Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Update not working, referred here by moderators


  • This topic is locked This topic is locked
6 replies to this topic

#1 aitrusak

aitrusak

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 12 December 2016 - 11:18 PM

Hello all!  Before I get started, let me first say that I'm impressed by the setup you guys have here.  I'm a moderator on another forum, and the organization I see at this place is uncanny.  Kudos to you folks for the work you do here!  Your help is much appreciated.

 

I started out in the Windows 7 forum asking about how to get Windows Update running again.  We eventually got the monthly rollups for Oct and Nov to load manually.  See that thread here: https://www.bleepingcomputer.com/forums/t/633234/windows-update-error-stuck-on-checking-for-updates/

 

At the end of that thread, the moderator who had been helping me advised that if this machine were his, he would post in the "Am I Infected" forum.  I did so, in this thread: https://www.bleepingcomputer.com/forums/t/634305/referred-by-a-moderator-to-see-if-im-infected/

 

At the end of the "Am I Infected" thread, I was then directed to generate some logs and post them here.  I won't repeat everything I've done to get to this point because it's all included in those two threads, and they aren't very long. 

 

System Specs: https://panam.gateway.com/s/desktop/2011/gateway/dx/dx4860/DX4860sp2.shtml

In addition to the above: NVidia 9500 GT and a dual monitor setup

User knowledge / experience: Net+ certified, so not a complete newb to these newfangled computer-thingies, but have no extensive admin / helpdesk experience beyond using my home boxen.

 

FRST.txt log:

____________________________________________________________________________________________________________

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016
Ran by Travis' Machine (administrator) on TRAVISMACHINE (12-12-2016 19:53:25)
Running from C:\Users\Travis' Machine\Desktop
Loaded Profiles: Travis' Machine (Available Profiles: Travis' Machine & ELissa)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtWatchDog.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [256744 2016-07-24] (Trend Micro Inc.)
HKLM\...\Run: [Platinum] => C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe [1266176 2016-07-24] (Trend Micro Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2786768 2016-11-29] (Malwarebytes)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM\...\RunOnce: [DCERegBootClean64] => C:\Windows\RegBootClean64.exe [407608 2016-12-12] (Trend Micro Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2434683688-4034244284-536083220-1000\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-21-2434683688-4034244284-536083220-1000\...\MountPoints2: K - K:\LaunchU3.exe -a
HKU\S-1-5-21-2434683688-4034244284-536083220-1000\...\MountPoints2: {85d0803d-c00c-11e1-bbea-386077f9b4f2} - J:\LaunchU3.exe -a
ShellIconOverlayIdentifiers: [  FSOverlayIcon] -> {C0829D19-E5A0-44F5-B56E-D15030C53BB9} => C:\Program Files\Trend Micro\Titanium\plugin\TmOverlayIcon.dll [2016-07-24] (Trend Micro Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2011-11-08]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2011-11-08]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
GroupPolicy: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{526270E8-08D8-47B4-962C-EE65C4573C8E}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D73E7E51-3838-480F-BF31-68E8A7EF82D2}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2434683688-4034244284-536083220-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2434683688-4034244284-536083220-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com/?pc=MAGW
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2434683688-4034244284-536083220-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2434683688-4034244284-536083220-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Trend Micro Password Manager BHO -> {3F019D1C-7EAA-4F25-A765-FBA635BD0AFF} -> C:\Program Files\Trend Micro\TMIDS\PwmIEBHO64.dll [2015-06-29] (Trend Micro Inc.)
BHO: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2016-07-24] (Trend Micro Inc.)
BHO: Trend Micro Network Filter Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\5.0.1307\2.7.1067\TmopIEPlg.dll [2016-04-25] (Trend Micro Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe64.dll [2016-06-28] (Trend Micro Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2010-05-28] (Hewlett-Packard Co.)
BHO-x32: Trend Micro Password Manager BHO -> {3F019D1C-7EAA-4F25-A765-FBA635BD0AFF} -> C:\Program Files\Trend Micro\TMIDS\PwmIEBHO32.dll [2015-06-29] (Trend Micro Inc.)
BHO-x32: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2016-07-24] (Trend Micro Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-11-30] (Oracle Corporation)
BHO-x32: Trend Micro Network Filter Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\5.0.1307\2.7.1067\TmopIEPlg32.dll [2016-04-25] (Trend Micro Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe32.dll [2016-06-28] (Trend Micro Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-30] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2010-05-28] (Hewlett-Packard Co.)
Toolbar: HKLM - Trend Micro Password Manager ToolBar - {9B4B91FC-EC4D-4018-9575-96FA5A3C03C5} - C:\Program Files\Trend Micro\TMIDS\PwmIEBHO64.dll [2015-06-29] (Trend Micro Inc.)
Toolbar: HKLM - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2016-07-24] (Trend Micro Inc.)
Toolbar: HKLM-x32 - Trend Micro Password Manager ToolBar - {9B4B91FC-EC4D-4018-9575-96FA5A3C03C5} - C:\Program Files\Trend Micro\TMIDS\PwmIEBHO32.dll [2015-06-29] (Trend Micro Inc.)
Toolbar: HKLM-x32 - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2016-07-24] (Trend Micro Inc.)
Toolbar: HKU\S-1-5-21-2434683688-4034244284-536083220-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://qtinstall.apple.com/qtactivex/qtplugin.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1480986391464
DPF: HKLM-x32 {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} hxxps://virtualkitchenshowroom.homedepot.com/VS/Core/Player/2020PlayerAX_WEB_Win32.cab
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe64.dll [2016-06-28] (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe32.dll [2016-06-28] (Trend Micro Inc.)
Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\5.0.1307\2.7.1067\TmopIEPlg.dll [2016-04-25] (Trend Micro Inc.)
Handler-x32: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\5.0.1307\2.7.1067\TmopIEPlg32.dll [2016-04-25] (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2016-07-24] (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2016-07-24] (Trend Micro Inc.)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ProToolbarIMRatingActiveX.dll [2016-07-24] (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll [2016-07-24] (Trend Micro Inc.)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\firefoxextension
FF Extension: (Trend Micro BEP Firefox Extension) - C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\firefoxextension [2016-11-27]
FF HKLM\...\Firefox\Extensions: [{c2056674-a37f-4b29-9300-2004759d74fe}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension
FF Extension: (Trend Micro Osprey Firefox Extension) - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension [2016-11-27]
FF HKLM-x32\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{c2056674-a37f-4b29-9300-2004759d74fe}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: (Trend Micro Toolbar) - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2016-11-27]
FF HKU\S-1-5-21-2434683688-4034244284-536083220-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-06-19] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-25] ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [2011-09-21] (Best Buy)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-25] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-16] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [2011-09-21] (Best Buy)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-30] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-10-18] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-10-18] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2434683688-4034244284-536083220-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Travis' Machine\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-08] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2434683688-4034244284-536083220-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2013-06-12] ()

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [olmajmomenlhgihenlbjcfbopoghpckg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [dflinnddekagfkncpgojoppgnppfkbkj] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [hllfmdmngicehjknfeickpbnmiohcdle] - C:\Program Files (x86)\Kotato\FLV Downloader\FLVD_GC.crx [2016-02-14]
CHR HKLM-x32\...\Chrome\Extension: [idkknaphebegndgimgdpfnconcickdfn] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [olmajmomenlhgihenlbjcfbopoghpckg] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S4 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
S3 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-11-29] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2016-06-26] (Electronic Arts)
R2 Platinum Host Service; C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe [1145856 2016-07-24] (Trend Micro Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S4 PwmSvc; C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe [333856 2015-06-29] (Trend Micro Inc.)
S4 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [117400 2016-06-08] ()
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [536346624 2015-04-16] () [File not signed]
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]
S4 Live Updater Service; C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2012-10-21] ()
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77408 2016-11-29] ()
S3 kbfilter; C:\Windows\System32\DRIVERS\kbfilter.sys [67408 2015-01-29] (Trend Micro Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2012-10-21] ()
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176064 2016-12-10] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [102856 2016-12-12] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2016-12-12] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [250816 2016-12-12] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [81696 2016-12-12] (Malwarebytes)
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S0 PzWDM; C:\Windows\SysWOW64\Drivers\PzWDM.sys [15172 2015-04-28] (Prassi Technology) [File not signed]
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [142552 2016-08-07] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [435416 2016-08-07] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [72504 2016-01-04] (Trend Micro Inc.)
R3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [143648 2016-06-20] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [117984 2016-08-07] (Trend Micro Inc.)
R3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [561952 2016-06-23] (Trend Micro Inc.)
R1 tmumh; C:\Windows\System32\DRIVERS\TMUMH.sys [111840 2016-09-30] (Trend Micro Inc.)
R2 tmusa; C:\Windows\System32\DRIVERS\tmusa.sys [132888 2016-05-15] (Trend Micro Inc.)
S3 hwa; system32\DRIVERS\WSR_HWA.SYS [X]
S3 HWARadio; system32\DRIVERS\WSR_RCI.SYS [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
U2 TMAgent; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-12 19:53 - 2016-12-12 19:53 - 00021410 _____ C:\Users\Travis' Machine\Desktop\FRST.txt
2016-12-12 19:52 - 2016-12-12 19:52 - 02420224 _____ (Farbar) C:\Users\Travis' Machine\Desktop\FRST64.exe
2016-12-12 19:51 - 2016-12-12 19:51 - 00004720 _____ C:\Windows\RegBootClean64.CFG
2016-12-12 19:48 - 2016-12-12 19:49 - 00000000 ____D C:\FRST
2016-12-10 07:46 - 2016-12-10 07:47 - 00002398 _____ C:\Users\Travis' Machine\Desktop\Rkill.txt
2016-12-10 07:36 - 2016-12-10 07:36 - 00001300 _____ C:\Users\Travis' Machine\Desktop\Aitrus Scan - 10 Dec 16.txt
2016-12-10 05:50 - 2016-12-10 18:22 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-12-10 05:48 - 2016-12-10 06:17 - 00000000 ____D C:\Users\Travis' Machine\Desktop\mbar
2016-12-10 05:45 - 2016-12-12 18:24 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-10 05:45 - 2016-12-12 18:24 - 00102856 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2016-12-10 05:45 - 2016-12-12 18:24 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2016-12-10 05:45 - 2016-12-12 18:24 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-12-10 05:45 - 2016-12-10 05:45 - 00176064 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2016-12-10 05:45 - 2016-12-10 05:45 - 00001874 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2016-12-10 05:45 - 2016-12-10 05:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2016-12-10 05:45 - 2016-12-10 05:45 - 00000000 ____D C:\Program Files\Malwarebytes
2016-12-10 05:45 - 2016-11-29 06:27 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys
2016-12-10 04:40 - 2016-12-10 04:40 - 00003002 _____ C:\Users\Travis' Machine\Desktop\FSS.txt
2016-12-10 04:39 - 2016-12-10 04:40 - 00899584 _____ (Farbar) C:\Users\Travis' Machine\Desktop\FSS.exe
2016-12-10 04:34 - 2016-12-10 04:34 - 00001237 _____ C:\Users\Travis' Machine\Desktop\checkup.txt
2016-12-10 04:29 - 2016-12-10 04:29 - 00852798 _____ C:\Users\Travis' Machine\Desktop\SecurityCheck.exe
2016-12-07 17:16 - 2016-12-07 17:16 - 00000803 _____ C:\Users\Public\Desktop\Speccy.lnk
2016-12-07 17:16 - 2016-12-07 17:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2016-12-07 17:16 - 2016-12-07 17:16 - 00000000 ____D C:\Program Files\Speccy
2016-12-07 17:14 - 2016-12-10 04:46 - 00043977 _____ C:\Users\Travis' Machine\Desktop\MTB.txt
2016-12-07 17:12 - 2016-12-07 17:13 - 00892416 _____ (Farbar) C:\Users\Travis' Machine\Desktop\MiniToolBox.exe
2016-12-05 18:03 - 2016-10-27 10:38 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-12-05 18:03 - 2016-10-27 10:02 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-12-05 18:03 - 2016-10-22 09:22 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-12-05 18:03 - 2016-10-22 08:54 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-12-05 18:03 - 2016-10-11 07:31 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
2016-12-05 18:03 - 2016-10-07 07:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-12-05 18:03 - 2016-10-07 06:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-12-05 18:03 - 2016-05-12 09:15 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2016-12-05 18:03 - 2016-05-12 09:14 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-12-05 18:03 - 2016-05-12 09:14 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-12-05 18:03 - 2016-05-12 09:14 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-12-05 18:03 - 2016-05-12 09:14 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-12-05 18:03 - 2016-05-12 09:14 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-12-05 18:03 - 2016-05-12 07:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-12-05 18:03 - 2016-05-12 07:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-12-05 18:03 - 2016-05-12 07:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll
2016-12-05 18:03 - 2016-05-12 07:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-12-05 18:03 - 2015-08-05 09:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2016-12-05 18:02 - 2016-11-02 07:36 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-12-05 18:02 - 2016-11-02 07:32 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-12-05 18:02 - 2016-11-02 07:32 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-12-05 18:02 - 2016-11-02 07:32 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-12-05 18:02 - 2016-11-02 07:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-12-05 18:02 - 2016-11-02 07:22 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-12-05 18:02 - 2016-11-02 07:16 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-12-05 18:02 - 2016-11-02 07:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-12-05 18:02 - 2016-11-02 07:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-12-05 18:02 - 2016-11-02 06:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-12-05 18:02 - 2016-10-27 19:59 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-12-05 18:02 - 2016-10-27 19:14 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-12-05 18:02 - 2016-10-27 11:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-12-05 18:02 - 2016-10-27 11:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-12-05 18:02 - 2016-10-27 10:55 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-12-05 18:02 - 2016-10-27 10:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-12-05 18:02 - 2016-10-27 10:53 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-12-05 18:02 - 2016-10-27 10:53 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-12-05 18:02 - 2016-10-27 10:44 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-12-05 18:02 - 2016-10-27 10:43 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-12-05 18:02 - 2016-10-27 10:37 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-12-05 18:02 - 2016-10-27 10:37 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-12-05 18:02 - 2016-10-27 10:37 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-12-05 18:02 - 2016-10-27 10:24 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-12-05 18:02 - 2016-10-27 10:15 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-12-05 18:02 - 2016-10-27 10:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-12-05 18:02 - 2016-10-27 10:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-12-05 18:02 - 2016-10-27 10:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-12-05 18:02 - 2016-10-27 10:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-12-05 18:02 - 2016-10-27 09:49 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-12-05 18:02 - 2016-10-27 09:46 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-12-05 18:02 - 2016-10-27 09:46 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-12-05 18:02 - 2016-10-27 09:16 - 02920448 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-12-05 18:02 - 2016-10-27 09:03 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-12-05 18:02 - 2016-10-27 08:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-12-05 18:02 - 2016-10-22 09:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-12-05 18:02 - 2016-10-22 09:36 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-12-05 18:02 - 2016-10-22 09:35 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-12-05 18:02 - 2016-10-22 09:35 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-12-05 18:02 - 2016-10-22 09:34 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-12-05 18:02 - 2016-10-22 09:27 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-12-05 18:02 - 2016-10-22 09:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-12-05 18:02 - 2016-10-22 09:21 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-12-05 18:02 - 2016-10-22 09:21 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-12-05 18:02 - 2016-10-22 09:09 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-12-05 18:02 - 2016-10-22 09:04 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-12-05 18:02 - 2016-10-22 09:03 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-12-05 18:02 - 2016-10-22 08:59 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-12-05 18:02 - 2016-10-22 08:58 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-12-05 18:02 - 2016-10-22 08:56 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-12-05 18:02 - 2016-10-22 08:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-12-05 18:02 - 2016-10-22 08:45 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-12-05 18:02 - 2016-10-22 08:12 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-12-05 18:02 - 2016-10-22 08:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-12-05 18:02 - 2016-10-22 08:09 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-12-05 18:02 - 2016-10-15 07:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-12-05 18:02 - 2016-10-15 07:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-12-05 18:02 - 2016-10-15 07:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-12-05 18:02 - 2016-10-15 07:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-12-05 18:02 - 2016-10-11 07:37 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2016-12-05 18:02 - 2016-10-11 07:31 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2016-12-05 18:02 - 2016-10-11 07:31 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2016-12-05 18:02 - 2016-10-11 07:31 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
2016-12-05 18:02 - 2016-10-11 07:31 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2016-12-05 18:02 - 2016-10-11 07:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
2016-12-05 18:02 - 2016-10-11 07:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
2016-12-05 18:02 - 2016-10-11 07:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
2016-12-05 18:02 - 2016-10-11 07:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
2016-12-05 18:02 - 2016-10-11 07:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
2016-12-05 18:02 - 2016-10-11 07:31 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
2016-12-05 18:02 - 2016-10-11 07:18 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2016-12-05 18:02 - 2016-10-11 07:18 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2016-12-05 18:02 - 2016-10-11 07:18 - 00430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime
2016-12-05 18:02 - 2016-10-11 07:18 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2016-12-05 18:02 - 2016-10-11 07:18 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tintlgnt.ime
2016-12-05 18:02 - 2016-10-11 07:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quick.ime
2016-12-05 18:02 - 2016-10-11 07:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qintlgnt.ime
2016-12-05 18:02 - 2016-10-11 07:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\phon.ime
2016-12-05 18:02 - 2016-10-11 07:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cintlgnt.ime
2016-12-05 18:02 - 2016-10-11 07:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chajei.ime
2016-12-05 18:02 - 2016-10-11 07:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pintlgnt.ime
2016-12-05 18:02 - 2016-10-11 05:33 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2016-12-05 18:02 - 2016-10-11 05:06 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2016-12-05 18:02 - 2016-10-10 07:38 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-12-05 18:02 - 2016-10-10 07:38 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-12-05 18:02 - 2016-10-10 07:34 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-12-05 18:02 - 2016-10-10 07:34 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-12-05 18:02 - 2016-10-10 07:34 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-12-05 18:02 - 2016-10-10 07:34 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-12-05 18:02 - 2016-10-10 07:33 - 01462272 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-12-05 18:02 - 2016-10-10 07:33 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-12-05 18:02 - 2016-10-10 07:33 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-12-05 18:02 - 2016-10-10 07:33 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-12-05 18:02 - 2016-10-10 07:33 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-12-05 18:02 - 2016-10-10 07:33 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-12-05 18:02 - 2016-10-10 07:33 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-12-05 18:02 - 2016-10-10 07:33 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-12-05 18:02 - 2016-10-10 07:33 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-12-05 18:02 - 2016-10-10 07:33 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-12-05 18:02 - 2016-10-10 07:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-12-05 18:02 - 2016-10-10 07:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-12-05 18:02 - 2016-10-10 07:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-12-05 18:02 - 2016-10-10 07:33 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-12-05 18:02 - 2016-10-10 07:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-12-05 18:02 - 2016-10-10 07:16 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-12-05 18:02 - 2016-10-10 07:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-12-05 18:02 - 2016-10-10 07:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-12-05 18:02 - 2016-10-10 07:16 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-12-05 18:02 - 2016-10-10 07:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-12-05 18:02 - 2016-10-10 07:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-12-05 18:02 - 2016-10-10 07:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-12-05 18:02 - 2016-10-10 07:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-12-05 18:02 - 2016-10-10 07:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-12-05 18:02 - 2016-10-10 07:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-12-05 18:02 - 2016-10-10 07:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-12-05 18:02 - 2016-10-10 07:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-12-05 18:02 - 2016-10-10 07:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-12-05 18:02 - 2016-10-10 07:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-12-05 18:02 - 2016-10-10 07:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-12-05 18:02 - 2016-10-10 06:56 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-12-05 18:02 - 2016-10-10 06:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-12-05 18:02 - 2016-10-10 06:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-12-05 18:02 - 2016-10-10 06:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-12-05 18:02 - 2016-10-10 06:54 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-12-05 18:02 - 2016-10-10 06:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-12-05 18:02 - 2016-10-07 07:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-12-05 18:02 - 2016-10-07 07:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-12-05 18:02 - 2016-10-07 07:35 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-12-05 18:02 - 2016-10-07 07:32 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-12-05 18:02 - 2016-10-07 07:32 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-12-05 18:02 - 2016-10-07 07:32 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-12-05 18:02 - 2016-10-07 07:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-12-05 18:02 - 2016-10-07 07:32 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-12-05 18:02 - 2016-10-07 07:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-12-05 18:02 - 2016-10-07 07:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-12-05 18:02 - 2016-10-07 07:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-12-05 18:02 - 2016-10-07 07:32 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-12-05 18:02 - 2016-10-07 07:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-12-05 18:02 - 2016-10-07 07:32 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-12-05 18:02 - 2016-10-07 07:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-12-05 18:02 - 2016-10-07 07:32 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-12-05 18:02 - 2016-10-07 07:32 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-12-05 18:02 - 2016-10-07 07:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-12-05 18:02 - 2016-10-07 07:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-12-05 18:02 - 2016-10-07 07:32 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-12-05 18:02 - 2016-10-07 07:32 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-12-05 18:02 - 2016-10-07 07:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-12-05 18:02 - 2016-10-07 07:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-12-05 18:02 - 2016-10-07 07:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-12-05 18:02 - 2016-10-07 07:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-12-05 18:02 - 2016-10-07 07:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-12-05 18:02 - 2016-10-07 07:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-12-05 18:02 - 2016-10-07 07:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-12-05 18:02 - 2016-10-07 07:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-12-05 18:02 - 2016-10-07 07:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-12-05 18:02 - 2016-10-07 07:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-12-05 18:02 - 2016-10-07 07:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-12-05 18:02 - 2016-10-07 07:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-12-05 18:02 - 2016-10-07 07:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-12-05 18:02 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-12-05 18:02 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-12-05 18:02 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-12-05 18:02 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-12-05 18:02 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-12-05 18:02 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-12-05 18:02 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-12-05 18:02 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-12-05 18:02 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-12-05 18:02 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-12-05 18:02 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-12-05 18:02 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-12-05 18:02 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-12-05 18:02 - 2016-10-07 07:15 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-12-05 18:02 - 2016-10-07 07:12 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-12-05 18:02 - 2016-10-07 07:12 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-12-05 18:02 - 2016-10-07 07:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-12-05 18:02 - 2016-10-07 07:12 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-12-05 18:02 - 2016-10-07 07:12 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-12-05 18:02 - 2016-10-07 07:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-12-05 18:02 - 2016-10-07 07:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-12-05 18:02 - 2016-10-07 07:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-12-05 18:02 - 2016-10-07 07:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-12-05 18:02 - 2016-10-07 07:12 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-12-05 18:02 - 2016-10-07 07:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-12-05 18:02 - 2016-10-07 07:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-12-05 18:02 - 2016-10-07 07:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-12-05 18:02 - 2016-10-07 07:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-12-05 18:02 - 2016-10-07 07:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-12-05 18:02 - 2016-10-07 07:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-12-05 18:02 - 2016-10-07 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-12-05 18:02 - 2016-10-07 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-12-05 18:02 - 2016-10-07 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-12-05 18:02 - 2016-10-07 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-12-05 18:02 - 2016-10-07 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-12-05 18:02 - 2016-10-07 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-12-05 18:02 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-12-05 18:02 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-12-05 18:02 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-12-05 18:02 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-12-05 18:02 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-12-05 18:02 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-12-05 18:02 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-12-05 18:02 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-12-05 18:02 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-12-05 18:02 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-12-05 18:02 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-12-05 18:02 - 2016-10-07 07:04 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-12-05 18:02 - 2016-10-07 07:04 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-12-05 18:02 - 2016-10-07 07:04 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-12-05 18:02 - 2016-10-07 07:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-12-05 18:02 - 2016-10-07 07:00 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-12-05 18:02 - 2016-10-07 06:56 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-12-05 18:02 - 2016-10-07 06:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-12-05 18:02 - 2016-10-07 06:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-12-05 18:02 - 2016-10-07 06:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-12-05 18:02 - 2016-10-07 06:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-12-05 18:02 - 2016-10-07 06:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-12-05 18:02 - 2016-10-07 06:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-12-05 18:02 - 2016-10-07 06:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-12-05 18:02 - 2016-10-05 06:54 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2016-12-05 18:02 - 2016-09-15 06:56 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2016-12-05 18:02 - 2016-09-13 07:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-12-05 18:02 - 2016-09-13 07:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-12-05 18:02 - 2016-09-09 10:00 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-12-05 18:01 - 2016-10-27 10:54 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-12-05 18:01 - 2016-10-27 10:51 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-12-05 18:01 - 2016-10-27 10:37 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-12-05 18:01 - 2016-10-27 10:28 - 25763328 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-12-05 18:01 - 2016-10-27 10:28 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-12-05 18:01 - 2016-10-27 10:19 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-12-05 18:01 - 2016-10-27 09:44 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-12-05 18:01 - 2016-10-27 09:44 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-12-05 18:01 - 2016-10-27 09:17 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-12-05 18:01 - 2016-10-27 07:05 - 20304896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-12-05 18:01 - 2016-10-25 07:02 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-12-05 18:01 - 2016-10-22 09:36 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-12-05 18:01 - 2016-10-22 09:27 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-12-05 18:01 - 2016-10-22 09:20 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-12-05 18:01 - 2016-10-22 08:44 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-12-05 18:01 - 2016-10-22 08:43 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-12-05 18:01 - 2016-10-22 08:43 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-12-05 18:01 - 2016-10-22 08:30 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-12-05 18:01 - 2016-10-11 07:31 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
2016-12-05 18:01 - 2016-10-11 07:18 - 01027584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME
2016-12-05 18:01 - 2016-10-07 07:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-12-05 18:01 - 2016-10-07 07:32 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-12-05 18:01 - 2016-10-07 07:18 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-12-05 18:01 - 2016-10-07 07:18 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-12-05 18:01 - 2016-10-07 07:12 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-12-05 18:01 - 2016-09-09 10:20 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-12-05 18:01 - 2016-08-22 08:19 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-12-05 18:01 - 2016-05-11 09:02 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-12-05 18:01 - 2016-05-11 09:02 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-12-05 18:01 - 2016-05-11 09:02 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-12-05 18:01 - 2016-05-11 07:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-12-05 18:01 - 2016-05-11 07:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-12-05 18:01 - 2016-05-11 07:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-12-05 18:01 - 2016-05-11 07:11 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2016-12-05 18:01 - 2016-05-11 07:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2016-12-05 18:01 - 2016-05-11 06:58 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-12-05 18:00 - 2016-05-18 08:10 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-12-05 18:00 - 2016-05-18 08:09 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-12-05 17:41 - 2016-09-12 13:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2016-12-05 17:41 - 2016-09-12 12:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
2016-12-05 17:41 - 2016-09-08 12:34 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2016-12-05 17:41 - 2016-09-08 12:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2016-12-05 17:41 - 2016-09-08 12:34 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2016-12-05 17:41 - 2016-09-08 12:34 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2016-12-05 17:41 - 2016-09-08 06:55 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-12-05 17:41 - 2016-09-08 06:55 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-12-05 17:41 - 2016-08-16 10:47 - 00419640 _____ C:\Windows\SysWOW64\locale.nls
2016-12-05 17:41 - 2016-08-16 10:47 - 00419640 _____ C:\Windows\system32\locale.nls
2016-12-05 17:41 - 2016-08-12 09:02 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-12-05 17:41 - 2016-08-12 09:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-12-05 17:41 - 2016-08-12 09:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-12-05 17:41 - 2016-08-12 08:31 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-12-05 17:41 - 2016-08-12 08:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-12-05 17:41 - 2016-08-12 08:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-12-05 17:41 - 2016-08-12 08:26 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2016-12-05 17:41 - 2016-08-06 07:31 - 02023424 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2016-12-05 17:41 - 2016-08-06 07:31 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2016-12-05 17:41 - 2016-08-06 07:31 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2016-12-05 17:41 - 2016-08-06 07:31 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2016-12-05 17:41 - 2016-08-06 07:31 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2016-12-05 17:41 - 2016-08-06 07:31 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2016-12-05 17:41 - 2016-08-06 07:15 - 01178112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2016-12-05 17:41 - 2016-08-06 07:15 - 00249344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2016-12-05 17:41 - 2016-08-06 07:15 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2016-12-05 17:41 - 2016-08-06 07:15 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2016-12-05 17:41 - 2016-08-06 07:15 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll
2016-12-05 17:41 - 2016-08-06 07:01 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2016-12-05 17:41 - 2016-08-06 07:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2016-12-05 17:41 - 2016-08-06 06:53 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2016-12-05 17:41 - 2016-08-06 06:53 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe
2016-12-05 17:41 - 2016-08-06 06:53 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll
2016-12-05 17:41 - 2016-06-14 09:21 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2016-12-05 17:41 - 2016-06-14 09:16 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2016-12-05 17:41 - 2016-06-14 09:16 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2016-12-05 17:41 - 2016-06-14 09:16 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2016-12-05 17:41 - 2016-06-14 09:16 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2016-12-05 17:41 - 2016-06-14 09:16 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-12-05 17:41 - 2016-06-14 09:16 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2016-12-05 17:41 - 2016-06-14 09:16 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2016-12-05 17:41 - 2016-06-14 09:16 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2016-12-05 17:41 - 2016-06-14 09:16 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2016-12-05 17:41 - 2016-06-14 09:16 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-12-05 17:41 - 2016-06-14 09:16 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-12-05 17:41 - 2016-06-14 09:16 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2016-12-05 17:41 - 2016-06-14 09:16 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2016-12-05 17:41 - 2016-06-14 09:16 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2016-12-05 17:41 - 2016-06-14 09:16 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-12-05 17:41 - 2016-06-14 09:16 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-12-05 17:41 - 2016-06-14 09:16 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-12-05 17:41 - 2016-06-14 09:16 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2016-12-05 17:41 - 2016-06-14 09:16 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-12-05 17:41 - 2016-06-14 09:16 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2016-12-05 17:41 - 2016-06-14 09:16 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2016-12-05 17:41 - 2016-06-14 09:16 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2016-12-05 17:41 - 2016-06-14 09:16 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2016-12-05 17:41 - 2016-06-14 09:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-12-05 17:41 - 2016-06-14 09:11 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2016-12-05 17:41 - 2016-06-14 07:21 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2016-12-05 17:41 - 2016-06-14 07:21 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2016-12-05 17:41 - 2016-06-14 07:21 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2016-12-05 17:41 - 2016-06-14 07:21 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2016-12-05 17:41 - 2016-06-14 07:21 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2016-12-05 17:41 - 2016-06-14 07:21 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2016-12-05 17:41 - 2016-06-14 07:21 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2016-12-05 17:41 - 2016-06-14 07:21 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2016-12-05 17:41 - 2016-06-14 07:21 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-12-05 17:41 - 2016-06-14 07:21 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2016-12-05 17:41 - 2016-06-14 07:21 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2016-12-05 17:41 - 2016-06-14 07:21 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-12-05 17:41 - 2016-06-14 07:21 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-12-05 17:41 - 2016-06-14 07:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-12-05 17:41 - 2016-06-14 07:21 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-12-05 17:41 - 2016-06-14 07:21 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2016-12-05 17:41 - 2016-06-14 07:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-12-05 17:41 - 2016-06-14 07:15 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2016-12-05 17:41 - 2016-06-14 07:15 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-12-05 17:41 - 2016-06-14 07:15 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-12-05 17:41 - 2016-06-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-12-05 17:41 - 2016-06-14 07:05 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-12-05 17:41 - 2016-06-14 07:00 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2016-12-05 17:41 - 2016-06-14 07:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2016-12-05 17:41 - 2016-05-12 05:05 - 00459640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-12-05 17:41 - 2016-05-12 05:05 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-12-05 17:41 - 2016-05-12 05:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-12-05 17:41 - 2016-03-23 14:40 - 00634432 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-12-05 17:41 - 2016-03-23 14:40 - 00546656 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2016-12-05 17:40 - 2016-09-12 11:08 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-12-05 17:40 - 2016-09-12 10:43 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-12-05 17:40 - 2016-09-12 10:43 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-12-05 17:40 - 2016-08-12 09:02 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-12-05 17:40 - 2016-08-12 09:02 - 12574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-12-05 17:40 - 2016-08-12 08:47 - 12574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-12-05 17:40 - 2016-08-12 08:47 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-12-05 17:40 - 2016-06-14 09:16 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-12-05 17:40 - 2016-06-14 09:16 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-12-05 17:40 - 2016-06-14 09:16 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-12-05 17:40 - 2016-06-14 09:16 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-12-05 17:40 - 2016-06-14 07:21 - 03209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-12-05 17:40 - 2016-06-14 07:21 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-12-05 17:40 - 2016-06-14 07:21 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-12-05 17:40 - 2016-06-14 07:21 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-12-05 17:40 - 2016-06-14 07:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-12-05 17:26 - 2016-12-05 17:26 - 00000000 ____D C:\39721ced4451b8158a1e
2016-12-05 17:15 - 2016-12-05 17:20 - 00000000 ____D C:\Monthly Rollup Updates
2016-12-05 17:06 - 2016-12-05 17:06 - 00000000 ___HD C:\Windows\AxInstSV
2016-12-03 19:33 - 2016-12-03 19:33 - 00003342 _____ C:\Windows\System32\Tasks\{F3AD0AD3-DFC6-432C-9F91-DB6B97B9CD15}
2016-12-03 19:32 - 2016-12-03 19:32 - 00003342 _____ C:\Windows\System32\Tasks\{17E70786-1C8A-444C-A623-2FFE7FD72490}
2016-12-03 19:29 - 2016-12-03 19:29 - 00003342 _____ C:\Windows\System32\Tasks\{C8983DB7-A196-417A-BEE4-057675D09B3B}
2016-12-03 19:23 - 2016-12-03 19:23 - 00003342 _____ C:\Windows\System32\Tasks\{91250CDB-FCD4-4843-A320-4239F8C883A9}
2016-12-02 17:11 - 2016-12-02 17:11 - 15114216 ____R C:\Users\Public\Documents\My Money1 Backup_2016-12-02_171109.mbf
2016-11-30 19:04 - 2016-11-30 19:04 - 00000000 ____D C:\Users\Travis' Machine\AppData\Roaming\Sun
2016-11-30 18:53 - 2016-11-30 18:53 - 00000000 ____D C:\Windows\system32\%commonappdata%
2016-11-28 18:27 - 2016-12-01 06:12 - 00655360 _____ C:\Windows\system32\SxsTrace.etl
2016-11-27 12:55 - 2016-11-27 12:55 - 15081440 ____R C:\Users\Public\Documents\My Money1 Backup_2016-11-27_125545.mbf
2016-11-27 10:47 - 2016-11-27 10:47 - 00000000 ___HD C:\TMRescueDisk
2016-11-27 10:43 - 2016-11-27 10:43 - 00000000 ____D C:\Users\Travis' Machine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Maximum Security
2016-11-27 10:43 - 2016-08-07 09:27 - 00435416 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2016-11-27 10:43 - 2016-08-07 09:27 - 00142552 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmactmon.sys
2016-11-27 10:43 - 2016-08-07 09:27 - 00117984 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmevtmgr.sys
2016-11-27 10:43 - 2016-06-23 22:58 - 00561952 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmnciesc.sys
2016-11-27 10:43 - 2016-06-20 19:23 - 00143648 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmeevw.sys
2016-11-27 10:42 - 2016-11-27 10:42 - 00000000 ____D C:\Windows\SysWOW64\tmumh
2016-11-27 10:42 - 2016-11-27 10:42 - 00000000 ____D C:\Windows\system32\tmumh
2016-11-27 10:42 - 2016-09-30 00:58 - 00111840 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\TMUMH.sys
2016-11-27 10:42 - 2016-05-15 23:35 - 00132888 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmusa.sys
2016-11-27 10:42 - 2016-01-04 19:35 - 00072504 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\TMEBC64.sys
2016-11-27 10:39 - 2016-11-27 10:39 - 00003312 _____ C:\Windows\System32\Tasks\AirSupport Update
2016-11-27 10:39 - 2016-11-27 10:39 - 00000059 _____ C:\Windows\system32\SupportTool.exe.bat
2016-11-27 10:39 - 2016-11-27 10:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Troubleshooting Tool
2016-11-27 10:38 - 2016-11-27 10:38 - 00000000 ____D C:\ProgramData\TMDP_Setup
2016-11-27 10:38 - 2016-11-27 10:38 - 00000000 ____D C:\ProgramData\TMDP_Log
2016-11-27 10:22 - 2016-11-27 10:22 - 00000000 ____D C:\Users\Default\AppData\Local\Trend Micro
2016-11-27 10:22 - 2016-11-27 10:22 - 00000000 ____D C:\Users\Default User\AppData\Local\Trend Micro
2016-11-27 07:39 - 2016-11-27 07:39 - 00000000 ____D C:\ProgramData\Trend Micro Installer
2016-11-26 22:26 - 2016-11-26 22:26 - 00002272 _____ C:\Users\Travis' Machine\Desktop\Temple+.lnk
2016-11-26 22:21 - 2016-11-26 22:25 - 00000000 ____D C:\Users\Travis' Machine\AppData\Local\TemplePlus
2016-11-26 22:21 - 2016-11-26 22:21 - 00000000 ____D C:\Users\Travis' Machine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Temple+
2016-11-26 22:14 - 2016-11-26 22:21 - 00000000 ____D C:\Users\Travis' Machine\AppData\Local\SquirrelTemp
2016-11-26 21:49 - 2016-11-26 21:49 - 00000812 _____ C:\Users\Public\Desktop\Circle of Eight Modpack.lnk
2016-11-26 21:49 - 2016-11-26 21:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Circle of Eight Modpack
2016-11-26 20:31 - 2016-11-26 20:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-11-26 20:31 - 2016-10-18 04:31 - 00616504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2016-11-26 20:26 - 2016-10-18 06:53 - 31522240 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-11-26 20:26 - 2016-10-18 06:53 - 24208952 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-11-26 20:26 - 2016-10-18 06:53 - 23000000 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2016-11-26 20:26 - 2016-10-18 06:53 - 18634216 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2016-11-26 20:26 - 2016-10-18 06:53 - 17559200 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2016-11-26 20:26 - 2016-10-18 06:53 - 15302712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2016-11-26 20:26 - 2016-10-18 06:53 - 14497712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2016-11-26 20:26 - 2016-10-18 06:53 - 13916048 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-11-26 20:26 - 2016-10-18 06:53 - 13827664 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-11-26 20:26 - 2016-10-18 06:53 - 12909624 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-11-26 20:26 - 2016-10-18 06:53 - 11272008 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-11-26 20:26 - 2016-10-18 06:53 - 11209336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-11-26 20:26 - 2016-10-18 06:53 - 04252608 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-11-26 20:26 - 2016-10-18 06:53 - 03994560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-11-26 20:26 - 2016-10-18 06:53 - 02826176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2016-11-26 20:26 - 2016-10-18 06:53 - 01908088 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434200.dll
2016-11-26 20:26 - 2016-10-18 06:53 - 01557552 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434200.dll
2016-11-26 20:26 - 2016-10-18 06:53 - 00953912 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-11-26 20:26 - 2016-10-18 06:53 - 00915392 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-11-26 20:26 - 2016-10-18 06:53 - 00911928 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-11-26 20:26 - 2016-10-18 06:53 - 00876992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-11-26 20:23 - 2016-11-26 20:23 - 00000000 ____D C:\NVIDIA
2016-11-26 19:45 - 2016-11-26 19:45 - 00000000 ____D C:\Users\Travis' Machine\AppData\Local\Intel
2016-11-26 19:44 - 2016-11-26 19:55 - 00003038 _____ C:\Windows\System32\Tasks\USER_ESRV_SVC_WILLAMETTE
2016-11-26 19:44 - 2016-11-26 19:44 - 00001177 _____ C:\Users\Public\Desktop\Intel® Driver Update Utility 2.6.lnk
2016-11-26 19:44 - 2016-11-26 19:44 - 00000000 ____D C:\Windows\System32\Tasks\Intel
2016-11-26 19:44 - 2016-11-26 19:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2016-11-26 19:44 - 2016-11-26 19:44 - 00000000 ____D C:\Program Files\Intel
2016-11-26 19:44 - 2016-11-26 19:44 - 00000000 ____D C:\Program Files (x86)\Intel Driver Update Utility
2016-11-26 19:44 - 2015-06-04 13:33 - 00021984 _____ C:\Windows\system32\Drivers\semav6msr64.sys
2016-11-26 17:39 - 2016-11-27 07:29 - 00000000 ____D C:\SFCFix
2016-11-26 17:21 - 2016-11-27 07:29 - 00000000 ____D C:\Users\Travis' Machine\AppData\Local\niemiro
2016-11-26 15:42 - 2016-11-26 15:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-11-26 15:42 - 2016-11-26 15:42 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-11-26 15:42 - 2016-11-26 15:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-11-26 15:41 - 2016-11-26 15:44 - 00000000 ____D C:\542ccb61dae5f85b50f1144a1d
2016-11-26 11:03 - 2016-11-26 11:03 - 00000000 ____D C:\c2bbcfa8b1de5361616992
2016-11-26 11:02 - 2016-11-26 11:02 - 00000000 ____D C:\208d65865a2583e824
2016-11-26 09:15 - 2016-11-26 09:15 - 00000000 ____D C:\1935c748ef2c29721fbd
2016-11-25 11:53 - 2016-11-25 11:53 - 00002820 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-11-25 11:53 - 2016-11-25 11:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-11-25 11:53 - 2016-11-25 11:53 - 00000000 ____D C:\Program Files\CCleaner
2016-11-20 14:16 - 2016-11-20 14:16 - 15671408 ____R C:\Users\Public\Documents\My Money1 Backup_2016-11-20_141630.mbf
2016-11-13 09:10 - 2016-11-13 09:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bilingual Books
2016-11-13 09:10 - 2016-11-13 09:10 - 00000000 ____D C:\Program Files (x86)\Bilingual Books
2016-11-13 09:02 - 2016-11-13 09:02 - 00000000 ____D C:\Users\ELissa\AppData\Roaming\EuroTalk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-12 19:51 - 2013-03-26 14:28 - 00407608 _____ (Trend Micro Inc.) C:\Windows\RegBootClean64.exe
2016-12-12 19:51 - 2012-03-25 20:05 - 00000000 ____D C:\ProgramData\Trend Micro
2016-12-12 19:25 - 2015-03-20 10:55 - 00000010 _____ C:\Users\Travis' Machine\AppData\Local\sponge.last.runtime.cache
2016-12-12 19:01 - 2014-05-10 07:54 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-12 18:31 - 2009-07-13 20:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-12 18:31 - 2009-07-13 20:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-12 18:30 - 2009-07-13 21:13 - 00798820 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-12 18:30 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2016-12-12 18:24 - 2013-04-27 18:56 - 00000000 ____D C:\ProgramData\NVIDIA
2016-12-12 18:24 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-11 17:09 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2016-12-11 16:38 - 2016-02-14 16:54 - 00007595 _____ C:\Users\Travis' Machine\AppData\Local\Resmon.ResmonCfg
2016-12-11 16:37 - 2012-03-26 06:17 - 00000000 ____D C:\Users\Travis' Machine\AppData\Local\CrashDumps
2016-12-10 05:45 - 2012-12-07 11:24 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-12-05 20:57 - 2014-04-18 15:24 - 00000000 __SHD C:\Users\Travis' Machine\AppData\LocalLow\EmieUserList
2016-12-05 20:57 - 2014-04-18 15:23 - 00000000 __SHD C:\Users\Travis' Machine\AppData\LocalLow\EmieSiteList
2016-12-05 18:32 - 2014-04-18 15:24 - 00000000 __SHD C:\Users\Travis' Machine\AppData\Local\EmieUserList
2016-12-05 18:32 - 2014-04-18 15:24 - 00000000 __SHD C:\Users\Travis' Machine\AppData\Local\EmieSiteList
2016-12-05 18:10 - 2009-07-13 20:45 - 00403120 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-05 17:48 - 2009-07-13 21:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-12-05 17:44 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-12-05 17:44 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\Dism
2016-12-05 17:44 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-12-05 17:06 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-12-03 19:39 - 2016-06-26 09:11 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-02 17:11 - 2012-03-25 20:42 - 14356480 _____ C:\Users\Public\Documents\My Money1.mny
2016-11-30 19:05 - 2014-08-24 06:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-11-30 19:05 - 2013-09-10 17:56 - 00000000 ____D C:\ProgramData\Oracle
2016-11-30 19:05 - 2013-09-10 17:55 - 00000000 ____D C:\Program Files (x86)\Java
2016-11-30 19:04 - 2014-08-24 06:24 - 00269888 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2016-11-30 19:04 - 2014-08-24 06:24 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-11-27 10:39 - 2015-03-20 09:26 - 00000000 ____D C:\Program Files\Trend Micro
2016-11-27 10:38 - 2009-07-13 18:34 - 00000575 _____ C:\Windows\win.ini
2016-11-27 10:37 - 2012-03-25 20:02 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2016-11-26 22:19 - 2012-03-28 17:01 - 00790942 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-11-26 21:03 - 2012-03-26 06:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari
2016-11-26 21:03 - 2011-11-08 00:24 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-11-26 21:01 - 2012-08-26 12:24 - 00000000 ____D C:\Games
2016-11-26 20:31 - 2012-03-25 20:15 - 00000000 ____D C:\temp
2016-11-26 20:30 - 2014-03-10 16:40 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-11-26 20:30 - 2013-04-27 18:56 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-11-26 20:30 - 2013-04-27 18:56 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-11-26 20:26 - 2014-03-10 16:43 - 00000000 ____D C:\Users\Travis' Machine\AppData\Local\NVIDIA Corporation
2016-11-26 19:44 - 2012-02-09 04:12 - 00000000 ____D C:\ProgramData\Intel
2016-11-26 18:05 - 2012-02-09 04:09 - 02066453 _____ C:\Windows\WindowsUpdate.log.bak
2016-11-26 17:23 - 2016-08-28 16:06 - 00000000 ____D C:\Windows\system32\Catroot2.bak
2016-11-26 16:38 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2016-11-26 15:19 - 2013-06-16 08:38 - 00000000 ____D C:\Users\Travis' Machine\AppData\Local\ElevatedDiagnostics
2016-11-26 09:22 - 2015-06-11 17:11 - 00056832 ___SH C:\Users\Travis' Machine\Downloads\Thumbs.db
2016-11-26 08:48 - 2014-12-20 21:14 - 00000000 ____D C:\Users\Travis' Machine\Desktop\Elissa and Kessa's Games
2016-11-26 08:10 - 2012-03-25 20:06 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-11-26 08:09 - 2012-03-26 05:00 - 00000000 ____D C:\Windows\pss
2016-11-26 07:54 - 2012-06-19 18:14 - 00882688 ___SH C:\Users\Travis' Machine\Desktop\Thumbs.db
2016-11-25 12:09 - 2015-01-02 08:32 - 00000000 ____D C:\Program Files (x86)\Steam
2016-11-25 12:09 - 2014-05-02 17:45 - 00000000 ____D C:\Windows\Minidump
2016-11-25 12:09 - 2007-07-11 17:49 - 00000000 ____D C:\Windows\Panther
2016-11-25 11:51 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-11-25 11:27 - 2013-02-06 18:19 - 00000036 _____ C:\Users\Travis' Machine\AppData\Local\housecall.guid.cache

==================== Files in the root of some directories =======

2013-02-06 18:25 - 2013-02-06 18:25 - 0103912 _____ () C:\Users\Travis' Machine\AppData\Local\ars.cache
2013-02-06 18:25 - 2013-02-06 18:25 - 0184342 _____ () C:\Users\Travis' Machine\AppData\Local\census.cache
2013-02-06 18:19 - 2016-11-25 11:27 - 0000036 _____ () C:\Users\Travis' Machine\AppData\Local\housecall.guid.cache
2016-02-14 16:54 - 2016-12-11 16:38 - 0007595 _____ () C:\Users\Travis' Machine\AppData\Local\Resmon.ResmonCfg
2015-03-20 10:55 - 2016-12-12 19:25 - 0000010 _____ () C:\Users\Travis' Machine\AppData\Local\sponge.last.runtime.cache
2016-08-28 12:15 - 2016-08-28 12:15 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-06-19 18:57 - 2014-12-20 21:13 - 0005874 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\Travis' Machine\AppData\Local\Temp\jre-8u111-windows-au.exe
C:\Users\Travis' Machine\AppData\Local\Temp\msvcp120.dll
C:\Users\Travis' Machine\AppData\Local\Temp\msvcr120.dll
C:\Users\Travis' Machine\AppData\Local\Temp\nvStInst.exe
C:\Users\Travis' Machine\AppData\Local\Temp\pc-decrapifier.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-11 17:01

==================== End of FRST.txt ============================

____________________________________________________________________________________________________________________

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:39 AM

Posted 13 December 2016 - 10:10 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

GroupPolicy: Restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-2434683688-4034244284-536083220-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
CHR HKLM\...\Chrome\Extension: [olmajmomenlhgihenlbjcfbopoghpckg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [dflinnddekagfkncpgojoppgnppfkbkj] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [idkknaphebegndgimgdpfnconcickdfn] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [olmajmomenlhgihenlbjcfbopoghpckg] - hxxps://clients2.google.com/service/update2/crx
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]
S4 Live Updater Service; C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [X]
S3 hwa; system32\DRIVERS\WSR_HWA.SYS [X]
S3 HWARadio; system32\DRIVERS\WSR_RCI.SYS [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
U2 TMAgent; no ImagePath
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\View Baldur's Gate: Tales of The Sword Coast Readme.lnk [2454]

reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download and run the Windows Update Troubleshooter (Windows 8.1, Windows 8,) for Windows 7.
https://support.microsoft.com/en-us/kb/971058

Run the application and restart the computer when completed.

Any luck with the updates?
If not post any error message that you have seen.

#3 aitrusak

aitrusak
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 14 December 2016 - 09:58 PM

Hi Nasdaq.  Thanks for the assist.

 

Here's the FRST log:

____________________________________________________________________________________________

Fix result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016
Ran by Travis' Machine (14-12-2016 18:32:01) Run:1
Running from C:\Users\Travis' Machine\Desktop
Loaded Profiles: Travis' Machine (Available Profiles: Travis' Machine & ELissa)
Boot Mode: Normal
==============================================

fixlist content:
*****************

start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

GroupPolicy: Restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-2434683688-4034244284-536083220-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
CHR HKLM\...\Chrome\Extension: [olmajmomenlhgihenlbjcfbopoghpckg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [dflinnddekagfkncpgojoppgnppfkbkj] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [idkknaphebegndgimgdpfnconcickdfn] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [olmajmomenlhgihenlbjcfbopoghpckg] - hxxps://clients2.google.com/service/update2/crx
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]
S4 Live Updater Service; C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [X]
S3 hwa; system32\DRIVERS\WSR_HWA.SYS [X]
S3 HWARadio; system32\DRIVERS\WSR_RCI.SYS [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
U2 TMAgent; no ImagePath
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\View Baldur's Gate: Tales of The Sword Coast Readme.lnk [2454]

reboot:

End

*****************

Restore point was successfully created.
Processes closed successfully.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
HKU\S-1-5-21-2434683688-4034244284-536083220-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922" => key removed successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\olmajmomenlhgihenlbjcfbopoghpckg" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dflinnddekagfkncpgojoppgnppfkbkj" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\idkknaphebegndgimgdpfnconcickdfn" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\olmajmomenlhgihenlbjcfbopoghpckg" => key removed successfully
Amsp => Unable to stop service.
Amsp => service could not remove
Live Updater Service => service removed successfully
hwa => service removed successfully
HWARadio => service removed successfully
nvvad_WaveExtensible => service removed successfully
TMAgent => service removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\View Baldur's Gate => ": Tales of The Sword Coast Readme.lnk" ADS removed successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 84553587 B
Java, Flash, Steam htmlcache => 36318266 B
Windows/system/drivers => 237867391 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 42320376 B
systemprofile32 => 66356 B
LocalService => 26132386 B
NetworkService => 0 B
Travis' Machine => 477921299 B
UpdatusUser => 0 B
ELissa => 251657107 B

RecycleBin => 6409893 B
EmptyTemp: => 1.1 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 18:34:22 ====

___________________________________________________________________________________________________________________________________

 

No dice on the Windows Update application in your link.  I received the following messages:

 

"Troubleshooting was unable to automatically fix all of the issues found.  You can find more details below.

 

Problems found

Service registration is missing or corrupt......Not fixed

Windows Update error 0x80070057(2016-12-14-T-06_44_07P)"

 

Everything on the Windows Update tool shows as fixed.



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:39 AM

Posted 15 December 2016 - 09:18 AM

Please Download Tweaking.com - Windows Repair from Here
[list]
  • Install and then run the program
  • Execute the instructions on Step 1 Important
  • Click Next on Step 2 Optional, do the Pre Scan skip Step 3 and 4 Optional for now.
  • On Step 5 Backup System Restore Do a Registry backup. When you have completed this click Next
  • Click Repairs - Open Repairs in the bottom right corner
  • Uncheck the All repair button then select just the item(s) listed below

  • 01 - Repair Registry Permissions
    03 - Reset Service permissions
    04 - Register System Files
    05 - Repair WMI
    10 - Remove Policies Set By Infections
    17 - Repair Windows Updates
    21 - Repair MSI (Windows Installer)
    27 - Set Windows Service to Default Startup
    
    
  • Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
  • Please copy and paste the Contents of this file on your next reply.

  • ===

    Restart the computer normally.

    Try the Windows update.

    Post any error message if not successful.


#5 aitrusak

aitrusak
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 16 December 2016 - 08:24 PM

Used the Tweaking.com repair tool as instructed.  No errors.

 

Restarted the computer, and tried to run Windows Update.  It has been stuck on the "Checking or updates" loading screen since about 7pm last night.  It is now 5pm tonight.  Have received no error messages.


Edited by aitrusak, 16 December 2016 - 08:24 PM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:39 AM

Posted 17 December 2016 - 08:27 AM

This topic will give you 3 fixes that you can try

http://www.sevenforums.com/tutorials/91738-windows-update-reset.html

If no luck then I suggest you start a new topic in the Windows 7 forum.

https://www.bleepingcomputer.com/forums/f/167/windows-7/

Someone with that type of experience should be able to help you better that I can.


I will leave this topic open for 6 days. If you need to return please do.

#7 aitrusak

aitrusak
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 22 December 2016 - 09:46 PM

Thanks again for your help, nasdaq.  It's very appreciated.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users