Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Apps missing, can't renew or repair core system components


  • This topic is locked This topic is locked
5 replies to this topic

#1 suzieseller

suzieseller

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:So Cal Desert
  • Local time:02:48 PM

Posted 11 December 2016 - 09:02 PM

Unable to access or use the 64bit versions of the software I install including the operating system. Not sure how or why Windows NT, Windows 86, WOW64,  and Windows 32 are all I am able to see, or use.

 

Apps are being changed from default and no longer available, no update ability, App Store missing, double settings and default is disabled. Can't restore to default, or uninstall these unknown applications seem to from Service Hosting Account that most issues are deriving from.

 

Would not upload added files. Claims it is too long so I attached the file instead hope it is ok?  Mod Edit:  Pasted data into post - Hamluis.

 

Any help or references are appreciated.

Thanks, S. Adams

 

12/11/2016

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016

Ran by suzie (administrator) on DESKTOP-IUFC5SH (11-12-2016 17:08:12)

Running from C:\Users\suzie\Downloads

Loaded Profiles: suzie (Available Profiles: defaultuser0 & suzie & suzieseller)

Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Edge)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe

(Microsoft Corporation) C:\Windows\System32\nfsclnt.exe

(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe

(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe

(Microsoft Corporation) C:\Windows\SysWOW64\ipconfig.exe

(Heimdal Security) C:\Program Files (x86)\Heimdal\Heimdal.ClientHost.exe

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe

(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Apple Inc.) C:\Program Files (x86)\AirPort\APAgent.exe

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe

(Heimdal Security) C:\Program Files (x86)\Heimdal\Heimdal.Agent.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

() C:\Program Files (x86)\COMODO\TrustConnect\bin\TrustConnectGUI.exe

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe

(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

 

==================== Registry (Whitelisted) ====================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [*CA] => "C:\Program Files\COMODO\GeekBuddy\launcher.exe" "unit_manager.exe" "-nosplash"

HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1610936 2016-09-14] (COMODO)

HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2485904 2016-11-02] (Comodo Security Solutions, Inc.)

HKLM-x32\...\Run: [AirPort Base Station Agent] => C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.)

HKLM-x32\...\Run: [HeimdalAgentLoader] => C:\Program Files (x86)\Heimdal\Heimdal.AgentLoader.exe [57344 2016-12-09] (Heimdal Security)

HKU\S-1-5-21-2182135673-2863217846-1483970103-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-10-05] (Apple Inc.)

HKU\S-1-5-21-2182135673-2863217846-1483970103-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2016-10-05] (Apple Inc.)

HKU\S-1-5-21-2182135673-2863217846-1483970103-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2016-10-05] (Apple Inc.)

HKU\S-1-5-21-2182135673-2863217846-1483970103-1001\...\MountPoints2: {03744180-bc32-11e6-8c38-efd7263b5809} - "F:\setup.exe"

HKU\S-1-5-21-2182135673-2863217846-1483970103-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [37376 2016-07-16] (Microsoft Corporation)

IFEO\taskmgr.exe: [Debugger] C:\Program Files\COMODO\COMODO Internet Security\KillSwitch.exe

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Heimdal.lnk [2016-12-09]

ShortcutTarget: Heimdal.lnk -> C:\Program Files (x86)\Heimdal\Client\HeimdalAgent.exe (No File)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk [2016-11-17]

ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files\COMODO\GeekBuddy\launcher.exe (Comodo Security Solutions, Inc.)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

Tcpip\..\Interfaces\{4bcc55df-0ead-42ea-b7df-ce07f9a3d864}: [DhcpNameServer] 209.18.47.61 209.18.47.62

Tcpip\..\Interfaces\{615f8ce6-5b94-4d36-900d-e027fb0c622c}: [DhcpNameServer] 172.20.1.1

 

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =

Handler: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - E:\PFiles\Common\System\OLEDB\MSDAIPP.DLL No File

Handler: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - E:\PFiles\Common\System\OLEDB\MSDAIPP.DLL No File

Handler: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - E:\PFiles\Common\System\OLEDB\MSDAIPP.DLL No File

Handler: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - E:\PFiles\Common\System\OLEDB\MSDAIPP.DLL No File

Handler: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - E:\PFiles\Common\System\OLEDB\MSDAIPP.DLL No File

Handler: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - E:\PFiles\Common\System\OLEDB\MSDAIPP.DLL No File

Handler: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - E:\PFiles\Common\System\OLEDB\MSDAIPP.DLL No File

 

Edge:

======

Edge Session Restore: HKU\S-1-5-21-2182135673-2863217846-1483970103-1001 -> is enabled.

 

FireFox:

========

FF DefaultProfile: hesxbado.default

FF ProfilePath: C:\Users\suzie\AppData\Roaming\Mozilla\Firefox\Profiles\hesxbado.default [2016-12-11]

FF Homepage: Mozilla\Firefox\Profiles\hesxbado.default -> hxxps://us.yahoo.com/?fr=fp-comodo&type=33090001004_8.4.0.5165_i_hp_sp

FF Session Restore: Mozilla\Firefox\Profiles\hesxbado.default -> is enabled.

FF Extension: (Awesome Screenshot - Capture, Annotate & More) - C:\Users\suzie\AppData\Roaming\Mozilla\Firefox\Profiles\hesxbado.default\Extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi [2016-11-18]

FF Extension: (OmniSidebar) - C:\Users\suzie\AppData\Roaming\Mozilla\Firefox\Profiles\hesxbado.default\Extensions\osb@quicksaver.xpi [2016-11-18]

FF Extension: (uBlock Origin) - C:\Users\suzie\AppData\Roaming\Mozilla\Firefox\Profiles\hesxbado.default\Extensions\uBlock0@raymondhill.net.xpi [2016-11-29]

FF Extension: (Video DownloadHelper) - C:\Users\suzie\AppData\Roaming\Mozilla\Firefox\Profiles\hesxbado.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-11-18]

FF SearchPlugin: C:\Users\suzie\AppData\Roaming\Mozilla\Firefox\Profiles\hesxbado.default\searchplugins\AdTrustMediaSafeSearch.xml [2016-12-03]

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)

 

==================== Services (Whitelisted) ====================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)

R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [76944 2016-11-02] (Comodo Security Solutions, Inc.)

R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5817256 2016-09-15] (COMODO)

R3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2271928 2016-09-14] (COMODO)

R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2485904 2016-11-02] (Comodo Security Solutions, Inc.)

R2 Heimdal Client Host; C:\Program Files (x86)\Heimdal\Heimdal.ClientHost.exe [84992 2016-12-09] (Heimdal Security) [File not signed]

S2 Heimdal SecureDNS; C:\Program Files (x86)\Heimdal\Heimdal.SecureDNS.exe [60416 2016-12-09] (Heimdal Security) [File not signed]

S3 LxssManager; C:\WINDOWS\system32\lxss\LxssManager.dll [327168 2016-12-02] (Microsoft Corporation)

R2 NfsClnt; C:\WINDOWS\system32\nfsclnt.exe [99328 2016-12-02] (Microsoft Corporation)

S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-10-13] (Microsoft Corporation)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

 

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R1 CFRMD; C:\WINDOWS\System32\DRIVERS\CFRMD.sys [40224 2014-12-25] (Windows ® Win 7 DDK provider)

R1 cmderd; C:\WINDOWS\System32\DRIVERS\cmderd.sys [40960 2016-09-08] (COMODO)

R1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [862648 2016-09-08] (COMODO)

S3 IObitUnlocker; C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [36568 2013-09-30] (IObit)

R0 lxss; C:\WINDOWS\System32\drivers\lxss.sys [15712 2016-12-02] (Microsoft Corporation)

S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()

R3 NfsRdr; C:\WINDOWS\System32\drivers\nfsrdr.sys [260608 2016-12-02] (Microsoft Corporation)

R3 RpcXdr; C:\WINDOWS\System32\drivers\rpcxdr.sys [132608 2016-12-02] (Microsoft Corporation)

S3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )

S3 SWDUMon; C:\WINDOWS\system32\DRIVERS\SWDUMon.sys [13920 2016-11-17] ()

R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [54424 2015-07-29] (Toshiba Corporation)

S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)

S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)

S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

R3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)

 

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

NETSVC: LxssManager -> C:\Windows\system32\lxss\LxssManager.dll (Microsoft Corporation)

 

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-12-11 16:59 - 2016-12-11 16:59 - 01761792 _____ (Farbar) C:\Users\suzie\Downloads\FRST (1).exe

2016-12-11 16:41 - 2016-12-11 16:41 - 00056935 _____ C:\Users\suzie\Downloads\Shortcut.txt

2016-12-11 16:37 - 2016-12-11 16:41 - 00033483 _____ C:\Users\suzie\Downloads\Addition.txt

2016-12-11 16:31 - 2016-12-11 17:08 - 00011657 _____ C:\Users\suzie\Downloads\FRST.txt

2016-12-11 16:31 - 2016-12-11 17:08 - 00000000 ____D C:\FRST

2016-12-11 16:30 - 2016-12-11 16:31 - 02420224 _____ (Farbar) C:\Users\suzie\Downloads\FRST64.exe

2016-12-11 15:53 - 2016-12-11 15:53 - 01761792 _____ (Farbar) C:\Users\suzie\Downloads\FRST.exe

2016-12-11 15:36 - 2016-12-11 15:36 - 49707232 _____ (Microsoft Corporation) C:\Users\suzie\Downloads\Windows-KB890830-x64-V5.42.exe

2016-12-09 19:48 - 2016-12-10 13:58 - 00000000 ____D C:\Users\Public\Documents\Heimdal Security

2016-12-09 19:45 - 2016-12-09 19:48 - 00000000 ____D C:\ProgramData\Heimdal Security

2016-12-09 19:44 - 2016-12-09 21:51 - 00000000 ____D C:\Program Files (x86)\Heimdal

2016-12-09 19:44 - 2016-12-09 19:44 - 00000000 ____D C:\ProgramData\CSIS

2016-12-09 19:41 - 2016-12-09 19:41 - 04177016 _____ (CSIS Security Group) C:\Users\suzie\Downloads\HeimdalSetup.exe

2016-12-09 19:17 - 2016-12-09 19:17 - 00000000 ____D C:\Users\suzie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com

2016-12-09 19:15 - 2016-12-09 19:15 - 00000000 ___HD C:\VTRoot

2016-12-09 18:59 - 2016-12-09 18:59 - 00683967 _____ C:\Users\suzie\Downloads\hcvmcomp_x86.tar.gz

2016-12-09 18:58 - 2016-12-09 19:01 - 00722503 _____ C:\Users\suzie\Downloads\hcvmcomp_x64.tar.gz

2016-12-09 15:06 - 2016-12-09 19:45 - 00018804 _____ C:\WINDOWS\system32\Drivers\fvstore.dat

2016-12-08 19:04 - 2016-12-08 19:04 - 00000000 ____D C:\Users\suzie\AppData\Roaming\Comodo

2016-12-08 16:38 - 2016-12-11 17:09 - 01112577 _____ C:\WINDOWS\system32\Drivers\sfi.dat

2016-12-08 16:38 - 2016-12-08 16:38 - 00001888 _____ C:\Users\Public\Desktop\COMODO Antivirus.lnk

2016-12-08 16:36 - 2016-12-08 16:36 - 00000000 ____D C:\ProgramData\Shared Space

2016-12-08 16:34 - 2016-12-08 16:35 - 177891288 _____ (COMODO) C:\Users\suzie\Downloads\cav_installer(1).exe

2016-12-08 16:32 - 2016-12-08 16:32 - 155018158 _____ (COMODO) C:\Users\suzie\Downloads\cav_installer (1).exe.i5wcmqu.partial

2016-12-06 10:17 - 2016-12-06 10:18 - 00000661 _____ C:\Users\suzie\Downloads\audio10.diagcab

2016-12-04 21:16 - 2016-12-10 05:55 - 00000000 ____D C:\Users\suzie\Desktop\New folder (2)

2016-12-04 21:16 - 2016-12-04 21:16 - 00000000 ____D C:\Users\suzie\Desktop\New folder (4)

2016-12-04 21:16 - 2016-12-04 21:16 - 00000000 ____D C:\Users\suzie\Desktop\New folder (3)

2016-12-04 01:48 - 2016-12-04 01:51 - 177891288 _____ (COMODO) C:\Users\suzie\Downloads\cav_installer.exe

2016-12-04 00:59 - 2016-12-04 01:00 - 387964826 _____ C:\backup.reg

2016-12-04 00:13 - 2016-12-04 00:14 - 00108218 _____ C:\Users\suzie\Downloads\COMODO Removal Tool(1).bat

2016-12-03 21:08 - 2016-12-03 21:08 - 40426688 _____ (COMODO) C:\Users\suzie\Downloads\cispremium_only_installer_x64.exe

2016-12-03 20:02 - 2016-12-03 20:02 - 03604152 _____ (COMODO) C:\ProgramData\cis9CF2.exe

2016-12-03 19:58 - 2016-12-03 19:58 - 00001079 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk

2016-12-03 19:58 - 2016-12-03 19:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller

2016-12-03 19:58 - 2016-12-03 19:58 - 00000000 ____D C:\Program Files\VS Revo Group

2016-12-03 19:57 - 2016-12-03 19:57 - 07100088 _____ (VS Revo Group ) C:\Users\suzie\Downloads\revosetup.exe

2016-12-03 19:56 - 2016-12-03 20:07 - 00108218 _____ C:\Users\suzie\Downloads\COMODO Removal Tool.bat

2016-12-03 19:28 - 2016-12-03 20:30 - 177891296 _____ (COMODO) C:\Users\suzie\Downloads\ciscomplete_installer (1).exe

2016-12-03 19:23 - 2016-12-03 19:23 - 00000000 ____D C:\WINDOWS\system32\appmgmt

2016-12-03 19:23 - 2016-12-03 19:23 - 00000000 _____ C:\WINDOWS\System32\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}

2016-12-03 19:22 - 2016-12-03 19:22 - 03604152 _____ (COMODO) C:\ProgramData\cisA135.exe

2016-12-03 19:22 - 2016-12-03 19:22 - 00000000 _____ C:\WINDOWS\System32\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805}

2016-12-03 16:25 - 2016-12-03 16:25 - 00000000 ___SD C:\WINDOWS\system32\lxss

2016-12-03 16:25 - 2016-12-03 16:25 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices

2016-12-03 16:25 - 2016-12-03 16:25 - 00000000 ____D C:\WINDOWS\system32\BestPractices

2016-12-03 16:25 - 2016-12-03 16:25 - 00000000 ____D C:\inetpub

2016-12-02 12:47 - 2016-12-04 21:53 - 00000000 ____D C:\Users\suzie\Desktop\Comodo LOGS

2016-12-02 07:51 - 2016-12-02 07:51 - 00006928 _____ C:\Users\suzie\Desktop\Backup Credentials.crd

2016-12-02 07:03 - 2016-11-12 15:45 - 00245760 ____N C:\Users\suzie\Documents\Wifi.etl

2016-12-02 07:03 - 2016-11-12 15:45 - 00058111 _____ C:\Users\suzie\Documents\wlan-report-latest.html

2016-12-02 07:02 - 2016-11-12 15:45 - 00008192 _____ C:\Users\suzie\Desktop\Marvell_TOSHIBA-LAPTOP_11-12-2016_0343.etl

2016-12-01 18:29 - 2016-12-01 18:29 - 00000000 ____D C:\Users\suzie\Downloads\Mobile Broadband Availability 2016

2016-12-01 18:27 - 2016-12-01 18:27 - 00969845 _____ (ShadowExplorer.com ) C:\Users\suzie\Downloads\ShadowExplorer-0.9-setup(1).exe

2016-11-29 18:19 - 2016-11-29 18:19 - 00000000 ____D C:\Users\suzie\.cache

2016-11-29 15:21 - 2016-11-29 15:22 - 177311560 _____ (Apple Inc.) C:\Users\suzie\Downloads\iTunes6464Setup (1).exe

2016-11-26 08:14 - 2016-12-09 17:26 - 00000000 ____D C:\Users\suzie\AppData\Roaming\Real

2016-11-26 08:14 - 2016-12-09 17:26 - 00000000 ____D C:\ProgramData\Real

2016-11-25 22:57 - 2016-11-25 22:57 - 00000000 ___HD C:\OneDriveTemp

2016-11-25 17:02 - 2016-11-25 17:02 - 00000000 ____D C:\Users\Public\Documents\MDMDiagnostics

2016-11-25 13:53 - 2016-11-25 13:53 - 00000000 ____D C:\Users\suzieseller\AppData\Roaming\Comodo

2016-11-25 08:08 - 2016-11-25 08:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip

2016-11-25 08:08 - 2016-11-25 08:08 - 00000000 ____D C:\Program Files (x86)\7-Zip

2016-11-25 07:02 - 2016-11-25 07:02 - 00243600 _____ C:\Users\suzieseller\Downloads\Firefox Setup Stub 50.0.exe

2016-11-24 21:03 - 2016-11-24 21:03 - 03114793 _____ C:\Users\suzieseller\Downloads\everything-curl.pdf

2016-11-24 20:53 - 2016-11-24 20:53 - 01110564 _____ (Igor Pavlov) C:\Users\suzieseller\Downloads\7z1604.exe

2016-11-24 14:59 - 2016-11-24 14:59 - 00000499 _____ C:\Users\suzieseller\Downloads\Appsdiagnostic10.diagcab

2016-11-24 08:20 - 2016-11-24 08:20 - 00001210 _____ C:\Users\suzieseller\Desktop\Comodo TrustConnect.lnk

2016-11-24 08:12 - 2016-12-04 07:33 - 00000000 ____D C:\lps-temp

2016-11-24 08:02 - 2016-11-25 23:10 - 00000000 ____D C:\Users\suzieseller\AppData\LocalLow\Mozilla

2016-11-24 08:01 - 2016-11-24 08:02 - 00000000 ____D C:\Users\suzieseller\AppData\Roaming\Mozilla

2016-11-24 07:26 - 2016-11-24 07:26 - 00000000 ____D C:\Users\suzieseller\AppData\Roaming\Macromedia

2016-11-24 06:09 - 2016-11-24 06:09 - 00000000 ____D C:\Users\suzieseller\AppData\Roaming\Skype

2016-11-24 06:08 - 2016-11-25 23:15 - 00000000 ___RD C:\Users\suzieseller\OneDrive

2016-11-24 06:08 - 2016-11-24 06:10 - 00002385 _____ C:\Users\suzieseller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2016-11-24 06:07 - 2016-11-25 12:28 - 00000000 ____D C:\Users\suzieseller\AppData\Roaming\Apple Computer

2016-11-24 06:05 - 2016-12-03 20:24 - 00000000 ____D C:\Users\suzieseller

2016-11-24 06:05 - 2016-11-24 06:05 - 00000020 ___SH C:\Users\suzieseller\ntuser.ini

2016-11-24 06:05 - 2016-11-24 06:05 - 00000000 _SHDL C:\Users\suzieseller\My Documents

2016-11-24 06:05 - 2016-11-24 06:05 - 00000000 _SHDL C:\Users\suzieseller\Documents\My Videos

2016-11-24 06:05 - 2016-11-24 06:05 - 00000000 _SHDL C:\Users\suzieseller\Documents\My Pictures

2016-11-24 06:05 - 2016-11-24 06:05 - 00000000 _SHDL C:\Users\suzieseller\Documents\My Music

2016-11-24 06:05 - 2016-11-24 06:05 - 00000000 ____D C:\Users\suzieseller\AppData\Roaming\Adobe

2016-11-24 05:16 - 2016-12-10 05:56 - 00000574 _____ C:\Users\suzie\Desktop\COMODO TrustConnect (VPN).lnk

2016-11-24 05:08 - 2016-11-24 05:08 - 00000000 ____D C:\WINDOWS\System32\Tasks\COMODO

2016-11-23 21:14 - 2016-11-23 21:14 - 00002750 _____ C:\Users\suzie\Desktop\accounts.comodo.com.crt

2016-11-21 19:03 - 2016-11-24 05:05 - 177891296 _____ (COMODO) C:\Users\suzie\Downloads\ciscomplete_installer.exe

2016-11-21 18:38 - 2011-05-30 17:06 - 00036128 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\tap0901.sys

2016-11-21 18:37 - 2016-11-21 18:37 - 01624688 _____ (COMODO ) C:\Users\suzie\Downloads\ComodoTrustConnectClient.exe

2016-11-21 11:14 - 2016-11-21 11:14 - 00187782 _____ C:\Users\suzie\Desktop\Codes Display Text.htm

2016-11-21 11:14 - 2016-11-21 11:14 - 00000000 ____D C:\Users\suzie\Desktop\Codes Display Text_files

2016-11-21 09:22 - 2016-11-21 09:22 - 00119904 _____ C:\Users\suzie\Documents\apple_developer_agreement.pdf

2016-11-21 08:23 - 2016-11-21 08:24 - 177311560 _____ (Apple Inc.) C:\Users\suzie\Downloads\iTunes6464Setup.exe

2016-11-21 08:21 - 2016-11-21 08:22 - 00120849 _____ C:\Users\suzie\Downloads\apple_developer_agreement.pdf

2016-11-20 20:57 - 2016-11-20 20:57 - 00000000 ____D C:\Users\suzie\Intel

2016-11-20 20:57 - 2016-11-20 20:57 - 00000000 ____D C:\Users\suzie\Downloads\IO Drivers_Intel_603.9600.1948.28229_W81x64_A

2016-11-20 20:56 - 2016-12-08 17:46 - 00695999 _____ C:\Users\suzie\Downloads\IO Drivers_Intel_603.9600.1948.28229_W81x64_A.zip

2016-11-20 20:44 - 2016-11-20 20:44 - 08655975 _____ C:\Users\suzie\Downloads\DragonfliesThomasFreiberg.themepack

2016-11-20 18:46 - 2016-11-20 18:47 - 136442648 _____ (Microsoft Corporation) C:\Users\suzie\Downloads\msert.exe

2016-11-20 17:00 - 2016-11-20 17:03 - 3515875328 _____ C:\Users\suzie\Documents\Windows.iso

2016-11-20 16:22 - 2016-11-20 16:22 - 01483336 _____ (Microsoft Corporation) C:\Users\suzie\Downloads\mediacreationtool.exe

2016-11-19 06:43 - 2016-12-03 13:56 - 00000000 ___RD C:\Users\suzie\iCloudDrive

2016-11-19 06:43 - 2016-11-19 06:43 - 00000000 ____D C:\Users\suzie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iCloud

2016-11-19 06:37 - 2016-12-06 10:15 - 00003504 _____ C:\WINDOWS\System32\Tasks\Apple Diagnostics

2016-11-18 21:40 - 2016-11-29 15:30 - 00001822 _____ C:\Users\Public\Desktop\iTunes.lnk

2016-11-18 21:40 - 2016-11-29 15:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2016-11-18 21:39 - 2016-11-18 21:40 - 00000000 ____D C:\Program Files\iTunes

2016-11-18 21:39 - 2016-11-18 21:39 - 00000000 ____D C:\ProgramData\Apple Computer

2016-11-18 21:39 - 2016-11-18 21:39 - 00000000 ____D C:\Program Files\iPod

2016-11-18 21:38 - 2016-11-18 21:38 - 00000000 ____D C:\Program Files\Bonjour

2016-11-18 21:38 - 2016-11-18 21:38 - 00000000 ____D C:\Program Files (x86)\Bonjour

2016-11-18 21:35 - 2016-11-28 20:19 - 00000000 ____D C:\Users\suzie\AppData\Roaming\Apple Computer

2016-11-18 21:35 - 2016-11-18 21:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud

2016-11-18 21:34 - 2016-11-18 21:34 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple

2016-11-18 21:34 - 2016-11-18 21:34 - 00000000 ____D C:\Program Files (x86)\Apple Software Update

2016-11-18 21:33 - 2016-11-18 21:39 - 00000000 ____D C:\Program Files\Common Files\Apple

2016-11-18 15:37 - 2016-11-18 21:34 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk

2016-11-18 15:36 - 2016-11-18 15:36 - 00002437 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AirPort Utility.lnk

2016-11-18 15:35 - 2016-11-18 21:38 - 00000000 ____D C:\ProgramData\Apple

2016-11-18 15:35 - 2016-11-18 15:35 - 00000000 ____D C:\Program Files (x86)\AirPort

2016-11-18 13:06 - 2016-11-18 13:06 - 10815592 _____ (Apple Inc.) C:\Users\suzie\Downloads\AirPortSetup.exe

2016-11-18 12:43 - 2016-11-18 12:43 - 00000000 __RHD C:\AHCache

2016-11-18 12:41 - 2016-11-18 12:42 - 00969845 _____ (ShadowExplorer.com ) C:\Users\suzie\Downloads\ShadowExplorer-0.9-setup.exe

2016-11-18 06:16 - 2016-11-18 06:17 - 31809024 _____ C:\Users\suzie\Downloads\lps-gb-vt-x64_7408 (1).msi

2016-11-17 20:26 - 2016-12-08 19:04 - 00000000 ____D C:\ProgramData\comodo

2016-11-17 20:26 - 2016-12-08 16:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO

2016-11-17 20:26 - 2016-12-08 16:37 - 00000000 ____D C:\Program Files\COMODO

2016-11-17 20:26 - 2016-12-04 19:34 - 00002086 ____N C:\Users\Public\Desktop\GeekBuddy.lnk

2016-11-17 20:26 - 2016-12-04 07:35 - 00000000 ____D C:\Program Files (x86)\COMODO

2016-11-17 20:26 - 2016-11-17 20:26 - 03852352 _____ (COMODO) C:\WINDOWS\SysWOW64\ise_installer.exe

2016-11-17 18:42 - 2016-11-17 20:25 - 31809024 _____ C:\Users\suzie\Downloads\lps-gb-vt-x64_7408.msi

2016-11-16 16:32 - 2016-11-16 16:34 - 00000000 ____D C:\Users\suzie\Desktop\Takeout

2016-11-16 14:20 - 2016-11-16 14:20 - 203307002 _____ C:\Users\suzie\Downloads\takeout-20161105T192416Z.zip

2016-11-15 19:01 - 2016-11-15 19:07 - 00243600 _____ C:\Users\suzie\Downloads\Firefox Setup Stub 50.0 (2).exe

2016-11-15 17:17 - 2016-12-09 19:14 - 00789272 _____ (NCH Software) C:\Users\suzie\Downloads\grsetup.exe

2016-11-15 16:15 - 2016-11-25 23:03 - 00000376 _____ C:\WINDOWS\ODBC.INI

2016-11-15 16:15 - 2016-11-15 16:15 - 00000063 _____ C:\WINDOWS\mdm.ini

2016-11-15 16:13 - 2016-11-15 16:13 - 00002671 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Word.lnk

2016-11-15 16:13 - 2016-11-15 16:13 - 00002625 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Open Office Document.lnk

2016-11-15 16:13 - 2016-11-15 16:13 - 00002615 _____ C:\ProgramData\Microsoft\Windows\Start Menu\New Office Document.lnk

2016-11-15 16:13 - 2016-11-15 16:13 - 00000000 ____D C:\WINDOWS\ShellNew

2016-11-15 16:13 - 2016-11-15 16:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools

2016-11-15 16:12 - 2016-11-15 16:12 - 00000000 ____D C:\WINDOWS\Msagent

2016-11-15 15:18 - 2016-12-11 05:27 - 00000000 ____D C:\Users\suzie\AppData\LocalLow\Mozilla

2016-11-15 15:16 - 2016-12-03 19:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2016-11-15 15:16 - 2016-12-03 18:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2016-11-15 15:16 - 2016-11-25 07:51 - 00001232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2016-11-15 15:16 - 2016-11-25 07:51 - 00001220 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk

2016-11-15 15:16 - 2016-11-15 15:18 - 00000000 ____D C:\Users\suzie\AppData\Roaming\Mozilla

2016-11-15 15:15 - 2016-11-15 15:16 - 00243600 _____ C:\Users\suzie\Downloads\Firefox Setup Stub 50.0.exe

2016-11-15 15:15 - 2016-11-15 15:15 - 00243600 _____ C:\Users\suzie\Downloads\Firefox Setup Stub 50.0 (1).exe

2016-11-15 14:37 - 2016-11-15 14:37 - 00000000 ____D C:\Users\suzie\AppData\LocalLow\Adobe

2016-11-15 14:17 - 2016-11-15 15:14 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task

2016-11-15 14:16 - 2016-11-15 15:14 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

2016-11-15 14:16 - 2016-11-15 14:16 - 00002124 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk

2016-11-15 14:16 - 2016-11-15 14:16 - 00000000 ____D C:\Program Files (x86)\Adobe

2016-11-15 14:15 - 2016-11-15 14:37 - 00000000 ____D C:\ProgramData\Adobe

2016-11-12 16:37 - 2016-11-02 04:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll

2016-11-12 16:37 - 2016-11-02 04:01 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll

2016-11-12 16:37 - 2016-11-02 03:22 - 01570672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll

2016-11-12 16:37 - 2016-11-02 03:13 - 00773720 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll

2016-11-12 16:37 - 2016-11-02 03:12 - 00376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys

2016-11-12 16:37 - 2016-11-02 03:12 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll

2016-11-12 16:37 - 2016-11-02 03:10 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll

2016-11-12 16:37 - 2016-11-02 03:09 - 02257104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2016-11-12 16:37 - 2016-11-02 03:08 - 00576408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll

2016-11-12 16:37 - 2016-11-02 03:08 - 00186424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll

2016-11-12 16:37 - 2016-11-02 03:05 - 06657176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll

2016-11-12 16:37 - 2016-11-02 03:05 - 03892352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll

2016-11-12 16:37 - 2016-11-02 03:05 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll

2016-11-12 16:37 - 2016-11-02 03:05 - 00951904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll

2016-11-12 16:37 - 2016-11-02 03:04 - 04312248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe

2016-11-12 16:37 - 2016-11-02 03:03 - 00714592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys

2016-11-12 16:37 - 2016-11-02 03:02 - 00682816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll

2016-11-12 16:37 - 2016-11-02 03:02 - 00238056 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll

2016-11-12 16:37 - 2016-11-02 03:01 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll

2016-11-12 16:37 - 2016-11-02 03:01 - 00545936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe

2016-11-12 16:37 - 2016-11-02 03:00 - 08156080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll

2016-11-12 16:37 - 2016-11-02 03:00 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll

2016-11-12 16:37 - 2016-11-02 02:50 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe

2016-11-12 16:37 - 2016-11-02 02:49 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys

2016-11-12 16:37 - 2016-11-02 02:49 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll

2016-11-12 16:37 - 2016-11-02 02:47 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll

2016-11-12 16:37 - 2016-11-02 02:46 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll

2016-11-12 16:37 - 2016-11-02 02:44 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthExt.dll

2016-11-12 16:37 - 2016-11-02 02:42 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sud.dll

2016-11-12 16:37 - 2016-11-02 02:42 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll

2016-11-12 16:37 - 2016-11-02 02:40 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontext.dll

2016-11-12 16:37 - 2016-11-02 02:39 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll

2016-11-12 16:37 - 2016-11-02 02:38 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl

2016-11-12 16:37 - 2016-11-02 02:37 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpinit.exe

2016-11-12 16:37 - 2016-11-02 02:36 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll

2016-11-12 16:37 - 2016-11-02 02:36 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe

2016-11-12 16:37 - 2016-11-02 02:33 - 12349952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll

2016-11-12 16:37 - 2016-11-02 02:33 - 03307520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll

2016-11-12 16:37 - 2016-11-02 02:32 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\efsext.dll

2016-11-12 16:37 - 2016-11-02 02:31 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe

2016-11-12 16:37 - 2016-11-02 02:31 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll

2016-11-12 16:37 - 2016-11-02 02:30 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll

2016-11-12 16:37 - 2016-11-02 02:30 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll

2016-11-12 16:37 - 2016-11-02 02:30 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll

2016-11-12 16:37 - 2016-11-02 02:29 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll

2016-11-12 16:37 - 2016-11-02 02:29 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll

2016-11-12 16:37 - 2016-11-02 02:29 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll

2016-11-12 16:37 - 2016-11-02 02:28 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll

2016-11-12 16:37 - 2016-11-02 02:28 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenterCPL.dll

2016-11-12 16:37 - 2016-11-02 02:28 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll

2016-11-12 16:37 - 2016-11-02 02:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll

2016-11-12 16:37 - 2016-11-02 02:28 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll

2016-11-12 16:37 - 2016-11-02 02:28 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll

2016-11-12 16:37 - 2016-11-02 02:28 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chartv.dll

2016-11-12 16:37 - 2016-11-02 02:27 - 02458112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll

2016-11-12 16:37 - 2016-11-02 02:27 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll

2016-11-12 16:37 - 2016-11-02 02:27 - 00580608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll

2016-11-12 16:37 - 2016-11-02 02:27 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl

2016-11-12 16:37 - 2016-11-02 02:27 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll

2016-11-12 16:37 - 2016-11-02 02:26 - 02747392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll

2016-11-12 16:37 - 2016-11-02 02:26 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll

2016-11-12 16:37 - 2016-11-02 02:26 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll

2016-11-12 16:37 - 2016-11-02 02:26 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll

2016-11-12 16:37 - 2016-11-02 02:26 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddraw.dll

2016-11-12 16:37 - 2016-11-02 02:26 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll

2016-11-12 16:37 - 2016-11-02 02:26 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll

2016-11-12 16:37 - 2016-11-02 02:25 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys

2016-11-12 16:37 - 2016-11-02 02:25 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll

2016-11-12 16:37 - 2016-11-02 02:23 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys

2016-11-12 16:37 - 2016-11-02 02:22 - 13441024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll

2016-11-12 16:37 - 2016-11-02 02:22 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe

2016-11-12 16:37 - 2016-11-02 02:19 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\chartv.dll

2016-11-12 16:37 - 2016-11-02 02:19 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll

2016-11-12 16:37 - 2016-11-02 02:18 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll

2016-11-12 16:37 - 2016-11-02 02:18 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll

2016-11-12 16:37 - 2016-11-02 02:17 - 01282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll

2016-11-12 16:37 - 2016-11-02 02:17 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll

2016-11-12 16:37 - 2016-11-02 02:16 - 03133440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll

2016-11-12 16:37 - 2016-11-02 02:16 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll

2016-11-12 16:37 - 2016-11-02 02:16 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll

2016-11-12 16:37 - 2016-11-02 02:16 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll

2016-11-12 16:37 - 2016-11-02 02:15 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll

2016-11-12 16:37 - 2016-11-02 02:14 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll

2016-11-12 16:37 - 2016-11-02 00:20 - 00446896 _____ C:\WINDOWS\system32\ApnDatabase.xml

2016-11-12 16:36 - 2016-11-02 03:22 - 00601712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll

2016-11-12 16:36 - 2016-11-02 03:20 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll

2016-11-12 16:36 - 2016-11-02 03:14 - 07816544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

2016-11-12 16:36 - 2016-11-02 03:13 - 01883784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll

2016-11-12 16:36 - 2016-11-02 03:13 - 00423776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe

2016-11-12 16:36 - 2016-11-02 03:12 - 02255712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys

2016-11-12 16:36 - 2016-11-02 03:08 - 00602464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll

2016-11-12 16:36 - 2016-11-02 03:08 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll

2016-11-12 16:36 - 2016-11-02 03:05 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll

2016-11-12 16:36 - 2016-11-02 03:05 - 00405856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll

2016-11-12 16:36 - 2016-11-02 03:03 - 02750936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2016-11-12 16:36 - 2016-11-02 03:01 - 01425000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll

2016-11-12 16:36 - 2016-11-02 03:01 - 01415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll

2016-11-12 16:36 - 2016-11-02 03:01 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\input.dll

2016-11-12 16:36 - 2016-11-02 03:00 - 22223968 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll

2016-11-12 16:36 - 2016-11-02 03:00 - 04130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll

2016-11-12 16:36 - 2016-11-02 03:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll

2016-11-12 16:36 - 2016-11-02 02:59 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe

2016-11-12 16:36 - 2016-11-02 02:48 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll

2016-11-12 16:36 - 2016-11-02 02:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll

2016-11-12 16:36 - 2016-11-02 02:44 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe

2016-11-12 16:36 - 2016-11-02 02:43 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll

2016-11-12 16:36 - 2016-11-02 02:43 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll

2016-11-12 16:36 - 2016-11-02 02:43 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll

2016-11-12 16:36 - 2016-11-02 02:42 - 00549376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenterCPL.dll

2016-11-12 16:36 - 2016-11-02 02:42 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll

2016-11-12 16:36 - 2016-11-02 02:42 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe

2016-11-12 16:36 - 2016-11-02 02:41 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll

2016-11-12 16:36 - 2016-11-02 02:40 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll

2016-11-12 16:36 - 2016-11-02 02:39 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll

2016-11-12 16:36 - 2016-11-02 02:39 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAnimation.dll

2016-11-12 16:36 - 2016-11-02 02:38 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll

2016-11-12 16:36 - 2016-11-02 02:37 - 19415040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll

2016-11-12 16:36 - 2016-11-02 02:36 - 19415552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2016-11-12 16:36 - 2016-11-02 02:36 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetailsUpdate.dll

2016-11-12 16:36 - 2016-11-02 02:34 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe

2016-11-12 16:36 - 2016-11-02 02:31 - 03196416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll

2016-11-12 16:36 - 2016-11-02 02:31 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll

2016-11-12 16:36 - 2016-11-02 02:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll

2016-11-12 16:36 - 2016-11-02 02:31 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll

2016-11-12 16:36 - 2016-11-02 02:31 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll

2016-11-12 16:36 - 2016-11-02 02:31 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll

2016-11-12 16:36 - 2016-11-02 02:31 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll

2016-11-12 16:36 - 2016-11-02 02:30 - 12175360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2016-11-12 16:36 - 2016-11-02 02:30 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll

2016-11-12 16:36 - 2016-11-02 02:30 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll

2016-11-12 16:36 - 2016-11-02 02:30 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll

2016-11-12 16:36 - 2016-11-02 02:30 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll

2016-11-12 16:36 - 2016-11-02 02:29 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll

2016-11-12 16:36 - 2016-11-02 02:29 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2016-11-12 16:36 - 2016-11-02 02:29 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll

2016-11-12 16:36 - 2016-11-02 02:29 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll

2016-11-12 16:36 - 2016-11-02 02:29 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll

2016-11-12 16:36 - 2016-11-02 02:29 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll

2016-11-12 16:36 - 2016-11-02 02:29 - 00276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll

2016-11-12 16:36 - 2016-11-02 02:29 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll

2016-11-12 16:36 - 2016-11-02 02:28 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll

2016-11-12 16:36 - 2016-11-02 02:28 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll

2016-11-12 16:36 - 2016-11-02 02:28 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll

2016-11-12 16:36 - 2016-11-02 02:28 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCenter.dll

2016-11-12 16:36 - 2016-11-02 02:28 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll

2016-11-12 16:36 - 2016-11-02 02:28 - 00240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll

2016-11-12 16:36 - 2016-11-02 02:28 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll

2016-11-12 16:36 - 2016-11-02 02:28 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll

2016-11-12 16:36 - 2016-11-02 02:28 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll

2016-11-12 16:36 - 2016-11-02 02:27 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2016-11-12 16:36 - 2016-11-02 02:27 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll

2016-11-12 16:36 - 2016-11-02 02:27 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe

2016-11-12 16:36 - 2016-11-02 02:27 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll

2016-11-12 16:36 - 2016-11-02 02:27 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll

2016-11-12 16:36 - 2016-11-02 02:26 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2016-11-12 16:36 - 2016-11-02 02:26 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll

2016-11-12 16:36 - 2016-11-02 02:26 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll

2016-11-12 16:36 - 2016-11-02 02:26 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll

2016-11-12 16:36 - 2016-11-02 02:25 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2016-11-12 16:36 - 2016-11-02 02:25 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll

2016-11-12 16:36 - 2016-11-02 02:25 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll

2016-11-12 16:36 - 2016-11-02 02:25 - 00541696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll

2016-11-12 16:36 - 2016-11-02 02:25 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll

2016-11-12 16:36 - 2016-11-02 02:24 - 03778560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll

2016-11-12 16:36 - 2016-11-02 02:24 - 00940032 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontext.dll

2016-11-12 16:36 - 2016-11-02 02:23 - 03106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe

2016-11-12 16:36 - 2016-11-02 02:23 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll

2016-11-12 16:36 - 2016-11-02 02:23 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll

2016-11-12 16:36 - 2016-11-02 02:23 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetailsUpdate.dll

2016-11-12 16:36 - 2016-11-02 02:22 - 13081600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2016-11-12 16:36 - 2016-11-02 02:22 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll

2016-11-12 16:36 - 2016-11-02 02:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll

2016-11-12 16:36 - 2016-11-02 02:21 - 05111296 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll

2016-11-12 16:36 - 2016-11-02 02:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll

2016-11-12 16:36 - 2016-11-02 02:20 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll

2016-11-12 16:36 - 2016-11-02 02:20 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll

2016-11-12 16:36 - 2016-11-02 02:19 - 08127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll

2016-11-12 16:36 - 2016-11-02 02:19 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll

2016-11-12 16:36 - 2016-11-02 02:19 - 01586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll

2016-11-12 16:36 - 2016-11-02 02:19 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll

2016-11-12 16:36 - 2016-11-02 02:19 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll

2016-11-12 16:36 - 2016-11-02 02:19 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll

2016-11-12 16:36 - 2016-11-02 02:18 - 01690112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll

2016-11-12 16:36 - 2016-11-02 02:18 - 00779776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll

2016-11-12 16:36 - 2016-11-02 02:18 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll

2016-11-12 16:36 - 2016-11-02 02:17 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2016-11-12 16:36 - 2016-11-02 02:17 - 00982528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll

2016-11-12 16:36 - 2016-11-02 02:17 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl

2016-11-12 16:36 - 2016-11-02 02:17 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll

2016-11-12 16:36 - 2016-11-02 02:16 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll

2016-11-12 16:36 - 2016-11-02 02:16 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll

2016-11-12 16:36 - 2016-11-02 02:16 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2016-11-12 16:36 - 2016-11-02 02:16 - 02512384 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll

2016-11-12 16:36 - 2016-11-02 02:16 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2016-11-12 16:36 - 2016-11-02 02:16 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll

2016-11-12 16:36 - 2016-11-02 02:16 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll

2016-11-12 16:36 - 2016-11-02 02:16 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll

2016-11-12 16:36 - 2016-11-02 02:16 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll

2016-11-12 16:36 - 2016-11-02 02:15 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll

2016-11-12 16:36 - 2016-11-02 02:15 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys

2016-11-12 16:36 - 2016-11-02 02:15 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll

2016-11-12 16:36 - 2016-11-02 02:15 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys

2016-11-12 16:36 - 2016-11-02 02:15 - 01348608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll

2016-11-12 16:36 - 2016-11-02 02:15 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll

2016-11-12 16:36 - 2016-11-02 02:13 - 03496960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll

2016-11-12 16:36 - 2016-11-02 02:13 - 03299840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe

2016-11-12 16:36 - 2016-11-02 02:13 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll

2016-11-12 16:36 - 2016-08-01 20:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll

2016-11-12 16:35 - 2016-11-02 03:20 - 00378720 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll

2016-11-12 16:35 - 2016-11-02 03:15 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi

2016-11-12 16:35 - 2016-11-02 03:15 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe

2016-11-12 16:35 - 2016-11-02 03:13 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi

2016-11-12 16:35 - 2016-11-02 03:13 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe

2016-11-12 16:35 - 2016-11-02 03:04 - 02678056 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll

2016-11-12 16:35 - 2016-11-02 03:04 - 00596832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll

2016-11-12 16:35 - 2016-11-02 03:02 - 00848736 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll

2016-11-12 16:35 - 2016-11-02 03:02 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll

2016-11-12 16:35 - 2016-11-02 03:01 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll

2016-11-12 16:35 - 2016-11-02 03:00 - 01061968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll

2016-11-12 16:35 - 2016-11-02 02:56 - 01609920 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll

2016-11-12 16:35 - 2016-11-02 02:56 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll

2016-11-12 16:35 - 2016-11-02 02:56 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll

2016-11-12 16:35 - 2016-11-02 02:56 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe

2016-11-12 16:35 - 2016-11-02 02:56 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\input.dll

2016-11-12 16:35 - 2016-11-02 02:55 - 00048992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\iorate.sys

2016-11-12 16:35 - 2016-11-02 02:48 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efsext.dll

2016-11-12 16:35 - 2016-11-02 02:47 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll

2016-11-12 16:35 - 2016-11-02 02:47 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll

2016-11-12 16:35 - 2016-11-02 02:46 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll

2016-11-12 16:35 - 2016-11-02 02:45 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe

2016-11-12 16:35 - 2016-11-02 02:45 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll

2016-11-12 16:35 - 2016-11-02 02:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll

2016-11-12 16:35 - 2016-11-02 02:44 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll

2016-11-12 16:35 - 2016-11-02 02:43 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8.dll

2016-11-12 16:35 - 2016-11-02 02:43 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll

2016-11-12 16:35 - 2016-11-02 02:42 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll

2016-11-12 16:35 - 2016-11-02 02:42 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll

2016-11-12 16:35 - 2016-11-02 02:40 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ddraw.dll

2016-11-12 16:35 - 2016-11-02 02:35 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe

2016-11-12 16:35 - 2016-11-02 02:34 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll

2016-11-12 16:35 - 2016-11-02 02:33 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys

2016-11-12 16:35 - 2016-11-02 02:32 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll

2016-11-12 16:35 - 2016-11-02 02:31 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll

2016-11-12 16:35 - 2016-11-02 02:30 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll

2016-11-12 16:35 - 2016-11-02 02:29 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe

2016-11-12 16:35 - 2016-11-02 02:28 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll

2016-11-12 16:35 - 2016-11-02 02:28 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.dll

2016-11-12 16:35 - 2016-11-02 02:28 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe

2016-11-12 16:35 - 2016-11-02 02:26 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll

2016-11-12 16:35 - 2016-11-02 02:26 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll

2016-11-12 16:35 - 2016-11-02 02:26 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAnimation.dll

2016-11-12 16:35 - 2016-11-02 02:25 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll

2016-11-12 16:35 - 2016-11-02 02:23 - 02356736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll

2016-11-12 16:35 - 2016-11-02 02:16 - 04148736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll

2016-11-12 16:35 - 2016-11-02 02:16 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll

2016-11-12 16:35 - 2016-11-02 02:16 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll

2016-11-12 16:35 - 2016-11-02 01:11 - 00788624 _____ C:\WINDOWS\SysWOW64\locale.nls

2016-11-12 16:35 - 2016-11-02 01:11 - 00788624 _____ C:\WINDOWS\system32\locale.nls

2016-11-12 16:35 - 2016-08-26 21:12 - 00244816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll

2016-11-12 16:35 - 2016-08-05 20:17 - 00619368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys

2016-11-12 16:31 - 2016-12-02 11:05 - 00132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\LxRun.exe

2016-11-12 16:31 - 2016-12-02 11:05 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\bash.exe

2016-11-12 16:31 - 2016-10-14 20:48 - 00498952 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll

2016-11-12 16:31 - 2016-10-14 20:26 - 01990648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll

2016-11-12 16:31 - 2016-10-14 20:26 - 01472536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll

2016-11-12 16:31 - 2016-10-14 20:26 - 00811416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll

2016-11-12 16:31 - 2016-10-14 20:26 - 00691080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll

2016-11-12 16:31 - 2016-10-14 20:22 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll

2016-11-12 16:31 - 2016-10-14 20:18 - 00749920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvstore.dll

2016-11-12 16:31 - 2016-10-14 20:15 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll

2016-11-12 16:31 - 2016-10-14 19:57 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe

2016-11-12 16:31 - 2016-10-14 19:56 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll

2016-11-12 16:31 - 2016-10-14 19:54 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll

2016-11-12 16:31 - 2016-10-14 19:53 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll

2016-11-12 16:31 - 2016-10-14 19:52 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll

2016-11-12 16:31 - 2016-10-14 19:50 - 17188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll

2016-11-12 16:31 - 2016-10-14 19:50 - 00509440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll

2016-11-12 16:31 - 2016-10-14 19:48 - 01323008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll

2016-11-12 16:31 - 2016-10-14 19:47 - 01113600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll

2016-11-12 16:31 - 2016-10-14 19:46 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll

2016-11-12 16:31 - 2016-10-14 19:44 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll

2016-11-12 16:31 - 2016-10-14 19:44 - 00470016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll

2016-11-12 16:31 - 2016-10-14 19:43 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\energy.dll

2016-11-12 16:31 - 2016-10-14 19:42 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll

2016-11-12 16:31 - 2016-10-14 19:42 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll

2016-11-12 16:31 - 2016-10-14 19:41 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsiwmi.dll

2016-11-12 16:31 - 2016-10-14 19:36 - 02290176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll

2016-11-12 16:31 - 2016-10-14 19:31 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys

2016-11-12 16:30 - 2016-10-14 20:51 - 02186896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll

2016-11-12 16:30 - 2016-10-14 20:51 - 01637728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll

2016-11-12 16:30 - 2016-10-14 20:51 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll

2016-11-12 16:30 - 2016-10-14 20:51 - 00595296 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll

2016-11-12 16:30 - 2016-10-14 20:51 - 00584032 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll

2016-11-12 16:30 - 2016-10-14 20:51 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll

2016-11-12 16:30 - 2016-10-14 20:51 - 00283488 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe

2016-11-12 16:30 - 2016-10-14 20:51 - 00232800 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll

2016-11-12 16:30 - 2016-10-14 20:51 - 00137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll

2016-11-12 16:30 - 2016-10-14 20:51 - 00078688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe

2016-11-12 16:30 - 2016-10-14 20:43 - 01356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe

2016-11-12 16:30 - 2016-10-14 20:41 - 05622088 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe

2016-11-12 16:30 - 2016-10-14 20:38 - 00500064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll

2016-11-12 16:30 - 2016-10-14 20:37 - 00063328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys

2016-11-12 16:30 - 2016-10-14 20:34 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll

2016-11-12 16:30 - 2016-10-14 20:33 - 00455040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll

2016-11-12 16:30 - 2016-10-14 20:31 - 02827864 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll

2016-11-12 16:30 - 2016-10-14 20:30 - 01851696 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll

2016-11-12 16:30 - 2016-10-14 20:30 - 00509280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys

2016-11-12 16:30 - 2016-10-14 20:30 - 00341936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll

2016-11-12 16:30 - 2016-10-14 20:29 - 02913104 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll

2016-11-12 16:30 - 2016-10-14 20:29 - 01267504 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll

2016-11-12 16:30 - 2016-10-14 20:29 - 00908640 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvstore.dll

2016-11-12 16:30 - 2016-10-14 20:29 - 00079200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys

2016-11-12 16:30 - 2016-10-14 20:26 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll

2016-11-12 16:30 - 2016-10-14 20:25 - 00882680 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll

2016-11-12 16:30 - 2016-10-14 20:25 - 00742704 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll

2016-11-12 16:30 - 2016-10-14 20:21 - 00292872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpeffects.dll

2016-11-12 16:30 - 2016-10-14 20:10 - 00254656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpeffects.dll

2016-11-12 16:30 - 2016-10-14 20:06 - 05685760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll

2016-11-12 16:30 - 2016-10-14 20:05 - 07216640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll

2016-11-12 16:30 - 2016-10-14 20:01 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll

2016-11-12 16:30 - 2016-10-14 20:00 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll

2016-11-12 16:30 - 2016-10-14 20:00 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll

2016-11-12 16:30 - 2016-10-14 20:00 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stdole2.tlb

2016-11-12 16:30 - 2016-10-14 19:59 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfksproxy.dll

2016-11-12 16:30 - 2016-10-14 19:59 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfksproxy.dll

2016-11-12 16:30 - 2016-10-14 19:59 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe

2016-11-12 16:30 - 2016-10-14 19:58 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys

2016-11-12 16:30 - 2016-10-14 19:57 - 00217600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpdxm.dll

2016-11-12 16:30 - 2016-10-14 19:57 - 00175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpdxm.dll

2016-11-12 16:30 - 2016-10-14 19:57 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe

2016-11-12 16:30 - 2016-10-14 19:56 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\esentutl.exe

2016-11-12 16:30 - 2016-10-14 19:56 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esentutl.exe

2016-11-12 16:30 - 2016-10-14 19:56 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFi.dll

2016-11-12 16:30 - 2016-10-14 19:56 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll

2016-11-12 16:30 - 2016-10-14 19:56 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll

2016-11-12 16:30 - 2016-10-14 19:56 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll

2016-11-12 16:30 - 2016-10-14 19:56 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll

2016-11-12 16:30 - 2016-10-14 19:55 - 00329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll

2016-11-12 16:30 - 2016-10-14 19:55 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll

2016-11-12 16:30 - 2016-10-14 19:55 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll

2016-11-12 16:30 - 2016-10-14 19:55 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll

2016-11-12 16:30 - 2016-10-14 19:55 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpshell.dll

2016-11-12 16:30 - 2016-10-14 19:54 - 00717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskbarcpl.dll

2016-11-12 16:30 - 2016-10-14 19:54 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll

2016-11-12 16:30 - 2016-10-14 19:54 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll

2016-11-12 16:30 - 2016-10-14 19:54 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairingFolder.dll

2016-11-12 16:30 - 2016-10-14 19:54 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoplay.dll

2016-11-12 16:30 - 2016-10-14 19:54 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpshell.dll

2016-11-12 16:30 - 2016-10-14 19:53 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll

2016-11-12 16:30 - 2016-10-14 19:52 - 00410624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll

2016-11-12 16:30 - 2016-10-14 19:52 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll

2016-11-12 16:30 - 2016-10-14 19:52 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\systemcpl.dll

2016-11-12 16:30 - 2016-10-14 19:52 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoplay.dll

2016-11-12 16:30 - 2016-10-14 19:51 - 13868544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll

2016-11-12 16:30 - 2016-10-14 19:51 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll

2016-11-12 16:30 - 2016-10-14 19:50 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll

2016-11-12 16:30 - 2016-10-14 19:50 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll

2016-11-12 16:30 - 2016-10-14 19:50 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll

2016-11-12 16:30 - 2016-10-14 19:50 - 00310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll

2016-11-12 16:30 - 2016-10-14 19:50 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll

2016-11-12 16:30 - 2016-10-14 19:50 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll

2016-11-12 16:30 - 2016-10-14 19:49 - 01913344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll

2016-11-12 16:30 - 2016-10-14 19:49 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll

2016-11-12 16:30 - 2016-10-14 19:49 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll

2016-11-12 16:30 - 2016-10-14 19:49 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe

2016-11-12 16:30 - 2016-10-14 19:49 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe

2016-11-12 16:30 - 2016-10-14 19:49 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe

2016-11-12 16:30 - 2016-10-14 19:48 - 01554944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll

2016-11-12 16:30 - 2016-10-14 19:48 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll

2016-11-12 16:30 - 2016-10-14 19:47 - 07792640 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll

2016-11-12 16:30 - 2016-10-14 19:47 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll

2016-11-12 16:30 - 2016-10-14 19:47 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll

2016-11-12 16:30 - 2016-10-14 19:46 - 03287552 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll

2016-11-12 16:30 - 2016-10-14 19:46 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll

2016-11-12 16:30 - 2016-10-14 19:45 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll

2016-11-12 16:30 - 2016-10-14 19:45 - 00406016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll

2016-11-12 16:30 - 2016-10-14 19:44 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\powercfg.exe

2016-11-12 16:30 - 2016-10-14 19:43 - 02748928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll

2016-11-12 16:30 - 2016-10-14 19:43 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll

2016-11-12 16:30 - 2016-10-14 19:43 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsiwmi.dll

2016-11-12 16:30 - 2016-10-14 19:42 - 06108672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll

2016-11-12 16:30 - 2016-10-14 19:41 - 07654912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll

2016-11-12 16:30 - 2016-10-14 19:41 - 05376000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll

2016-11-12 16:30 - 2016-10-14 19:41 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll

2016-11-12 16:30 - 2016-10-14 19:39 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll

2016-11-12 16:30 - 2016-10-14 19:39 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll

2016-11-12 16:30 - 2016-10-14 19:39 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll

2016-11-12 16:30 - 2016-10-14 19:39 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll

2016-11-12 16:30 - 2016-10-14 19:39 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll

2016-11-12 16:30 - 2016-10-14 19:39 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Geolocation.dll

2016-11-12 16:30 - 2016-10-14 19:38 - 01993216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll

2016-11-12 16:30 - 2016-10-14 19:38 - 00913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll

2016-11-12 16:30 - 2016-10-14 19:38 - 00675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll

2016-11-12 16:30 - 2016-10-14 19:37 - 01980416 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll

2016-11-12 16:30 - 2016-10-14 19:37 - 01643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll

2016-11-12 16:30 - 2016-10-14 19:37 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll

2016-11-12 16:30 - 2016-10-14 19:37 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll

2016-11-12 16:30 - 2016-10-14 19:37 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmifw.dll

2016-11-12 16:30 - 2016-10-14 19:36 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe

2016-11-12 16:30 - 2016-10-14 19:36 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe

2016-11-12 16:30 - 2016-10-14 19:36 - 00542208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll

2016-11-12 16:30 - 2016-10-14 19:36 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll

2016-11-12 16:30 - 2016-10-14 19:36 - 00338944 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll

2016-11-12 16:30 - 2016-10-14 19:36 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmifw.dll

2016-11-12 16:30 - 2016-10-14 19:35 - 03054080 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll

2016-11-12 16:30 - 2016-10-14 19:35 - 02708992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll

2016-11-12 16:30 - 2016-10-14 19:35 - 02315264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll

2016-11-12 16:30 - 2016-10-14 19:35 - 00905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll

2016-11-12 16:30 - 2016-10-14 19:35 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll

2016-11-12 16:30 - 2016-10-14 19:35 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll

2016-11-12 16:30 - 2016-10-14 19:35 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll

2016-11-12 16:30 - 2016-10-14 19:34 - 01840640 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll

2016-11-12 16:30 - 2016-10-14 19:34 - 00936448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll

2016-11-12 16:30 - 2016-10-14 19:32 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll

2016-11-12 16:30 - 2016-09-10 05:21 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys

2016-11-12 16:29 - 2016-10-14 20:38 - 00409952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS

2016-11-12 16:29 - 2016-10-14 20:31 - 02190688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys

2016-11-12 16:29 - 2016-10-14 20:31 - 00658272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys

2016-11-12 16:29 - 2016-10-14 20:31 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys

2016-11-12 16:29 - 2016-10-14 20:30 - 00557408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys

2016-11-12 16:29 - 2016-10-14 20:29 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys

2016-11-12 16:29 - 2016-10-14 20:26 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll

2016-11-12 16:29 - 2016-10-14 20:26 - 00160096 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll

2016-11-12 16:29 - 2016-10-14 20:21 - 02537824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys

2016-11-12 16:29 - 2016-10-14 20:21 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys

2016-11-12 16:29 - 2016-10-14 20:21 - 00584032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys

2016-11-12 16:29 - 2016-10-14 20:20 - 02276736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll

2016-11-12 16:29 - 2016-10-14 20:19 - 00272720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll

2016-11-12 16:29 - 2016-10-14 20:18 - 02166232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll

2016-11-12 16:29 - 2016-10-14 20:18 - 01556712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll

2016-11-12 16:29 - 2016-10-14 20:18 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll

2016-11-12 16:29 - 2016-10-14 20:15 - 01853776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll

2016-11-12 16:29 - 2016-10-14 20:15 - 01123368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll

2016-11-12 16:29 - 2016-10-14 20:15 - 00687936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll

2016-11-12 16:29 - 2016-10-14 20:11 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll

2016-11-12 16:29 - 2016-10-14 20:00 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll

2016-11-12 16:29 - 2016-10-14 19:59 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\stdole2.tlb

2016-11-12 16:29 - 2016-10-14 19:56 - 00327680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll

2016-11-12 16:29 - 2016-10-14 19:56 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll

2016-11-12 16:29 - 2016-10-14 19:56 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSrvPolicyManager.dll

2016-11-12 16:29 - 2016-10-14 19:55 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys

2016-11-12 16:29 - 2016-10-14 19:54 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll

2016-11-12 16:29 - 2016-10-14 19:52 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll

2016-11-12 16:29 - 2016-10-14 19:51 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll

2016-11-12 16:29 - 2016-10-14 19:47 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll

2016-11-12 16:29 - 2016-10-14 19:45 - 01790464 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll

2016-11-12 16:29 - 2016-10-14 19:44 - 00636928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll

2016-11-12 16:29 - 2016-10-14 19:42 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Geolocation.dll

2016-11-12 16:29 - 2016-10-14 19:42 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\powercfg.exe

2016-11-12 16:29 - 2016-10-14 19:41 - 00945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll

2016-11-12 16:29 - 2016-10-14 19:39 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll

2016-11-12 16:29 - 2016-10-14 19:39 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll

2016-11-12 16:29 - 2016-10-14 19:37 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll

2016-11-12 16:29 - 2016-10-14 19:37 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll

2016-11-12 16:29 - 2016-10-14 19:36 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll

2016-11-12 16:29 - 2016-10-14 19:36 - 00983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll

2016-11-12 16:29 - 2016-10-14 19:35 - 02005504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll

2016-11-12 16:29 - 2016-10-14 19:34 - 02476544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll

2016-11-12 15:43 - 2016-11-12 15:43 - 00000000 ____D C:\Users\suzie\Desktop\WlanTraces

2016-11-12 15:31 - 2016-11-20 12:14 - 00000607 ____N C:\Users\suzie\AppData\Roaming\Microsoft\Windows\Start Menu\This page can’t be displayed.website

2016-11-12 15:31 - 2016-11-15 18:27 - 00000366 _____ C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - suzie).job

2016-11-12 15:31 - 2016-11-12 15:31 - 00003126 _____ C:\WINDOWS\System32\Tasks\SlimCleaner Plus (Scheduled Scan - suzie)

2016-11-12 15:21 - 2016-12-11 15:15 - 00798314 _____ C:\WINDOWS\ntbtlog.txt

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-12-11 16:37 - 2016-10-13 22:23 - 00000000 ____D C:\WINDOWS\system32\SleepStudy

2016-12-11 05:24 - 2016-10-13 23:51 - 00000000 ____D C:\Users\suzie

2016-12-10 13:59 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports

2016-12-09 14:56 - 2016-10-14 13:21 - 00000000 ____D C:\Users\suzie\Downloads\spsetup128

2016-12-09 08:29 - 2016-10-15 10:40 - 04195588 _____ C:\Users\suzie\Desktop\pfirewall.log.old

2016-12-09 07:21 - 2016-10-13 22:38 - 02106748 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2016-12-09 07:16 - 2016-10-17 05:01 - 02098176 _____ C:\WINDOWS\system32\UserMgrLog.etl

2016-12-09 07:16 - 2016-10-17 05:01 - 00082944 _____ C:\WINDOWS\system32\umstartup.etl

2016-12-09 07:16 - 2016-10-13 22:24 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2016-12-08 22:56 - 2016-10-17 05:01 - 01019904 _____ C:\WINDOWS\system32\UserMgrLogBackup.etl

2016-12-08 22:56 - 2016-10-17 05:01 - 00036864 _____ C:\WINDOWS\system32\umstartup000.etl

2016-12-08 22:56 - 2016-07-15 22:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI

2016-12-06 20:12 - 2016-07-16 03:47 - 00000000 ___HD C:\Program Files\WindowsApps

2016-12-06 20:12 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\AppReadiness

2016-12-06 11:04 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\rescache

2016-12-03 20:13 - 2016-10-13 23:21 - 00000000 ___DC C:\WINDOWS\Panther

2016-12-03 16:25 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv

2016-12-03 16:25 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\system32\setup

2016-12-03 16:25 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\system32\inetsrv

2016-12-03 16:25 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions

2016-12-03 16:25 - 2016-07-16 03:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared

2016-12-03 16:25 - 2016-07-16 03:45 - 00000000 ____D C:\WINDOWS\INF

2016-12-02 11:16 - 2016-07-16 03:36 - 00000000 ____D C:\WINDOWS\CbsTemp

2016-12-02 11:05 - 2016-10-13 23:13 - 00791904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\lxcore.sys

2016-12-02 11:05 - 2016-10-13 23:12 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\cngkeyhelper.dll

2016-12-02 11:05 - 2016-10-13 23:12 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cngkeyhelper.dll

2016-12-02 11:05 - 2016-07-16 03:44 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll

2016-12-02 11:05 - 2016-07-16 03:44 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll

2016-12-02 11:05 - 2016-07-16 03:44 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll

2016-12-02 11:05 - 2016-07-16 03:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe

2016-12-02 11:05 - 2016-07-16 03:44 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll

2016-12-02 11:05 - 2016-07-16 03:44 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll

2016-12-02 11:05 - 2016-07-16 03:43 - 00471040 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll

2016-12-02 11:05 - 2016-07-16 03:43 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll

2016-12-02 11:05 - 2016-07-16 03:43 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\nfscimprov.dll

2016-12-02 11:05 - 2016-07-16 03:43 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nfsrdr.sys

2016-12-02 11:05 - 2016-07-16 03:43 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll

2016-12-02 11:05 - 2016-07-16 03:43 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll

2016-12-02 11:05 - 2016-07-16 03:43 - 00150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nfsadmin.exe

2016-12-02 11:05 - 2016-07-16 03:43 - 00132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rpcxdr.sys

2016-12-02 11:05 - 2016-07-16 03:43 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcinfo.exe

2016-12-02 11:05 - 2016-07-16 03:43 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\umount.exe

2016-12-02 11:05 - 2016-07-16 03:43 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\nfsclnt.exe

2016-12-02 11:05 - 2016-07-16 03:43 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\nfsnp.dll

2016-12-02 11:05 - 2016-07-16 03:43 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\mount.exe

2016-12-02 11:05 - 2016-07-16 03:43 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\showmount.exe

2016-12-02 11:05 - 2016-07-16 03:43 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\nfscprop.dll

2016-12-02 11:05 - 2016-07-16 03:43 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll

2016-12-02 11:05 - 2016-07-16 03:43 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll

2016-12-02 11:05 - 2016-07-16 03:43 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll

2016-12-02 11:05 - 2016-07-16 03:43 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll

2016-12-02 11:05 - 2016-07-16 03:43 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll

2016-12-02 11:05 - 2016-07-16 03:43 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe

2016-12-02 11:05 - 2016-07-16 03:43 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll

2016-12-02 11:05 - 2016-07-16 03:43 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\simptcp.dll

2016-12-02 11:05 - 2016-07-16 03:43 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe

2016-12-02 11:05 - 2016-07-16 03:43 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe

2016-12-02 11:05 - 2016-07-16 03:43 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe

2016-12-02 11:05 - 2016-07-16 03:43 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll

2016-12-02 11:05 - 2016-07-16 03:43 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll

2016-12-02 11:05 - 2016-07-16 03:43 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll

2016-12-02 11:05 - 2016-07-16 03:43 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll

2016-12-02 11:05 - 2016-07-16 03:43 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll

2016-12-02 11:05 - 2016-07-16 03:43 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll

2016-12-02 11:05 - 2016-07-16 03:43 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\nfsrc.dll

2016-12-02 11:05 - 2016-07-16 03:43 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnlobby.dll

2016-12-02 11:05 - 2016-07-16 03:43 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnaddr.dll

2016-12-02 11:05 - 2016-07-16 03:43 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnlobby.dll

2016-12-02 11:05 - 2016-07-16 03:43 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnaddr.dll

2016-12-02 11:05 - 2016-07-16 03:42 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\lxss.sys

2016-11-25 14:55 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\system32\AppLocker

2016-11-25 14:47 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\registration

2016-11-24 06:05 - 2016-10-13 23:54 - 00000000 __RHD C:\Users\Public\AccountPictures

2016-11-21 18:47 - 2016-10-13 23:57 - 00000000 ___RD C:\Users\suzie\OneDrive

2016-11-20 18:06 - 2016-10-13 20:34 - 00000000 __RHD C:\ESD

2016-11-17 10:42 - 2016-10-14 13:54 - 00013920 _____ C:\WINDOWS\system32\Drivers\SWDUMon.sys

2016-11-15 18:27 - 2016-10-13 22:22 - 00237488 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2016-11-15 18:23 - 2016-07-16 03:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel

2016-11-15 18:23 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns

2016-11-15 18:23 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\system32\oobe

2016-11-15 18:23 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\system32\migwiz

2016-11-15 18:23 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\system32\appraiser

2016-11-15 18:23 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\ShellExperiences

2016-11-15 18:23 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\bcastdvr

2016-11-15 18:19 - 2016-07-16 03:47 - 00015425 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml

2016-11-15 16:14 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\Help

2016-11-15 16:02 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\System

2016-11-15 14:37 - 2016-10-13 23:54 - 00000000 ____D C:\Users\suzie\AppData\Roaming\Adobe

2016-11-12 17:54 - 2016-10-14 05:12 - 00000000 ____D C:\WINDOWS\system32\MRT

2016-11-12 17:52 - 2016-10-14 05:11 - 141011376 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2016-11-12 16:20 - 2016-10-14 13:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Unlocker

2016-11-12 16:20 - 2016-10-14 05:47 - 00000000 ____D C:\ProgramData\IObit

2016-11-12 16:20 - 2016-10-13 22:35 - 00000000 ____D C:\Users\defaultuser0

2016-11-12 16:20 - 2016-10-11 06:11 - 00000000 ____D C:\Windows10Upgrade

2016-11-12 16:20 - 2016-09-29 17:40 - 00000000 ___HD C:\$SysReset

2016-11-12 16:20 - 2016-07-16 03:47 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files

2016-11-12 16:20 - 2016-07-16 03:47 - 00000000 ___RD C:\Program Files\Windows Defender

2016-11-12 16:20 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\appcompat

2016-11-12 16:20 - 2016-07-15 22:04 - 00000000 ____D C:\WINDOWS\servicing

2016-11-12 16:19 - 2016-10-16 08:51 - 00000000 ____D C:\WINDOWS\pss

2016-11-12 16:19 - 2016-07-16 06:14 - 00000000 ____D C:\WINDOWS\DigitalLocker

2016-11-12 15:43 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\tracing

2016-11-12 15:27 - 2016-10-14 05:14 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

 

==================== Files in the root of some directories =======

 

2016-12-03 20:02 - 2016-12-03 20:02 - 3604152 _____ (COMODO) C:\ProgramData\cis9CF2.exe

2016-12-03 19:22 - 2016-12-03 19:22 - 3604152 _____ (COMODO) C:\ProgramData\cisA135.exe

 

Files to move or delete:

====================

C:\ProgramData\cis9CF2.exe

C:\ProgramData\cisA135.exe

 

==================== Bamital & volsnap ======================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\wininit.exe => File is digitally signed

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-07 06:51

 

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016

Ran by suzie (11-12-2016 17:09:56)

Running from C:\Users\suzie\Downloads

Windows 10 Pro Version 1607 (X64) (2016-10-14 07:47:29)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-2182135673-2863217846-1483970103-500 - Administrator - Disabled)

DefaultAccount (S-1-5-21-2182135673-2863217846-1483970103-503 - Limited - Disabled)

defaultuser0 (S-1-5-21-2182135673-2863217846-1483970103-1000 - Limited - Disabled) => C:\Users\defaultuser0

Guest (S-1-5-21-2182135673-2863217846-1483970103-501 - Limited - Disabled)

suzie (S-1-5-21-2182135673-2863217846-1483970103-1001 - Administrator - Enabled) => C:\Users\suzie

suzieseller (S-1-5-21-2182135673-2863217846-1483970103-1002 - Limited - Enabled) => C:\Users\suzieseller

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: COMODO Antivirus (Enabled - Up to date) {D0CC7563-ABD2-DEBE-138E-FDD553335AF2}

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

7-Zip 16.04 (HKLM-x32\...\7-Zip) (Version: 16.04 - Igor Pavlov)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)

AirPort (HKLM-x32\...\{AA68AAAE-41F0-40B5-8896-5947F5FD6889}) (Version: 5.6.1.2 - Apple Inc.)

Apple Application Support (32-bit) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)

Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)

COMODO Antivirus (HKLM\...\{C7C71F0C-4CC1-4B17-943C-96E5196DDA74}) (Version: 8.4.0.5165 - COMODO Security Solutions Inc.)

Comodo TrustConnect™ v.1.7.3 (HKLM-x32\...\Comodo TrustConnect™_is1) (Version:  - COMODO)

GeekBuddy (HKLM\...\Geekbuddy) (Version: 4.29.209 - Comodo Security Solutions Inc)

GeekBuddy (Version: 4.29.209 - Comodo Security Solutions Inc) Hidden

Heimdal Agent (HKLM-x32\...\{27923029-841D-4F2A-AB98-A6479EB3FFA8}) (Version: 2.2.13 - Heimdal Security)

iCloud (HKLM\...\{29AAC3D3-23FC-496D-8266-0E3833686758}) (Version: 6.0.2.10 - Apple Inc.)

IObit Unlocker (HKLM-x32\...\IObit Unlocker_is1) (Version: 1.1 - IObit)

iTunes (HKLM\...\{554C62C7-E6BB-40F1-892B-F0AE02D3C135}) (Version: 12.5.3.17 - Apple Inc.)

Microsoft Word 2000 SR-1 (HKLM-x32\...\{00170409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)

Mozilla Firefox 50.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.0.2 (x86 en-US)) (Version: 50.0.2 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.0.2.6177 - Mozilla)

Revo Uninstaller 2.0.1 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.1 - VS Revo Group, Ltd.)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated)

Tweaking.com - Hardware Identify (HKLM-x32\...\Tweaking.com - Hardware Identify) (Version: 2.1.1 - Tweaking.com)

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {0B75D4E0-5810-448B-B35D-579D559AA256} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - suzie) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe

Task: {2C45B803-CCE7-4407-8DC1-86BE71604E95} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-09-14] (COMODO)

Task: {2EE26534-ED5E-46FE-8B5D-62A261994106} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-08-06] (Synaptics Incorporated)

Task: {450D89B7-F826-4195-9209-19E028D6EF4E} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-09-14] (COMODO)

Task: {6DB667D8-E003-4355-BAE8-8303138488A5} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-09-14] (COMODO)

Task: {7D5A5F4E-6967-4FB6-BD43-1A5A3CA6CD0C} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2016-10-05] (Apple Inc.)

Task: {A29A8BDA-AA6D-4F67-8F56-F0FEB3D3312D} - System32\Tasks\Microsoft\Windows\Windows Subsystem for Linux\AptPackageIndexUpdate => %comspec% [Argument = /c start "AptPackageIndexUpdate" /min %windir%\System32\LxRun.exe /update]

Task: {AADE58D5-37B1-4A64-8315-71C80A4DE40B} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-09-14] (COMODO)

Task: {BAE7F7E6-0F85-4023-BCAC-301708A82E70} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-09-14] (COMODO)

Task: {D3AF3539-5907-493A-89D3-36FB6B05C878} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)

Task: {FA05F5FB-1F63-42F6-93E0-52CD1163138C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - suzie).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe

 

==================== Shortcuts =============================

 

(The entries could be listed to be restored or removed.)

 

==================== Loaded Modules (Whitelisted) ==============

 

2016-10-05 18:17 - 2016-10-05 18:17 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2016-10-05 18:17 - 2016-10-05 18:17 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2016-07-16 03:42 - 2016-07-16 03:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll

2016-10-13 23:11 - 2016-10-13 23:11 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll

2016-10-13 23:11 - 2016-10-13 23:11 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll

2016-10-13 23:11 - 2016-10-13 23:11 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll

2016-10-14 23:58 - 2016-10-14 23:58 - 01864384 _____ () C:\Users\suzie\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll

2016-10-13 23:12 - 2016-10-13 23:12 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll

2016-11-12 16:36 - 2016-11-02 02:30 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll

2016-11-12 16:36 - 2016-11-02 02:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll

2016-11-12 16:36 - 2016-11-02 02:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll

2016-11-12 16:36 - 2016-11-02 02:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll

2016-11-12 16:36 - 2016-11-02 02:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll

2016-11-12 16:36 - 2016-11-02 02:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll

2016-11-12 16:36 - 2016-11-02 02:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll

2016-12-04 07:35 - 2016-12-04 07:35 - 00313144 _____ () C:\Program Files (x86)\COMODO\TrustConnect\bin\TrustConnectGUI.exe

2016-03-16 11:25 - 2016-03-16 11:25 - 00073912 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav

2016-12-04 07:35 - 2016-12-04 07:35 - 01206784 _____ () C:\Program Files (x86)\COMODO\TrustConnect\bin\libeay32.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

AlternateDataStreams: C:\ProgramData\cis9CF2.exe:$CmdTcID [64]

AlternateDataStreams: C:\ProgramData\cisA135.exe:$CmdTcID [64]

AlternateDataStreams: C:\Users\suzie\Downloads\audio10.diagcab:$CmdTcID [64]

AlternateDataStreams: C:\Users\suzie\Downloads\audio10.diagcab:$CmdZnID [26]

AlternateDataStreams: C:\Users\suzie\Downloads\COMODO Removal Tool(1).bat:$CmdTcID [64]

AlternateDataStreams: C:\Users\suzie\Downloads\COMODO Removal Tool(1).bat:$CmdZnID [26]

AlternateDataStreams: C:\Users\suzie\Downloads\COMODO Removal Tool.bat:$CmdTcID [64]

AlternateDataStreams: C:\Users\suzie\Downloads\COMODO Removal Tool.bat:$CmdZnID [29]

AlternateDataStreams: C:\Users\suzie\Downloads\FRST (1).exe:$CmdTcID [64]

AlternateDataStreams: C:\Users\suzie\Downloads\FRST (1).exe:$CmdZnID [26]

AlternateDataStreams: C:\Users\suzie\Downloads\FRST.exe:$CmdTcID [64]

AlternateDataStreams: C:\Users\suzie\Downloads\FRST.exe:$CmdZnID [29]

AlternateDataStreams: C:\Users\suzie\Downloads\FRST64.exe:$CmdTcID [64]

AlternateDataStreams: C:\Users\suzie\Downloads\FRST64.exe:$CmdZnID [26]

AlternateDataStreams: C:\Users\suzie\Downloads\grsetup.exe:$CmdZnID [0]

AlternateDataStreams: C:\Users\suzie\Downloads\hcvmcomp_x64.tar.gz:$CmdTcID [64]

AlternateDataStreams: C:\Users\suzie\Downloads\hcvmcomp_x64.tar.gz:$CmdZnID [26]

AlternateDataStreams: C:\Users\suzie\Downloads\hcvmcomp_x86.tar.gz:$CmdTcID [130]

AlternateDataStreams: C:\Users\suzie\Downloads\hcvmcomp_x86.tar.gz:$CmdZnID [26]

AlternateDataStreams: C:\Users\suzie\Downloads\HeimdalSetup.exe:$CmdTcID [64]

AlternateDataStreams: C:\Users\suzie\Downloads\HeimdalSetup.exe:$CmdZnID [29]

AlternateDataStreams: C:\Users\suzie\Downloads\iTunes6464Setup (1).exe:$CmdTcID [64]

AlternateDataStreams: C:\Users\suzie\Downloads\iTunes6464Setup (1).exe:$CmdZnID [26]

AlternateDataStreams: C:\Users\suzie\Downloads\revosetup.exe:$CmdTcID [64]

AlternateDataStreams: C:\Users\suzie\Downloads\revosetup.exe:$CmdZnID [26]

AlternateDataStreams: C:\Users\suzie\Downloads\ShadowExplorer-0.9-setup(1).exe:$CmdTcID [64]

AlternateDataStreams: C:\Users\suzie\Downloads\ShadowExplorer-0.9-setup(1).exe:$CmdZnID [26]

AlternateDataStreams: C:\Users\suzie\Downloads\Windows-KB890830-x64-V5.42.exe:$CmdTcID [64]

AlternateDataStreams: C:\Users\suzie\Downloads\Windows-KB890830-x64-V5.42.exe:$CmdZnID [26]

AlternateDataStreams: C:\Users\suzieseller\Downloads\7z1604.exe:$CmdTcID [64]

AlternateDataStreams: C:\Users\suzieseller\Downloads\7z1604.exe:$CmdZnID [26]

AlternateDataStreams: C:\Users\suzieseller\Downloads\Appsdiagnostic10.diagcab:$CmdTcID [64]

AlternateDataStreams: C:\Users\suzieseller\Downloads\Appsdiagnostic10.diagcab:$CmdZnID [26]

AlternateDataStreams: C:\Users\suzieseller\Downloads\everything-curl.pdf:$CmdTcID [64]

AlternateDataStreams: C:\Users\suzieseller\Downloads\everything-curl.pdf:$CmdZnID [26]

AlternateDataStreams: C:\Users\suzieseller\Downloads\Firefox Setup Stub 50.0.exe:$CmdTcID [64]

AlternateDataStreams: C:\Users\suzieseller\Downloads\Firefox Setup Stub 50.0.exe:$CmdZnID [26]

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2016-07-16 03:47 - 2016-07-16 03:45 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-2182135673-2863217846-1483970103-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\suzie\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper

DNS Servers: 209.18.47.61 - 209.18.47.62

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

HKLM\...\StartupApproved\StartupFolder: => "Start GeekBuddy.lnk"

HKLM\...\StartupApproved\Run: => "WindowsDefender"

HKU\S-1-5-21-2182135673-2863217846-1483970103-1001\...\StartupApproved\Run: => "OneDrive"

HKU\S-1-5-21-2182135673-2863217846-1483970103-1001\...\StartupApproved\Run: => "iCloudDrive"

HKU\S-1-5-21-2182135673-2863217846-1483970103-1001\...\StartupApproved\Run: => "iCloudPhotos"

HKU\S-1-5-21-2182135673-2863217846-1483970103-1001\...\StartupApproved\Run: => "iCloudServices"

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [vm-monitoring-nb-session] => LPort=139

FirewallRules: [MSDTC-KTMRM-In-TCP-NoScope] => %SystemRoot%\system32\svchost.exe

FirewallRules: [{EF9FDDB0-8D9A-4283-B401-855C8E7F869A}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{D14C4219-881F-4F67-8E8A-410C172D2040}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{E7C416D6-9B27-46EB-93EE-BE5CE0B1E18D}] => C:\Program Files (x86)\AirPort\APAgent.exe

FirewallRules: [{9D44329D-0FBA-4910-AD07-A7C6253B31FB}] => C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{6535903B-05E1-49E8-A185-442FDBE9C281}] => C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{B52DB2F9-E7D1-4BBE-8268-28D589931D1E}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{54F4F9FC-7671-4398-9C27-BC396737F52E}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{AD704262-9B0F-4409-8FE8-DC8C11D9C660}] => C:\Program Files\iTunes\iTunes.exe

FirewallRules: [TCP Query User{6133A6BB-C70D-47E8-8EC9-E96EE589541D}C:\program files (x86)\comodo\trustconnect\bin\trustconnectgui.exe] => C:\program files (x86)\comodo\trustconnect\bin\trustconnectgui.exe

FirewallRules: [UDP Query User{1309DDB7-5F92-4DD9-BEE4-C70A839A9E58}C:\program files (x86)\comodo\trustconnect\bin\trustconnectgui.exe] => C:\program files (x86)\comodo\trustconnect\bin\trustconnectgui.exe

FirewallRules: [Microsoft-Windows-NFS-ClientCore-NfsClnt-UDP-Out] => %systemroot%\system32\nfsclnt.exe

FirewallRules: [Microsoft-Windows-NFS-ClientCore-NfsClnt-TCP-Out] => %systemroot%\system32\nfsclnt.exe

 

==================== Restore Points =========================

 

24-11-2016 05:07:12 Installing COMODO Internet Security Complete

02-12-2016 11:03:25 Windows Modules Installer

03-12-2016 18:53:46 comodoLPS

03-12-2016 18:56:12 comodoLPS

03-12-2016 20:01:03 Removing COMODO Internet Security Complete

03-12-2016 20:33:19 Installing COMODO Internet Security Complete

03-12-2016 21:01:28 Removing COMODO Internet Security Complete

03-12-2016 21:10:31 Installing COMODO Internet Security Premium

03-12-2016 21:33:38 Removing COMODO Internet Security Premium

03-12-2016 22:13:55 Installing COMODO Internet Security Premium

03-12-2016 23:58:13 comodo

04-12-2016 00:07:36 Removed COMODO Internet Security Premium

04-12-2016 00:24:17 Installing COMODO Internet Security Complete

04-12-2016 01:38:46 Removed COMODO Internet Security Complete

04-12-2016 01:52:36 Installing COMODO Antivirus

04-12-2016 07:21:09 geekbuddy

04-12-2016 20:00:59 Configuring COMODO Internet Security

04-12-2016 20:02:21 Configuring COMODO Internet Security

04-12-2016 20:14:04 comodLPS

08-12-2016 15:35:45 New

08-12-2016 16:09:55 Removing COMODO Internet Security Complete

08-12-2016 16:36:54 Installing COMODO Antivirus

09-12-2016 16:20:36 Removed RealNetworks - Microsoft Visual C++ 2008 Runtime

09-12-2016 16:49:32 Removed RealNetworks - Microsoft Visual C++ 2010 Runtime

 

==================== Faulty Device Manager Devices =============

 

Name:

Description:

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name: Realtek PCIe FE Family Controller

Description: Realtek PCIe FE Family Controller

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name:

Description:

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name:

Description:

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name:

Description:

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (12/11/2016 05:08:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )

Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: Invalid algorithm specified.

.

 

Error: (12/11/2016 05:08:30 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )

Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: Invalid algorithm specified.

.

 

Error: (12/11/2016 05:08:23 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )

Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: Invalid algorithm specified.

.

 

Error: (12/11/2016 05:08:23 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )

Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: Invalid algorithm specified.

.

 

Error: (12/11/2016 05:08:23 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )

Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: Invalid algorithm specified.

.

 

Error: (12/11/2016 05:08:23 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )

Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: Invalid algorithm specified.

.

 

Error: (12/11/2016 05:08:23 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )

Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: Invalid algorithm specified.

.

 

Error: (12/11/2016 05:08:23 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )

Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: Invalid algorithm specified.

.

 

Error: (12/11/2016 05:08:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )

Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: Invalid algorithm specified.

.

 

Error: (12/11/2016 05:08:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )

Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: Invalid algorithm specified.

.

 

 

System errors:

=============

Error: (12/11/2016 11:16:26 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-IUFC5SH)

Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

{0C0A3666-30C9-11D0-8F20-00805F2CD064}

 and APPID

{9209B1A6-964A-11D0-9372-00A0C9034910}

 to the user DESKTOP-IUFC5SH\suzie SID (S-1-5-21-2182135673-2863217846-1483970103-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe SID (S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194-2385269614-3243675-834220592-3047885450). This security permission can be modified using the Component Services administrative tool.

 

Error: (12/11/2016 06:07:25 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-IUFC5SH)

Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

{0C0A3666-30C9-11D0-8F20-00805F2CD064}

 and APPID

{9209B1A6-964A-11D0-9372-00A0C9034910}

 to the user DESKTOP-IUFC5SH\suzie SID (S-1-5-21-2182135673-2863217846-1483970103-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe SID (S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194-2385269614-3243675-834220592-3047885450). This security permission can be modified using the Component Services administrative tool.

 

Error: (12/11/2016 05:24:23 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}

 and APPID

{F72671A9-012C-4725-9D2F-2A4D32D65169}

 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

 

Error: (12/10/2016 08:53:51 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-IUFC5SH)

Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

{0C0A3666-30C9-11D0-8F20-00805F2CD064}

 and APPID

{9209B1A6-964A-11D0-9372-00A0C9034910}

 to the user DESKTOP-IUFC5SH\suzie SID (S-1-5-21-2182135673-2863217846-1483970103-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe SID (S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194-4256926629-1688279915-2739229046-3928706915). This security permission can be modified using the Component Services administrative tool.

 

Error: (12/10/2016 04:04:37 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-IUFC5SH)

Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

{0C0A3666-30C9-11D0-8F20-00805F2CD064}

 and APPID

{9209B1A6-964A-11D0-9372-00A0C9034910}

 to the user DESKTOP-IUFC5SH\suzie SID (S-1-5-21-2182135673-2863217846-1483970103-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe SID (S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194-4256926629-1688279915-2739229046-3928706915). This security permission can be modified using the Component Services administrative tool.

 

Error: (12/10/2016 01:57:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}

 and APPID

{F72671A9-012C-4725-9D2F-2A4D32D65169}

 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

 

Error: (12/10/2016 01:54:19 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-IUFC5SH)

Description: The server {0002DF02-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

 

Error: (12/10/2016 05:52:21 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

{D63B10C5-BB46-4990-A94F-E40B9D520160}

 and APPID

{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}

 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

 

Error: (12/09/2016 07:50:00 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-IUFC5SH)

Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID

{C2F03A33-21F5-47FA-B4BB-156362A2F239}

 and APPID

{316CDED5-E4AE-4B15-9113-7055D84DCC97}

 to the user DESKTOP-IUFC5SH\suzie SID (S-1-5-21-2182135673-2863217846-1483970103-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

 

Error: (12/09/2016 07:48:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Heimdal Service service terminated unexpectedly.  It has done this 1 time(s).

 

 

CodeIntegrity:

===================================

  Date: 2016-12-09 07:20:21.126

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2016-12-09 07:20:07.969

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2016-12-09 07:19:56.234

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2016-12-09 07:19:55.604

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2016-12-08 16:51:59.146

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2016-12-08 16:51:52.162

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2016-12-08 16:51:39.128

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2016-12-08 16:51:38.450

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2016-12-08 16:39:05.375

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2016-12-08 16:14:26.178

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

==================== Memory info ===========================

 

Processor: Intel® Core™2 Duo CPU T6500 @ 2.10GHz

Percentage of memory in use: 53%

Total physical RAM: 2939.98 MB

Available physical RAM: 1365.2 MB

Total Virtual: 6548.16 MB

Available Virtual: 4612.98 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:297.04 GB) (Free:241.83 GB) NTFS ==>[drive with boot components (obtained from BCD)]

Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

Drive f: (LADIE_CEEE) (Removable) (Total:7.45 GB) (Free:5.08 GB) FAT32

Drive g: () (Fixed) (Total:29.8 GB) (Free:28.47 GB) FAT32

Drive h: () (Removable) (Total:3.74 GB) (Free:3.2 GB) FAT32

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 46A457EC)

Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Active) - (Size=297 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=486 MB) - (Type=27)

 

========================================================

Disk: 1 (Size: 7.5 GB) (Disk ID: 00000000)

 

Partition: GPT.

 

========================================================

Disk: 2 (Size: 29.8 GB) (Disk ID: 5FC2AA1C)

Partition 1: (Not Active) - (Size=29.8 GB) - (Type=0C)

 

========================================================

Disk: 3 (Size: 3.7 GB) (Disk ID: 00000000)

 

Partition: GPT.

 

==================== End of Addition.txt ============================


Edited by hamluis, 11 December 2016 - 09:17 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:48 PM

Posted 16 December 2016 - 09:05 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> https://www.bleepingcomputer.com/logreply/634587 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 suzieseller

suzieseller
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:So Cal Desert
  • Local time:02:48 PM

Posted 17 December 2016 - 10:45 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2016
Ran by suzie (17-12-2016 07:39:13)
Running from C:\Users\suzie\Downloads
Windows 10 Pro Version 1607 (X64) (2016-10-14 07:47:29)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-2182135673-2863217846-1483970103-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2182135673-2863217846-1483970103-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-2182135673-2863217846-1483970103-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-2182135673-2863217846-1483970103-501 - Limited - Disabled)
suzie (S-1-5-21-2182135673-2863217846-1483970103-1001 - Administrator - Enabled) => C:\Users\suzie
suzieseller (S-1-5-21-2182135673-2863217846-1483970103-1002 - Administrator - Enabled) => C:\Users\suzieseller
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: COMODO Antivirus (Enabled - Up to date) {D0CC7563-ABD2-DEBE-138E-FDD553335AF2}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 16.04 (HKLM-x32\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
COMODO Antivirus (HKLM\...\{C7C71F0C-4CC1-4B17-943C-96E5196DDA74}) (Version: 8.4.0.5165 - COMODO Security Solutions Inc.)
Comodo TrustConnect™ v.1.7.3 (HKLM-x32\...\Comodo TrustConnect™_is1) (Version:  - COMODO)
GeekBuddy (HKLM\...\Geekbuddy) (Version: 4.29.209 - Comodo Security Solutions Inc)
GeekBuddy (Version: 4.29.209 - Comodo Security Solutions Inc) Hidden
IObit Unlocker (HKLM-x32\...\IObit Unlocker_is1) (Version: 1.1 - IObit)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Word 2000 SR-1 (HKLM-x32\...\{00170409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Mozilla Firefox 50.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.0.2 (x86 en-US)) (Version: 50.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.0.2.6177 - Mozilla)
Revo Uninstaller Pro 3.1.7 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.7 - VS Revo Group, Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated)
Tweaking.com - Technicians Toolbox (HKLM-x32\...\Tweaking.com - Technicians Toolbox) (Version: 1.2.0 - Tweaking.com)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0B75D4E0-5810-448B-B35D-579D559AA256} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - suzie) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: {2EE26534-ED5E-46FE-8B5D-62A261994106} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-08-06] (Synaptics Incorporated)
Task: {334A087E-318D-4389-AB25-54B8B1B58C3D} - System32\Tasks\Microsoft\Windows\Windows Subsystem for Linux\AptPackageIndexUpdate => %comspec% [Argument = /c start "AptPackageIndexUpdate" /min %windir%\System32\LxRun.exe /update]
Task: {7360B065-720E-4D0E-9F5F-E23A593FFE57} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-09-14] (COMODO)
Task: {748CECA0-58C6-48CE-90E0-24C5B478EB0D} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-09-14] (COMODO)
Task: {7B2C82E0-4CEC-4E5C-9E69-4ACEFB59E89A} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-09-14] (COMODO)
Task: {7D5A5F4E-6967-4FB6-BD43-1A5A3CA6CD0C} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe
Task: {C2929718-5A8F-4731-9725-224325843784} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-09-14] (COMODO)
Task: {E661746A-C930-4BD3-B82C-954B3869D4FD} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-09-14] (COMODO)
Task: {FA05F5FB-1F63-42F6-93E0-52CD1163138C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - suzie).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-07-16 03:42 - 2016-07-16 03:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-10-13 23:11 - 2016-10-13 23:11 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-10-13 23:11 - 2016-10-13 23:11 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-10-14 23:58 - 2016-10-14 23:58 - 01864384 _____ () C:\Users\suzie\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2016-10-13 23:12 - 2016-10-13 23:12 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-11-12 16:36 - 2016-11-02 02:30 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-12 16:36 - 2016-11-02 02:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-12 16:36 - 2016-11-02 02:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-12 16:36 - 2016-11-02 02:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-12 16:36 - 2016-11-02 02:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-11-12 16:36 - 2016-11-02 02:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-12 16:36 - 2016-11-02 02:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-03-16 11:25 - 2016-03-16 11:25 - 00073912 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\cis9CF2.exe:$CmdTcID [64]
AlternateDataStreams: C:\ProgramData\cisA135.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\suzie\Downloads\123009.doc:$CmdTcID [64]
AlternateDataStreams: C:\Users\suzie\Downloads\123009.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\suzie\Downloads\123420.doc:$CmdTcID [64]
AlternateDataStreams: C:\Users\suzie\Downloads\123420.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\suzie\Downloads\2853.doc:$CmdTcID [64]
AlternateDataStreams: C:\Users\suzie\Downloads\2853.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\suzie\Downloads\45748.doc:$CmdTcID [64]
AlternateDataStreams: C:\Users\suzie\Downloads\45748.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\suzie\Downloads\5613_Using_Windows_10_Client_HyperV_WSG_External.docx:$CmdTcID [64]
AlternateDataStreams: C:\Users\suzie\Downloads\5613_Using_Windows_10_Client_HyperV_WSG_External.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\suzie\Downloads\6055_Use Reset_to_restore_your_Windows_10_PC_WSG_External.docx:$CmdTcID [64]
AlternateDataStreams: C:\Users\suzie\Downloads\6055_Use Reset_to_restore_your_Windows_10_PC_WSG_External.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\suzie\Downloads\audio10.diagcab:$CmdTcID [64]
AlternateDataStreams: C:\Users\suzie\Downloads\audio10.diagcab:$CmdZnID [26]
AlternateDataStreams: C:\Users\suzie\Downloads\calendar.ics:$CmdTcID [64]
AlternateDataStreams: C:\Users\suzie\Downloads\Collect.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\suzie\Downloads\Collect.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\suzie\Downloads\COMODO Removal Tool(1).bat:$CmdTcID [64]
AlternateDataStreams: C:\Users\suzie\Downloads\COMODO Removal Tool(1).bat:$CmdZnID [26]
AlternateDataStreams: C:\Users\suzie\Downloads\COMODO Removal Tool.bat:$CmdTcID [64]
AlternateDataStreams: C:\Users\suzie\Downloads\COMODO Removal Tool.bat:$CmdZnID [29]
AlternateDataStreams: C:\Users\suzie\Downloads\ComodoTrustConnectClient(1).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\suzie\Downloads\ComodoTrustConnectClient(1).exe:$CmdZnID [29]
AlternateDataStreams: C:\Users\suzie\Downloads\d9708059.rtf:$CmdTcID [64]
AlternateDataStreams: C:\Users\suzie\Downloads\d9708059.rtf:$CmdZnID [26]
AlternateDataStreams: C:\Users\suzie\Downloads\FRST (1).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\suzie\Downloads\FRST (1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\suzie\Downloads\FRST (2).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\suzie\Downloads\FRST (2).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\suzie\Downloads\FRST.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\suzie\Downloads\FRST.exe:$CmdZnID [29]
AlternateDataStreams: C:\Users\suzie\Downloads\FRST64 (1).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\suzie\Downloads\FRST64 (1).exe:$CmdZnID [29]
AlternateDataStreams: C:\Users\suzie\Downloads\FRST64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\suzie\Downloads\FRST64.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\suzie\Downloads\grsetup.exe:$CmdZnID [0]
AlternateDataStreams: C:\Users\suzie\Downloads\hcvmcomp_x64.tar.gz:$CmdTcID [64]
AlternateDataStreams: C:\Users\suzie\Downloads\hcvmcomp_x64.tar.gz:$CmdZnID [26]
AlternateDataStreams: C:\Users\suzie\Downloads\hcvmcomp_x86.tar.gz:$CmdTcID [130]
AlternateDataStreams: C:\Users\suzie\Downloads\hcvmcomp_x86.tar.gz:$CmdZnID [26]
AlternateDataStreams: C:\Users\suzie\Downloads\HeimdalSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\suzie\Downloads\HeimdalSetup.exe:$CmdZnID [29]
AlternateDataStreams: C:\Users\suzie\Downloads\IE11-Windows6.1-KB3154070-x64.msu:$CmdTcID [64]
AlternateDataStreams: C:\Users\suzie\Downloads\IE11-Windows6.1-KB3154070-x64.msu:$CmdZnID [26]
AlternateDataStreams: C:\Users\suzie\Downloads\iTunes6464Setup (1).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\suzie\Downloads\iTunes6464Setup (1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\suzie\Downloads\latestwu.diagcab:$CmdTcID [64]
AlternateDataStreams: C:\Users\suzie\Downloads\latestwu.diagcab:$CmdZnID [26]
AlternateDataStreams: C:\Users\suzie\Downloads\LicenseTerms.pdf:$CmdTcID [130]
AlternateDataStreams: C:\Users\suzie\Downloads\LicenseTerms.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\suzie\Downloads\lps-gb-vt-x64_7408 (2).msi:$CmdTcID [64]
AlternateDataStreams: C:\Users\suzie\Downloads\lps-gb-vt-x64_7408 (2).msi:$CmdZnID [26]
AlternateDataStreams: C:\Users\suzie\Downloads\OutlookConnector.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\suzie\Downloads\OutlookConnector.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\suzie\Downloads\revosetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\suzie\Downloads\revosetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\suzie\Downloads\Security_Compliance_Manager_Setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\suzie\Downloads\Security_Compliance_Manager_Setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\suzie\Downloads\ShadowExplorer-0.9-setup(1).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\suzie\Downloads\ShadowExplorer-0.9-setup(1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\suzie\Downloads\tweaking.com_technicians_toolbox_setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\suzie\Downloads\tweaking.com_technicians_toolbox_setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\suzie\Downloads\v.2.CisCleanupTool_signed.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\suzie\Downloads\v.2.CisCleanupTool_signed.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\suzie\Downloads\Windows-KB890830-x64-V5.42.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\suzie\Downloads\Windows-KB890830-x64-V5.42.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\suzie\Downloads\Windows-Live-Mail-and-Outlook-Mail.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\suzie\Downloads\Windows-Live-Mail-and-Outlook-Mail.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\suzie\Documents\Prezi.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\suzieseller\Downloads\7z1604.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\suzieseller\Downloads\7z1604.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\suzieseller\Downloads\Appsdiagnostic10.diagcab:$CmdTcID [64]
AlternateDataStreams: C:\Users\suzieseller\Downloads\Appsdiagnostic10.diagcab:$CmdZnID [26]
AlternateDataStreams: C:\Users\suzieseller\Downloads\everything-curl.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\suzieseller\Downloads\everything-curl.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\suzieseller\Downloads\Firefox Setup Stub 50.0.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\suzieseller\Downloads\Firefox Setup Stub 50.0.exe:$CmdZnID [26]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2016-07-16 03:47 - 2016-07-16 03:45 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2182135673-2863217846-1483970103-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\suzie\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\StartupFolder: => "Start GeekBuddy.lnk"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKU\S-1-5-21-2182135673-2863217846-1483970103-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2182135673-2863217846-1483970103-1001\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-2182135673-2863217846-1483970103-1001\...\StartupApproved\Run: => "iCloudPhotos"
HKU\S-1-5-21-2182135673-2863217846-1483970103-1001\...\StartupApproved\Run: => "iCloudServices"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [MSDTC-KTMRM-In-TCP-NoScope] => %SystemRoot%\system32\svchost.exe
FirewallRules: [{EF9FDDB0-8D9A-4283-B401-855C8E7F869A}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D14C4219-881F-4F67-8E8A-410C172D2040}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{6133A6BB-C70D-47E8-8EC9-E96EE589541D}C:\program files (x86)\comodo\trustconnect\bin\trustconnectgui.exe] => C:\program files (x86)\comodo\trustconnect\bin\trustconnectgui.exe
FirewallRules: [UDP Query User{1309DDB7-5F92-4DD9-BEE4-C70A839A9E58}C:\program files (x86)\comodo\trustconnect\bin\trustconnectgui.exe] => C:\program files (x86)\comodo\trustconnect\bin\trustconnectgui.exe
FirewallRules: [Microsoft-Windows-NFS-ClientCore-NfsClnt-UDP-Out] => %systemroot%\system32\nfsclnt.exe
FirewallRules: [Microsoft-Windows-NFS-ClientCore-NfsClnt-TCP-Out] => %systemroot%\system32\nfsclnt.exe
FirewallRules: [{72373791-54B6-4842-9B47-E86303BB848F}] => %ProgramFiles%\Windows MultiPoint Server\Wmssvc.exe
==================== Restore Points =========================
24-11-2016 05:07:12 Installing COMODO Internet Security Complete
02-12-2016 11:03:25 Windows Modules Installer
03-12-2016 18:53:46 comodoLPS
03-12-2016 18:56:12 comodoLPS
03-12-2016 20:01:03 Removing COMODO Internet Security Complete
03-12-2016 20:33:19 Installing COMODO Internet Security Complete
03-12-2016 21:01:28 Removing COMODO Internet Security Complete
03-12-2016 21:10:31 Installing COMODO Internet Security Premium
03-12-2016 21:33:38 Removing COMODO Internet Security Premium
03-12-2016 22:13:55 Installing COMODO Internet Security Premium
03-12-2016 23:58:13 comodo
04-12-2016 00:07:36 Removed COMODO Internet Security Premium
04-12-2016 00:24:17 Installing COMODO Internet Security Complete
04-12-2016 01:38:46 Removed COMODO Internet Security Complete
04-12-2016 01:52:36 Installing COMODO Antivirus
04-12-2016 07:21:09 geekbuddy
04-12-2016 20:00:59 Configuring COMODO Internet Security
04-12-2016 20:02:21 Configuring COMODO Internet Security
04-12-2016 20:14:04 comodLPS
08-12-2016 15:35:45 New
08-12-2016 16:09:55 Removing COMODO Internet Security Complete
08-12-2016 16:36:54 Installing COMODO Antivirus
09-12-2016 16:20:36 Removed RealNetworks - Microsoft Visual C++ 2008 Runtime
09-12-2016 16:49:32 Removed RealNetworks - Microsoft Visual C++ 2010 Runtime
14-12-2016 09:27:19 Configuring COMODO Internet Security
14-12-2016 10:11:12 Removing COMODO Internet Security
14-12-2016 10:26:51 Installing COMODO Antivirus
14-12-2016 13:06:58 Removed Heimdal Agent
14-12-2016 13:11:24 Removed Bonjour
14-12-2016 18:12:56 Windows Modules Installer
15-12-2016 13:29:50 Windows Modules Installer
==================== Faulty Device Manager Devices =============
Name: Realtek PCIe FE Family Controller
Description: Realtek PCIe FE Family Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================
Application errors:
==================
Error: (12/17/2016 07:37:03 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: Invalid algorithm specified.
.
Error: (12/17/2016 07:36:53 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: Invalid algorithm specified.
.
Error: (12/17/2016 07:36:33 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: Invalid algorithm specified.
.
Error: (12/17/2016 07:36:18 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: Invalid algorithm specified.
.
Error: (12/17/2016 07:36:18 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: Invalid algorithm specified.
.
Error: (12/17/2016 07:36:18 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: Invalid algorithm specified.
.
Error: (12/17/2016 07:36:18 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: Invalid algorithm specified.
.
Error: (12/17/2016 07:36:18 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: Invalid algorithm specified.
.
Error: (12/17/2016 07:36:18 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: Invalid algorithm specified.
.
Error: (12/17/2016 07:36:17 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: Invalid algorithm specified.
.

System errors:
=============
Error: (12/17/2016 07:09:00 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-IUFC5SH)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{0C0A3666-30C9-11D0-8F20-00805F2CD064}
 and APPID
{9209B1A6-964A-11D0-9372-00A0C9034910}
 to the user DESKTOP-IUFC5SH\suzie SID (S-1-5-21-2182135673-2863217846-1483970103-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe SID (S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194-4256926629-1688279915-2739229046-3928706915). This security permission can be modified using the Component Services administrative tool.
Error: (12/17/2016 07:08:14 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (12/17/2016 07:04:33 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error:
Unspecified error
Error: (12/17/2016 07:02:21 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AppVClient service terminated with the following service-specific error:
There is no MTS object context
Error: (12/17/2016 07:02:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinRM service failed to start due to the following error:
The account specified for this service is different from the account specified for other services running in the same process.
Error: (12/17/2016 07:02:09 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The UevAgentService service terminated with the following service-specific error:
The storage control blocks were destroyed.
Error: (12/17/2016 07:02:04 AM) (Source: Service Control Manager) (EventID: 7005) (User: )
Description: The LoadUserProfile call failed with the following error:
The RPC server is unavailable.
Error: (12/17/2016 07:02:06 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:27:51 PM on ‎12/‎16/‎2016 was unexpected.
Error: (12/16/2016 07:19:23 PM) (Source: NfsRdr) (EventID: 16385) (User: )
Description: Client for NFS is not licensed for use on this version of Windows.
Error: (12/16/2016 07:19:23 PM) (Source: NfsRdr) (EventID: 16385) (User: )
Description: Client for NFS is not licensed for use on this version of Windows.

CodeIntegrity:
===================================
  Date: 2016-12-17 07:06:15.819
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
  Date: 2016-12-17 07:06:02.902
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
  Date: 2016-12-17 07:05:49.747
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
  Date: 2016-12-17 07:05:48.936
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
  Date: 2016-12-16 15:13:21.711
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
  Date: 2016-12-16 05:31:45.879
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
  Date: 2016-12-16 05:31:30.245
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
  Date: 2016-12-16 05:31:17.893
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
  Date: 2016-12-16 05:31:17.196
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
  Date: 2016-12-15 20:57:22.629
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================
Processor: Intel® Core™2 Duo CPU T6500 @ 2.10GHz
Percentage of memory in use: 77%
Total physical RAM: 2939.98 MB
Available physical RAM: 648.48 MB
Total Virtual: 6395.98 MB
Available Virtual: 2950.32 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:297.04 GB) (Free:235.82 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 46A457EC)
Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=297 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=486 MB) - (Type=27)
==================== End of Addition.txt ============================


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,145 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:48 PM

Posted 19 December 2016 - 11:06 AM

Greetings suzieseller and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please rerun a FRST scan and copy/paste both reports in your reply. You can post one report per reply.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,145 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:48 PM

Posted 22 December 2016 - 08:28 PM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,145 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:48 PM

Posted 24 December 2016 - 11:49 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users