B377-02E448B0FF77} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe
Task: {5E04CAD9-8591-4AFF-9EA0-1FB310C40979} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {5FBB7785-F132-4DF5-AC86-2414BFF714BB} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6123FF6C-079D-4EED-A0DA-5EC60AE9D868} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {63E0E94B-D1AE-429C-99A4-2E5EDADDD520} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {654A3987-CAE9-4FB6-9CEB-CE66DCE4874C} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6A83DB06-4EAE-4442-B721-829E12A2229B} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {6DB304DE-3D26-4172-AFC6-C7D06BA9AD2F} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2016-09-10] ()
Task: {77FE7DCA-BAF4-476B-985A-BD68BEF5ED86} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-06-02] (Lenovo)
Task: {838AC5A1-4511-4127-987C-1D4CEF86DFA1} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {8561DCBE-2BC3-4CDB-8A3A-B55DEDFB6791} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-11-01] (Microsoft Corporation)
Task: {893B9361-050A-4091-9EB9-B76CE274B03B} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8D3C52FA-1E94-428F-8F0D-5B1C57B7F371} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSC.Services.UpdateStatusService.exe [2016-06-02] ()
Task: {9251BB97-A2C7-4390-9911-469826E72BB8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {A3AA8F2D-492D-47EA-8A8D-666EE2B64C17} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {A3FC8B04-A7CB-4FFB-814F-D11928C7F095} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AC454CF5-3083-4E5E-B648-6324F164F6DD} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AE264B25-2FF5-4D87-BB76-C674BE8F4B61} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BB4C0CA4-E35C-4FE0-B3AA-925E999E7F4F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-21] (Google Inc.)
Task: {BF5224AA-BCCD-4078-BF40-14F83AA0B7C9} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BFB2C671-0F8E-4ABD-AB27-51FC42808BDF} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {C70F8002-F306-407A-9FD8-A92A7798F7C3} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-11-10] (Microsoft Corporation)
Task: {D67E7167-887B-4BB0-9655-EC5CD29D693E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-30] (Microsoft Corporation)
Task: {DFB3432D-8D2F-4DF2-AF1C-AFFB169B769C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E13BED85-5C7B-4C22-AB47-D2D7D270B32A} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {E1D592E5-8A58-40EC-99D7-DBA97D28F11B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EE4BD5DA-45ED-402F-B940-4E314DED20A0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1060743938-440540994-1790496421-1000UA => C:\Users\Robert\AppData\Local\Google\Update\GoogleUpdate.exe [2015-11-15] (Google Inc.)
Task: {EF2F49EC-0CE1-4EB6-98CF-AEBEADD10904} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F408370C-144F-48FE-B9FE-7147713CA312} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-30] (Microsoft Corporation)
Task: {F4423F66-1666-42BF-A0BD-D084ACD07BDA} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => Sc.exe START ImControllerService
Task: {F505BE7A-7108-49C0-A761-A73A29854C90} - System32\Tasks\{AC00FE22-9D52-45F8-BD63-D43F5F3519A9} => pcalua.exe -a C:\Users\Robert\Downloads\LSBsetup.exe -d C:\Users\Robert\Downloads
Task: {F829E170-D396-4751-9F7B-B7991F676F06} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2016-09-10] ()
Task: {FAB8FAEC-8140-4F56-ADAA-A93549882083} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {FBE161D5-FA0D-47C2-AE00-A724F0204C36} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {FFBBD512-B980-48DC-AE9D-A1E5D558161D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-21] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1060743938-440540994-1790496421-1000UA.job => C:\Users\Robert\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Visual C++ Compiler Package for Python 2.7\Visual C++ 2008 32-bit Command Prompt.lnk -> C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) -> /k ""C:\Users\Robert\AppData\Local\Programs\Common\Microsoft\Visual C++ for Python\9.0\vcvarsall.bat" x86"
ShortcutWithArgument: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Visual C++ Compiler Package for Python 2.7\Visual C++ 2008 64-bit Command Prompt.lnk -> C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) -> /k ""C:\Users\Robert\AppData\Local\Programs\Common\Microsoft\Visual C++ for Python\9.0\vcvarsall.bat" amd64"
ShortcutWithArgument: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Visual C++ Compiler Package for Python 2.7\Visual C++ 2008 64-bit Cross Tools Command Prompt.lnk -> C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) -> /k ""C:\Users\Robert\AppData\Local\Programs\Common\Microsoft\Visual C++ for Python\9.0\vcvarsall.bat" x86_amd64"

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-09-30 08:42 - 2016-09-15 12:25 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-31 14:36 - 2012-11-14 11:48 - 00034304 _____ () C:\WINDOWS\System32\ssk4mlm.dll
2016-05-17 11:57 - 2015-06-11 08:58 - 00022528 _____ () C:\WINDOWS\System32\ssm4mlm.dll
2016-02-15 20:01 - 2016-02-15 20:01 - 00031256 _____ () C:\WINDOWS\System32\us008lm.dll
2016-07-05 14:23 - 2016-07-05 14:23 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-07-05 14:23 - 2016-07-05 14:23 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-04-11 11:03 - 2016-03-28 23:18 - 00183296 _____ () C:\Program Files\PostgreSQL\9.5\bin\LIBPQ.dll
2016-04-11 11:04 - 2015-08-26 03:40 - 02257408 _____ () C:\Program Files\PostgreSQL\9.5\bin\libxml2.dll
2016-08-03 19:29 - 2016-08-23 07:02 - 00200520 _____ () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2016-10-16 17:03 - 2016-09-10 11:13 - 00028544 _____ () C:\Program Files (x86)\Lenovo\System Update\SUService.exe
2014-09-08 12:39 - 2014-09-08 12:39 - 00464608 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2014-09-08 12:38 - 2014-09-08 12:38 - 00051200 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2016-11-19 07:31 - 2016-11-19 07:31 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-11-19 07:31 - 2016-11-19 07:31 - 00178688 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-11-19 07:31 - 2016-11-19 07:31 - 41609728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-11-17 07:03 - 2016-11-17 07:03 - 03766272 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1611.3123.0_x64__8wekyb3d8bbwe\Calculator.exe
2016-11-16 08:14 - 2016-11-16 08:14 - 00019456 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1111.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-11-16 08:14 - 2016-11-16 08:14 - 20433920 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1111.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-06-03 05:07 - 2016-06-03 05:09 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1111.10000.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2016-11-16 08:14 - 2016-11-16 08:14 - 01047552 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1111.10000.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2016-11-16 08:14 - 2016-11-16 08:14 - 00353792 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1111.10000.0_x64__8wekyb3d8bbwe\Photos.Inking.dll
2016-09-30 08:42 - 2016-09-15 12:25 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-08-23 15:11 - 2016-08-23 15:11 - 00959168 _____ () C:\Users\Robert\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-07-18 16:05 - 2016-10-30 11:12 - 08924864 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-08-08 15:08 - 2014-11-02 17:45 - 00029184 _____ () C:\Program Files (x86)\PSPad editor\pspshellx64.dll
2015-04-15 15:13 - 2015-04-15 15:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2016-09-14 05:33 - 2016-09-06 23:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-11-09 23:56 - 2016-11-02 05:30 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-09 23:55 - 2016-11-02 05:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-09 23:55 - 2016-11-02 05:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-09 23:55 - 2016-11-02 05:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-09 23:55 - 2016-11-02 05:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-11-09 23:55 - 2016-11-02 05:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-09 23:55 - 2016-11-02 05:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-11-09 23:55 - 2016-11-02 05:13 - 00114176 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Dss.BackgroundTask.dll
2015-09-30 11:32 - 2011-07-13 09:10 - 00065576 ____R () C:\Program Files (x86)\Mobile Broadband drivers\WMCore\MBMDebug.dll
2016-07-18 16:05 - 2016-10-30 09:18 - 08924864 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2015-09-30 12:34 - 2013-05-14 05:15 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1060743938-440540994-1790496421-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 208.67.222.222 - 208.67.220.220
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "Samsung Network PC Fax.lnk"
HKLM\...\StartupApproved\Run: => "SynTPEnh"
HKLM\...\StartupApproved\Run: => "RtsCM"
HKLM\...\StartupApproved\Run: => "cAudioFilterAgent"
HKLM\...\StartupApproved\Run: => "ForteConfig"
HKLM\...\StartupApproved\Run: => "Enhanced Performance Keyboard"
HKLM\...\StartupApproved\Run: => "SmartAudio"
HKLM\...\StartupApproved\Run32: => "USB3MON"
HKLM\...\StartupApproved\Run32: => "IMSS"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKU\S-1-5-21-1060743938-440540994-1790496421-1000\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk"
HKU\S-1-5-21-1060743938-440540994-1790496421-1000\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-1060743938-440540994-1790496421-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1060743938-440540994-1790496421-1000\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-1060743938-440540994-1790496421-1000\...\StartupApproved\Run: => "EEDSpeedLauncher"
HKU\S-1-5-21-1060743938-440540994-1790496421-1000\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{171BBC50-042A-4A69-8EC9-0EB2DBCBACF6}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{BD86591C-9B39-4B99-808D-FB2727C16F8B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{2208AD94-6AEE-4D29-BDF9-D8CE664512A5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{BC28A0C5-BA2A-413D-B3CF-7D5E562B2883}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{97EDAE0B-50F8-43DC-A3A3-65CEBF537FAE}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{01F39294-5139-42BC-B13A-9990FDE15167}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe
FirewallRules: [{00DD5B4F-78DD-441C-A749-D0B7D3CF349B}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe
FirewallRules: [{F71B646D-9ECF-4CE7-8FA3-ACEF26C38C1D}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe
FirewallRules: [{154BD9D6-6776-4BDA-808E-5FECEC5FDC2C}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe
FirewallRules: [{AB7FF7DB-CC00-49B8-8F94-3CC005534BC4}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{D176B9FB-B8C7-4490-BA2F-72D2D8B587FE}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{879658D1-0B9F-4402-BC05-777029AEF8D2}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{D8043EDC-5DE8-4B99-9565-63DB6071C230}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{C09CA6CA-91CE-4448-B8C7-85FAA05AAD19}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{163DCC5C-E32A-4972-A12F-5CA9931BA7CB}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{0A2A8E85-AC3E-4348-8DFF-52098F7C08D8}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{0265051F-F5CC-4DAA-AA82-885890A7BE16}] => (Allow) C:\Windows\twain_32\Samsung\SLM2070\ScanCDLM\ScanCDLM.exe
FirewallRules: [{A80D9996-D907-4E7F-9D7B-B65558AC7EA7}] => (Allow) C:\Windows\twain_32\Samsung\SLM2070\ScanCDLM\ScanCDLM.exe
FirewallRules: [{505505DF-B511-4D70-9A6B-CFA7BEFF040B}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{22742CBC-4B86-4B7F-8E17-62DA35ED0DEC}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{651B2A1D-EE96-4845-8E20-DBBBB792B745}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Audio Recorder\ApowersoftVideoHelper.dll
FirewallRules: [{259B95E8-5A9D-451D-8230-FEE5127B0955}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Audio Recorder\ApowersoftVideoHelper.dll
FirewallRules: [{CFCE8587-4893-406F-88CB-717A8449B398}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Audio Recorder\Streaming Audio Recorder.exe
FirewallRules: [{7CDEA274-58DC-4705-8AEA-0AE77D05763E}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Audio Recorder\Streaming Audio Recorder.exe
FirewallRules: [UDP Query User{BCFD254F-4597-4A32-9F5A-878F3E4154C7}C:\program files (x86)\ratajik software\stationripper\stationripperconsole.exe] => (Allow) C:\program files (x86)\ratajik software\stationripper\stationripperconsole.exe
FirewallRules: [TCP Query User{45ECA0DC-6CDB-408D-A68A-B012F95DC6CC}C:\program files (x86)\ratajik software\stationripper\stationripperconsole.exe] => (Allow) C:\program files (x86)\ratajik software\stationripper\stationripperconsole.exe
FirewallRules: [{7A4308CD-F20B-478F-9544-3EC5E5B26955}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{70322D16-E1BE-4A88-BA1B-6FD39E701073}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D1E7AE0D-1511-4893-8406-B009B015BCB5}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{50D3D09F-1EC6-453C-ABF9-1E4471959DAB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{67667EDB-E8CC-4B3B-9626-FE27FA3002DE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{29899CFE-7598-44FB-8743-663C79121F86}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2B3D76C5-84FE-492B-941F-D71211D79B34}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FDCA076E-268A-400A-947B-347592590953}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2E2947BF-A303-41C2-9963-EF368A12D12F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3F640E22-26BA-4F5A-A5E6-46FED81542A6}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{F9A60053-769A-411A-AAD1-2D12EAADE4CB}C:\program files\java\jdk1.8.0_102\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_102\bin\java.exe
FirewallRules: [UDP Query User{953976A8-050D-4851-AFE5-137FD0B73752}C:\program files\java\jdk1.8.0_102\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_102\bin\java.exe
FirewallRules: [TCP Query User{E193D163-CA02-4719-8C9C-E513CDB9A129}C:\program files\common files\common desktop agent\cdasrv.exe] => (Block) C:\program files\common files\common desktop agent\cdasrv.exe
FirewallRules: [UDP Query User{F7F50B31-BB97-4D65-9735-929674680BDB}C:\program files\common files\common desktop agent\cdasrv.exe] => (Block) C:\program files\common files\common desktop agent\cdasrv.exe
FirewallRules: [{01238DAA-91BC-4AB8-914A-EC7087BF9B7C}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{79BEDB7C-074D-4901-9275-70A7E4F47EC0}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{B50D0377-6DC8-48F4-9893-F53FCDE42742}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

20-11-2016 12:56:54 zoek.exe restore point

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/22/2016 10:08:54 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Robert-PC)
Description: Activation of app windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/22/2016 08:59:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1141

Error: (11/22/2016 08:59:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1141

Error: (11/22/2016 08:59:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/21/2016 07:11:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2328

Error: (11/21/2016 07:11:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2328

Error: (11/21/2016 07:11:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/21/2016 07:11:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1140

Error: (11/21/2016 07:11:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1140

Error: (11/21/2016 07:11:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (11/22/2016 10:10:35 AM) (Source: DCOM) (EventID: 10010) (User: Robert-PC)
Description: The server microsoft.windows.immersivecontrolpanel did not register with DCOM within the required timeout.

Error: (11/21/2016 10:25:48 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/21/2016 10:25:48 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/21/2016 10:25:38 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/21/2016 10:25:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SAService service failed to start due to the following error:
The system cannot find the file specified.

Error: (11/21/2016 10:25:07 AM) (Source: IntelHaxm) (EventID: 10) (User: )
Description: HAXM can't work on system with VT disabled

Error: (11/21/2016 10:24:20 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Lenovo PM Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/21/2016 10:24:01 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Management and Security Application Local Management Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/21/2016 10:24:01 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Lenovo Settings Power Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/21/2016 10:24:01 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.


CodeIntegrity:
===================================
  Date: 2016-11-21 18:25:32.253
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-11-21 18:25:32.250
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-11-21 18:25:32.246
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-11-21 18:25:30.559
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-11-21 18:25:30.535
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-11-21 12:50:36.776
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-11-21 12:50:36.773
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-11-21 12:50:36.769
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-11-21 12:50:35.265
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-11-21 12:50:35.243
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i7-3632QM CPU @ 2.20GHz
Percentage of memory in use: 35%
Total physical RAM: 7757.52 MB
Available physical RAM: 5036.68 MB
Total Virtual: 9622.52 MB
Available Virtual: 6344.16 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:464.81 GB) (Free:406.17 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 967E08F5)
Partition 1: (Active) - (Size=464.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=492 MB) - (Type=27)

==================== End of Addition.txt ============================



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:55 AM

Posted 22 November 2016 - 01:32 PM


First restart the computer normally.

Then

Check the integrity of the operating system files.
How to run sfc /Scannow
http://support.microsoft.com/kb/929833
<<<>>>

When completed refer to the Microsoft article again and follow the instructions to view details of the System File Checker process

Post the contents of the sfcdetails.txt file for my review.

Let me know if the problem persists.

#11 bob3165

bob3165
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:55 AM

Posted 22 November 2016 - 02:35 PM

So far the problem seems to be gone. After running the scanner, I got the message: Windows Resource Protection Did Not Find Any Intregity Violations.

Here is the content of the SFCDetails file:

 

2016-11-22 14:08:00, Info                  CSI    00000006 [SR] Verifying 100 components
2016-11-22 14:08:00, Info                  CSI    00000007 [SR] Beginning Verify and Repair transaction
2016-11-22 14:08:08, Info                  CSI    0000006c [SR] Verify complete
2016-11-22 14:08:08, Info                  CSI    0000006d [SR] Verifying 100 components
2016-11-22 14:08:08, Info                  CSI    0000006e [SR] Beginning Verify and Repair transaction
2016-11-22 14:08:13, Info                  CSI    000000d3 [SR] Verify complete
2016-11-22 14:08:13, Info                  CSI    000000d4 [SR] Verifying 100 components
2016-11-22 14:08:13, Info                  CSI    000000d5 [SR] Beginning Verify and Repair transaction
2016-11-22 14:08:18, Info                  CSI    0000013a [SR] Verify complete
2016-11-22 14:08:18, Info                  CSI    0000013b [SR] Verifying 100 components
2016-11-22 14:08:18, Info                  CSI    0000013c [SR] Beginning Verify and Repair transaction
2016-11-22 14:08:23, Info                  CSI    000001a1 [SR] Verify complete
2016-11-22 14:08:23, Info                  CSI    000001a2 [SR] Verifying 100 components
2016-11-22 14:08:23, Info                  CSI    000001a3 [SR] Beginning Verify and Repair transaction
2016-11-22 14:08:27, Info                  CSI    00000208 [SR] Verify complete
2016-11-22 14:08:28, Info                  CSI    00000209 [SR] Verifying 100 components
2016-11-22 14:08:28, Info                  CSI    0000020a [SR] Beginning Verify and Repair transaction
2016-11-22 14:08:32, Info                  CSI    00000270 [SR] Verify complete
2016-11-22 14:08:33, Info                  CSI    00000271 [SR] Verifying 100 components
2016-11-22 14:08:33, Info                  CSI    00000272 [SR] Beginning Verify and Repair transaction
2016-11-22 14:08:37, Info                  CSI    000002d7 [SR] Verify complete
2016-11-22 14:08:37, Info                  CSI    000002d8 [SR] Verifying 100 components
2016-11-22 14:08:37, Info                  CSI    000002d9 [SR] Beginning Verify and Repair transaction
2016-11-22 14:08:40, Info                  CSI    0000033e [SR] Verify complete
2016-11-22 14:08:41, Info                  CSI    0000033f [SR] Verifying 100 components
2016-11-22 14:08:41, Info                  CSI    00000340 [SR] Beginning Verify and Repair transaction
2016-11-22 14:08:44, Info                  CSI    000003a5 [SR] Verify complete
2016-11-22 14:08:44, Info                  CSI    000003a6 [SR] Verifying 100 components
2016-11-22 14:08:44, Info                  CSI    000003a7 [SR] Beginning Verify and Repair transaction
2016-11-22 14:08:48, Info                  CSI    0000040c [SR] Verify complete
2016-11-22 14:08:48, Info                  CSI    0000040d [SR] Verifying 100 components
2016-11-22 14:08:48, Info                  CSI    0000040e [SR] Beginning Verify and Repair transaction
2016-11-22 14:09:00, Info                  CSI    00000473 [SR] Verify complete
2016-11-22 14:09:00, Info                  CSI    00000474 [SR] Verifying 100 components
2016-11-22 14:09:00, Info                  CSI    00000475 [SR] Beginning Verify and Repair transaction
2016-11-22 14:09:13, Info                  CSI    000004db [SR] Verify complete
2016-11-22 14:09:13, Info                  CSI    000004dc [SR] Verifying 100 components
2016-11-22 14:09:13, Info                  CSI    000004dd [SR] Beginning Verify and Repair transaction
2016-11-22 14:09:19, Info                  CSI    00000543 [SR] Verify complete
2016-11-22 14:09:19, Info                  CSI    00000544 [SR] Verifying 100 components
2016-11-22 14:09:19, Info                  CSI    00000545 [SR] Beginning Verify and Repair transaction
2016-11-22 14:09:26, Info                  CSI    000005ab [SR] Verify complete
2016-11-22 14:09:26, Info                  CSI    000005ac [SR] Verifying 100 components
2016-11-22 14:09:26, Info                  CSI    000005ad [SR] Beginning Verify and Repair transaction
2016-11-22 14:09:30, Info                  CSI    00000612 [SR] Verify complete
2016-11-22 14:09:30, Info                  CSI    00000613 [SR] Verifying 100 components
2016-11-22 14:09:30, Info                  CSI    00000614 [SR] Beginning Verify and Repair transaction
2016-11-22 14:09:33, Info                  CSI    00000679 [SR] Verify complete
2016-11-22 14:09:33, Info                  CSI    0000067a [SR] Verifying 100 components
2016-11-22 14:09:33, Info                  CSI    0000067b [SR] Beginning Verify and Repair transaction
2016-11-22 14:09:37, Info                  CSI    000006e0 [SR] Verify complete
2016-11-22 14:09:37, Info                  CSI    000006e1 [SR] Verifying 100 components
2016-11-22 14:09:37, Info                  CSI    000006e2 [SR] Beginning Verify and Repair transaction
2016-11-22 14:09:39, Info                  CSI    00000747 [SR] Verify complete
2016-11-22 14:09:39, Info                  CSI    00000748 [SR] Verifying 100 components
2016-11-22 14:09:39, Info                  CSI    00000749 [SR] Beginning Verify and Repair transaction
2016-11-22 14:09:41, Info                  CSI    000007ae [SR] Verify complete
2016-11-22 14:09:41, Info                  CSI    000007af [SR] Verifying 100 components
2016-11-22 14:09:41, Info                  CSI    000007b0 [SR] Beginning Verify and Repair transaction
2016-11-22 14:09:44, Info                  CSI    00000816 [SR] Verify complete
2016-11-22 14:09:44, Info                  CSI    00000817 [SR] Verifying 100 components
2016-11-22 14:09:44, Info                  CSI    00000818 [SR] Beginning Verify and Repair transaction
2016-11-22 14:09:47, Info                  CSI    0000087d [SR] Verify complete
2016-11-22 14:09:47, Info                  CSI    0000087e [SR] Verifying 100 components
2016-11-22 14:09:47, Info                  CSI    0000087f [SR] Beginning Verify and Repair transaction
2016-11-22 14:09:51, Info                  CSI    000008e4 [SR] Verify complete
2016-11-22 14:09:51, Info                  CSI    000008e5 [SR] Verifying 100 components
2016-11-22 14:09:51, Info                  CSI    000008e6 [SR] Beginning Verify and Repair transaction
2016-11-22 14:09:57, Info                  CSI    0000094b [SR] Verify complete
2016-11-22 14:09:57, Info                  CSI    0000094c [SR] Verifying 100 components
2016-11-22 14:09:57, Info                  CSI    0000094d [SR] Beginning Verify and Repair transaction
2016-11-22 14:10:01, Info                  CSI    000009b2 [SR] Verify complete
2016-11-22 14:10:01, Info                  CSI    000009b3 [SR] Verifying 100 components
2016-11-22 14:10:01, Info                  CSI    000009b4 [SR] Beginning Verify and Repair transaction
2016-11-22 14:10:04, Info                  CSI    00000a19 [SR] Verify complete
2016-11-22 14:10:04, Info                  CSI    00000a1a [SR] Verifying 100 components
2016-11-22 14:10:04, Info                  CSI    00000a1b [SR] Beginning Verify and Repair transaction
2016-11-22 14:10:07, Info                  CSI    00000a80 [SR] Verify complete
2016-11-22 14:10:07, Info                  CSI    00000a81 [SR] Verifying 100 components
2016-11-22 14:10:07, Info                  CSI    00000a82 [SR] Beginning Verify and Repair transaction
2016-11-22 14:10:11, Info                  CSI    00000ae7 [SR] Verify complete
2016-11-22 14:10:11, Info                  CSI    00000ae8 [SR] Verifying 100 components
2016-11-22 14:10:11, Info                  CSI    00000ae9 [SR] Beginning Verify and Repair transaction
2016-11-22 14:10:13, Info                  CSI    00000b4e [SR] Verify complete
2016-11-22 14:10:13, Info                  CSI    00000b4f [SR] Verifying 100 components
2016-11-22 14:10:13, Info                  CSI    00000b50 [SR] Beginning Verify and Repair transaction
2016-11-22 14:10:15, Info                  CSI    00000bb5 [SR] Verify complete
2016-11-22 14:10:15, Info                  CSI    00000bb6 [SR] Verifying 100 components
2016-11-22 14:10:15, Info                  CSI    00000bb7 [SR] Beginning Verify and Repair transaction
2016-11-22 14:10:18, Info                  CSI    00000c1c [SR] Verify complete
2016-11-22 14:10:18, Info                  CSI    00000c1d [SR] Verifying 100 components
2016-11-22 14:10:18, Info                  CSI    00000c1e [SR] Beginning Verify and Repair transaction
2016-11-22 14:10:22, Info                  CSI    00000c87 [SR] Verify complete
2016-11-22 14:10:22, Info                  CSI    00000c88 [SR] Verifying 100 components
2016-11-22 14:10:22, Info                  CSI    00000c89 [SR] Beginning Verify and Repair transaction
2016-11-22 14:10:24, Info                  CSI    00000cee [SR] Verify complete
2016-11-22 14:10:24, Info                  CSI    00000cef [SR] Verifying 100 components
2016-11-22 14:10:24, Info                  CSI    00000cf0 [SR] Beginning Verify and Repair transaction
2016-11-22 14:10:26, Info                  CSI    00000d55 [SR] Verify complete
2016-11-22 14:10:26, Info                  CSI    00000d56 [SR] Verifying 100 components
2016-11-22 14:10:26, Info                  CSI    00000d57 [SR] Beginning Verify and Repair transaction
2016-11-22 14:10:28, Info                  CSI    00000dbc [SR] Verify complete
2016-11-22 14:10:28, Info                  CSI    00000dbd [SR] Verifying 100 components
2016-11-22 14:10:28, Info                  CSI    00000dbe [SR] Beginning Verify and Repair transaction
2016-11-22 14:10:29, Info                  CSI    00000e2a [SR] Verify complete
2016-11-22 14:10:29, Info                  CSI    00000e2b [SR] Verifying 100 components
2016-11-22 14:10:29, Info                  CSI    00000e2c [SR] Beginning Verify and Repair transaction
2016-11-22 14:10:31, Info                  CSI    00000e92 [SR] Verify complete
2016-11-22 14:10:31, Info                  CSI    00000e93 [SR] Verifying 100 components
2016-11-22 14:10:31, Info                  CSI    00000e94 [SR] Beginning Verify and Repair transaction
2016-11-22 14:10:35, Info                  CSI    00000efc [SR] Verify complete
2016-11-22 14:10:35, Info                  CSI    00000efd [SR] Verifying 100 components
2016-11-22 14:10:35, Info                  CSI    00000efe [SR] Beginning Verify and Repair transaction
2016-11-22 14:10:42, Info                  CSI    00000f7f [SR] Verify complete
2016-11-22 14:10:42, Info                  CSI    00000f80 [SR] Verifying 100 components
2016-11-22 14:10:42, Info                  CSI    00000f81 [SR] Beginning Verify and Repair transaction
2016-11-22 14:10:48, Info                  CSI    00000fee [SR] Verify complete
2016-11-22 14:10:48, Info                  CSI    00000fef [SR] Verifying 100 components
2016-11-22 14:10:48, Info                  CSI    00000ff0 [SR] Beginning Verify and Repair transaction
2016-11-22 14:10:54, Info                  CSI    00001059 [SR] Verify complete
2016-11-22 14:10:54, Info                  CSI    0000105a [SR] Verifying 100 components
2016-11-22 14:10:54, Info                  CSI    0000105b [SR] Beginning Verify and Repair transaction
2016-11-22 14:10:59, Info                  CSI    000010c1 [SR] Verify complete
2016-11-22 14:10:59, Info                  CSI    000010c2 [SR] Verifying 100 components
2016-11-22 14:10:59, Info                  CSI    000010c3 [SR] Beginning Verify and Repair transaction
2016-11-22 14:11:03, Info                  CSI    00001134 [SR] Verify complete
2016-11-22 14:11:03, Info                  CSI    00001135 [SR] Verifying 100 components
2016-11-22 14:11:03, Info                  CSI    00001136 [SR] Beginning Verify and Repair transaction
2016-11-22 14:11:07, Info                  CSI    000011e5 [SR] Verify complete
2016-11-22 14:11:07, Info                  CSI    000011e6 [SR] Verifying 100 components
2016-11-22 14:11:07, Info                  CSI    000011e7 [SR] Beginning Verify and Repair transaction
2016-11-22 14:11:14, Info                  CSI    00001274 [SR] Verify complete
2016-11-22 14:11:14, Info                  CSI    00001275 [SR] Verifying 100 components
2016-11-22 14:11:14, Info                  CSI    00001276 [SR] Beginning Verify and Repair transaction
2016-11-22 14:11:20, Info                  CSI    000012dd [SR] Verify complete
2016-11-22 14:11:20, Info                  CSI    000012de [SR] Verifying 100 components
2016-11-22 14:11:20, Info                  CSI    000012df [SR] Beginning Verify and Repair transaction
2016-11-22 14:11:25, Info                  CSI    00001348 [SR] Verify complete
2016-11-22 14:11:25, Info                  CSI    00001349 [SR] Verifying 100 components
2016-11-22 14:11:25, Info                  CSI    0000134a [SR] Beginning Verify and Repair transaction
2016-11-22 14:11:27, Info                  CSI    000013af [SR] Verify complete
2016-11-22 14:11:27, Info                  CSI    000013b0 [SR] Verifying 100 components
2016-11-22 14:11:27, Info                  CSI    000013b1 [SR] Beginning Verify and Repair transaction
2016-11-22 14:11:40, Info                  CSI    0000141a [SR] Verify complete
2016-11-22 14:11:41, Info                  CSI    0000141b [SR] Verifying 100 components
2016-11-22 14:11:41, Info                  CSI    0000141c [SR] Beginning Verify and Repair transaction
2016-11-22 14:11:50, Info                  CSI    0000149a [SR] Verify complete
2016-11-22 14:11:50, Info                  CSI    0000149b [SR] Verifying 100 components
2016-11-22 14:11:50, Info                  CSI    0000149c [SR] Beginning Verify and Repair transaction
2016-11-22 14:11:56, Info                  CSI    00001510 [SR] Verify complete
2016-11-22 14:11:57, Info                  CSI    00001511 [SR] Verifying 100 components
2016-11-22 14:11:57, Info                  CSI    00001512 [SR] Beginning Verify and Repair transaction
2016-11-22 14:12:05, Info                  CSI    000015a4 [SR] Verify complete
2016-11-22 14:12:05, Info                  CSI    000015a5 [SR] Verifying 100 components
2016-11-22 14:12:05, Info                  CSI    000015a6 [SR] Beginning Verify and Repair transaction
2016-11-22 14:12:11, Info                  CSI    00001616 [SR] Verify complete
2016-11-22 14:12:11, Info                  CSI    00001617 [SR] Verifying 100 components
2016-11-22 14:12:11, Info                  CSI    00001618 [SR] Beginning Verify and Repair transaction
2016-11-22 14:12:18, Info                  CSI    00001686 [SR] Verify complete
2016-11-22 14:12:18, Info                  CSI    00001687 [SR] Verifying 100 components
2016-11-22 14:12:18, Info                  CSI    00001688 [SR] Beginning Verify and Repair transaction
2016-11-22 14:12:24, Info                  CSI    000016fa [SR] Verify complete
2016-11-22 14:12:24, Info                  CSI    000016fb [SR] Verifying 100 components
2016-11-22 14:12:24, Info                  CSI    000016fc [SR] Beginning Verify and Repair transaction
2016-11-22 14:12:28, Info                  CSI    00001771 [SR] Verify complete
2016-11-22 14:12:28, Info                  CSI    00001772 [SR] Verifying 100 components
2016-11-22 14:12:28, Info                  CSI    00001773 [SR] Beginning Verify and Repair transaction
2016-11-22 14:12:33, Info                  CSI    000017db [SR] Verify complete
2016-11-22 14:12:34, Info                  CSI    000017dc [SR] Verifying 100 components
2016-11-22 14:12:34, Info                  CSI    000017dd [SR] Beginning Verify and Repair transaction
2016-11-22 14:12:41, Info                  CSI    00001845 [SR] Verify complete
2016-11-22 14:12:41, Info                  CSI    00001846 [SR] Verifying 100 components
2016-11-22 14:12:41, Info                  CSI    00001847 [SR] Beginning Verify and Repair transaction
2016-11-22 14:12:46, Info                  CSI    000018ae [SR] Verify complete
2016-11-22 14:12:47, Info                  CSI    000018af [SR] Verifying 100 components
2016-11-22 14:12:47, Info                  CSI    000018b0 [SR] Beginning Verify and Repair transaction
2016-11-22 14:12:52, Info                  CSI    0000191d [SR] Verify complete
2016-11-22 14:12:52, Info                  CSI    0000191e [SR] Verifying 100 components
2016-11-22 14:12:52, Info                  CSI    0000191f [SR] Beginning Verify and Repair transaction
2016-11-22 14:12:58, Info                  CSI    000019a9 [SR] Verify complete
2016-11-22 14:12:58, Info                  CSI    000019aa [SR] Verifying 100 components
2016-11-22 14:12:58, Info                  CSI    000019ab [SR] Beginning Verify and Repair transaction
2016-11-22 14:13:06, Info                  CSI    00001a2f [SR] Verify complete
2016-11-22 14:13:06, Info                  CSI    00001a30 [SR] Verifying 100 components
2016-11-22 14:13:06, Info                  CSI    00001a31 [SR] Beginning Verify and Repair transaction
2016-11-22 14:13:17, Info                  CSI    00001ad4 [SR] Verify complete
2016-11-22 14:13:17, Info                  CSI    00001ad5 [SR] Verifying 100 components
2016-11-22 14:13:17, Info                  CSI    00001ad6 [SR] Beginning Verify and Repair transaction
2016-11-22 14:13:25, Info                  CSI    00001b40 [SR] Verify complete
2016-11-22 14:13:25, Info                  CSI    00001b41 [SR] Verifying 100 components
2016-11-22 14:13:25, Info                  CSI    00001b42 [SR] Beginning Verify and Repair transaction
2016-11-22 14:13:29, Info                  CSI    00001bad [SR] Verify complete
2016-11-22 14:13:29, Info                  CSI    00001bae [SR] Verifying 100 components
2016-11-22 14:13:29, Info                  CSI    00001baf [SR] Beginning Verify and Repair transaction
2016-11-22 14:13:36, Info                  CSI    00001c26 [SR] Verify complete
2016-11-22 14:13:36, Info                  CSI    00001c27 [SR] Verifying 100 components
2016-11-22 14:13:36, Info                  CSI    00001c28 [SR] Beginning Verify and Repair transaction
2016-11-22 14:13:42, Info                  CSI    00001c99 [SR] Verify complete
2016-11-22 14:13:42, Info                  CSI    00001c9a [SR] Verifying 100 components
2016-11-22 14:13:42, Info                  CSI    00001c9b [SR] Beginning Verify and Repair transaction
2016-11-22 14:13:45, Info                  CSI    00001d00 [SR] Verify complete
2016-11-22 14:13:45, Info                  CSI    00001d01 [SR] Verifying 100 components
2016-11-22 14:13:45, Info                  CSI    00001d02 [SR] Beginning Verify and Repair transaction
2016-11-22 14:13:50, Info                  CSI    00001d73 [SR] Verify complete
2016-11-22 14:13:50, Info                  CSI    00001d74 [SR] Verifying 100 components
2016-11-22 14:13:50, Info                  CSI    00001d75 [SR] Beginning Verify and Repair transaction
2016-11-22 14:13:55, Info                  CSI    00001dde [SR] Verify complete
2016-11-22 14:13:55, Info                  CSI    00001ddf [SR] Verifying 100 components
2016-11-22 14:13:55, Info                  CSI    00001de0 [SR] Beginning Verify and Repair transaction
2016-11-22 14:14:03, Info                  CSI    00001e55 [SR] Verify complete
2016-11-22 14:14:03, Info                  CSI    00001e56 [SR] Verifying 100 components
2016-11-22 14:14:03, Info                  CSI    00001e57 [SR] Beginning Verify and Repair transaction
2016-11-22 14:14:09, Info                  CSI    00001ecc [SR] Verify complete
2016-11-22 14:14:10, Info                  CSI    00001ecd [SR] Verifying 100 components
2016-11-22 14:14:10, Info                  CSI    00001ece [SR] Beginning Verify and Repair transaction
2016-11-22 14:14:13, Info                  CSI    00001f3b [SR] Verify complete
2016-11-22 14:14:13, Info                  CSI    00001f3c [SR] Verifying 100 components
2016-11-22 14:14:13, Info                  CSI    00001f3d [SR] Beginning Verify and Repair transaction
2016-11-22 14:14:18, Info                  CSI    00001fbb [SR] Verify complete
2016-11-22 14:14:19, Info                  CSI    00001fbc [SR] Verifying 100 components
2016-11-22 14:14:19, Info                  CSI    00001fbd [SR] Beginning Verify and Repair transaction
2016-11-22 14:14:24, Info                  CSI    00002027 [SR] Verify complete
2016-11-22 14:14:25, Info                  CSI    00002028 [SR] Verifying 100 components
2016-11-22 14:14:25, Info                  CSI    00002029 [SR] Beginning Verify and Repair transaction
2016-11-22 14:14:32, Info                  CSI    00002093 [SR] Verify complete
2016-11-22 14:14:32, Info                  CSI    00002094 [SR] Verifying 100 components
2016-11-22 14:14:32, Info                  CSI    00002095 [SR] Beginning Verify and Repair transaction
2016-11-22 14:14:36, Info                  CSI    000020fd [SR] Verify complete
2016-11-22 14:14:36, Info                  CSI    000020fe [SR] Verifying 100 components
2016-11-22 14:14:36, Info                  CSI    000020ff [SR] Beginning Verify and Repair transaction
2016-11-22 14:14:40, Info                  CSI    00002166 [SR] Verify complete
2016-11-22 14:14:40, Info                  CSI    00002167 [SR] Verifying 100 components
2016-11-22 14:14:40, Info                  CSI    00002168 [SR] Beginning Verify and Repair transaction
2016-11-22 14:14:47, Info                  CSI    000021d4 [SR] Verify complete
2016-11-22 14:14:47, Info                  CSI    000021d5 [SR] Verifying 100 components
2016-11-22 14:14:47, Info                  CSI    000021d6 [SR] Beginning Verify and Repair transaction
2016-11-22 14:14:59, Info                  CSI    00002260 [SR] Verify complete
2016-11-22 14:14:59, Info                  CSI    00002261 [SR] Verifying 100 components
2016-11-22 14:14:59, Info                  CSI    00002262 [SR] Beginning Verify and Repair transaction
2016-11-22 14:15:03, Info                  CSI    000022cf [SR] Verify complete
2016-11-22 14:15:03, Info                  CSI    000022d0 [SR] Verifying 100 components
2016-11-22 14:15:03, Info                  CSI    000022d1 [SR] Beginning Verify and Repair transaction
2016-11-22 14:15:06, Info                  CSI    00002339 [SR] Verify complete
2016-11-22 14:15:06, Info                  CSI    0000233a [SR] Verifying 100 components
2016-11-22 14:15:06, Info                  CSI    0000233b [SR] Beginning Verify and Repair transaction
2016-11-22 14:15:08, Info                  CSI    000023a2 [SR] Verify complete
2016-11-22 14:15:08, Info                  CSI    000023a3 [SR] Verifying 100 components
2016-11-22 14:15:08, Info                  CSI    000023a4 [SR] Beginning Verify and Repair transaction
2016-11-22 14:15:14, Info                  CSI    0000243e [SR] Verify complete
2016-11-22 14:15:14, Info                  CSI    0000243f [SR] Verifying 100 components
2016-11-22 14:15:14, Info                  CSI    00002440 [SR] Beginning Verify and Repair transaction
2016-11-22 14:15:18, Info                  CSI    000024a9 [SR] Verify complete
2016-11-22 14:15:18, Info                  CSI    000024aa [SR] Verifying 100 components
2016-11-22 14:15:18, Info                  CSI    000024ab [SR] Beginning Verify and Repair transaction
2016-11-22 14:15:21, Info                  CSI    00002510 [SR] Verify complete
2016-11-22 14:15:21, Info                  CSI    00002511 [SR] Verifying 100 components
2016-11-22 14:15:21, Info                  CSI    00002512 [SR] Beginning Verify and Repair transaction
2016-11-22 14:15:25, Info                  CSI    00002587 [SR] Verify complete
2016-11-22 14:15:25, Info                  CSI    00002588 [SR] Verifying 100 components
2016-11-22 14:15:25, Info                  CSI    00002589 [SR] Beginning Verify and Repair transaction
2016-11-22 14:15:29, Info                  CSI    000025ff [SR] Verify complete
2016-11-22 14:15:29, Info                  CSI    00002600 [SR] Verifying 100 components
2016-11-22 14:15:29, Info                  CSI    00002601 [SR] Beginning Verify and Repair transaction
2016-11-22 14:15:32, Info                  CSI    0000266b [SR] Verify complete
2016-11-22 14:15:32, Info                  CSI    0000266c [SR] Verifying 100 components
2016-11-22 14:15:32, Info                  CSI    0000266d [SR] Beginning Verify and Repair transaction
2016-11-22 14:15:38, Info                  CSI    000026ef [SR] Verify complete
2016-11-22 14:15:38, Info                  CSI    000026f0 [SR] Verifying 100 components
2016-11-22 14:15:38, Info                  CSI    000026f1 [SR] Beginning Verify and Repair transaction
2016-11-22 14:15:45, Info                  CSI    00002787 [SR] Verify complete
2016-11-22 14:15:45, Info                  CSI    00002788 [SR] Verifying 100 components
2016-11-22 14:15:45, Info                  CSI    00002789 [SR] Beginning Verify and Repair transaction
2016-11-22 14:15:49, Info                  CSI    000027f3 [SR] Verify complete
2016-11-22 14:15:49, Info                  CSI    000027f4 [SR] Verifying 100 components
2016-11-22 14:15:49, Info                  CSI    000027f5 [SR] Beginning Verify and Repair transaction
2016-11-22 14:15:52, Info                  CSI    0000285a [SR] Verify complete
2016-11-22 14:15:52, Info                  CSI    0000285b [SR] Verifying 100 components
2016-11-22 14:15:52, Info                  CSI    0000285c [SR] Beginning Verify and Repair transaction
2016-11-22 14:15:55, Info                  CSI    000028c3 [SR] Verify complete
2016-11-22 14:15:55, Info                  CSI    000028c4 [SR] Verifying 100 components
2016-11-22 14:15:55, Info                  CSI    000028c5 [SR] Beginning Verify and Repair transaction
2016-11-22 14:15:59, Info                  CSI    00002936 [SR] Verify complete
2016-11-22 14:15:59, Info                  CSI    00002937 [SR] Verifying 100 components
2016-11-22 14:15:59, Info                  CSI    00002938 [SR] Beginning Verify and Repair transaction
2016-11-22 14:16:04, Info                  CSI    000029a6 [SR] Verify complete
2016-11-22 14:16:04, Info                  CSI    000029a7 [SR] Verifying 100 components
2016-11-22 14:16:04, Info                  CSI    000029a8 [SR] Beginning Verify and Repair transaction
2016-11-22 14:16:11, Info                  CSI    00002a0f [SR] Verify complete
2016-11-22 14:16:11, Info                  CSI    00002a10 [SR] Verifying 100 components
2016-11-22 14:16:11, Info                  CSI    00002a11 [SR] Beginning Verify and Repair transaction
2016-11-22 14:16:14, Info                  CSI    00002a76 [SR] Verify complete
2016-11-22 14:16:14, Info                  CSI    00002a77 [SR] Verifying 100 components
2016-11-22 14:16:14, Info                  CSI    00002a78 [SR] Beginning Verify and Repair transaction
2016-11-22 14:16:23, Info                  CSI    00002aea [SR] Verify complete
2016-11-22 14:16:24, Info                  CSI    00002aeb [SR] Verifying 100 components
2016-11-22 14:16:24, Info                  CSI    00002aec [SR] Beginning Verify and Repair transaction
2016-11-22 14:16:28, Info                  CSI    00002b5a [SR] Verify complete
2016-11-22 14:16:28, Info                  CSI    00002b5b [SR] Verifying 100 components
2016-11-22 14:16:28, Info                  CSI    00002b5c [SR] Beginning Verify and Repair transaction
2016-11-22 14:16:32, Info                  CSI    00002bc3 [SR] Verify complete
2016-11-22 14:16:32, Info                  CSI    00002bc4 [SR] Verifying 100 components
2016-11-22 14:16:32, Info                  CSI    00002bc5 [SR] Beginning Verify and Repair transaction
2016-11-22 14:16:40, Info                  CSI    00002c62 [SR] Verify complete
2016-11-22 14:16:40, Info                  CSI    00002c63 [SR] Verifying 100 components
2016-11-22 14:16:40, Info                  CSI    00002c64 [SR] Beginning Verify and Repair transaction
2016-11-22 14:16:49, Info                  CSI    00002cda [SR] Verify complete
2016-11-22 14:16:49, Info                  CSI    00002cdb [SR] Verifying 100 components
2016-11-22 14:16:49, Info                  CSI    00002cdc [SR] Beginning Verify and Repair transaction
2016-11-22 14:16:54, Info                  CSI    00002d43 [SR] Verify complete
2016-11-22 14:16:54, Info                  CSI    00002d44 [SR] Verifying 100 components
2016-11-22 14:16:54, Info                  CSI    00002d45 [SR] Beginning Verify and Repair transaction
2016-11-22 14:16:59, Info                  CSI    00002dba [SR] Verify complete
2016-11-22 14:16:59, Info                  CSI    00002dbb [SR] Verifying 100 components
2016-11-22 14:16:59, Info                  CSI    00002dbc [SR] Beginning Verify and Repair transaction
2016-11-22 14:17:03, Info                  CSI    00002e23 [SR] Verify complete
2016-11-22 14:17:03, Info                  CSI    00002e24 [SR] Verifying 100 components
2016-11-22 14:17:03, Info                  CSI    00002e25 [SR] Beginning Verify and Repair transaction
2016-11-22 14:17:10, Info                  CSI    00002e90 [SR] Verify complete
2016-11-22 14:17:10, Info                  CSI    00002e91 [SR] Verifying 100 components
2016-11-22 14:17:10, Info                  CSI    00002e92 [SR] Beginning Verify and Repair transaction
2016-11-22 14:17:15, Info                  CSI    00002ef9 [SR] Verify complete
2016-11-22 14:17:15, Info                  CSI    00002efa [SR] Verifying 100 components
2016-11-22 14:17:15, Info                  CSI    00002efb [SR] Beginning Verify and Repair transaction
2016-11-22 14:17:19, Info                  CSI    00002f66 [SR] Verify complete
2016-11-22 14:17:19, Info                  CSI    00002f67 [SR] Verifying 100 components
2016-11-22 14:17:19, Info                  CSI    00002f68 [SR] Beginning Verify and Repair transaction
2016-11-22 14:17:25, Info                  CSI    00002fdc [SR] Verify complete
2016-11-22 14:17:25, Info                  CSI    00002fdd [SR] Verifying 100 components
2016-11-22 14:17:25, Info                  CSI    00002fde [SR] Beginning Verify and Repair transaction
2016-11-22 14:17:29, Info                  CSI    00003050 [SR] Verify complete
2016-11-22 14:17:29, Info                  CSI    00003051 [SR] Verifying 100 components
2016-11-22 14:17:29, Info                  CSI    00003052 [SR] Beginning Verify and Repair transaction
2016-11-22 14:17:34, Info                  CSI    000030bf [SR] Verify complete
2016-11-22 14:17:34, Info                  CSI    000030c0 [SR] Verifying 100 components
2016-11-22 14:17:34, Info                  CSI    000030c1 [SR] Beginning Verify and Repair transaction
2016-11-22 14:17:37, Info                  CSI    0000312d [SR] Verify complete
2016-11-22 14:17:37, Info                  CSI    0000312e [SR] Verifying 100 components
2016-11-22 14:17:37, Info                  CSI    0000312f [SR] Beginning Verify and Repair transaction
2016-11-22 14:17:41, Info                  CSI    000031a2 [SR] Verify complete
2016-11-22 14:17:41, Info                  CSI    000031a3 [SR] Verifying 100 components
2016-11-22 14:17:41, Info                  CSI    000031a4 [SR] Beginning Verify and Repair transaction
2016-11-22 14:17:46, Info                  CSI    0000320a [SR] Verify complete
2016-11-22 14:17:46, Info                  CSI    0000320b [SR] Verifying 100 components
2016-11-22 14:17:46, Info                  CSI    0000320c [SR] Beginning Verify and Repair transaction
2016-11-22 14:17:52, Info                  CSI    00003273 [SR] Verify complete
2016-11-22 14:17:52, Info                  CSI    00003274 [SR] Verifying 100 components
2016-11-22 14:17:52, Info                  CSI    00003275 [SR] Beginning Verify and Repair transaction
2016-11-22 14:17:57, Info                  CSI    000032e4 [SR] Verify complete
2016-11-22 14:17:58, Info                  CSI    000032e5 [SR] Verifying 100 components
2016-11-22 14:17:58, Info                  CSI    000032e6 [SR] Beginning Verify and Repair transaction
2016-11-22 14:18:08, Info                  CSI    000033d1 [SR] Verify complete
2016-11-22 14:18:08, Info                  CSI    000033d2 [SR] Verifying 100 components
2016-11-22 14:18:08, Info                  CSI    000033d3 [SR] Beginning Verify and Repair transaction
2016-11-22 14:18:13, Info                  CSI    0000343a [SR] Verify complete
2016-11-22 14:18:13, Info                  CSI    0000343b [SR] Verifying 100 components
2016-11-22 14:18:13, Info                  CSI    0000343c [SR] Beginning Verify and Repair transaction
2016-11-22 14:18:20, Info                  CSI    000034b6 [SR] Verify complete
2016-11-22 14:18:20, Info                  CSI    000034b7 [SR] Verifying 100 components
2016-11-22 14:18:20, Info                  CSI    000034b8 [SR] Beginning Verify and Repair transaction
2016-11-22 14:18:22, Info                  CSI    0000351d [SR] Verify complete
2016-11-22 14:18:23, Info                  CSI    0000351e [SR] Verifying 100 components
2016-11-22 14:18:23, Info                  CSI    0000351f [SR] Beginning Verify and Repair transaction
2016-11-22 14:18:28, Info                  CSI    00003584 [SR] Verify complete
2016-11-22 14:18:28, Info                  CSI    00003585 [SR] Verifying 100 components
2016-11-22 14:18:28, Info                  CSI    00003586 [SR] Beginning Verify and Repair transaction
2016-11-22 14:18:34, Info                  CSI    000035ec [SR] Verify complete
2016-11-22 14:18:34, Info                  CSI    000035ed [SR] Verifying 100 components
2016-11-22 14:18:34, Info                  CSI    000035ee [SR] Beginning Verify and Repair transaction
2016-11-22 14:18:39, Info                  CSI    00003654 [SR] Verify complete
2016-11-22 14:18:39, Info                  CSI    00003655 [SR] Verifying 100 components
2016-11-22 14:18:39, Info                  CSI    00003656 [SR] Beginning Verify and Repair transaction
2016-11-22 14:18:45, Info                  CSI    000036bb [SR] Verify complete
2016-11-22 14:18:45, Info                  CSI    000036bc [SR] Verifying 100 components
2016-11-22 14:18:45, Info                  CSI    000036bd [SR] Beginning Verify and Repair transaction
2016-11-22 14:18:48, Info                  CSI    00003722 [SR] Verify complete
2016-11-22 14:18:48, Info                  CSI    00003723 [SR] Verifying 100 components
2016-11-22 14:18:48, Info                  CSI    00003724 [SR] Beginning Verify and Repair transaction
2016-11-22 14:18:51, Info                  CSI    0000378a [SR] Verify complete
2016-11-22 14:18:51, Info                  CSI    0000378b [SR] Verifying 100 components
2016-11-22 14:18:51, Info                  CSI    0000378c [SR] Beginning Verify and Repair transaction
2016-11-22 14:18:54, Info                  CSI    000037f1 [SR] Verify complete
2016-11-22 14:18:54, Info                  CSI    000037f2 [SR] Verifying 100 components
2016-11-22 14:18:54, Info                  CSI    000037f3 [SR] Beginning Verify and Repair transaction
2016-11-22 14:18:57, Info                  CSI    00003858 [SR] Verify complete
2016-11-22 14:18:57, Info                  CSI    00003859 [SR] Verifying 100 components
2016-11-22 14:18:57, Info                  CSI    0000385a [SR] Beginning Verify and Repair transaction
2016-11-22 14:19:01, Info                  CSI    000038c0 [SR] Verify complete
2016-11-22 14:19:01, Info                  CSI    000038c1 [SR] Verifying 100 components
2016-11-22 14:19:01, Info                  CSI    000038c2 [SR] Beginning Verify and Repair transaction
2016-11-22 14:19:05, Info                  CSI    0000394d [SR] Verify complete
2016-11-22 14:19:05, Info                  CSI    0000394e [SR] Verifying 100 components
2016-11-22 14:19:05, Info                  CSI    0000394f [SR] Beginning Verify and Repair transaction
2016-11-22 14:19:08, Info                  CSI    000039b4 [SR] Verify complete
2016-11-22 14:19:08, Info                  CSI    000039b5 [SR] Verifying 100 components
2016-11-22 14:19:08, Info                  CSI    000039b6 [SR] Beginning Verify and Repair transaction
2016-11-22 14:19:15, Info                  CSI    00003a1e [SR] Verify complete
2016-11-22 14:19:15, Info                  CSI    00003a1f [SR] Verifying 100 components
2016-11-22 14:19:15, Info                  CSI    00003a20 [SR] Beginning Verify and Repair transaction
2016-11-22 14:19:27, Info                  CSI    00003a85 [SR] Verify complete
2016-11-22 14:19:27, Info                  CSI    00003a86 [SR] Verifying 100 components
2016-11-22 14:19:27, Info                  CSI    00003a87 [SR] Beginning Verify and Repair transaction
2016-11-22 14:19:33, Info                  CSI    00003aec [SR] Verify complete
2016-11-22 14:19:33, Info                  CSI    00003aed [SR] Verifying 100 components
2016-11-22 14:19:33, Info                  CSI    00003aee [SR] Beginning Verify and Repair transaction
2016-11-22 14:19:37, Info                  CSI    00003b54 [SR] Verify complete
2016-11-22 14:19:38, Info                  CSI    00003b55 [SR] Verifying 100 components
2016-11-22 14:19:38, Info                  CSI    00003b56 [SR] Beginning Verify and Repair transaction
2016-11-22 14:19:40, Info                  CSI    00003bbb [SR] Verify complete
2016-11-22 14:19:40, Info                  CSI    00003bbc [SR] Verifying 100 components
2016-11-22 14:19:40, Info                  CSI    00003bbd [SR] Beginning Verify and Repair transaction
2016-11-22 14:19:47, Info                  CSI    00003c22 [SR] Verify complete
2016-11-22 14:19:47, Info                  CSI    00003c23 [SR] Verifying 100 components
2016-11-22 14:19:47, Info                  CSI    00003c24 [SR] Beginning Verify and Repair transaction
2016-11-22 14:19:54, Info                  CSI    00003c8c [SR] Verify complete
2016-11-22 14:19:54, Info                  CSI    00003c8d [SR] Verifying 100 components
2016-11-22 14:19:54, Info                  CSI    00003c8e [SR] Beginning Verify and Repair transaction
2016-11-22 14:20:00, Info                  CSI    00003cf9 [SR] Verify complete
2016-11-22 14:20:00, Info                  CSI    00003cfa [SR] Verifying 100 components
2016-11-22 14:20:00, Info                  CSI    00003cfb [SR] Beginning Verify and Repair transaction
2016-11-22 14:20:03, Info                  CSI    00003d60 [SR] Verify complete
2016-11-22 14:20:03, Info                  CSI    00003d61 [SR] Verifying 100 components
2016-11-22 14:20:03, Info                  CSI    00003d62 [SR] Beginning Verify and Repair transaction
2016-11-22 14:20:07, Info                  CSI    00003dc9 [SR] Verify complete
2016-11-22 14:20:07, Info                  CSI    00003dca [SR] Verifying 100 components
2016-11-22 14:20:07, Info                  CSI    00003dcb [SR] Beginning Verify and Repair transaction
2016-11-22 14:20:12, Info                  CSI    00003e40 [SR] Verify complete
2016-11-22 14:20:12, Info                  CSI    00003e41 [SR] Verifying 100 components
2016-11-22 14:20:12, Info                  CSI    00003e42 [SR] Beginning Verify and Repair transaction
2016-11-22 14:20:15, Info                  CSI    00003ea7 [SR] Verify complete
2016-11-22 14:20:16, Info                  CSI    00003ea8 [SR] Verifying 100 components
2016-11-22 14:20:16, Info                  CSI    00003ea9 [SR] Beginning Verify and Repair transaction
2016-11-22 14:20:19, Info                  CSI    00003f0e [SR] Verify complete
2016-11-22 14:20:19, Info                  CSI    00003f0f [SR] Verifying 100 components
2016-11-22 14:20:19, Info                  CSI    00003f10 [SR] Beginning Verify and Repair transaction
2016-11-22 14:20:21, Info                  CSI    00003f75 [SR] Verify complete
2016-11-22 14:20:22, Info                  CSI    00003f76 [SR] Verifying 100 components
2016-11-22 14:20:22, Info                  CSI    00003f77 [SR] Beginning Verify and Repair transaction
2016-11-22 14:20:25, Info                  CSI    00003fdc [SR] Verify complete
2016-11-22 14:20:25, Info                  CSI    00003fdd [SR] Verifying 100 components
2016-11-22 14:20:25, Info                  CSI    00003fde [SR] Beginning Verify and Repair transaction
2016-11-22 14:20:30, Info                  CSI    00004044 [SR] Verify complete
2016-11-22 14:20:30, Info                  CSI    00004045 [SR] Verifying 100 components
2016-11-22 14:20:30, Info                  CSI    00004046 [SR] Beginning Verify and Repair transaction
2016-11-22 14:20:36, Info                  CSI    000040ba [SR] Verify complete
2016-11-22 14:20:36, Info                  CSI    000040bb [SR] Verifying 100 components
2016-11-22 14:20:36, Info                  CSI    000040bc [SR] Beginning Verify and Repair transaction
2016-11-22 14:20:40, Info                  CSI    00004127 [SR] Verify complete
2016-11-22 14:20:40, Info                  CSI    00004128 [SR] Verifying 100 components
2016-11-22 14:20:40, Info                  CSI    00004129 [SR] Beginning Verify and Repair transaction
2016-11-22 14:20:45, Info                  CSI    0000419d [SR] Verify complete
2016-11-22 14:20:45, Info                  CSI    0000419e [SR] Verifying 100 components
2016-11-22 14:20:45, Info                  CSI    0000419f [SR] Beginning Verify and Repair transaction
2016-11-22 14:20:50, Info                  CSI    0000420d [SR] Verify complete
2016-11-22 14:20:50, Info                  CSI    0000420e [SR] Verifying 100 components
2016-11-22 14:20:50, Info                  CSI    0000420f [SR] Beginning Verify and Repair transaction
2016-11-22 14:20:57, Info                  CSI    0000427d [SR] Verify complete
2016-11-22 14:20:57, Info                  CSI    0000427e [SR] Verifying 100 components
2016-11-22 14:20:57, Info                  CSI    0000427f [SR] Beginning Verify and Repair transaction
2016-11-22 14:21:03, Info                  CSI    000042f4 [SR] Verify complete
2016-11-22 14:21:03, Info                  CSI    000042f5 [SR] Verifying 100 components
2016-11-22 14:21:03, Info                  CSI    000042f6 [SR] Beginning Verify and Repair transaction
2016-11-22 14:21:08, Info                  CSI    0000435c [SR] Verify complete
2016-11-22 14:21:08, Info                  CSI    0000435d [SR] Verifying 100 components
2016-11-22 14:21:08, Info                  CSI    0000435e [SR] Beginning Verify and Repair transaction
2016-11-22 14:21:11, Info                  CSI    000043c3 [SR] Verify complete
2016-11-22 14:21:11, Info                  CSI    000043c4 [SR] Verifying 100 components
2016-11-22 14:21:11, Info                  CSI    000043c5 [SR] Beginning Verify and Repair transaction
2016-11-22 14:21:17, Info                  CSI    00004439 [SR] Verify complete
2016-11-22 14:21:17, Info                  CSI    0000443a [SR] Verifying 100 components
2016-11-22 14:21:17, Info                  CSI    0000443b [SR] Beginning Verify and Repair transaction
2016-11-22 14:21:24, Info                  CSI    000044be [SR] Verify complete
2016-11-22 14:21:24, Info                  CSI    000044bf [SR] Verifying 100 components
2016-11-22 14:21:24, Info                  CSI    000044c0 [SR] Beginning Verify and Repair transaction
2016-11-22 14:21:34, Info                  CSI    0000452c [SR] Verify complete
2016-11-22 14:21:34, Info                  CSI    0000452d [SR] Verifying 100 components
2016-11-22 14:21:34, Info                  CSI    0000452e [SR] Beginning Verify and Repair transaction
2016-11-22 14:21:44, Info                  CSI    000045b3 [SR] Verify complete
2016-11-22 14:21:44, Info                  CSI    000045b4 [SR] Verifying 100 components
2016-11-22 14:21:44, Info                  CSI    000045b5 [SR] Beginning Verify and Repair transaction
2016-11-22 14:21:53, Info                  CSI    0000463c [SR] Verify complete
2016-11-22 14:21:53, Info                  CSI    0000463d [SR] Verifying 100 components
2016-11-22 14:21:53, Info                  CSI    0000463e [SR] Beginning Verify and Repair transaction
2016-11-22 14:22:00, Info                  CSI    000046b0 [SR] Verify complete
2016-11-22 14:22:00, Info                  CSI    000046b1 [SR] Verifying 100 components
2016-11-22 14:22:00, Info                  CSI    000046b2 [SR] Beginning Verify and Repair transaction
2016-11-22 14:22:08, Info                  CSI    00004722 [SR] Verify complete
2016-11-22 14:22:08, Info                  CSI    00004723 [SR] Verifying 100 components
2016-11-22 14:22:08, Info                  CSI    00004724 [SR] Beginning Verify and Repair transaction
2016-11-22 14:22:16, Info                  CSI    00004791 [SR] Verify complete
2016-11-22 14:22:16, Info                  CSI    00004792 [SR] Verifying 100 components
2016-11-22 14:22:16, Info                  CSI    00004793 [SR] Beginning Verify and Repair transaction
2016-11-22 14:22:25, Info                  CSI    00004800 [SR] Verify complete
2016-11-22 14:22:25, Info                  CSI    00004801 [SR] Verifying 100 components
2016-11-22 14:22:25, Info                  CSI    00004802 [SR] Beginning Verify and Repair transaction
2016-11-22 14:22:33, Info                  CSI    0000487d [SR] Verify complete
2016-11-22 14:22:33, Info                  CSI    0000487e [SR] Verifying 100 components
2016-11-22 14:22:33, Info                  CSI    0000487f [SR] Beginning Verify and Repair transaction
2016-11-22 14:22:42, Info                  CSI    000048f0 [SR] Verify complete
2016-11-22 14:22:42, Info                  CSI    000048f1 [SR] Verifying 100 components
2016-11-22 14:22:42, Info                  CSI    000048f2 [SR] Beginning Verify and Repair transaction
2016-11-22 14:22:51, Info                  CSI    00004971 [SR] Verify complete
2016-11-22 14:22:51, Info                  CSI    00004972 [SR] Verifying 100 components
2016-11-22 14:22:51, Info                  CSI    00004973 [SR] Beginning Verify and Repair transaction
2016-11-22 14:23:00, Info                  CSI    000049db [SR] Verify complete
2016-11-22 14:23:00, Info                  CSI    000049dc [SR] Verifying 100 components
2016-11-22 14:23:00, Info                  CSI    000049dd [SR] Beginning Verify and Repair transaction
2016-11-22 14:23:19, Info                  CSI    00004b29 [SR] Verify complete
2016-11-22 14:23:19, Info                  CSI    00004b2a [SR] Verifying 100 components
2016-11-22 14:23:19, Info                  CSI    00004b2b [SR] Beginning Verify and Repair transaction
2016-11-22 14:23:27, Info                  CSI    00004b93 [SR] Verify complete
2016-11-22 14:23:27, Info                  CSI    00004b94 [SR] Verifying 100 components
2016-11-22 14:23:27, Info                  CSI    00004b95 [SR] Beginning Verify and Repair transaction
2016-11-22 14:23:34, Info                  CSI    00004bfa [SR] Verify complete
2016-11-22 14:23:34, Info                  CSI    00004bfb [SR] Verifying 100 components
2016-11-22 14:23:34, Info                  CSI    00004bfc [SR] Beginning Verify and Repair transaction
2016-11-22 14:23:42, Info                  CSI    00004c63 [SR] Verify complete
2016-11-22 14:23:42, Info                  CSI    00004c64 [SR] Verifying 100 components
2016-11-22 14:23:42, Info                  CSI    00004c65 [SR] Beginning Verify and Repair transaction
2016-11-22 14:23:50, Info                  CSI    00004ce5 [SR] Verify complete
2016-11-22 14:23:50, Info                  CSI    00004ce6 [SR] Verifying 100 components
2016-11-22 14:23:50, Info                  CSI    00004ce7 [SR] Beginning Verify and Repair transaction
2016-11-22 14:23:59, Info                  CSI    00004d73 [SR] Verify complete
2016-11-22 14:23:59, Info                  CSI    00004d74 [SR] Verifying 100 components
2016-11-22 14:23:59, Info                  CSI    00004d75 [SR] Beginning Verify and Repair transaction
2016-11-22 14:24:07, Info                  CSI    00004de1 [SR] Verify complete
2016-11-22 14:24:08, Info                  CSI    00004de2 [SR] Verifying 100 components
2016-11-22 14:24:08, Info                  CSI    00004de3 [SR] Beginning Verify and Repair transaction
2016-11-22 14:24:14, Info                  CSI    00004e4c [SR] Verify complete
2016-11-22 14:24:14, Info                  CSI    00004e4d [SR] Verifying 100 components
2016-11-22 14:24:14, Info                  CSI    00004e4e [SR] Beginning Verify and Repair transaction
2016-11-22 14:24:20, Info                  CSI    00004ec9 [SR] Verify complete
2016-11-22 14:24:20, Info                  CSI    00004eca [SR] Verifying 100 components
2016-11-22 14:24:20, Info                  CSI    00004ecb [SR] Beginning Verify and Repair transaction
2016-11-22 14:24:26, Info                  CSI    00004f4b [SR] Verify complete
2016-11-22 14:24:26, Info                  CSI    00004f4c [SR] Verifying 100 components
2016-11-22 14:24:26, Info                  CSI    00004f4d [SR] Beginning Verify and Repair transaction
2016-11-22 14:24:32, Info                  CSI    00004fc4 [SR] Verify complete
2016-11-22 14:24:32, Info                  CSI    00004fc5 [SR] Verifying 100 components
2016-11-22 14:24:32, Info                  CSI    00004fc6 [SR] Beginning Verify and Repair transaction
2016-11-22 14:24:38, Info                  CSI    00005038 [SR] Verify complete
2016-11-22 14:24:38, Info                  CSI    00005039 [SR] Verifying 100 components
2016-11-22 14:24:38, Info                  CSI    0000503a [SR] Beginning Verify and Repair transaction
2016-11-22 14:24:41, Info                  CSI    000050a0 [SR] Verify complete
2016-11-22 14:24:42, Info                  CSI    000050a1 [SR] Verifying 100 components
2016-11-22 14:24:42, Info                  CSI    000050a2 [SR] Beginning Verify and Repair transaction
2016-11-22 14:24:47, Info                  CSI    0000510b [SR] Verify complete
2016-11-22 14:24:47, Info                  CSI    0000510c [SR] Verifying 100 components
2016-11-22 14:24:47, Info                  CSI    0000510d [SR] Beginning Verify and Repair transaction
2016-11-22 14:24:51, Info                  CSI    00005173 [SR] Verify complete
2016-11-22 14:24:51, Info                  CSI    00005174 [SR] Verifying 100 components
2016-11-22 14:24:51, Info                  CSI    00005175 [SR] Beginning Verify and Repair transaction
2016-11-22 14:24:56, Info                  CSI    00005205 [SR] Verify complete
2016-11-22 14:24:56, Info                  CSI    00005206 [SR] Verifying 100 components
2016-11-22 14:24:56, Info                  CSI    00005207 [SR] Beginning Verify and Repair transaction
2016-11-22 14:25:00, Info                  CSI    0000526e [SR] Verify complete
2016-11-22 14:25:00, Info                  CSI    0000526f [SR] Verifying 100 components
2016-11-22 14:25:00, Info                  CSI    00005270 [SR] Beginning Verify and Repair transaction
2016-11-22 14:25:04, Info                  CSI    000052d9 [SR] Verify complete
2016-11-22 14:25:04, Info                  CSI    000052da [SR] Verifying 100 components
2016-11-22 14:25:04, Info                  CSI    000052db [SR] Beginning Verify and Repair transaction
2016-11-22 14:25:09, Info                  CSI    00005344 [SR] Verify complete
2016-11-22 14:25:09, Info                  CSI    00005345 [SR] Verifying 100 components
2016-11-22 14:25:09, Info                  CSI    00005346 [SR] Beginning Verify and Repair transaction
2016-11-22 14:25:13, Info                  CSI    000053b1 [SR] Verify complete
2016-11-22 14:25:13, Info                  CSI    000053b2 [SR] Verifying 100 components
2016-11-22 14:25:13, Info                  CSI    000053b3 [SR] Beginning Verify and Repair transaction
2016-11-22 14:25:18, Info                  CSI    00005419 [SR] Verify complete
2016-11-22 14:25:18, Info                  CSI    0000541a [SR] Verifying 100 components
2016-11-22 14:25:18, Info                  CSI    0000541b [SR] Beginning Verify and Repair transaction
2016-11-22 14:25:21, Info                  CSI    00005483 [SR] Verify complete
2016-11-22 14:25:21, Info                  CSI    00005484 [SR] Verifying 100 components
2016-11-22 14:25:21, Info                  CSI    00005485 [SR] Beginning Verify and Repair transaction
2016-11-22 14:25:25, Info                  CSI    000054ec [SR] Verify complete
2016-11-22 14:25:25, Info                  CSI    000054ed [SR] Verifying 100 components
2016-11-22 14:25:25, Info                  CSI    000054ee [SR] Beginning Verify and Repair transaction
2016-11-22 14:25:31, Info                  CSI    0000555f [SR] Verify complete
2016-11-22 14:25:31, Info                  CSI    00005560 [SR] Verifying 100 components
2016-11-22 14:25:31, Info                  CSI    00005561 [SR] Beginning Verify and Repair transaction
2016-11-22 14:25:36, Info                  CSI    000055c6 [SR] Verify complete
2016-11-22 14:25:36, Info                  CSI    000055c7 [SR] Verifying 100 components
2016-11-22 14:25:36, Info                  CSI    000055c8 [SR] Beginning Verify and Repair transaction
2016-11-22 14:25:42, Info                  CSI    0000562e [SR] Verify complete
2016-11-22 14:25:42, Info                  CSI    0000562f [SR] Verifying 100 components
2016-11-22 14:25:42, Info                  CSI    00005630 [SR] Beginning Verify and Repair transaction
2016-11-22 14:25:46, Info                  CSI    00005695 [SR] Verify complete
2016-11-22 14:25:46, Info                  CSI    00005696 [SR] Verifying 100 components
2016-11-22 14:25:46, Info                  CSI    00005697 [SR] Beginning Verify and Repair transaction
2016-11-22 14:25:52, Info                  CSI    000056fc [SR] Verify complete
2016-11-22 14:25:52, Info                  CSI    000056fd [SR] Verifying 100 components
2016-11-22 14:25:52, Info                  CSI    000056fe [SR] Beginning Verify and Repair transaction
2016-11-22 14:25:55, Info                  CSI    00005764 [SR] Verify complete
2016-11-22 14:25:55, Info                  CSI    00005765 [SR] Verifying 100 components
2016-11-22 14:25:55, Info                  CSI    00005766 [SR] Beginning Verify and Repair transaction
2016-11-22 14:25:59, Info                  CSI    000057cb [SR] Verify complete
2016-11-22 14:25:59, Info                  CSI    000057cc [SR] Verifying 100 components
2016-11-22 14:25:59, Info                  CSI    000057cd [SR] Beginning Verify and Repair transaction
2016-11-22 14:26:05, Info                  CSI    00005832 [SR] Verify complete
2016-11-22 14:26:05, Info                  CSI    00005833 [SR] Verifying 16 components
2016-11-22 14:26:05, Info                  CSI    00005834 [SR] Beginning Verify and Repair transaction
2016-11-22 14:26:06, Info                  CSI    00005845 [SR] Verify complete
2016-11-22 14:26:06, Info                  CSI    00005846 [SR] Repairing 0 components
2016-11-22 14:26:06, Info                  CSI    00005847 [SR] Beginning Verify and Repair transaction
2016-11-22 14:26:06, Info                  CSI    00005848 [SR] Repair complete
 



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:55 AM

Posted 23 November 2016 - 09:35 AM

Looking good.

I will leave this topic open for 6 days.

#13 bob3165

bob3165
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:55 AM

Posted 23 November 2016 - 11:02 AM

Good to go? Just contact you if I have more problems in the next six days?

 

Thanks so much Nasdaq, you are quite the professional.



#14 bob3165

bob3165
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:55 AM

Posted 24 November 2016 - 08:42 AM

One thing I noticed that stopped working is spell checking. Previously, if I misspelled a work (like even here in this message) the system would underline it in red. Then if I clicked or right-clicked on it, it would show me spelling options. This worked just about anywhere I typed text: Firefox, browser input boxes, etc. Now I have to (in FF for example) click the spellcheck each time I compose a message. I cannot even set that to default spellcheck. Did some setting get changed maybe?



#15 bob3165

bob3165
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:55 AM

Posted 24 November 2016 - 09:57 AM

Never mind, I found the solution:

http://www.tenforums.com/tutorials/25843-spell-checking-turn-off-windows-10-a.html#option3






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users