Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Keeps Restarting and network shifts between airplane mode and wifi off options


  • This topic is locked This topic is locked
18 replies to this topic

#1 Mare1220

Mare1220

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:49 AM

Posted 15 July 2017 - 01:40 AM

For the last two days my wifi will randomly disconnect me from my home network, lose the home network in it's list of wifi options, and sometimes shift itself into airplane mode.  Tonight it kept the shifting up for over an hour with maybe thirty to forty seconds between the shifts.

 

Also, suddenly even though I run my updates as often as they appear, today of all days EVERYTHING wants to be updated. My Windows, my Adobe products, my CCleaner, etc.

 

It's slowed down considerably, my Chrome (main browser) doesn't remember my password for random things like Netflix and Facebook. Yet when I retype my passwords, it says I can't log in.  However when I access the same sites from Explorer, I have completely easy access.

 

The computer itself suddenly has trouble loading the simplest of document files. My notepad took about two minutes from my clicking it to opening, as did my MS Word and Hemmingway apps.  When I just now ran the FRST program a NEW odd thing happened.  During the initial scan, everything on the screen froze (not unusual) but then my sound made a distinct ping, my harddrive whirred loud enough for me to be concern (sounded like a skipping CD) and the screen blinked on and off again. Just as suddenly as that started, it went back to normal and decided to complete the scan.

 

The computer itself has also slowed down considerably on the boot up times from Monday 'til now.  From completely off 'til completely loaded takes up to ten minutes.  

 

I've booted into safemode with networking and the problems still exist except I am completely unable to connect to the internet in any sort of way at that point. 

 

I've run Super Anti Spyware, Spybot, MBam and even Panda, all after running RKill first, all to no avail.  I've reset the winsoc and cleared my tmp files, cleaned my cache. I've run hardware diags and there's nothing wrong there either so I turned to you guys. Hope you can help. 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-07-2017
Ran by MaryAnn (administrator) on MARESLENOVO (15-07-2017 01:36:03)
Running from C:\Users\MaryAnn\Downloads
Loaded Profiles: MaryAnn (Available Profiles: MaryAnn)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Lenovo) C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Lenovo) C:\Users\MaryAnn\AppData\Local\Apps\2.0\J12RHEQ8.VKY\X11882YM.X1J\lsb...tion_2d7b41b05b24775e_0001.0006_589ac911618caaca\LSB.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-04] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-07] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [9308416 2015-06-02] (Realtek semiconductor)
HKLM\...\Run: [PasswordManager] => C:\Program Files\Lenovo\Password Manager\password_manager.exe [1622072 2014-01-09] (Lenovo Group Limited)
HKLM\...\Run: [PhoneCompanion] => C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [836592 2014-11-22] (Lenovo)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [16094704 2014-11-22] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [10973168 2014-11-22] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKU\S-1-5-21-2841604245-4010253232-1339942159-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9803992 2017-06-13] (Piriform Ltd)
HKU\S-1-5-21-2841604245-4010253232-1339942159-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7963552 2017-06-27] (SUPERAntiSpyware)
HKU\S-1-5-21-2841604245-4010253232-1339942159-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [5094080 2017-07-03] (Disc Soft Ltd)
HKU\S-1-5-21-2841604245-4010253232-1339942159-1001\...\MountPoints2: {dc79d014-6824-11e7-82e7-acb57d74fbd6} - "F:\mri.exe" 
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [391040 2017-03-18] (Microsoft Corporation)
Startup: C:\Users\MaryAnn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2016-11-01]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{28cc2993-00ae-4e28-aae0-a8c09831b91a}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{d42124bc-f0fa-4e6b-aad9-b4a7155a2140}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-2841604245-4010253232-1339942159-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-2841604245-4010253232-1339942159-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-2841604245-4010253232-1339942159-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.lenovo.com
 
FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxps://plus.google.com/u/0/","hxxps://mail.google.com/mail/u/0/#inbox","hxxps://www.fiverr.com/","hxxps://www.blogmutt.com/d/users/sign_in","hxxps://www.odesk.com/login?redir=%2Fnotifications","hxxps://www.elance.com/php/landing/main/login.php?redirect=http%3A%2F%2Fwww.elance.com%2Fopportunities#%23DATETIME%23%23&e_name=JobRecDigestDaily&e_link=11","hxxp://www.freedomwithwriting.com/freedom/","hxxp://www.wellfedwriter.com/blog/","hxxps://www.jobgateway.pa.gov/jponline/Admin/Common/Portal.aspx?nCHFPWYGF1fA59cIVE6dBoOHwSjah@eDx@JrDJN@nM1eSRdjktf_tRB_@a9Dm8ZSpStxVBeh8xWol4Ne368aeZUMBfnEhuRR97L_Z3RKlck-1UG21WzrK_8gUCLbFBvEVQ2owE1rdpCTqHEUilhp1yLfXMku2o1E","hxxp://www.flexjobs.com/?v=2&utm_expid=3302061-3.QbjiZxsVQ8W0lWqKpU7lCw.1"
CHR Profile: C:\Users\MaryAnn\AppData\Local\Google\Chrome\User Data\Default [2017-07-15]
CHR Extension: (Google Slides) - C:\Users\MaryAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-02]
CHR Extension: (Google Docs) - C:\Users\MaryAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-15]
CHR Extension: (Google Drive) - C:\Users\MaryAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-15]
CHR Extension: (YouTube) - C:\Users\MaryAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-15]
CHR Extension: (Google Sheets) - C:\Users\MaryAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-02]
CHR Extension: (Google Docs Offline) - C:\Users\MaryAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-02]
CHR Extension: (Prodigy Math Game) - C:\Users\MaryAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\hndgjbjghbnahgfhcmhkkoibbgdemlia [2017-02-12]
CHR Extension: (OneLogin for Google Chrome) - C:\Users\MaryAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioalpmibngobedobkmbhgmadaphocjdn [2017-05-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\MaryAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\MaryAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-15]
CHR Extension: (Chrome Media Router) - C:\Users\MaryAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-14]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-02-10] (SUPERAntiSpyware.com)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2289856 2017-07-03] (Disc Soft Ltd)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144072 2015-10-07] (ELAN Microelectronics Corp.)
S2 ibtsiva; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [150256 2015-06-09] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [330144 2015-09-09] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel® Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-21] (LENOVO INCORPORATED.)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2014-11-22] (Lenovo(beijing) Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272864 2016-01-08] (Lenovo)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [288240 2014-11-22] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [305136 2014-11-22] (Lenovo)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [23416 2017-06-09] ()
S3 TESHelper; c:\Program Files\Common Files\Lenovo\Magic Transfer\x64\MagicTransferTESHelper.exe [104696 2014-11-22] (Lenovo)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-12-24] (Atheros) [File not signed]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-07-04] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-07-12] (Disc Soft Ltd)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [54736 2017-01-22] ()
R2 LubFsFlt; C:\windows\System32\Drivers\LubFsFlt.sys [27384 2014-02-22] (Lenovo(beijing) Limited)
R0 LubSec; C:\WINDOWS\System32\Drivers\LubSec.sys [45304 2014-02-22] (Lenovo(beijing) Limited)
R1 MpKslea90beb1; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{08381C3A-6C34-47F2-8527-63CEA2CD4FA9}\MpKslea90beb1.sys [44928 2017-07-15] (Microsoft Corporation)
S3 PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security, S.L.)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-07-22] (Realtek                                            )
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3057920 2015-06-02] (Realtek Semiconductor Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [87568 2013-07-02] (Intel Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-15 01:36 - 2017-07-15 01:36 - 00015505 _____ C:\Users\MaryAnn\Downloads\FRST.txt
2017-07-15 01:32 - 2017-07-15 01:32 - 02435584 _____ (Farbar) C:\Users\MaryAnn\Downloads\FRST64.exe
2017-07-15 00:06 - 2017-07-15 00:06 - 00002648 _____ C:\Users\MaryAnn\Documents\bleeping computer.txt
2017-07-14 23:08 - 2017-07-14 23:08 - 00042791 _____ C:\Users\MaryAnn\Desktop\dds.txt
2017-07-14 23:08 - 2017-07-14 23:08 - 00010666 _____ C:\Users\MaryAnn\Desktop\attach.txt
2017-07-14 22:53 - 2017-07-14 22:54 - 00380928 _____ C:\Users\MaryAnn\Desktop\kippvcwt.exe
2017-07-14 13:51 - 2017-07-14 13:51 - 00000000 ____D C:\Users\MaryAnn\AppData\Local\Disc_Soft_Ltd
2017-07-13 21:00 - 2017-07-13 21:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Lenovo
2017-07-13 20:58 - 2017-07-13 20:58 - 00000000 ____D C:\WINDOWS\net35
2017-07-12 17:34 - 2017-07-12 17:34 - 00047672 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtliteusbbus.sys
2017-07-12 16:52 - 2017-07-07 03:13 - 00554392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-07-12 16:52 - 2017-07-07 03:13 - 00336320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-07-12 16:52 - 2017-07-07 02:57 - 00626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-07-12 16:52 - 2017-07-07 02:57 - 00125344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2017-07-12 16:52 - 2017-07-07 02:39 - 01839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-07-12 16:52 - 2017-07-07 02:39 - 00096128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-07-12 16:52 - 2017-07-07 02:37 - 02259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-07-12 16:52 - 2017-07-07 02:31 - 05820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-07-12 16:52 - 2017-07-07 02:31 - 01518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-07-12 16:52 - 2017-07-07 02:31 - 00129184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-07-12 16:52 - 2017-07-07 02:30 - 02165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-07-12 16:52 - 2017-07-07 02:30 - 00949920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2017-07-12 16:52 - 2017-07-07 02:30 - 00750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-07-12 16:52 - 2017-07-07 02:29 - 00349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-07-12 16:52 - 2017-07-07 02:29 - 00123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Clipc.dll
2017-07-12 16:52 - 2017-07-07 02:27 - 06759512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-07-12 16:52 - 2017-07-07 02:26 - 20373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-07-12 16:52 - 2017-07-07 02:26 - 01529384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-07-12 16:52 - 2017-07-07 02:26 - 01195240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-07-12 16:52 - 2017-07-07 02:26 - 00988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-07-12 16:52 - 2017-07-07 02:25 - 00035232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininitext.dll
2017-07-12 16:52 - 2017-07-07 02:23 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-07-12 16:52 - 2017-07-07 02:22 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2017-07-12 16:52 - 2017-07-07 02:14 - 02956800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-07-12 16:52 - 2017-07-07 02:14 - 01448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-07-12 16:52 - 2017-07-07 02:14 - 00790016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-07-12 16:52 - 2017-07-07 02:13 - 13839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-07-12 16:52 - 2017-07-07 02:12 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-07-12 16:52 - 2017-07-07 02:10 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-07-12 16:52 - 2017-07-07 02:10 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapprovp.dll
2017-07-12 16:52 - 2017-07-07 02:09 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-07-12 16:52 - 2017-07-07 02:07 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\raschap.dll
2017-07-12 16:52 - 2017-07-07 02:06 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsExt.dll
2017-07-12 16:52 - 2017-07-07 02:05 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-07-12 16:52 - 2017-07-07 02:05 - 05719040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-07-12 16:52 - 2017-07-07 02:05 - 00502784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2017-07-12 16:52 - 2017-07-07 02:05 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2017-07-12 16:52 - 2017-07-07 02:04 - 05961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-07-12 16:52 - 2017-07-07 02:04 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-07-12 16:52 - 2017-07-07 02:04 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-07-12 16:52 - 2017-07-07 02:04 - 00506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-07-12 16:52 - 2017-07-07 02:04 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-07-12 16:52 - 2017-07-07 02:03 - 06123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-07-12 16:52 - 2017-07-07 02:03 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-07-12 16:52 - 2017-07-07 02:03 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-07-12 16:52 - 2017-07-07 02:02 - 00952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-07-12 16:52 - 2017-07-07 02:01 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-07-12 16:52 - 2017-07-07 02:00 - 07596544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-07-12 16:52 - 2017-07-07 02:00 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-07-12 16:52 - 2017-07-07 02:00 - 02588160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2017-07-12 16:52 - 2017-07-07 02:00 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-07-12 16:52 - 2017-07-07 02:00 - 01565184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-07-12 16:52 - 2017-07-07 02:00 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-07-12 16:52 - 2017-07-07 01:59 - 04417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-07-12 16:52 - 2017-07-07 01:59 - 01494016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-07-12 16:52 - 2017-07-07 01:59 - 01355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-07-12 16:52 - 2017-07-07 01:59 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-07-12 16:52 - 2017-07-07 01:58 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-07-12 16:52 - 2017-07-07 01:58 - 02782720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-07-12 16:52 - 2017-07-07 01:58 - 02298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-07-12 16:52 - 2017-07-07 01:58 - 01237504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2017-07-12 16:52 - 2017-07-07 01:55 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2017-07-12 16:52 - 2017-07-07 01:55 - 00329216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2017-07-12 16:52 - 2017-07-07 01:53 - 01301504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdc.dll
2017-07-12 16:52 - 2017-07-07 01:53 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2017-07-12 16:52 - 2017-06-20 02:06 - 00279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-07-12 16:52 - 2017-06-20 01:34 - 00192416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-07-12 16:52 - 2017-06-20 01:15 - 00455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2017-07-12 16:52 - 2017-06-20 01:13 - 00787712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2017-07-12 16:52 - 2017-06-20 01:12 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2017-07-12 16:52 - 2017-06-20 01:09 - 00406032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-07-12 16:52 - 2017-06-20 01:08 - 04469840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-07-12 16:52 - 2017-06-20 01:07 - 02475136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-07-12 16:52 - 2017-06-20 01:07 - 00346016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-07-12 16:52 - 2017-06-20 01:07 - 00138656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2017-07-12 16:52 - 2017-06-20 01:06 - 00754592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-07-12 16:52 - 2017-06-20 01:06 - 00278944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2017-07-12 16:52 - 2017-06-20 01:05 - 00438096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-07-12 16:52 - 2017-06-20 01:05 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-07-12 16:52 - 2017-06-20 01:04 - 02330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-07-12 16:52 - 2017-06-20 01:04 - 01178528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2017-07-12 16:52 - 2017-06-20 01:04 - 01077496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2017-07-12 16:52 - 2017-06-20 01:04 - 00181656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-07-12 16:52 - 2017-06-20 01:04 - 00049656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msasn1.dll
2017-07-12 16:52 - 2017-06-20 01:03 - 05806048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-07-12 16:52 - 2017-06-20 01:03 - 00864240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-07-12 16:52 - 2017-06-20 01:03 - 00443728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2017-07-12 16:52 - 2017-06-20 01:02 - 03377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-07-12 16:52 - 2017-06-20 01:02 - 01121928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-07-12 16:52 - 2017-06-20 01:02 - 00354400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2017-07-12 16:52 - 2017-06-20 01:01 - 00176032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-07-12 16:52 - 2017-06-20 01:00 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-07-12 16:52 - 2017-06-20 00:49 - 00899072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfuimanager.dll
2017-07-12 16:52 - 2017-06-20 00:49 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2017-07-12 16:52 - 2017-06-20 00:46 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-07-12 16:52 - 2017-06-20 00:45 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Profile.RetailInfo.dll
2017-07-12 16:52 - 2017-06-20 00:43 - 00173568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ClipboardServer.dll
2017-07-12 16:52 - 2017-06-20 00:43 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
2017-07-12 16:52 - 2017-06-20 00:43 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2017-07-12 16:52 - 2017-06-20 00:43 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dataclen.dll
2017-07-12 16:52 - 2017-06-20 00:42 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certca.dll
2017-07-12 16:52 - 2017-06-20 00:42 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2017-07-12 16:52 - 2017-06-20 00:42 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-07-12 16:52 - 2017-06-20 00:42 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2017-07-12 16:52 - 2017-06-20 00:41 - 00734208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-07-12 16:52 - 2017-06-20 00:41 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2017-07-12 16:52 - 2017-06-20 00:41 - 00601088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2017-07-12 16:52 - 2017-06-20 00:41 - 00433152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2017-07-12 16:52 - 2017-06-20 00:41 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2017-07-12 16:52 - 2017-06-20 00:40 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-07-12 16:52 - 2017-06-20 00:40 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-07-12 16:52 - 2017-06-20 00:40 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-07-12 16:52 - 2017-06-20 00:40 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-07-12 16:52 - 2017-06-20 00:40 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll
2017-07-12 16:52 - 2017-06-20 00:40 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-07-12 16:52 - 2017-06-20 00:39 - 02814464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2017-07-12 16:52 - 2017-06-20 00:39 - 02671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-07-12 16:52 - 2017-06-20 00:39 - 00969728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2017-07-12 16:52 - 2017-06-20 00:39 - 00646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2017-07-12 16:52 - 2017-06-20 00:39 - 00471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll
2017-07-12 16:52 - 2017-06-20 00:39 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-07-12 16:52 - 2017-06-20 00:38 - 01451008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2017-07-12 16:52 - 2017-06-20 00:38 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-07-12 16:52 - 2017-06-20 00:38 - 01171968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-07-12 16:52 - 2017-06-20 00:38 - 00648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2017-07-12 16:52 - 2017-06-20 00:38 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-07-12 16:52 - 2017-06-20 00:36 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-07-12 16:52 - 2017-06-20 00:35 - 02679296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-07-12 16:52 - 2017-06-20 00:35 - 02132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-07-12 16:52 - 2017-06-20 00:35 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-07-12 16:52 - 2017-06-20 00:34 - 04056576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-07-12 16:52 - 2017-06-20 00:34 - 02750464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-07-12 16:52 - 2017-06-20 00:34 - 02211328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-07-12 16:52 - 2017-06-20 00:34 - 01492480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2017-07-12 16:52 - 2017-06-20 00:34 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-07-12 16:52 - 2017-06-20 00:31 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-07-12 16:52 - 2017-06-20 00:30 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdmaud.drv
2017-07-12 16:52 - 2017-06-20 00:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2017-07-12 16:52 - 2017-06-20 00:30 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-07-12 16:52 - 2017-06-20 00:28 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2017-07-12 16:51 - 2017-07-07 10:00 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2017-07-12 16:51 - 2017-07-07 03:24 - 00117664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2017-07-12 16:51 - 2017-07-07 03:23 - 02399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-07-12 16:51 - 2017-07-07 03:21 - 32688336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsRaw.dll
2017-07-12 16:51 - 2017-07-07 03:20 - 02021680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2017-07-12 16:51 - 2017-07-07 03:20 - 00519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-07-12 16:51 - 2017-07-07 03:11 - 00094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-07-12 16:51 - 2017-07-07 03:10 - 01670496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-07-12 16:51 - 2017-07-07 03:10 - 01325968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-07-12 16:51 - 2017-07-07 03:10 - 00254168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-07-12 16:51 - 2017-07-07 03:07 - 01106848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2017-07-12 16:51 - 2017-07-07 03:07 - 00058488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-07-12 16:51 - 2017-07-07 02:40 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-07-12 16:51 - 2017-07-07 02:37 - 31652264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsRaw.dll
2017-07-12 16:51 - 2017-07-07 02:37 - 01339352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpmde.dll
2017-07-12 16:51 - 2017-07-07 02:27 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2017-07-12 16:51 - 2017-07-07 02:23 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-07-12 16:51 - 2017-07-07 02:23 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-07-12 16:51 - 2017-07-07 02:20 - 23681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-07-12 16:51 - 2017-07-07 02:20 - 08331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-07-12 16:51 - 2017-07-07 02:20 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\prntvpt.dll
2017-07-12 16:51 - 2017-07-07 02:19 - 07149056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-07-12 16:51 - 2017-07-07 02:19 - 00165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-07-12 16:51 - 2017-07-07 02:18 - 00548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2017-07-12 16:51 - 2017-07-07 02:17 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-07-12 16:51 - 2017-07-07 02:17 - 00588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-07-12 16:51 - 2017-07-07 02:16 - 12786176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-07-12 16:51 - 2017-07-07 02:16 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-07-12 16:51 - 2017-07-07 02:15 - 08238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-07-12 16:51 - 2017-07-07 02:14 - 08211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-07-12 16:51 - 2017-07-07 02:14 - 03784704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-07-12 16:51 - 2017-07-07 02:14 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2017-07-12 16:51 - 2017-07-07 02:12 - 04730880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-07-12 16:51 - 2017-07-07 02:12 - 01142272 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-07-12 16:51 - 2017-07-07 02:11 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-07-12 16:51 - 2017-07-07 02:09 - 20504576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-07-12 16:51 - 2017-07-07 02:08 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-07-12 16:51 - 2017-07-07 02:07 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2017-07-12 16:51 - 2017-07-07 02:06 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2017-07-12 16:51 - 2017-07-07 02:06 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sensrsvc.dll
2017-07-12 16:51 - 2017-07-07 02:05 - 19335168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-07-12 16:51 - 2017-07-07 02:05 - 11870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-07-12 16:51 - 2017-07-07 02:02 - 00508416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2017-07-12 16:51 - 2017-07-07 02:01 - 06287360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-07-12 16:51 - 2017-07-07 01:59 - 03656704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-07-12 16:51 - 2017-06-20 02:11 - 00411992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2017-07-12 16:51 - 2017-06-20 02:08 - 01242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-07-12 16:51 - 2017-06-20 02:03 - 00820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-07-12 16:51 - 2017-06-20 02:02 - 01055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-07-12 16:51 - 2017-06-20 01:59 - 06554928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-07-12 16:51 - 2017-06-20 01:59 - 01220072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-07-12 16:51 - 2017-06-20 01:59 - 00467504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2017-07-12 16:51 - 2017-06-20 01:57 - 02681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-07-12 16:51 - 2017-06-20 01:13 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModelOOBE.exe
2017-07-12 16:51 - 2017-06-20 01:12 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-07-12 16:51 - 2017-06-20 01:12 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-07-12 16:51 - 2017-06-20 01:11 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-07-12 16:51 - 2017-06-20 01:10 - 00722432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-07-12 16:51 - 2017-06-20 01:10 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-07-12 16:51 - 2017-06-20 01:09 - 00551424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2017-07-12 16:51 - 2017-06-20 01:09 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Narrator.exe
2017-07-12 16:51 - 2017-06-20 01:09 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-07-12 16:51 - 2017-06-20 01:08 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-07-12 16:51 - 2017-06-20 01:08 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2017-07-12 16:51 - 2017-06-20 01:08 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-07-12 16:51 - 2017-06-20 01:08 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-07-12 16:51 - 2017-06-20 01:07 - 00823296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2017-07-12 16:51 - 2017-06-20 01:07 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2017-07-12 16:51 - 2017-06-20 01:07 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-07-12 16:51 - 2017-06-20 01:06 - 00942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-07-12 16:51 - 2017-06-20 01:06 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-07-12 16:51 - 2017-06-20 01:05 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-07-12 16:51 - 2017-06-20 01:05 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-07-12 16:51 - 2017-06-20 01:05 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-07-12 16:51 - 2017-06-20 01:04 - 01177600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2017-07-12 16:51 - 2017-06-20 01:03 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-07-12 16:51 - 2017-06-20 01:01 - 04536320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-07-12 16:51 - 2017-06-20 00:59 - 02938880 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-07-12 16:51 - 2017-06-20 00:59 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-07-12 16:51 - 2017-06-20 00:56 - 00985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-07-12 16:51 - 2017-06-20 00:45 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-07-12 16:51 - 2017-06-20 00:43 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-07-12 16:51 - 2017-06-20 00:43 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-07-12 16:51 - 2017-06-20 00:43 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-07-12 16:51 - 2017-06-20 00:42 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-07-12 16:51 - 2017-06-20 00:42 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-07-12 16:51 - 2017-06-20 00:38 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-07-12 16:51 - 2017-06-20 00:37 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-07-12 16:50 - 2017-07-07 03:27 - 01147288 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-07-12 16:50 - 2017-07-07 03:27 - 01024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-07-12 16:50 - 2017-07-07 03:27 - 00965024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-07-12 16:50 - 2017-07-07 03:27 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-07-12 16:50 - 2017-07-07 03:26 - 01065104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-07-12 16:50 - 2017-07-07 03:25 - 00899824 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-07-12 16:50 - 2017-07-07 03:22 - 08318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-07-12 16:50 - 2017-07-07 03:22 - 01186464 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-07-12 16:50 - 2017-07-07 03:22 - 00119384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-07-12 16:50 - 2017-07-07 03:21 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-07-12 16:50 - 2017-07-07 03:20 - 00923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-07-12 16:50 - 2017-07-07 03:20 - 00382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-07-12 16:50 - 2017-07-07 03:17 - 01017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-07-12 16:50 - 2017-07-07 03:15 - 02444696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-07-12 16:50 - 2017-07-07 03:14 - 07325584 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-07-12 16:50 - 2017-07-07 03:14 - 05477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-07-12 16:50 - 2017-07-07 03:14 - 01760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-07-12 16:50 - 2017-07-07 03:14 - 01171032 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2017-07-12 16:50 - 2017-07-07 03:13 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-07-12 16:50 - 2017-07-07 03:13 - 00147800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Clipc.dll
2017-07-12 16:50 - 2017-07-07 03:12 - 00411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-07-12 16:50 - 2017-07-07 03:12 - 00318232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-07-12 16:50 - 2017-07-07 03:11 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-07-12 16:50 - 2017-07-07 03:10 - 21353208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-07-12 16:50 - 2017-07-07 03:10 - 01337848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-07-12 16:50 - 2017-07-07 03:10 - 00372128 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-07-12 16:50 - 2017-07-07 03:09 - 00041376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininitext.dll
2017-07-12 16:50 - 2017-07-07 02:27 - 03670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-07-12 16:50 - 2017-07-07 02:27 - 01640448 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-07-12 16:50 - 2017-07-07 02:27 - 01050624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-07-12 16:50 - 2017-07-07 02:27 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-07-12 16:50 - 2017-07-07 02:27 - 00360960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2017-07-12 16:50 - 2017-07-07 02:26 - 17364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-07-12 16:50 - 2017-07-07 02:25 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-07-12 16:50 - 2017-07-07 02:22 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-07-12 16:50 - 2017-07-07 02:22 - 00520704 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-07-12 16:50 - 2017-07-07 02:21 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-07-12 16:50 - 2017-07-07 02:19 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-07-12 16:50 - 2017-07-07 02:19 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-07-12 16:50 - 2017-07-07 02:18 - 07336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-07-12 16:50 - 2017-07-07 02:18 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2017-07-12 16:50 - 2017-07-07 02:18 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsExt.dll
2017-07-12 16:50 - 2017-07-07 02:17 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-07-12 16:50 - 2017-07-07 02:17 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-07-12 16:50 - 2017-07-07 02:17 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-07-12 16:50 - 2017-07-07 02:17 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-07-12 16:50 - 2017-07-07 02:16 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-07-12 16:50 - 2017-07-07 02:15 - 00922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-07-12 16:50 - 2017-07-07 02:14 - 01802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-07-12 16:50 - 2017-07-07 02:13 - 05892096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-07-12 16:50 - 2017-07-07 02:13 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-07-12 16:50 - 2017-07-07 02:12 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-07-12 16:50 - 2017-07-07 02:12 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-07-12 16:50 - 2017-07-07 02:12 - 02055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-07-12 16:50 - 2017-07-07 02:12 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-07-12 16:50 - 2017-07-07 02:12 - 01420800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2017-07-12 16:50 - 2017-07-07 02:12 - 01305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-07-12 16:50 - 2017-07-07 02:12 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-07-12 16:50 - 2017-07-07 02:12 - 00706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-07-12 16:50 - 2017-07-07 02:11 - 03139584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-07-12 16:50 - 2017-07-07 02:11 - 02829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-07-12 16:50 - 2017-07-07 02:11 - 02649600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-07-12 16:50 - 2017-07-07 02:11 - 02177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-07-12 16:50 - 2017-07-07 02:11 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-07-12 16:50 - 2017-07-07 02:11 - 00986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-07-12 16:50 - 2017-07-07 02:11 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-07-12 16:50 - 2017-07-07 02:10 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-07-12 16:50 - 2017-07-07 02:10 - 04707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-07-12 16:50 - 2017-07-07 02:10 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-07-12 16:50 - 2017-07-07 02:05 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2017-07-12 16:50 - 2017-07-07 02:04 - 01403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdc.dll
2017-07-12 16:50 - 2017-07-07 02:04 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2017-07-12 16:50 - 2017-07-01 18:52 - 00031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-07-12 16:50 - 2017-06-20 02:18 - 01564576 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-07-12 16:50 - 2017-06-20 02:18 - 00096672 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-07-12 16:50 - 2017-06-20 02:17 - 00629152 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-07-12 16:50 - 2017-06-20 02:17 - 00544160 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-07-12 16:50 - 2017-06-20 02:17 - 00334240 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-07-12 16:50 - 2017-06-20 02:17 - 00136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-07-12 16:50 - 2017-06-20 02:17 - 00034720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-07-12 16:50 - 2017-06-20 02:16 - 01214880 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-07-12 16:50 - 2017-06-20 02:16 - 00335776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-07-12 16:50 - 2017-06-20 02:15 - 00233376 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-07-12 16:50 - 2017-06-20 02:11 - 01395152 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-07-12 16:50 - 2017-06-20 02:10 - 02327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-07-12 16:50 - 2017-06-20 02:10 - 01930320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-07-12 16:50 - 2017-06-20 02:05 - 01057832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-07-12 16:50 - 2017-06-20 02:04 - 04847424 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-07-12 16:50 - 2017-06-20 02:04 - 00472728 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-07-12 16:50 - 2017-06-20 02:03 - 00102312 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialUIBroker.exe
2017-07-12 16:50 - 2017-06-20 02:02 - 02645688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-07-12 16:50 - 2017-06-20 02:00 - 00558920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-07-12 16:50 - 2017-06-20 02:00 - 00255904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-07-12 16:50 - 2017-06-20 02:00 - 00142752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-07-12 16:50 - 2017-06-20 01:59 - 01054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-07-12 16:50 - 2017-06-20 01:59 - 00583304 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2017-07-12 16:50 - 2017-06-20 01:58 - 00833160 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2017-07-12 16:50 - 2017-06-20 01:58 - 00406072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-07-12 16:50 - 2017-06-20 01:57 - 00204192 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-07-12 16:50 - 2017-06-20 01:15 - 01620368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-07-12 16:50 - 2017-06-20 01:14 - 01150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-07-12 16:50 - 2017-06-20 01:12 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2017-07-12 16:50 - 2017-06-20 01:11 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-07-12 16:50 - 2017-06-20 01:10 - 00778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2017-07-12 16:50 - 2017-06-20 01:10 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-07-12 16:50 - 2017-06-20 01:10 - 00189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2017-07-12 16:50 - 2017-06-20 01:10 - 00188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
2017-07-12 16:50 - 2017-06-20 01:09 - 00555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgrSvc.dll
2017-07-12 16:50 - 2017-06-20 01:09 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
2017-07-12 16:50 - 2017-06-20 01:09 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-07-12 16:50 - 2017-06-20 01:09 - 00250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2017-07-12 16:50 - 2017-06-20 01:09 - 00208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-07-12 16:50 - 2017-06-20 01:09 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-07-12 16:50 - 2017-06-20 01:09 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dataclen.dll
2017-07-12 16:50 - 2017-06-20 01:08 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-07-12 16:50 - 2017-06-20 01:08 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2017-07-12 16:50 - 2017-06-20 01:08 - 00251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-07-12 16:50 - 2017-06-20 01:07 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2017-07-12 16:50 - 2017-06-20 01:07 - 00626176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2017-07-12 16:50 - 2017-06-20 01:07 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2017-07-12 16:50 - 2017-06-20 01:07 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-07-12 16:50 - 2017-06-20 01:06 - 00847872 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-07-12 16:50 - 2017-06-20 01:06 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-07-12 16:50 - 2017-06-20 01:06 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-07-12 16:50 - 2017-06-20 01:05 - 04447744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-07-12 16:50 - 2017-06-20 01:05 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-07-12 16:50 - 2017-06-20 01:05 - 00873472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-07-12 16:50 - 2017-06-20 01:05 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-07-12 16:50 - 2017-06-20 01:05 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-07-12 16:50 - 2017-06-20 01:05 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-07-12 16:50 - 2017-06-20 01:04 - 01818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-07-12 16:50 - 2017-06-20 01:04 - 01425920 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-07-12 16:50 - 2017-06-20 01:04 - 00899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2017-07-12 16:50 - 2017-06-20 01:04 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-07-12 16:50 - 2017-06-20 01:04 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-07-12 16:50 - 2017-06-20 01:04 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2017-07-12 16:50 - 2017-06-20 01:03 - 01396224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-07-12 16:50 - 2017-06-20 01:02 - 03204096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-07-12 16:50 - 2017-06-20 01:02 - 02804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-07-12 16:50 - 2017-06-20 01:02 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-07-12 16:50 - 2017-06-20 01:02 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-07-12 16:50 - 2017-06-20 01:01 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-07-12 16:50 - 2017-06-20 01:01 - 03803136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-07-12 16:50 - 2017-06-20 01:01 - 03332096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-07-12 16:50 - 2017-06-20 01:01 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-07-12 16:50 - 2017-06-20 01:01 - 01076736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-07-12 16:50 - 2017-06-20 01:00 - 03057664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-07-12 16:50 - 2017-06-20 01:00 - 02171392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2017-07-12 16:50 - 2017-06-20 00:59 - 01357824 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-07-12 16:50 - 2017-06-20 00:58 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-07-12 16:50 - 2017-06-20 00:57 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2017-07-12 16:50 - 2017-06-20 00:56 - 00600064 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-07-12 16:50 - 2017-06-20 00:56 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdmaud.drv
2017-07-12 16:50 - 2017-06-20 00:54 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
2017-07-12 16:49 - 2017-07-07 03:27 - 00821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-07-12 16:49 - 2017-07-07 03:12 - 00228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-07-12 16:49 - 2017-07-07 02:27 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2017-07-12 16:49 - 2017-07-07 02:27 - 00577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll
2017-07-12 16:49 - 2017-07-07 02:24 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2017-07-12 16:49 - 2017-07-07 02:23 - 00113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-07-12 16:49 - 2017-07-07 02:23 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapprovp.dll
2017-07-12 16:49 - 2017-07-07 02:21 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll
2017-07-12 16:49 - 2017-07-07 02:19 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\raschap.dll
2017-07-12 16:49 - 2017-07-07 02:18 - 00563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2017-07-12 16:49 - 2017-07-07 02:17 - 00536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-07-12 16:49 - 2017-07-07 02:14 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-07-12 16:49 - 2017-07-07 02:07 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-07-12 16:49 - 2017-07-07 02:07 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2017-07-12 16:49 - 2017-07-07 02:04 - 01703424 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-07-12 16:49 - 2017-06-20 02:03 - 00179608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll
2017-07-12 16:49 - 2017-06-20 02:02 - 00426912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-07-12 16:49 - 2017-06-20 01:58 - 00203168 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2017-07-12 16:49 - 2017-06-20 01:16 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfuimanager.dll
2017-07-12 16:49 - 2017-06-20 01:16 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2017-07-12 16:49 - 2017-06-20 01:14 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2017-07-12 16:49 - 2017-06-20 01:13 - 00216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-07-12 16:49 - 2017-06-20 01:13 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2017-07-12 16:49 - 2017-06-20 01:13 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgr.dll
2017-07-12 16:49 - 2017-06-20 01:12 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Profile.RetailInfo.dll
2017-07-12 16:49 - 2017-06-20 01:09 - 00205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipboardServer.dll
2017-07-12 16:49 - 2017-06-20 01:09 - 00135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2017-07-12 16:49 - 2017-06-20 01:08 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\system32\certca.dll
2017-07-12 16:49 - 2017-06-20 01:07 - 00916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2017-07-12 16:49 - 2017-06-20 01:07 - 00757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-07-12 16:49 - 2017-06-20 01:06 - 00455680 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-07-12 16:49 - 2017-06-20 01:06 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2017-07-12 16:49 - 2017-06-20 01:06 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2017-07-12 16:49 - 2017-06-20 01:06 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-07-12 16:49 - 2017-06-20 01:05 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2017-07-12 16:49 - 2017-06-20 01:05 - 00696320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2017-07-12 16:49 - 2017-06-20 01:02 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinAUG.dll
2017-07-12 16:49 - 2017-06-20 01:01 - 00809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-07-12 16:49 - 2017-06-20 01:01 - 00397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-07-12 16:49 - 2017-06-20 00:57 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMPushRouterCore.dll
2017-07-10 12:53 - 2017-07-15 01:19 - 00000000 ____D C:\Users\MaryAnn\AppData\Roaming\LSC
2017-07-06 17:25 - 2017-07-06 17:25 - 00002070 _____ C:\Users\Public\Desktop\Lenovo Solution Center.lnk
2017-07-04 23:51 - 2017-07-04 23:51 - 00000000 ____D C:\Users\MaryAnn\AppData\Local\CyberLink
2017-07-04 18:35 - 2017-07-04 18:35 - 00002342 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-07-04 17:14 - 2017-07-04 17:14 - 00000000 ____D C:\Users\Public\Documents\Daemon Tools Images
2017-07-04 17:12 - 2017-07-14 13:26 - 00000000 ____D C:\Users\MaryAnn\AppData\Roaming\DAEMON Tools Lite
2017-07-04 17:12 - 2017-07-12 17:34 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2017-07-04 17:12 - 2017-07-04 17:14 - 00030264 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtlitescsibus.sys
2017-07-04 17:12 - 2017-07-04 17:12 - 00001820 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2017-07-04 17:12 - 2017-07-04 17:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2017-07-04 17:08 - 2017-07-04 17:08 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2017-07-04 17:04 - 2017-07-04 17:04 - 00790488 _____ (Disc Soft Ltd.) C:\Users\MaryAnn\Downloads\DTLiteInstaller.exe
2017-07-03 23:15 - 2017-07-03 23:15 - 00000000 ____D C:\Users\Public\CyberLink
2017-07-03 23:15 - 2017-07-03 23:15 - 00000000 ____D C:\Users\MaryAnn\AppData\Roaming\CyberLink
2017-07-03 16:16 - 2017-07-14 13:31 - 00005330 _____ C:\Users\MaryAnn\Desktop\Rkill.txt
2017-07-03 16:16 - 2017-07-14 13:28 - 00000000 ____D C:\Users\MaryAnn\Desktop\rkill
2017-06-30 23:56 - 2017-06-30 23:56 - 00099350 _____ C:\Users\MaryAnn\Downloads\Payment Confirmation.pdf
2017-06-27 18:48 - 2017-06-27 18:48 - 54270000 _____ C:\Users\MaryAnn\Downloads\torbrowser-install-7.0.1_en-US.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-15 01:36 - 2017-01-22 01:47 - 00000000 ____D C:\FRST
2017-07-15 00:35 - 2017-06-08 09:09 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-07-14 23:00 - 2016-11-29 13:54 - 00000000 ___RD C:\Users\MaryAnn\Desktop\Ya Gotta Check This 6 27 17
2017-07-14 14:51 - 2014-11-22 20:30 - 00000000 ____D C:\ProgramData\Lenovo
2017-07-14 11:08 - 2017-03-18 17:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-14 11:08 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-07-13 22:40 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\rescache
2017-07-13 21:01 - 2017-06-08 09:40 - 00000000 ____D C:\WINDOWS\System32\Tasks\TVT
2017-07-13 20:58 - 2014-11-22 20:29 - 00000000 ____D C:\Program Files (x86)\Lenovo
2017-07-13 20:57 - 2017-05-17 16:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2017-07-13 20:57 - 2014-11-22 20:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2017-07-12 17:34 - 2017-03-18 17:01 - 00000000 ____D C:\WINDOWS\INF
2017-07-12 17:33 - 2016-10-31 02:04 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-07-12 17:29 - 2017-06-08 09:09 - 00402776 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-07-12 17:26 - 2017-03-18 17:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-07-12 17:26 - 2017-03-18 17:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-07-12 17:26 - 2017-03-18 17:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-07-12 17:26 - 2017-03-18 17:03 - 00000000 ___RD C:\Program Files\Windows Defender
2017-07-12 17:26 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-07-12 17:26 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\migwiz
2017-07-12 17:26 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-07-12 17:26 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-07-12 17:26 - 2017-03-18 17:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-07-12 17:26 - 2017-03-18 17:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-07-12 17:26 - 2017-03-18 17:03 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-07-12 17:03 - 2017-03-18 16:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-07-12 16:59 - 2016-10-31 21:38 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-07-12 16:56 - 2016-10-31 21:37 - 135225752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-07-11 12:17 - 2017-06-08 09:16 - 00000000 ____D C:\Users\MaryAnn
2017-07-06 17:25 - 2017-06-08 09:40 - 00000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2017-07-06 17:25 - 2014-11-22 20:31 - 00000000 ____D C:\Program Files\Lenovo
2017-07-06 17:24 - 2014-11-22 20:29 - 00000000 ____D C:\WINDOWS\Downloaded Installations
2017-07-04 23:58 - 2017-01-09 03:16 - 00000000 ____D C:\Users\MaryAnn\AppData\Roaming\vlc
2017-07-04 23:51 - 2014-11-22 20:47 - 00000000 ____D C:\ProgramData\CyberLink
2017-07-04 18:35 - 2016-11-15 02:22 - 00002354 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-07-03 19:00 - 2017-01-22 07:12 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-07-03 16:31 - 2016-11-10 03:32 - 00000000 ____D C:\Users\MaryAnn\Desktop\SpybotPortable
2017-07-03 16:31 - 2016-11-10 01:16 - 00000000 ____D C:\Users\MaryAnn\AppData\Local\ElevatedDiagnostics
2017-07-03 16:21 - 2016-11-05 15:07 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-07-01 15:54 - 2016-11-05 04:00 - 00000000 ____D C:\Users\MaryAnn\AppData\Roaming\uTorrent
2017-06-30 10:47 - 2017-03-18 17:06 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-06-30 10:47 - 2017-03-18 17:06 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-27 23:03 - 2016-11-09 22:33 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-06-27 22:58 - 2016-11-10 10:31 - 00000000 ____D C:\AdwCleaner
2017-06-25 16:21 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-06-22 11:14 - 2017-06-08 09:40 - 00003286 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-06-22 11:14 - 2016-10-31 18:42 - 00002422 _____ C:\Users\MaryAnn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-22 11:14 - 2016-10-30 22:31 - 00000000 ___RD C:\Users\MaryAnn\OneDrive
 
==================== Files in the root of some directories =======
 
2016-10-30 22:28 - 2016-10-30 23:39 - 0000885 _____ () C:\Users\MaryAnn\AppData\Roaming\AbsoluteReminder.xml
2017-06-08 09:14 - 2017-06-08 09:14 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-07-10 23:35
 
==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-07-2017
Ran by MaryAnn (15-07-2017 01:37:57)
Running from C:\Users\MaryAnn\Downloads
Windows 10 Home Version 1703 (X64) (2017-06-08 13:51:34)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2841604245-4010253232-1339942159-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2841604245-4010253232-1339942159-503 - Limited - Disabled)
Guest (S-1-5-21-2841604245-4010253232-1339942159-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2841604245-4010253232-1339942159-1005 - Limited - Enabled)
MaryAnn (S-1-5-21-2841604245-4010253232-1339942159-1001 - Administrator - Enabled) => C:\Users\MaryAnn
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2841604245-4010253232-1339942159-1001\...\uTorrent) (Version: 3.5.0.43916 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 5.31 - Piriform)
CyberLink PowerDirector 10 (HKLM\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.6.0.0275 - Disc Soft Ltd)
Dependency Package Update (HKLM\...\{0788641D-D31A-478D-BB34-C41564AE9F93}) (Version: 1.6.25.00 - Lenovo Inc.) Hidden
Dependency Package Update (HKLM\...\{5252431C-288E-409D-ADCF-24407E0E6F70}) (Version: 1.6.25.00 - Lenovo Inc.) Hidden
Dependency Package Update (HKLM\...\{FFED38DF-94DC-4FF9-96C1-A6990EDA6B03}) (Version: 1.6.25.00 - Lenovo Inc.) Hidden
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.6.3.1 - Dolby Laboratories Inc)
ELAN Touchpad 11.15.0.18_X64 (HKLM\...\Elantech) (Version: 11.15.0.18 - ELAN Microelectronic Corp.)
Energy Manager (HKLM-x32\...\{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.5.0.16 - Lenovo) Hidden
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.5.0.16 - Lenovo)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Hemingway App version 1.0 (HKLM-x32\...\{FB34442D-4746-40BC-9C97-39BF97D270A1}_is1) (Version: 1.0 - .38 Long LLC)
Hemingway Editor 3.0.2 (only current user) (HKU\S-1-5-21-2841604245-4010253232-1339942159-1001\...\c4297e4f-efc9-59b6-ad8a-d217d00a0512) (Version: 3.0.2 - .38 Long LLC)
Hightail for Lenovo (HKLM\...\{2F10E937-F6D7-4174-8AB9-B299E8FC5CEC}) (Version: 2.4.97.2857 - Hightail, Inc.)
Intel® Chipset Device Software (HKLM-x32\...\{c6cff78a-cccb-49d5-be68-ae0ec5f0d48a}) (Version: 10.1.1.8 - Intel® Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3408 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{DC5673D2-228D-45BC-B9BB-9610CE67DFC0}) (Version: 17.1.1524.1353 - Intel Corporation)
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.25.00 - Lenovo Group Limited)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10260 - Realtek Semiconductor Corp.)
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11103 - Realtek Semiconductor Corp.)
Lenovo FusionEngine  (HKLM-x32\...\Lenovo FusionEngine) (Version: 1.0.13.0 - Lenovo, Inc.)
Lenovo Mobile Phone Wireless Import (HKLM-x32\...\{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo) Hidden
Lenovo Mobile Phone Wireless Import (HKLM-x32\...\InstallShield_{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.4706 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.4706 - CyberLink Corp.)
Lenovo Password Manager (HKLM-x32\...\{70EE2BAA-F82A-4B8A-950E-649EFD64D5B9}) (Version: 1.10.8.0 - Lenovo Group Limited)
Lenovo PhoneCompanion (HKLM-x32\...\{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 1.2.0.0 - Lenovo) Hidden
Lenovo PhoneCompanion (HKLM-x32\...\InstallShield_{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 1.2.0.0 - Lenovo)
Lenovo Photo Master (HKLM-x32\...\{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 1.0.1823.01 - CyberLink Corp.) Hidden
Lenovo Photo Master (HKLM-x32\...\InstallShield_{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 1.0.1823.01 - CyberLink Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5108.52 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5108.52 - CyberLink Corp.)
Lenovo Reach (HKLM-x32\...\{3245D8C8-7FE0-4FD4-B04B-2720A333D592}) (Version: 1.1.3.7 - Stoneware, Inc.)
Lenovo Security Suite (HKLM-x32\...\{184F6D30-2A4C-4BDD-85FF-BE4ABBB4232C}) (Version: 1.0.1.15 - Lenovo)
Lenovo Service Bridge (HKU\S-1-5-21-2841604245-4010253232-1339942159-1001\...\dda9ca0b023f4c56) (Version: 1.6.4.0 - Lenovo)
Lenovo Settings (HKLM-x32\...\{42F8AFC3-7944-46CC-9689-94FF9869D0A7}) (Version: 1.0.0.42 - Lenovo) Hidden
Lenovo Settings (HKLM-x32\...\InstallShield_{42F8AFC3-7944-46CC-9689-94FF9869D0A7}) (Version: 1.0.0.42 - Lenovo)
Lenovo SHAREit (HKLM-x32\...\Lenovo SHAREit_is1) (Version: 2.0.5.0 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{49277B39-D2E8-4342-9CE8-FC080C3FA344}) (Version: 2.8.007.00 - Lenovo Group Limited)
Lenovo System Update (HKLM-x32\...\TVSU_is1) (Version: 5.07.0059 - Lenovo)
Lenovo USB Blocker (HKLM-x32\...\{18706F18-ACE4-4510-A59C-104693E7978B}) (Version: 1.0.0.37 - Lenovo) Hidden
Lenovo USB Blocker (HKLM-x32\...\InstallShield_{18706F18-ACE4-4510-A59C-104693E7978B}) (Version: 1.0.0.37 - Lenovo)
Magic Transfer (HKLM\...\{AD2B2BD1-A1D7-4798-8FDD-B2A58FD94E68}) (Version: 1.1.1.11 - )
Magic Transfer (HKLM-x32\...\{AD2B2BD1-A1D7-4798-8FDD-B2A58FD94E68}) (Version: 1.1.1.11 - Lenovo) Hidden
Magic Transfer (HKLM-x32\...\InstallShield_{AD2B2BD1-A1D7-4798-8FDD-B2A58FD94E68}) (Version: 1.1.1.11 - Lenovo)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2841604245-4010253232-1339942159-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10525 - CyberLink Corp.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.314 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.29071 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7525 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.1 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.1 - VS Revo Group, Ltd.)
Scrivener (HKLM-x32\...\Scrivener 102) (Version: 102 - Literature and Latte)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1228 - SUPERAntiSpyware.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
User Manuals (HKLM-x32\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo) Hidden
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17364 - Microsoft Corporation)
Windows Driver Package - Lenovo (ACPIVPC) System  (09/24/2013 19.29.2.34) (HKLM\...\EE9B1F2037C580F36D92FA431CC02BFF04C31F15) (Version: 09/24/2013 19.29.2.34 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2841604245-4010253232-1339942159-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
ShellIconOverlayIdentifiers: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
ContextMenuHandlers01: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => C:\Program Files (x86)\Lenovo\SHAREit\ShellEx\ShellExt64.dll [2014-04-23] (Lenovo)
ContextMenuHandlers01: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers03: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
ContextMenuHandlers04: [000LenovoFoldersContextMenu] -> {D2DB7BAA-9E12-4640-825C-B1EB36A3809A} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ContextMenuHandlers04: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => C:\Program Files (x86)\Lenovo\SHAREit\ShellEx\ShellExt64.dll [2014-04-23] (Lenovo)
ContextMenuHandlers04: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers05: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-09-09] (Intel Corporation)
ContextMenuHandlers05: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers06: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0AC56FD6-6489-4C1A-8990-03C4628FCB58} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-01-08] (Lenovo)
Task: {187A5D9A-D2B6-48D3-BF61-339D8F4B0A15} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-08] (CyberLink Corp.)
Task: {2635C31B-7108-42AB-93BE-AF781C5D798F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-15] (Google Inc.)
Task: {2CEBB4D8-64E8-4660-BA44-834078AD8F59} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe
Task: {309E16BF-B18C-4BAF-93BD-40383B2E9869} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2017-06-09] ()
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {426AEC21-76A7-4F41-9A5E-161852909B4C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-15] (Google Inc.)
Task: {46EB1BCD-5EFD-4D88-8705-63C166E3B53F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-13] (Piriform Ltd)
Task: {81D4742D-8542-49D7-A720-71F0B0CB9A81} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {9FECC9D5-0306-4C67-98E2-B97FD6ECA9B5} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2016-01-08] (Lenovo)
Task: {C3AEF339-0801-4EC5-A041-E96AFB184903} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2017-06-09] ()
Task: {D0ABCD12-00BD-42FC-A879-08B5AEE86647} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2016-01-08] (Lenovo)
Task: {D457BD31-105E-49B7-9D1D-1BC2EFCA0EF4} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2014-05-21] ()
Task: {E3984000-3848-4D40-B8B7-4F1372BC2611} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-2841604245-4010253232-1339942159-1001 => Rundll32.exe dfshim.dll,ShOpenVerbShortcut C:\Users\MaryAnn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Service Bridge.appref-ms
Task: {E86ED5FF-9BC2-4778-BDED-36EF079931F9} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {EB340F89-AB21-4F34-AA3F-A18A7D870B9B} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-01-08] ()
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-11-22 20:41 - 2012-04-24 06:43 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2017-03-18 16:58 - 2017-03-18 16:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 16:59 - 2017-03-18 22:31 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-06-22 11:15 - 2017-06-22 11:16 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-06-22 11:15 - 2017-06-22 11:16 - 00203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-06-22 11:15 - 2017-06-22 11:16 - 43454464 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-06-22 11:15 - 2017-06-22 11:16 - 02437120 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\skypert.dll
2017-06-27 14:28 - 2017-06-22 23:21 - 03807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
2017-06-27 14:28 - 2017-06-22 23:21 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
2017-06-22 11:15 - 2017-06-22 11:16 - 00054272 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-2841604245-4010253232-1339942159-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2841604245-4010253232-1339942159-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2841604245-4010253232-1339942159-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2841604245-4010253232-1339942159-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2841604245-4010253232-1339942159-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2841604245-4010253232-1339942159-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2841604245-4010253232-1339942159-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2841604245-4010253232-1339942159-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2841604245-4010253232-1339942159-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2841604245-4010253232-1339942159-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2841604245-4010253232-1339942159-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2841604245-4010253232-1339942159-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2841604245-4010253232-1339942159-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2841604245-4010253232-1339942159-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2841604245-4010253232-1339942159-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2841604245-4010253232-1339942159-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2841604245-4010253232-1339942159-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2841604245-4010253232-1339942159-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2841604245-4010253232-1339942159-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2841604245-4010253232-1339942159-1001\...\123simsen.com -> www.123simsen.com
 
There are 7916 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2016-07-15 00:56 - 00000141 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2841604245-4010253232-1339942159-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\MaryAnn\Downloads\20170512_100225 (1).jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Prompt)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "RtHDVCpl"
HKLM\...\StartupApproved\Run: => "RtHDVBg_Dolby"
HKLM\...\StartupApproved\Run: => "RtHDVBg_LENOVO_DOLBYDRAGON"
HKLM\...\StartupApproved\Run: => "RtHDVBg_LENOVO_MICPKEY"
HKLM\...\StartupApproved\Run: => "ETDCtrl"
HKLM\...\StartupApproved\Run: => "RtsFT"
HKLM\...\StartupApproved\Run: => "PasswordManager"
HKLM\...\StartupApproved\Run: => "PhoneCompanion"
HKLM\...\StartupApproved\Run: => "Energy Manager"
HKLM\...\StartupApproved\Run: => "Lenovo Utility"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "GrooveMonitor"
HKLM\...\StartupApproved\Run32: => "UpdateP2GShortCut"
HKU\S-1-5-21-2841604245-4010253232-1339942159-1001\...\StartupApproved\StartupFolder: => "OneNote 2007 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-2841604245-4010253232-1339942159-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2841604245-4010253232-1339942159-1001\...\StartupApproved\Run: => "Uninstall C:\Users\MaryAnn\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64"
HKU\S-1-5-21-2841604245-4010253232-1339942159-1001\...\StartupApproved\Run: => "Uninstall C:\Users\MaryAnn\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
HKU\S-1-5-21-2841604245-4010253232-1339942159-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2841604245-4010253232-1339942159-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{795DF9C9-E47C-4975-8EBB-BD465E7CBD3D}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{0DC97467-D5E2-46E6-B8D7-0908556FBC23}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{F81A2BD6-74B0-4935-AD2E-2E5124EBF2D0}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{77967DA2-E220-49FB-A4B1-5B39BB1A095D}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{DCACBD94-5C67-4C28-8BC6-E95DB6E45F4E}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{CA734CAC-5B26-4065-99D2-F9FDADAD1BD3}] => (Allow) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\subsys\AdvPhotoEditor\PhotoDirector5.exe
FirewallRules: [{A2E84C09-07EA-4ED3-B9BE-11E463E799DF}] => (Allow) LPort=55100
FirewallRules: [{0AA1CF36-C10B-463F-959C-ADC8EFAA7161}] => (Allow) C:\Program Files\Lenovo PhotoMasterImport\PhotoMasterImport.exe
FirewallRules: [{34A5A12F-01AC-47C9-A333-AC8F082C24C3}] => (Allow) C:\Users\MaryAnn\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6462CEDA-CE27-4049-87A2-1CB13D940853}] => (Allow) C:\Users\MaryAnn\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1CF223DA-099F-42EA-A155-594DDEDA85C4}] => (Allow) C:\Users\MaryAnn\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0B8F9875-6D7F-4428-BDE4-DA9BF9A679DE}] => (Allow) C:\Users\MaryAnn\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5EC20765-6D60-4802-B84D-D8BB6C717652}] => (Allow) C:\Users\MaryAnn\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2E25E37A-3721-47C7-96CC-9B7F4820D07E}] => (Allow) C:\Users\MaryAnn\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7AD45B54-650D-4A10-84C0-8589CC83F993}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{30A5D51D-BBAB-4035-9F97-FD8498B04B53}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{DBB5C68B-F7A9-458D-957C-849024514E64}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
 
==================== Restore Points =========================
 
23-06-2017 13:21:34 Scheduled Checkpoint
30-06-2017 23:05:40 Scheduled Checkpoint
04-07-2017 23:24:21 Windows Update
08-07-2017 13:00:19 Windows Update
12-07-2017 16:54:11 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/14/2017 10:54:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: MaresLenovo)
Description: Package Microsoft.Windows.ShellExperienceHost_10.0.15063.332_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend.
 
Error: (07/14/2017 01:24:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MaresLenovo)
Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (07/14/2017 01:03:30 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MaresLenovo)
Description: Activation of app E046963F.LenovoSupport_k1h2ywk1493x8!App failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (07/14/2017 01:03:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MaresLenovo)
Description: Activation of app E046963F.LenovoSupport_k1h2ywk1493x8!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (07/14/2017 12:13:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MaresLenovo)
Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (07/14/2017 03:04:27 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MaresLenovo)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (07/14/2017 02:42:39 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MaresLenovo)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (07/13/2017 08:55:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.15063.0, time stamp: 0x9ad06afb
Faulting module name: combase.dll, version: 10.0.15063.447, time stamp: 0x8543d53c
Exception code: 0xc000027b
Fault offset: 0x001ccf71
Faulting process id: 0x1dfc
Faulting application start time: 0x01d2fc3b947b48df
Faulting application path: C:\WINDOWS\syswow64\backgroundTaskHost.exe
Faulting module path: C:\WINDOWS\System32\combase.dll
Report Id: 542930a0-da88-459e-b223-f9c3806c066a
Faulting package full name: E046963F.LenovoSupport_2.0.5.0_x86__k1h2ywk1493x8
Faulting package-relative application ID: App
 
Error: (07/12/2017 05:09:32 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MaresLenovo)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (07/11/2017 12:20:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MaresLenovo)
Description: Activation of app Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (07/15/2016 01:04:29 AM) (Source: Schannel) (EventID: 4113) (User: NT AUTHORITY)
Description: The certificate received from the remote server has either expired or is not yet valid. The TLS connection request has failed. The attached data contains the server certificate.
 
Error: (07/15/2016 01:04:19 AM) (Source: Schannel) (EventID: 4113) (User: NT AUTHORITY)
Description: The certificate received from the remote server has either expired or is not yet valid. The TLS connection request has failed. The attached data contains the server certificate.
 
Error: (07/15/2016 01:04:09 AM) (Source: Schannel) (EventID: 4113) (User: NT AUTHORITY)
Description: The certificate received from the remote server has either expired or is not yet valid. The TLS connection request has failed. The attached data contains the server certificate.
 
Error: (07/15/2016 01:04:00 AM) (Source: Schannel) (EventID: 4113) (User: NT AUTHORITY)
Description: The certificate received from the remote server has either expired or is not yet valid. The TLS connection request has failed. The attached data contains the server certificate.
 
Error: (07/15/2016 01:04:00 AM) (Source: Schannel) (EventID: 4113) (User: NT AUTHORITY)
Description: The certificate received from the remote server has either expired or is not yet valid. The TLS connection request has failed. The attached data contains the server certificate.
 
Error: (07/15/2016 01:03:57 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/15/2016 01:03:57 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/15/2016 01:03:50 AM) (Source: Schannel) (EventID: 4113) (User: NT AUTHORITY)
Description: The certificate received from the remote server has either expired or is not yet valid. The TLS connection request has failed. The attached data contains the server certificate.
 
Error: (07/15/2016 01:03:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error: 
The request is not supported.
 
Error: (07/15/2016 01:02:35 AM) (Source: DCOM) (EventID: 10010) (User: MaresLenovo)
Description: The server {0002DF02-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.
 
 
CodeIntegrity:
===================================
  Date: 2017-07-14 23:01:42.046
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Users\MaryAnn\Desktop\SpybotPortable\App\Spybot\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-07-14 23:01:42.032
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Users\MaryAnn\Desktop\SpybotPortable\App\Spybot\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-07-14 23:01:42.018
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Users\MaryAnn\Desktop\SpybotPortable\App\Spybot\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-07-14 23:01:42.003
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Users\MaryAnn\Desktop\SpybotPortable\App\Spybot\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-07-14 23:00:55.225
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Users\MaryAnn\Desktop\SpybotPortable\SpybotPortable\App\Spybot\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-07-14 23:00:55.210
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Users\MaryAnn\Desktop\SpybotPortable\SpybotPortable\App\Spybot\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-07-14 23:00:55.195
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Users\MaryAnn\Desktop\SpybotPortable\SpybotPortable\App\Spybot\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-07-14 23:00:55.180
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Users\MaryAnn\Desktop\SpybotPortable\SpybotPortable\App\Spybot\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-07-13 22:23:29.915
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-07-11 12:37:44.320
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU N2840 @ 2.16GHz
Percentage of memory in use: 49%
Total physical RAM: 3978.19 MB
Available physical RAM: 2022.9 MB
Total Virtual: 6026.19 MB
Available Virtual: 3856.59 MB
 
==================== Drives ================================
 
Drive c: (PC HDD) (Fixed) (Total:423.3 GB) (Free:347.4 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery Partition) (Fixed) (Total:25 GB) (Free:22.41 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 25C30CE9)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:49 PM

Posted 17 July 2017 - 01:13 PM

Greetings Mare1220 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

At first glance this does not appear to be malware related. The first thing I would like you to do is back up all of your data files (photos, music, documents, etc.) if you have not done that within the last couple of days. Following that we will see if we can get to the bottom of your issues.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Mare1220

Mare1220
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:49 AM

Posted 19 July 2017 - 01:06 AM

Hi Gary, thank you for getting back to me so quickly! A new problem showed up between my original post and answering you today.  My Computer was unable to get off of Airplane Mode until a half hour ago! (so about the last two days of my life, lol) I've backed up my information and am ready to go!



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:49 PM

Posted 19 July 2017 - 12:56 PM

You are quite welcome.

I first want to check the health of your hard drive. Please do this. If necessary you can download it onto a USB drive from another computer and transfer the file to your desktop.

===================================================

GSmartControl for Windows

-------------------
  • Download GSmartControl for Windows and save it to your desktop
  • Double click gsmartcontrol.exe and follow the prompts to install the program all the way through the Finish button
  • Hit the Windows Key + E at the same time
  • Navigate to and double click the C:\Program Files (86)\gsmartcontrol folder
  • Double click the gsmartcontrol application icon
  • Allow the program to search for and list your hard drive(s)
  • Double click your drive C: drive
  • Go to the PERFORM TESTS tab
  • Make sure that the TEST TYPE is set to SHORT SELF-TEST
  • Click the EXECUTE button
  • After the test completes, click the VIEW OUTPUT button and copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • GSmart report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Mare1220

Mare1220
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:49 AM

Posted 20 July 2017 - 12:43 AM

Alrighty then, Gary. Just got done and here's the log.  Thanks again. :-)

 

smartctl 5.43 2012-06-30 r3573 [i686-w64-mingw32-win8(64)] (sf-5.43-1)
Copyright © 2002-12 by Bruce Allen, http://smartmontools.sourceforge.net
 
=== START OF INFORMATION SECTION ===
Device Model:     TOSHIBA MQ01ABF050
Serial Number:    Y45BC8YST
LU WWN Device Id: 5 000039 5e38013bc
Firmware Version: AM0Q5E
User Capacity:    500,107,862,016 bytes [500 GB]
Sector Sizes:     512 bytes logical, 4096 bytes physical
Device is:        Not in smartctl database [for details use: -P showall]
ATA Version is:   8
ATA Standard is:  Exact ATA specification draft version not indicated
Local Time is:    Thu Jul 20 01:41:48 2017 EDT
SMART support is: Available - device has SMART capability.
SMART support is: Enabled
 
=== START OF READ SMART DATA SECTION ===
SMART overall-health self-assessment test result: PASSED
 
General SMART Values:
Offline data collection status:  (0x80) Offline data collection activity
was never started.
Auto Offline Data Collection: Enabled.
Self-test execution status:      (   0) The previous self-test routine completed
without error or no self-test has ever 
been run.
Total time to complete Offline 
data collection: (  120) seconds.
Offline data collection
capabilities: (0x5b) SMART execute Offline immediate.
Auto Offline data collection on/off support.
Suspend Offline collection upon new
command.
Offline surface scan supported.
Self-test supported.
No Conveyance Self-test supported.
Selective Self-test supported.
SMART capabilities:            (0x0003) Saves SMART data before entering
power-saving mode.
Supports SMART auto save timer.
Error logging capability:        (0x01) Error logging supported.
General Purpose Logging supported.
Short self-test routine 
recommended polling time: (   2) minutes.
Extended self-test routine
recommended polling time: ( 121) minutes.
SCT capabilities:       (0x003d) SCT Status supported.
SCT Error Recovery Control supported.
SCT Feature Control supported.
SCT Data Table supported.
 
SMART Attributes Data Structure revision number: 16
Vendor Specific SMART Attributes with Thresholds:
ID# ATTRIBUTE_NAME          FLAG     VALUE WORST THRESH TYPE      UPDATED  WHEN_FAILED RAW_VALUE
  1 Raw_Read_Error_Rate     0x000b   100   100   050    Pre-fail  Always       -       0
  2 Throughput_Performance  0x0005   100   100   050    Pre-fail  Offline      -       0
  3 Spin_Up_Time            0x0027   100   100   001    Pre-fail  Always       -       1334
  4 Start_Stop_Count        0x0032   100   100   000    Old_age   Always       -       23689
  5 Reallocated_Sector_Ct   0x0033   100   100   010    Pre-fail  Always       -       0
  7 Seek_Error_Rate         0x000b   100   100   050    Pre-fail  Always       -       0
  8 Seek_Time_Performance   0x0005   100   100   050    Pre-fail  Offline      -       0
  9 Power_On_Hours          0x0032   087   087   000    Old_age   Always       -       5381
 10 Spin_Retry_Count        0x0033   253   100   030    Pre-fail  Always       -       0
 12 Power_Cycle_Count       0x0032   100   100   000    Old_age   Always       -       1875
191 G-Sense_Error_Rate      0x0032   100   100   000    Old_age   Always       -       436
192 Power-Off_Retract_Count 0x0032   100   100   000    Old_age   Always       -       32
193 Load_Cycle_Count        0x0032   093   093   000    Old_age   Always       -       71245
194 Temperature_Celsius     0x0022   100   100   000    Old_age   Always       -       36 (Min/Max 14/47)
196 Reallocated_Event_Count 0x0032   100   100   000    Old_age   Always       -       0
197 Current_Pending_Sector  0x0032   100   100   000    Old_age   Always       -       0
198 Offline_Uncorrectable   0x0030   100   100   000    Old_age   Offline      -       0
199 UDMA_CRC_Error_Count    0x0032   200   200   000    Old_age   Always       -       0
220 Disk_Shift              0x0002   100   100   000    Old_age   Always       -       0
222 Loaded_Hours            0x0032   088   088   000    Old_age   Always       -       5057
223 Load_Retry_Count        0x0032   100   100   000    Old_age   Always       -       0
224 Load_Friction           0x0022   100   100   000    Old_age   Always       -       0
226 Load-in_Time            0x0026   100   100   000    Old_age   Always       -       169
240 Head_Flying_Hours       0x0001   100   100   001    Pre-fail  Offline      -       0
 
SMART Error Log Version: 1
No Errors Logged
 
SMART Self-test log structure revision number 1
Num  Test_Description    Status                  Remaining  LifeTime(hours)  LBA_of_first_error
# 1  Short offline       Completed without error       00%      5381         -
# 2  Vendor (0x50)       Completed without error       00%      4357         -
# 3  Short offline       Completed without error       00%      4357         -
# 4  Vendor (0x50)       Completed without error       00%      3863         -
# 5  Short offline       Completed without error       00%      3863         -
# 6  Vendor (0x50)       Completed without error       00%      3245         -
# 7  Short offline       Completed without error       00%      3245         -
# 8  Vendor (0x50)       Completed without error       00%      2292         -
# 9  Short offline       Completed without error       00%      2292         -
#10  Vendor (0x50)       Completed without error       00%      2047         -
#11  Short offline       Completed without error       00%      2047         -
#12  Vendor (0x50)       Completed without error       00%      1091         -
#13  Short offline       Completed without error       00%      1091         -
#14  Vendor (0x50)       Completed without error       00%       992         -
#15  Short offline       Completed without error       00%       992         -
#16  Vendor (0x50)       Completed without error       00%       964         -
#17  Short offline       Completed without error       00%       964         -
#18  Vendor (0x50)       Completed without error       00%       184         -
#19  Short offline       Completed without error       00%       184         -
#20  Vendor (0x50)       Completed without error       00%         5         -
#21  Short offline       Completed without error       00%         5         -
 
SMART Selective self-test log data structure revision number 1
 SPAN  MIN_LBA  MAX_LBA  CURRENT_TEST_STATUS
    1        0        0  Not_testing
    2        0        0  Not_testing
    3        0        0  Not_testing
    4        0        0  Not_testing
    5        0        0  Not_testing
Selective self-test flags (0x0):
  After scanning selected spans, do NOT read-scan remainder of disk.
If Selective self-test is pending on power-up, resume after 0 minute delay.


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:49 PM

Posted 20 July 2017 - 08:48 AM

Greetings,

Thank you for going through all of that. I have some concerns about the health of your hard drive. The report is indicating either the computer was dropped or bumped while running which can cause damage to the drive. Though I am sure this makes no sense to you here is the line in the report indicating that.

191 G-Sense_Error_Rate 0x0032 100 100 000 Old_age Always - 436

Please do these things.

===================================================

Running chkdsk Scan with Report

--------------------

  • Click Start, type cmd, right click on cmd above and select Run as Administrator
  • Note: For Windows 8/10 press the Windows Key + X on your keyboard at the same time then select Command Prompt (Admin)
  • Copy and paste the following after the command prompt and click Enter

cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\chkdskreport.txt"

  • The black command window will remain empty for a few minutes. When completed you will see the C:\Windows\system32> prompt
  • When completed a chkdskreport.txt document will appear on your desktop
  • Copy and paste the contents of the report on your desktop in your reply

===================================================

Data Lifeguard Diagnostic for Windows

-------------------

Note: This process may take several hours to complete.

  • Download Data Lifeguard Diagnostic for Windows and save it to your desktop
  • Unzip the file onto your desktop
  • Right click on setup and select Run as Administrator
  • Click Next three
  • Click Install
  • Click Finish to launch the program
  • Close all screens except for the Western Digital Diagnostics screen
  • Place a check mark in I accept this License Agreement then click Next
  • Left click on your Western Digital (or other brand main) hard drive
  • Just above that link click on the small icon where it says Click to run tests
  • Select EXTENDED TEST then click Start
  • Once completed you will be notified whether the hard drive passed or failed
  • Please copy and paste that information in your reply

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:

  • chkdsk report
  • Data Lifeguard information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Mare1220

Mare1220
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:49 AM

Posted 20 July 2017 - 11:19 PM

Okay, Did everything and here are the results. 

chkdsk:

The type of the file system is NTFS.
Volume label is PC HDD.
 
WARNING!  /F parameter not specified.
Running CHKDSK in read-only mode.
 
Stage 1: Examining basic file system structure ...
Progress: 0 of 391424 done; Stage:  0%; Total:  0%; ETA:   0:18:50    
Progress: 5517 of 391424 done; Stage:  1%; Total:  0%; ETA:   0:18:46 .  
Progress: 11416 of 391424 done; Stage:  2%; Total:  1%; ETA:   0:18:39 .. 
Progress: 18406 of 391424 done; Stage:  4%; Total:  1%; ETA:   0:01:18 ...
Progress: 24115 of 391424 done; Stage:  6%; Total:  2%; ETA:   0:01:21    
Progress: 37608 of 391424 done; Stage:  9%; Total:  3%; ETA:   0:01:07 .  
Progress: 45662 of 391424 done; Stage: 11%; Total:  4%; ETA:   0:01:05 .. 
Progress: 55710 of 391424 done; Stage: 14%; Total:  4%; ETA:   0:01:02 ...
Progress: 67504 of 391424 done; Stage: 17%; Total:  5%; ETA:   0:00:59    
Progress: 79565 of 391424 done; Stage: 20%; Total:  7%; ETA:   0:00:56 .  
Progress: 95745 of 391424 done; Stage: 24%; Total:  8%; ETA:   0:00:52 .. 
Progress: 101365 of 391424 done; Stage: 25%; Total:  8%; ETA:   0:00:51 ...
Progress: 101424 of 391424 done; Stage: 25%; Total:  9%; ETA:   0:00:56    
Progress: 103347 of 391424 done; Stage: 26%; Total:  9%; ETA:   0:01:00 .  
Progress: 111848 of 391424 done; Stage: 28%; Total: 10%; ETA:   0:00:59 .. 
Progress: 128921 of 391424 done; Stage: 32%; Total: 11%; ETA:   0:00:54 ...
Progress: 138739 of 391424 done; Stage: 35%; Total: 12%; ETA:   0:00:54    
Progress: 142274 of 391424 done; Stage: 36%; Total: 12%; ETA:   0:00:54 .  
Progress: 151706 of 391424 done; Stage: 38%; Total: 13%; ETA:   0:00:54 .. 
Progress: 159467 of 391424 done; Stage: 40%; Total: 14%; ETA:   0:00:54 ...
Progress: 169746 of 391424 done; Stage: 43%; Total: 15%; ETA:   0:00:52    
Progress: 178864 of 391424 done; Stage: 45%; Total: 16%; ETA:   0:00:52 .  
Progress: 185345 of 391424 done; Stage: 47%; Total: 17%; ETA:   0:00:52 .. 
Progress: 219872 of 391424 done; Stage: 56%; Total: 20%; ETA:   0:00:46 ...
Progress: 227139 of 391424 done; Stage: 58%; Total: 20%; ETA:   0:00:46    
Progress: 255744 of 391424 done; Stage: 65%; Total: 23%; ETA:   0:00:41 .  
Progress: 256968 of 391424 done; Stage: 65%; Total: 23%; ETA:   0:00:41 .. 
Progress: 258564 of 391424 done; Stage: 66%; Total: 23%; ETA:   0:00:41 ...
Progress: 259073 of 391424 done; Stage: 66%; Total: 23%; ETA:   0:00:43    
Progress: 259222 of 391424 done; Stage: 66%; Total: 23%; ETA:   0:00:44 .  
Progress: 259464 of 391424 done; Stage: 66%; Total: 23%; ETA:   0:00:46 .. 
Progress: 260047 of 391424 done; Stage: 66%; Total: 23%; ETA:   0:00:48 ...
Progress: 261946 of 391424 done; Stage: 66%; Total: 24%; ETA:   0:00:49    
Progress: 268788 of 391424 done; Stage: 68%; Total: 24%; ETA:   0:00:49 .  
Progress: 282187 of 391424 done; Stage: 72%; Total: 25%; ETA:   0:00:47 .. 
Progress: 286977 of 391424 done; Stage: 73%; Total: 26%; ETA:   0:00:48 ...
Progress: 289489 of 391424 done; Stage: 73%; Total: 26%; ETA:   0:00:48    
Progress: 291769 of 391424 done; Stage: 74%; Total: 26%; ETA:   0:00:49 .  
Progress: 303570 of 391424 done; Stage: 77%; Total: 27%; ETA:   0:00:49 .. 
Progress: 319620 of 391424 done; Stage: 81%; Total: 29%; ETA:   0:00:47 ...
Progress: 337921 of 391424 done; Stage: 86%; Total: 30%; ETA:   0:00:44    
Progress: 347447 of 391424 done; Stage: 88%; Total: 31%; ETA:   0:00:44 .  
Progress: 357189 of 391424 done; Stage: 91%; Total: 32%; ETA:   0:00:44 .. 
Progress: 372634 of 391424 done; Stage: 95%; Total: 33%; ETA:   0:00:43 ...
Progress: 391424 of 391424 done; Stage: 100%; Total: 35%; ETA:   0:00:39    
                                                                                       
                                                                                       
  391424 file records processed.                                                        
 
File verification completed.
Progress: 9014 of 9014 done; Stage: 100%; Total: 28%; ETA:   0:00:54 .  
                                                                                       
                                                                                       
  9014 large file records processed.                                   
 
Progress: 0 of 0 done; Stage: 99%; Total: 28%; ETA:   0:00:54 .. 
                                                                                       
                                                                                       
  0 bad file records processed.                                     
 
 
Stage 2: Examining file name linkage ...
Progress: 1385 of 476730 done; Stage:  0%; Total: 28%; ETA:   0:00:54 ...
Progress: 26148 of 476730 done; Stage:  5%; Total: 30%; ETA:   0:00:52    
Progress: 49411 of 476730 done; Stage: 10%; Total: 31%; ETA:   0:00:49 .  
Progress: 72784 of 476730 done; Stage: 15%; Total: 33%; ETA:   0:00:46 .. 
Progress: 101395 of 476730 done; Stage: 21%; Total: 35%; ETA:   0:00:44 ...
Progress: 134252 of 476730 done; Stage: 28%; Total: 37%; ETA:   0:00:39    
Progress: 159891 of 476730 done; Stage: 33%; Total: 39%; ETA:   0:00:38 .  
Progress: 183722 of 476730 done; Stage: 38%; Total: 41%; ETA:   0:00:36 .. 
Progress: 276141 of 476730 done; Stage: 57%; Total: 47%; ETA:   0:00:28 ...
Progress: 301768 of 476730 done; Stage: 63%; Total: 49%; ETA:   0:00:27    
Progress: 329156 of 476730 done; Stage: 69%; Total: 51%; ETA:   0:00:25 .  
Progress: 352889 of 476730 done; Stage: 74%; Total: 53%; ETA:   0:00:23 .. 
Progress: 391427 of 476730 done; Stage: 82%; Total: 56%; ETA:   0:00:22 ...
Progress: 391611 of 476730 done; Stage: 82%; Total: 56%; ETA:   0:00:22    
Progress: 391841 of 476730 done; Stage: 82%; Total: 56%; ETA:   0:00:22 .  
Progress: 391941 of 476730 done; Stage: 82%; Total: 56%; ETA:   0:00:22 .. 
Progress: 392144 of 476730 done; Stage: 82%; Total: 56%; ETA:   0:00:22 ...
Progress: 392349 of 476730 done; Stage: 82%; Total: 57%; ETA:   0:00:22    
Progress: 392810 of 476730 done; Stage: 82%; Total: 57%; ETA:   0:00:22 .  
Progress: 392971 of 476730 done; Stage: 82%; Total: 57%; ETA:   0:00:22 .. 
Progress: 393067 of 476730 done; Stage: 82%; Total: 57%; ETA:   0:00:22 ...
Progress: 393165 of 476730 done; Stage: 82%; Total: 57%; ETA:   0:00:22    
Progress: 393349 of 476730 done; Stage: 82%; Total: 57%; ETA:   0:00:24 .  
Progress: 393550 of 476730 done; Stage: 82%; Total: 57%; ETA:   0:00:24 .. 
Progress: 393662 of 476730 done; Stage: 82%; Total: 57%; ETA:   0:00:24 ...
Progress: 393732 of 476730 done; Stage: 82%; Total: 57%; ETA:   0:00:24    
Progress: 393886 of 476730 done; Stage: 82%; Total: 58%; ETA:   0:00:24 .  
Progress: 394022 of 476730 done; Stage: 82%; Total: 58%; ETA:   0:00:24 .. 
Progress: 394117 of 476730 done; Stage: 82%; Total: 58%; ETA:   0:00:25 ...
Progress: 394300 of 476730 done; Stage: 82%; Total: 58%; ETA:   0:00:25    
Progress: 394535 of 476730 done; Stage: 82%; Total: 58%; ETA:   0:00:25 .  
Progress: 394892 of 476730 done; Stage: 82%; Total: 58%; ETA:   0:00:25 .. 
Progress: 395109 of 476730 done; Stage: 82%; Total: 58%; ETA:   0:00:25 ...
Progress: 395605 of 476730 done; Stage: 82%; Total: 59%; ETA:   0:00:25    
Progress: 396034 of 476730 done; Stage: 83%; Total: 59%; ETA:   0:00:25 .  
Progress: 396382 of 476730 done; Stage: 83%; Total: 59%; ETA:   0:00:25 .. 
Progress: 396563 of 476730 done; Stage: 83%; Total: 59%; ETA:   0:00:25 ...
Progress: 396876 of 476730 done; Stage: 83%; Total: 59%; ETA:   0:00:25    
Progress: 397052 of 476730 done; Stage: 83%; Total: 60%; ETA:   0:00:25 .  
Progress: 397326 of 476730 done; Stage: 83%; Total: 60%; ETA:   0:00:27 .. 
Progress: 397514 of 476730 done; Stage: 83%; Total: 60%; ETA:   0:00:27 ...
Progress: 397732 of 476730 done; Stage: 83%; Total: 60%; ETA:   0:00:27    
Progress: 397903 of 476730 done; Stage: 83%; Total: 60%; ETA:   0:00:27 .  
Progress: 398144 of 476730 done; Stage: 83%; Total: 60%; ETA:   0:00:27 .. 
Progress: 398358 of 476730 done; Stage: 83%; Total: 60%; ETA:   0:00:27 ...
Progress: 398438 of 476730 done; Stage: 83%; Total: 60%; ETA:   0:00:27    
Progress: 398586 of 476730 done; Stage: 83%; Total: 60%; ETA:   0:00:28 .  
Progress: 398660 of 476730 done; Stage: 83%; Total: 60%; ETA:   0:00:28 .. 
Progress: 398752 of 476730 done; Stage: 83%; Total: 61%; ETA:   0:00:28 ...
Progress: 398883 of 476730 done; Stage: 83%; Total: 61%; ETA:   0:00:28    
Progress: 399030 of 476730 done; Stage: 83%; Total: 61%; ETA:   0:00:28 .  
Progress: 399230 of 476730 done; Stage: 83%; Total: 61%; ETA:   0:00:28 .. 
Progress: 399313 of 476730 done; Stage: 83%; Total: 61%; ETA:   0:00:28 ...
Progress: 399509 of 476730 done; Stage: 83%; Total: 61%; ETA:   0:00:28 Index verification completed.
Progress: 1 of 0 done; Stage: 99%; Total: 80%; ETA:   0:00:30    
Progress: 0 of 0 done; Stage: 99%; Total: 80%; ETA:   0:00:30 .  
                                                                                       
                                                                                       
  0 unindexed files scanned.                                        
 
Progress: 0 of 0 done; Stage: 99%; Total: 80%; ETA:   0:00:30 .. 
                                                                                       
                                                                                       
  0 unindexed files recovered to lost and found.                    
 
 
Stage 3: Examining security descriptors ...
Security descriptor verification completed.
Progress: 5 of 5 done; Stage: 100%; Total: 99%; ETA:   0:00:00 ...
                                                                                       
                                                                                       
  42654 data files processed.                                           
 
CHKDSK is verifying Usn Journal...
Progress: 0 of 4790 done; Stage:  0%; Total: 99%; ETA:   0:00:00    
Progress: 1263 of 4790 done; Stage: 26%; Total: 99%; ETA:   0:00:00 .  
Progress: 4790 of 4790 done; Stage: 100%; Total: 94%; ETA:   0:00:07 .. 
                                                                                       
                                                                                       
  39244096 USN bytes processed.                                                           
 
Usn Journal verification completed.
 
Windows has scanned the file system and found no problems.
No further action is required.
 
 443867392 KB total disk space.
  89867600 KB in 202981 files.
    128776 KB in 42655 indexes.
         0 KB in bad sectors.
    517428 KB in use by the system.
     65536 KB occupied by the log file.
 353353588 KB available on disk.
 
      4096 bytes in each allocation unit.
 110966848 total allocation units on disk.
  88338397 allocation units available on disk.
 
Test Option: EXTENDED TEST Model Number: TOSHIBA MQ01ABF050 Unit Serial Number: Y45BC8YST Firmware Number: AM0Q5E Capacity: 500.11 GB SMART Status: PASS Test Result: PASS Test Time: 00:09:09, July 21, 2017

 

 



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:49 PM

Posted 21 July 2017 - 09:09 AM

Greetings,

Thank you for going through all of that. I know it was a lot of work but we needed to address it. Sounds like you drive is in good shape.

Please do this.

===================================================

RogueKiller

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • Right click on the setup.exe icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • Click OK on English
  • Select Install 32 and 64 bits versions (Recommended for Technicians), then click Next 2 times
  • Click Install
  • Click Finish
  • Click Start Scan twice
  • When completed click Open Report
  • Click Export Text and save the file on your Desktop as RK.txt
  • Close all open RogueKiller windows
  • Copy and paste the contents of the report in your reply
===================================================

Launching Chrome Without Plugins or Extensions

--------------------
  • Press the Windows Key + R on your keyboard at the same time
  • Type in chrome --disable-extensions and press Enter
  • Check the browser behavior
===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure only the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries

  • Click Go and once the scan is completed a MTB.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

System Summary Information

--------------------
  • Press the Windows Key + R on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • RogueKiller log
  • Chrome?
  • MTB.txt
  • Attached System Summary report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Mare1220

Mare1220
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:49 AM

Posted 21 July 2017 - 09:00 PM

I'm so relieved I don't have to purchase a new drive right now! Thanks!  

 

So I ran the programs (rogue killer found a couple trojans, so I let it remove them) and the logs are here.

I launched Chrome without Plugins or Extensions, no change there yet. (Which sucks!)  and I've attached the System Summary.  Thanks again :-)

 

-Mare

 

 
RogueKiller V12.11.7.0 (x64) [Jul 17 2017] (Free) by Adlice Software
 
Operating System : Windows 10 (10.0.15063) 64 bits version
Started in : Normal mode
User : MaryAnn [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 07/21/2017 11:52:33 (Duration : 01:20:52)
Switches : -refid
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 4 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2841604245-4010253232-1339942159-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://lenovo13.msn.com/?pc=LCJB  -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2841604245-4010253232-1339942159-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://lenovo13.msn.com/?pc=LCJB  -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2841604245-4010253232-1339942159-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://lenovo13.msn.com/?pc=LCJB  -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2841604245-4010253232-1339942159-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://lenovo13.msn.com/?pc=LCJB  -> Not selected
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 4 ¤¤¤
[Tr.Gen0][File] C:\Users\MaryAnn\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe -> Deleted
[Tr.Gen0][File] C:\Users\MaryAnn\AppData\Roaming\uTorrent\updates\3.4.9_43085\utorrentie.exe -> Deleted
[Tr.Gen0][File] C:\Users\MaryAnn\AppData\Roaming\uTorrent\updates\3.5.0_43804\utorrentie.exe -> Deleted
[Tr.Gen0][File] C:\Users\MaryAnn\AppData\Roaming\uTorrent\updates\3.5.0_43916\utorrentie.exe -> Deleted
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : session.startup_urls [https://plus.google.com/u/0/|https://mail.google.com/mail/u/0/#inbox|https://www.fiverr.com/|https://www.blogmutt.com/d/users/sign_in|https://www.odesk.com/login?redir=%2Fnotifications|https://www.elance.com/php/landing/main/login.php?redirect=http%3A%2F%2Fwww.elance.com%2Fopportunities#%23DATETIME%23%23&e_name=JobRecDigestDaily&e_link=11|http://www.freedomwithwriting.com/freedom/|http://www.wellfedwriter.com/blog/|https://www.jobgateway.pa.gov/jponline/Admin/Common/Portal.aspx?nCHFPWYGF1fA59cIVE6dBoOHwSjah@eDx@JrDJN@nM1eSRdjktf_tRB_@a9Dm8ZSpStxVBeh8xWol4Ne368aeZUMBfnEhuRR97L_Z3RKlck-1UG21WzrK_8gUCLbFBvEVQ2owE1rdpCTqHEUilhp1yLfXMku2o1E|http://www.flexjobs.com/?v=2&utm_expid=3302061-3.QbjiZxsVQ8W0lWqKpU7lCw.1] -> Not selected
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MQ01ABF050 +++++
--- User ---
[MBR] ca730cda9a5c0d51ebf48996f13fad7c
[BSP] 2005e06bd9cad3160985015bf49550e9 : Empty|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 1000 MB
1 - [SYSTEM][MAN-MOUNT] EFI system partition | Offset (sectors): 2050048 | Size: 260 MB
2 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2582528 | Size: 1000 MB
3 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 4630528 | Size: 128 MB
4 - Basic data partition | Offset (sectors): 4892672 | Size: 433464 MB
5 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 892628992 | Size: 793 MB
6 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 894255104 | Size: 468 MB
7 - Basic data partition | Offset (sectors): 895215616 | Size: 25600 MB
8 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 947644416 | Size: 14223 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: Kingston DT 101 G2 USB Device +++++
--- User ---
[MBR] c085a218b55e9e7eefe89d4793ea66a4
[BSP] d54e8c033af646d07895113538471df9 : Empty|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 2048 | Size: 14882 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
 
================
 
MiniToolBox by Farbar  Version: 17-06-2016
Ran by MaryAnn (administrator) on 21-07-2017 at 21:01:20
Running from "C:\Users\MaryAnn\Desktop"
Microsoft Windows 10 Home  (X64)
Model: 20383 Manufacturer: LENOVO
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
========================= IP Configuration: ================================
 
Qualcomm Atheros AR956x Wireless Network Adapter = Wi-Fi (Connected)
Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : MaresLenovo
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : hsd1.pa.comcast.net
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : F0-76-1C-26-8E-F5
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Local Area Connection* 4:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Hosted Network Virtual Adapter
   Physical Address. . . . . . . . . : 4E-B5-7D-74-FB-D5
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Local Area Connection* 6:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 1E-B5-7D-74-FB-D5
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : hsd1.pa.comcast.net
   Description . . . . . . . . . . . : Qualcomm Atheros AR956x Wireless Network Adapter
   Physical Address. . . . . . . . . : AC-B5-7D-74-FB-D5
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2601:4a:8280:1bed::6a34(Preferred) 
   Lease Obtained. . . . . . . . . . : Thursday, July 20, 2017 9:49:20 PM
   Lease Expires . . . . . . . . . . : Tuesday, August 28, 2153 3:29:47 AM
   IPv6 Address. . . . . . . . . . . : 2601:4a:8280:1bed::e57e(Preferred) 
   Lease Obtained. . . . . . . . . . : Thursday, July 20, 2017 10:00:00 PM
   Lease Expires . . . . . . . . . . : Thursday, July 27, 2017 10:00:00 PM
   IPv6 Address. . . . . . . . . . . : 2601:4a:8280:1bed:706b:2c7c:4ce:5045(Preferred) 
   Temporary IPv6 Address. . . . . . : 2601:4a:8280:1bed:f5c7:b8b8:3afa:1d29(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::706b:2c7c:4ce:5045%3(Preferred) 
   IPv4 Address. . . . . . . . . . . : 10.0.0.219(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, July 20, 2017 9:49:20 PM
   Lease Expires . . . . . . . . . . : Friday, July 28, 2017 8:57:59 PM
   Default Gateway . . . . . . . . . : fe80::faa0:97ff:feb3:a7ac%3
                                       10.0.0.1
   DHCP Server . . . . . . . . . . . : 10.0.0.1
   DHCPv6 IAID . . . . . . . . . . . : 95204733
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-02-D3-E6-F0-76-1C-26-8E-F5
   DNS Servers . . . . . . . . . . . : 2001:558:feed::1
                                       2001:558:feed::2
                                       75.75.75.75
                                       75.75.76.76
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter Local Area Connection* 14:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:807:2278:f5ff:ff24(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::807:2278:f5ff:ff24%18(Preferred) 
   Default Gateway . . . . . . . . . : 
   DHCPv6 IAID . . . . . . . . . . . : 301989888
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-02-D3-E6-F0-76-1C-26-8E-F5
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  cdns01.comcast.net
Address:  2001:558:feed::1
 
Name:    google.com
Addresses:  2607:f8b0:4004:80e::200e
 172.217.12.142
 
 
Pinging google.com [2607:f8b0:4006:802::200e] with 32 bytes of data:
Reply from 2607:f8b0:4006:802::200e: time=22ms 
Reply from 2607:f8b0:4006:802::200e: time=23ms 
 
Ping statistics for 2607:f8b0:4006:802::200e:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 22ms, Maximum = 23ms, Average = 22ms
Server:  cdns01.comcast.net
Address:  2001:558:feed::1
 
Name:    yahoo.com
Addresses:  2001:4998:58:c02::a9
 2001:4998:c:a06::2:4008
 2001:4998:44:204::a7
 98.138.253.109
 206.190.36.45
 98.139.180.149
 
 
Pinging yahoo.com [2001:4998:58:c02::a9] with 32 bytes of data:
Request timed out.
Reply from 2001:4998:58:c02::a9: time=30ms 
 
Ping statistics for 2001:4998:58:c02::a9:
    Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),
Approximate round trip times in milli-seconds:
    Minimum = 30ms, Maximum = 30ms, Average = 30ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 12...f0 76 1c 26 8e f5 ......Realtek PCIe GBE Family Controller
  7...4e b5 7d 74 fb d5 ......Microsoft Hosted Network Virtual Adapter
  4...1e b5 7d 74 fb d5 ......Microsoft Wi-Fi Direct Virtual Adapter
  3...ac b5 7d 74 fb d5 ......Qualcomm Atheros AR956x Wireless Network Adapter
  1...........................Software Loopback Interface 1
 18...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         10.0.0.1       10.0.0.219     55
         10.0.0.0    255.255.255.0         On-link        10.0.0.219    311
       10.0.0.219  255.255.255.255         On-link        10.0.0.219    311
       10.0.0.255  255.255.255.255         On-link        10.0.0.219    311
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link        10.0.0.219    311
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link        10.0.0.219    311
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  3    311 ::/0                     fe80::faa0:97ff:feb3:a7ac
  1    331 ::1/128                  On-link
 18    331 2001::/32                On-link
 18    331 2001:0:9d38:90d7:807:2278:f5ff:ff24/128
                                    On-link
  3    311 2601:4a:8280:1bed::/64   On-link
  3    311 2601:4a:8280:1bed::6a34/128
                                    On-link
  3    311 2601:4a:8280:1bed::e57e/128
                                    On-link
  3    311 2601:4a:8280:1bed:706b:2c7c:4ce:5045/128
                                    On-link
  3    311 2601:4a:8280:1bed:f5c7:b8b8:3afa:1d29/128
                                    On-link
  3    311 fe80::/64                On-link
 18    331 fe80::/64                On-link
 18    331 fe80::807:2278:f5ff:ff24/128
                                    On-link
  3    311 fe80::706b:2c7c:4ce:5045/128
                                    On-link
  1    331 ff00::/8                 On-link
  3    311 ff00::/8                 On-link
 18    331 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [54784] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [63488] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)
Catalog5 07 C:\WINDOWS\SysWOW64\wshbth.dll [50688] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [66560] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [79872] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31232] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
 
**** End of log ****
 
 
 
 
 

Attached Files



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:49 PM

Posted 21 July 2017 - 09:54 PM

Thank you, please do these things.

===================================================

Resetting Google Chrome to Original Defaults

--------------------
  • Launch Chrome then review this page before following these steps to review what changes will take place
  • In the address bar type chrome://settings and press Enter
  • Click Show advanced settings... located at the bottom of the page
  • Under the Reset settings section click Reset settings
  • Uncheck Help make Google Chrome better by reporting the current settings if you don' t want to provide that information
  • Click Reset
  • Restart Chrome and check the performance
===================================================

Uninstall and Reinstall a Device Driiver

----------
  • Press Windows Key + R on your keyboard at the same time
  • Type devmgmt.msc and press Enter
  • Expand the Network Adapters section by clicking + sign
  • Right click on Qualcomm Atheros AR956x Wireless Network Adapter, select Uninstall, then OK
  • Click Yes to restart your computer
  • Check your computer performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Chrome?
  • Network?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Mare1220

Mare1220
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:49 AM

Posted 23 July 2017 - 11:55 AM

Okay so resetting my Chrome seems to have worked almost instantaneously! Uninstalling the network adapter seems to have worked also.  I've been checking and rechecking all night and most of the afternoon.  There have been no sudden switches to airplane mode since.  Thanks so much!



#12 Mare1220

Mare1220
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:49 AM

Posted 23 July 2017 - 12:57 PM

And JUST after I wrote that, the damned thing went back to airplane mode! 



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:49 PM

Posted 23 July 2017 - 01:28 PM

Currently when you see it switch to Airplane Mode are you losing Internet access?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Mare1220

Mare1220
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:49 AM

Posted 23 July 2017 - 09:15 PM

Yes, I was losing internet connectivity when it switched.  However, I powered it off shortly after my last message and left it alone for a few hours.  As of right now, I've been ten hours without airplane mode activated.  So that's cool.



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:49 PM

Posted 23 July 2017 - 09:38 PM

Very good. Let's give it until tomorrow and see how we do. Touch base then, or sooner if you run into a problem.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users