Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Performance Abruptly Very Slow


  • This topic is locked This topic is locked
15 replies to this topic

#1 Fleetwolf90

Fleetwolf90

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:12:42 PM

Posted 04 June 2018 - 06:46 PM

Computer was performing normally and then acutely became very slow to operate all tasks.  Startup takes 5-7 minutes, launching Chrome takes 1-2 minutes, 2-3 minutes to switch between applications, etc.  It never resumes to previous performance no mater how long it operates.  Fans stay at high speed and Task Manager consistently shows memory consumption between 50%-60%.

 

Thanks in advance!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03.06.2018
Ran by Earley Laptop (administrator) on EARLEYLAPTOP-PC (04-06-2018 19:24:37)
Running from C:\Users\Earley Laptop\Downloads
Loaded Profiles: Earley Laptop (Available Profiles: Earley Laptop)
Platform: Windows 10 Home Version 1709 16299.431 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(HP Inc.) C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\ScanToPCActivationApp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(HP Inc.) C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\HPNetworkCommunicatorCom.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11804.1001.10.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.16.17656.18052-0\MsMpEng.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.16.17656.18052-0\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1812776 2009-06-26] (Synaptics Incorporated)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2314120 2009-05-26] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-03-22] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [Google Quick Search Box] => C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe [122880 2009-12-31] (Google Inc.)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [494064 2009-06-18] ()
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67896 2017-03-16] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2011-06-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-2224422032-3815502487-2643779824-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-12-31] (Google Inc.)
HKU\S-1-5-21-2224422032-3815502487-2643779824-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18334528 2018-04-12] (Piriform Ltd)
HKU\S-1-5-21-2224422032-3815502487-2643779824-1001\...\Run: [HP OfficeJet Pro 8710 (NET)] => C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\ScanToPCActivationApp.exe [3736584 2015-08-31] (HP Inc.)
HKU\S-1-5-21-2224422032-3815502487-2643779824-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-03-16] (Apple Inc.)
HKU\S-1-5-21-2224422032-3815502487-2643779824-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-03-16] (Apple Inc.)
HKU\S-1-5-21-2224422032-3815502487-2643779824-1001\...\Run: [Amazon Drive] => C:\Users\Earley Laptop\AppData\Local\Amazon Drive\AmazonDrive.exe [6356648 2018-05-09] (Amazon.com Inc.)
HKU\S-1-5-21-2224422032-3815502487-2643779824-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [148480 2017-09-29] (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-10-30]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-10-30]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-10-30]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{0c337c25-1503-4e6d-8c1a-1a1c59e1fc8a}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{7829ed7d-00d1-4ca1-994d-ca91b5c1e060}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{90bfb7d2-41f7-4f61-8cac-3484a90dc76e}: [DhcpNameServer] 172.20.10.1
 
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2224422032-3815502487-2643779824-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2224422032-3815502487-2643779824-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
SearchScopes: HKLM -> {955FED3B-B6C3-4908-8FC6-E10498FFB366} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {5ED0152D-EA06-41A6-A5FF-F3C463F5788E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2224422032-3815502487-2643779824-1001 -> {5ED0152D-EA06-41A6-A5FF-F3C463F5788E} URL = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2224422032-3815502487-2643779824-1001 -> {8F2DC6D9-8FE3-4B03-B5E0-105006C54860} URL = hxxp://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
SearchScopes: HKU\S-1-5-21-2224422032-3815502487-2643779824-1001 -> {955FED3B-B6C3-4908-8FC6-E10498FFB366} URL = 
SearchScopes: HKU\S-1-5-21-2224422032-3815502487-2643779824-1001 -> {B57C312A-7873-47EE-92F8-B448459134E4} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: No Name -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> No File
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-06-01] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-11-25] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-23] (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-25] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22] (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-04-27] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-11-25] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-23] (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-25] (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-23] (Google Inc.)
Toolbar: HKLM-x32 - No Name - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-23] (Google Inc.)
Toolbar: HKU\S-1-5-21-2224422032-3815502487-2643779824-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-2224422032-3815502487-2643779824-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-23] (Google Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-06-01] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-06-01] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-06-01] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-06-01] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_29_0_0_171.dll [2018-05-08] ()
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-25] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_171.dll [2018-05-08] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-04-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-02] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @pack.google.com/Google Updater;version=14 -> C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2011-06-07] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2224422032-3815502487-2643779824-1001: @nds.com/PCShowPlugin -> C:\Users\Earley Laptop\AppData\Local\DIRECTV Player\npPCShowPlugin.dll [No File]
FF Plugin HKU\S-1-5-21-2224422032-3815502487-2643779824-1001: @nds.com/PlayerPlugin -> C:\Users\Earley Laptop\AppData\Local\DIRECTV Player\npPlayerPlugin.dll [2012-07-19] (NDS)
FF Plugin HKU\S-1-5-21-2224422032-3815502487-2643779824-1001: @yahoo.com/BrowserPlus,version=2.8.1 -> C:\Users\Earley Laptop\AppData\Local\Yahoo!\BrowserPlus\2.8.1\Plugins\npybrowserplus_2.8.1.dll [2010-05-25] (Yahoo! Inc.)
FF Plugin HKU\S-1-5-21-2224422032-3815502487-2643779824-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Earley Laptop\Music\Playlists\npAmazonMP3DownloaderPlugin101799.dll [2013-03-07] (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-2224422032-3815502487-2643779824-1001: NDS.com/PlayerPlugin -> C:\Users\Earley Laptop\AppData\Local\DIRECTV Player\npPlayerPlugin.dll [2012-07-19] (NDS)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> msn.com
CHR StartupUrls: Default -> "hxxps://www.google.com/","hxxps://www.google.com/"
CHR Profile: C:\Users\Earley Laptop\AppData\Local\Google\Chrome\User Data\Default [2018-06-04]
CHR Extension: (FUTBIN) - C:\Users\Earley Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\adicaaffkmhgnfheifkjhopmambgfihl [2017-12-30]
CHR Extension: (Google Drive) - C:\Users\Earley Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (Bing) - C:\Users\Earley Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2018-03-08]
CHR Extension: (Google Docs Offline) - C:\Users\Earley Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-19]
CHR Extension: (Pinterest Save Button) - C:\Users\Earley Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2018-06-03]
CHR Extension: (Rotogrinders DFS Analyzer Sync) - C:\Users\Earley Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\kecgnibeihgmgjcepmfpbjjlnpoelebn [2017-04-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Earley Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Chrome Media Router) - C:\Users\Earley Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-04-24]
CHR HKU\S-1-5-21-2224422032-3815502487-2643779824-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [aaaangmfdabjilefmognkgcebjgcojek] - C:\Users\Earley Laptop\AppData\Local\APN\GoogleCRXs\aaaangmfdabjilefmognkgcebjgcojek_7.14.1.0.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-03-17] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8652976 2018-05-24] (Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\NisSrv.exe [4682552 2018-05-31] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MsMpEng.exe [101096 2018-05-31] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [38984 2013-11-19] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [84328 2013-11-19] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-19] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-19] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1032416 2013-11-19] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [409832 2013-11-19] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2013-11-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-11-19] ()
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-05-29] (Malwarebytes)
S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-05-31] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [313384 2018-05-31] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-05-31] (Microsoft Corporation)
U4 aspnet_state; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-04 19:24 - 2018-06-04 19:27 - 000022784 _____ C:\Users\Earley Laptop\Downloads\FRST.txt
2018-06-04 19:22 - 2018-06-04 19:23 - 002413056 _____ (Farbar) C:\Users\Earley Laptop\Downloads\FRST64.exe
2018-05-29 22:05 - 2018-05-29 22:20 - 000225037 _____ C:\Users\Earley Laptop\Downloads\Camping tea towels.studio3
2018-05-29 18:47 - 2018-05-29 18:48 - 000544872 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-05-27 18:14 - 2018-05-27 18:14 - 000118083 _____ C:\Users\Earley Laptop\Downloads\Amber's tray.studio3
2018-05-27 16:55 - 2018-05-27 16:55 - 000107128 _____ C:\Users\Earley Laptop\Downloads\Cindy's mono.studio3
2018-05-20 08:16 - 2018-05-04 05:37 - 000278448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Notifier.exe
2018-05-13 13:03 - 2018-05-13 13:06 - 000000865 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-05-13 13:00 - 2018-05-13 13:01 - 015813864 _____ (Piriform Ltd) C:\Users\Earley Laptop\Downloads\ccsetup542.exe
2018-05-13 11:44 - 2018-05-29 18:50 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-05-13 11:44 - 2018-05-13 11:44 - 000001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-05-13 11:44 - 2018-05-13 11:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-05-13 11:43 - 2018-03-19 12:57 - 000076192 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-05-13 08:08 - 2018-05-03 03:36 - 000437664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2018-05-13 08:08 - 2018-05-03 02:31 - 002193688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-05-13 08:08 - 2018-05-03 02:12 - 000816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-05-13 08:08 - 2018-05-03 02:00 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-05-13 08:08 - 2018-05-03 02:00 - 000473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2018-05-13 08:08 - 2018-05-03 01:59 - 018924544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-05-13 08:08 - 2018-05-03 01:57 - 019354624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-05-13 08:08 - 2018-05-03 01:57 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-05-13 08:08 - 2018-05-03 01:54 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-05-13 08:08 - 2018-05-03 01:53 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-05-13 08:08 - 2018-05-03 01:52 - 003662848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-05-13 08:08 - 2018-05-03 01:52 - 000664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-05-13 08:08 - 2018-05-03 01:52 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-05-13 08:08 - 2018-04-15 17:34 - 000230304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2018-05-13 08:08 - 2018-04-15 16:47 - 001615712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-05-13 08:08 - 2018-04-15 16:35 - 002462704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2018-05-13 08:08 - 2018-04-15 16:34 - 001456104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2018-05-13 08:08 - 2018-04-15 16:12 - 017160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-05-13 08:08 - 2018-04-15 16:12 - 013704704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2018-05-13 08:08 - 2018-04-15 16:12 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2018-05-13 08:08 - 2018-04-15 16:08 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2018-05-13 08:08 - 2018-04-15 16:03 - 002628608 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-05-13 08:08 - 2018-03-30 00:10 - 000704080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-05-13 08:08 - 2018-03-29 23:45 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-05-13 08:08 - 2018-03-29 23:41 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-05-13 08:08 - 2018-03-29 23:40 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2018-05-13 08:08 - 2018-03-29 23:27 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2018-05-13 08:08 - 2018-02-21 22:02 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2018-05-13 08:08 - 2018-02-21 22:00 - 000187296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2018-05-13 08:08 - 2018-02-10 01:05 - 000662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2018-05-13 08:08 - 2018-02-10 00:46 - 002393600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-05-13 08:08 - 2018-02-10 00:46 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-05-13 08:08 - 2018-02-10 00:42 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2018-05-13 08:08 - 2018-02-10 00:37 - 001488384 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-05-13 08:07 - 2018-05-03 03:51 - 001056152 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-05-13 08:07 - 2018-05-03 03:47 - 008600472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-05-13 08:07 - 2018-05-03 03:43 - 000373664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2018-05-13 08:07 - 2018-05-03 03:36 - 002710736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-05-13 08:07 - 2018-05-03 03:32 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-05-13 08:07 - 2018-05-03 02:26 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-05-13 08:07 - 2018-05-03 02:19 - 003663360 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-05-13 08:07 - 2018-05-03 02:18 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2018-05-13 08:07 - 2018-05-03 02:16 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-05-13 08:07 - 2018-05-03 02:12 - 000672768 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-05-13 08:07 - 2018-05-03 02:12 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2018-05-13 08:07 - 2018-05-03 02:11 - 000595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-05-13 08:07 - 2018-05-03 02:09 - 008068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-05-13 08:07 - 2018-05-03 02:09 - 004723712 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-05-13 08:07 - 2018-05-03 02:09 - 002086400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-05-13 08:07 - 2018-05-03 02:08 - 000808960 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-05-13 08:07 - 2018-05-03 01:53 - 006060544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-05-13 08:07 - 2018-05-03 01:51 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-05-13 08:07 - 2018-04-15 17:49 - 001954056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-05-13 08:07 - 2018-04-15 17:47 - 000398744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2018-05-13 08:07 - 2018-04-15 17:33 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-05-13 08:07 - 2018-04-15 17:30 - 002268024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2018-05-13 08:07 - 2018-04-15 17:29 - 001779936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-05-13 08:07 - 2018-04-15 17:26 - 002711176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2018-05-13 08:07 - 2018-04-15 17:26 - 001506200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-05-13 08:07 - 2018-04-15 16:47 - 001490856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2018-05-13 08:07 - 2018-04-15 16:34 - 001524776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-05-13 08:07 - 2018-04-15 16:34 - 001017048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-05-13 08:07 - 2018-04-15 16:10 - 001498112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-05-13 08:07 - 2018-04-15 16:07 - 012689920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-05-13 08:07 - 2018-04-15 16:07 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2018-05-13 08:07 - 2018-04-15 16:06 - 011924480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-05-13 08:07 - 2018-04-15 16:04 - 012833280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-05-13 08:07 - 2018-04-15 16:04 - 002464768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-05-13 08:07 - 2018-04-15 16:03 - 004248064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2018-05-13 08:07 - 2018-04-15 16:02 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-05-13 08:07 - 2018-04-15 16:00 - 000424448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2018-05-13 08:07 - 2018-03-30 01:06 - 000166304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2018-05-13 08:07 - 2018-03-30 01:03 - 000059808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bam.sys
2018-05-13 08:07 - 2018-03-30 01:01 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-05-13 08:07 - 2018-03-30 01:01 - 000471968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-05-13 08:07 - 2018-03-30 00:59 - 000082840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-05-13 08:07 - 2018-03-30 00:58 - 000129432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2018-05-13 08:07 - 2018-03-30 00:52 - 000428960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-05-13 08:07 - 2018-03-30 00:51 - 000147872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-05-13 08:07 - 2018-03-29 23:35 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-05-13 08:07 - 2018-03-29 23:32 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-05-13 08:07 - 2018-03-13 03:03 - 000739696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2018-05-13 08:07 - 2018-03-13 02:54 - 000555936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-05-13 08:07 - 2018-03-13 01:15 - 000597160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2018-05-13 08:07 - 2018-03-13 00:37 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2018-05-13 08:07 - 2018-03-01 02:30 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-05-13 08:07 - 2018-03-01 01:51 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2018-05-13 08:07 - 2018-03-01 01:39 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2018-05-13 08:07 - 2018-02-21 22:10 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2018-05-13 08:07 - 2018-02-21 21:51 - 000045472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2018-05-13 08:07 - 2018-02-21 20:31 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2018-05-13 08:07 - 2018-02-10 02:09 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2018-05-13 08:07 - 2018-02-10 02:08 - 003010248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2018-05-13 08:07 - 2018-02-10 02:06 - 000494488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2018-05-13 08:07 - 2018-02-10 02:04 - 001426672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-05-13 08:07 - 2018-02-10 02:04 - 001254144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2018-05-13 08:07 - 2018-02-10 02:04 - 000603920 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-05-13 08:07 - 2018-02-10 01:06 - 006014688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2018-05-13 08:07 - 2018-02-10 01:06 - 004670728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-05-13 08:07 - 2018-02-10 01:06 - 000982528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-05-13 08:07 - 2018-02-10 01:05 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-05-13 08:07 - 2018-02-10 01:05 - 001149272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2018-05-13 08:07 - 2018-02-10 00:50 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-05-13 08:07 - 2018-02-10 00:43 - 000394752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2018-05-13 08:07 - 2018-02-10 00:36 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-05-13 08:06 - 2018-05-03 03:45 - 002395040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-05-13 08:06 - 2018-05-03 03:38 - 002574240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-05-13 08:06 - 2018-05-03 02:16 - 023674880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-05-13 08:06 - 2018-05-03 02:09 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-05-13 08:06 - 2018-05-03 02:09 - 002784256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-05-13 08:06 - 2018-05-03 02:09 - 001548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-05-13 08:06 - 2018-04-15 17:50 - 001925760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2018-05-13 08:06 - 2018-04-15 16:14 - 000250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2018-05-13 08:06 - 2018-04-15 16:03 - 002857984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-05-13 08:06 - 2018-03-30 01:03 - 001277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-05-13 08:06 - 2018-03-30 00:51 - 000902928 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-05-13 08:06 - 2018-03-29 23:30 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-05-13 08:06 - 2018-03-29 23:27 - 000813568 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-05-13 08:06 - 2018-03-29 23:25 - 001424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-05-13 08:06 - 2018-03-29 23:25 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-05-13 08:06 - 2018-03-29 23:24 - 000925184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-05-13 08:06 - 2018-03-13 01:35 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2018-05-13 08:06 - 2018-03-13 01:33 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2018-05-13 08:06 - 2018-03-01 03:37 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-05-13 08:06 - 2018-03-01 01:49 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2018-05-13 08:06 - 2018-03-01 01:46 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-05-13 08:06 - 2018-02-10 02:04 - 001170008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-05-13 08:06 - 2018-02-10 00:49 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-05-13 08:06 - 2018-01-01 08:41 - 000559512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-05-13 08:06 - 2018-01-01 08:25 - 000615768 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2018-05-13 08:05 - 2018-05-03 03:50 - 001206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-05-13 08:05 - 2018-05-03 03:36 - 007675792 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-05-13 08:05 - 2018-05-03 03:34 - 021356824 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-05-13 08:05 - 2018-05-03 02:36 - 025254400 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-05-13 08:05 - 2018-05-03 02:17 - 007545344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-05-13 08:05 - 2018-05-03 02:16 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2018-05-13 08:05 - 2018-05-03 01:58 - 006467072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-05-13 08:05 - 2018-04-15 18:07 - 001463344 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-05-13 08:05 - 2018-04-15 17:48 - 005859248 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-05-13 08:05 - 2018-04-15 17:38 - 000979360 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2018-05-13 08:05 - 2018-04-15 17:32 - 003904296 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-05-13 08:05 - 2018-04-15 16:47 - 001323336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2018-05-13 08:05 - 2018-04-15 16:38 - 003485392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-05-13 08:05 - 2018-04-15 16:37 - 000747416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2018-05-13 08:05 - 2018-04-15 16:16 - 000098304 _____ C:\WINDOWS\system32\runexehelper.exe
2018-05-13 08:05 - 2018-04-15 16:10 - 000363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2018-05-13 08:05 - 2018-04-15 16:06 - 013660672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-05-13 08:05 - 2018-04-15 16:06 - 000721920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-05-13 08:05 - 2018-04-15 16:05 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2018-05-13 08:05 - 2018-04-15 16:04 - 001057792 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2018-05-13 08:05 - 2018-04-15 16:04 - 000556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2018-05-13 08:05 - 2018-04-15 16:03 - 004772352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2018-05-13 08:05 - 2018-04-15 16:03 - 004385280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2018-05-13 08:05 - 2018-04-15 16:03 - 002976256 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2018-05-13 08:05 - 2018-04-15 16:02 - 004814336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-05-13 08:05 - 2018-04-15 16:02 - 000842240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2018-05-13 08:05 - 2018-04-15 16:01 - 001509888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2018-05-13 08:05 - 2018-04-15 16:00 - 001739264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2018-05-13 08:05 - 2018-03-30 00:53 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-05-13 08:05 - 2018-03-29 23:36 - 000825856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-05-13 08:05 - 2018-03-29 23:25 - 001055744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-05-13 08:05 - 2018-03-01 03:30 - 000264040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-05-13 08:05 - 2018-03-01 03:14 - 001694224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2018-05-13 08:05 - 2018-03-01 01:48 - 000543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2018-05-13 08:05 - 2018-02-10 02:14 - 004504464 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-05-13 08:05 - 2018-02-10 02:07 - 004506576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-05-13 08:05 - 2018-02-10 02:04 - 006791984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2018-05-13 08:05 - 2018-02-10 02:03 - 000404888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2018-05-13 08:05 - 2018-02-10 00:38 - 001167360 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2018-05-13 08:04 - 2018-05-03 02:31 - 006092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-05-13 08:04 - 2018-05-03 02:25 - 020290248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-05-13 08:04 - 2018-04-15 17:26 - 007384576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-05-13 08:04 - 2018-04-15 16:34 - 006482664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-05-13 08:04 - 2018-03-01 23:36 - 017085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-05-13 08:03 - 2018-05-03 02:19 - 001300992 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-05-13 08:03 - 2018-05-03 02:18 - 000400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-05-13 08:03 - 2018-04-15 16:07 - 001495552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-05-13 08:03 - 2018-04-15 16:07 - 001425408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-05-13 08:03 - 2018-04-15 16:04 - 002209280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-05-13 08:03 - 2018-04-15 16:03 - 003177472 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-05-13 08:03 - 2018-02-10 02:04 - 000374032 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
2018-05-13 08:03 - 2018-02-10 00:45 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2018-05-13 08:03 - 2018-02-10 00:43 - 000570368 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2018-05-13 08:03 - 2018-02-10 00:39 - 004592640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2018-05-13 08:03 - 2018-02-10 00:37 - 003578368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2018-05-13 08:03 - 2018-02-10 00:36 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2018-05-13 08:02 - 2018-05-03 03:54 - 000608160 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-05-13 08:02 - 2018-05-03 03:53 - 000300448 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-05-13 08:02 - 2018-05-03 03:52 - 001568160 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-05-13 08:02 - 2018-05-03 03:52 - 000137112 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-05-13 08:02 - 2018-05-03 03:50 - 000664992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-05-13 08:02 - 2018-05-03 03:35 - 002472864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2018-05-13 08:02 - 2018-05-03 02:07 - 001822720 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-05-13 08:02 - 2018-05-03 01:51 - 001560064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-05-13 08:02 - 2018-04-15 17:48 - 001638424 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-05-13 08:02 - 2018-04-15 16:14 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceUpdateAgent.dll
2018-05-13 08:02 - 2018-04-15 16:07 - 008031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-05-13 08:02 - 2018-03-29 23:31 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-05-13 08:02 - 2018-03-29 23:28 - 003121664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2018-05-13 08:02 - 2018-03-29 23:21 - 002511360 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2018-05-13 08:02 - 2018-03-29 23:21 - 001160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2018-05-13 08:02 - 2018-03-28 15:54 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2018-05-13 08:02 - 2018-03-13 01:29 - 003211776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2018-05-13 08:02 - 2018-03-01 03:17 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-05-13 08:02 - 2018-03-01 02:21 - 001558856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2018-05-13 08:02 - 2018-02-10 02:09 - 000525208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2018-05-13 08:02 - 2018-02-10 02:07 - 000705944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2018-05-13 08:02 - 2018-02-10 01:09 - 002338776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2018-05-13 08:02 - 2018-02-10 00:33 - 001570816 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2018-05-13 08:01 - 2018-05-03 03:54 - 000748448 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-05-13 08:01 - 2018-05-03 03:52 - 001415296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-05-13 08:01 - 2018-05-03 03:47 - 001209760 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-05-13 08:01 - 2018-05-03 03:45 - 000711936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-05-13 08:01 - 2018-05-03 03:37 - 000749984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-05-13 08:01 - 2018-05-03 02:09 - 003405824 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-05-13 08:01 - 2018-05-03 01:57 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2018-05-13 08:01 - 2018-04-15 18:04 - 000779952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-05-13 08:01 - 2018-04-15 17:38 - 003180720 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2018-05-13 08:01 - 2018-04-15 16:47 - 001433360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-05-13 08:01 - 2018-04-15 16:47 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-05-13 08:01 - 2018-04-15 16:13 - 002890240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2018-05-13 08:01 - 2018-04-15 16:08 - 006576128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-05-13 08:01 - 2018-04-15 16:07 - 005195776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-05-13 08:01 - 2018-04-15 16:05 - 004113408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2018-05-13 08:01 - 2018-04-15 16:04 - 001230848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2018-05-13 08:01 - 2018-04-15 16:03 - 002741248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2018-05-13 08:01 - 2018-04-15 16:03 - 001353728 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2018-05-13 08:01 - 2018-04-15 16:00 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-05-13 08:01 - 2018-03-30 08:34 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-05-13 08:01 - 2018-03-30 00:52 - 000677280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-05-13 08:01 - 2018-03-13 01:34 - 008727552 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2018-05-13 08:01 - 2018-03-13 01:30 - 007145472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2018-05-13 08:01 - 2018-03-13 00:40 - 006118400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2018-05-13 08:01 - 2018-03-01 01:42 - 003505664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2018-05-13 08:01 - 2018-03-01 01:40 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-05-13 08:01 - 2018-03-01 01:36 - 004050432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-05-13 08:01 - 2018-02-10 02:16 - 002406456 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-05-13 08:01 - 2018-02-10 02:14 - 001002592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-05-13 08:01 - 2018-02-10 02:10 - 000614160 _____ (Microsoft Corporation) C:\WINDOWS\system32\StateRepository.Core.dll
2018-05-13 08:01 - 2018-02-10 02:07 - 000436632 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2018-05-13 08:01 - 2018-02-10 02:03 - 001619808 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2018-05-13 08:01 - 2018-02-10 01:17 - 002255112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-05-13 08:01 - 2018-02-10 01:15 - 001145624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-05-13 08:01 - 2018-02-10 01:09 - 000354200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2018-05-13 08:01 - 2018-02-10 01:08 - 000592792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2018-05-13 08:01 - 2018-02-10 00:42 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2018-05-13 08:01 - 2018-02-10 00:40 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2018-05-13 08:01 - 2018-02-08 23:35 - 004959688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpltfm.dll
2018-05-13 08:00 - 2018-05-03 03:36 - 000247200 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-05-13 08:00 - 2018-05-03 02:09 - 001344000 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2018-05-13 08:00 - 2018-04-15 16:36 - 002386832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2018-05-13 08:00 - 2018-04-15 16:04 - 001236480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-05-13 08:00 - 2018-04-15 16:02 - 001669120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2018-05-13 08:00 - 2018-04-15 16:00 - 002223616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-05-13 08:00 - 2018-03-30 01:03 - 000319864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2018-05-13 08:00 - 2018-03-30 00:58 - 000898216 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-05-13 08:00 - 2018-03-29 23:35 - 000858112 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-05-13 08:00 - 2018-03-29 23:35 - 000249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-05-13 08:00 - 2018-03-29 23:28 - 000951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2018-05-13 08:00 - 2018-03-29 23:27 - 001002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-05-13 08:00 - 2018-03-29 23:26 - 001816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-05-13 08:00 - 2018-03-29 23:26 - 001343488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2018-05-13 08:00 - 2018-03-29 23:26 - 000716288 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-05-13 08:00 - 2018-03-13 01:33 - 001574912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2018-05-13 08:00 - 2018-03-13 01:30 - 003400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2018-05-13 08:00 - 2018-03-13 01:28 - 003160576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2018-05-13 08:00 - 2018-03-01 01:53 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-05-13 08:00 - 2018-03-01 01:39 - 002035712 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-05-13 08:00 - 2018-02-10 02:06 - 004486904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2018-05-13 08:00 - 2018-02-10 02:06 - 000594048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-05-13 08:00 - 2018-02-10 02:03 - 000722616 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2018-05-13 08:00 - 2018-02-10 01:08 - 003980720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2018-05-13 08:00 - 2018-02-10 01:07 - 000527864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StateRepository.Core.dll
2018-05-13 08:00 - 2018-02-10 00:45 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2018-05-13 08:00 - 2018-02-10 00:41 - 000451072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2018-05-13 08:00 - 2018-02-10 00:40 - 004498432 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-05-13 08:00 - 2018-02-10 00:38 - 002184192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2018-05-13 08:00 - 2018-02-10 00:35 - 000943104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2018-05-13 08:00 - 2018-02-10 00:35 - 000918528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2018-05-13 08:00 - 2018-02-10 00:34 - 002983936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmcndmgr.dll
2018-05-13 08:00 - 2018-02-01 23:36 - 003903944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpltfm.dll
2018-05-13 08:00 - 2018-01-01 07:18 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2018-05-13 08:00 - 2018-01-01 07:18 - 000427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2018-05-13 07:59 - 2018-05-03 03:53 - 000461216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-05-13 07:59 - 2018-05-03 03:50 - 000423328 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-05-13 07:59 - 2018-05-03 03:50 - 000069536 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-05-13 07:59 - 2018-05-03 03:48 - 000272288 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-05-13 07:59 - 2018-05-03 02:39 - 000212896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-05-13 07:59 - 2018-05-03 02:09 - 008432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-05-13 07:59 - 2018-05-03 01:56 - 002677248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-05-13 07:59 - 2018-05-03 01:53 - 007813120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-05-13 07:59 - 2018-04-15 17:51 - 002513920 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-05-13 07:59 - 2018-04-15 17:32 - 001416392 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2018-05-13 07:59 - 2018-04-15 16:16 - 003995136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2018-05-13 07:59 - 2018-04-15 16:14 - 000202240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2018-05-13 07:59 - 2018-04-15 16:14 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2018-05-13 07:59 - 2018-04-15 16:09 - 000408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2018-05-13 07:59 - 2018-04-15 16:08 - 003181568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-05-13 07:59 - 2018-04-15 16:03 - 001224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2018-05-13 07:59 - 2018-04-15 16:03 - 000920064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-05-13 07:59 - 2018-03-30 01:05 - 000015632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumdll.dll
2018-05-13 07:59 - 2018-03-30 00:57 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-05-13 07:59 - 2018-03-30 00:52 - 000727456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-05-13 07:59 - 2018-03-30 00:50 - 001336344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-05-13 07:59 - 2018-03-29 23:28 - 000984064 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2018-05-13 07:59 - 2018-03-29 23:28 - 000757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-05-13 07:59 - 2018-03-29 23:27 - 000985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-05-13 07:59 - 2018-03-29 23:26 - 000765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2018-05-13 07:59 - 2018-03-29 23:25 - 002528256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-05-13 07:59 - 2018-03-29 23:23 - 000963584 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-05-13 07:59 - 2018-03-13 01:28 - 001967104 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2018-05-13 07:59 - 2018-03-13 01:28 - 000939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2018-05-13 07:59 - 2018-03-13 01:27 - 003125760 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2018-05-13 07:59 - 2018-03-13 01:25 - 001346560 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2018-05-13 07:59 - 2018-03-13 01:23 - 001556992 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2018-05-13 07:59 - 2018-03-13 00:31 - 000862208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2018-05-13 07:59 - 2018-03-01 03:29 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-05-13 07:59 - 2018-02-10 02:19 - 001133888 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2018-05-13 07:59 - 2018-02-10 02:06 - 000824896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2018-05-13 07:59 - 2018-02-10 01:18 - 001384288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2018-05-13 07:59 - 2018-02-10 00:40 - 001234432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrSvc.dll
2018-05-13 07:59 - 2018-02-10 00:36 - 001759744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2018-05-13 07:59 - 2018-02-10 00:33 - 001936384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmc.exe
2018-05-13 07:59 - 2018-02-08 23:35 - 001234888 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpal.dll
2018-05-13 07:59 - 2018-01-01 07:20 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2018-05-13 07:59 - 2017-11-26 09:32 - 000184984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2018-05-13 07:59 - 2017-11-26 07:12 - 000123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2018-05-13 07:58 - 2018-05-03 03:56 - 001092016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-05-13 07:58 - 2018-05-03 03:56 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-05-13 07:58 - 2018-05-03 03:48 - 002002336 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-05-13 07:58 - 2018-05-03 03:48 - 000793960 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2018-05-13 07:58 - 2018-05-03 03:41 - 000540064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-05-13 07:58 - 2018-05-03 02:14 - 000623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2018-05-13 07:58 - 2018-05-03 02:09 - 001856000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-05-13 07:58 - 2018-05-03 02:05 - 001717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2018-05-13 07:58 - 2018-04-15 17:49 - 000382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2018-05-13 07:58 - 2018-04-15 17:33 - 001269616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2018-05-13 07:58 - 2018-04-15 17:25 - 001430768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2018-05-13 07:58 - 2018-04-15 17:23 - 001101208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-05-13 07:58 - 2018-04-15 16:47 - 001929712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-05-13 07:58 - 2018-04-15 16:47 - 000311192 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2018-05-13 07:58 - 2018-04-15 16:38 - 001123464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2018-05-13 07:58 - 2018-04-15 16:15 - 003490816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2018-05-13 07:58 - 2018-04-15 16:14 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2018-05-13 07:58 - 2018-04-15 16:12 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2018-05-13 07:58 - 2018-04-15 16:11 - 000531456 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-05-13 07:58 - 2018-04-15 16:08 - 000583680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.Schema.Shell.dll
2018-05-13 07:58 - 2018-04-15 16:07 - 000837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-05-13 07:58 - 2018-04-15 16:06 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2018-05-13 07:58 - 2018-04-15 16:05 - 000526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2018-05-13 07:58 - 2018-04-15 16:04 - 001342464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2018-05-13 07:58 - 2018-04-15 16:04 - 000997376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2018-05-13 07:58 - 2018-04-15 16:04 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2018-05-13 07:58 - 2018-04-15 16:04 - 000884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2018-05-13 07:58 - 2018-04-15 16:00 - 000682496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
2018-05-13 07:58 - 2018-04-15 16:00 - 000496640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Geolocation.dll
2018-05-13 07:58 - 2018-03-30 01:03 - 000508272 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2018-05-13 07:58 - 2018-03-30 01:01 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2018-05-13 07:58 - 2018-03-30 00:54 - 000461728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2018-05-13 07:58 - 2018-03-30 00:53 - 000549552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2018-05-13 07:58 - 2018-03-30 00:48 - 000614304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2018-05-13 07:58 - 2018-03-29 23:35 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2018-05-13 07:58 - 2018-03-29 23:31 - 000416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2018-05-13 07:58 - 2018-03-29 23:30 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-05-13 07:58 - 2018-03-29 23:30 - 000369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\APHostService.dll
2018-05-13 07:58 - 2018-03-29 23:29 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2018-05-13 07:58 - 2018-03-29 23:29 - 000555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2018-05-13 07:58 - 2018-03-29 23:28 - 000970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2018-05-13 07:58 - 2018-03-29 23:28 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2018-05-13 07:58 - 2018-03-29 23:27 - 001657856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2018-05-13 07:58 - 2018-03-29 23:26 - 001573376 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2018-05-13 07:58 - 2018-03-29 23:25 - 002083840 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-05-13 07:58 - 2018-03-13 02:55 - 001778360 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2018-05-13 07:58 - 2018-03-13 01:33 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2018-05-13 07:58 - 2018-03-13 01:31 - 001263104 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2018-05-13 07:58 - 2018-03-13 01:31 - 001173504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2018-05-13 07:58 - 2018-03-13 01:30 - 000863744 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2018-05-13 07:58 - 2018-03-13 01:30 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2018-05-13 07:58 - 2018-03-13 01:28 - 001157632 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2018-05-13 07:58 - 2018-03-13 01:28 - 000886272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2018-05-13 07:58 - 2018-03-13 01:22 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2018-05-13 07:58 - 2018-03-13 01:08 - 001555784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2018-05-13 07:58 - 2018-03-13 00:37 - 000381440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2018-05-13 07:58 - 2018-03-13 00:35 - 006204416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2018-05-13 07:58 - 2018-03-13 00:32 - 002577408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2018-05-13 07:58 - 2018-03-01 03:19 - 000710768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-05-13 07:58 - 2018-03-01 02:03 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2018-05-13 07:58 - 2018-03-01 01:58 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-05-13 07:58 - 2018-03-01 01:47 - 000579584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2018-05-13 07:58 - 2018-03-01 01:47 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2018-05-13 07:58 - 2018-03-01 01:46 - 004051968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2018-05-13 07:58 - 2018-03-01 01:39 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-05-13 07:58 - 2018-02-21 20:27 - 001282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-05-13 07:58 - 2018-02-21 20:16 - 001286144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-05-13 07:58 - 2018-02-10 02:08 - 000687552 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2018-05-13 07:58 - 2018-02-10 02:02 - 000628632 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp_win.dll
2018-05-13 07:58 - 2018-02-10 01:11 - 001250528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Taskmgr.exe
2018-05-13 07:58 - 2018-02-10 01:09 - 000559976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2018-05-13 07:58 - 2018-02-10 01:05 - 000551672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2018-05-13 07:58 - 2018-02-10 00:44 - 000276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2018-05-13 07:58 - 2018-02-10 00:42 - 001216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2018-05-13 07:58 - 2018-02-10 00:42 - 000950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
2018-05-13 07:58 - 2018-02-10 00:40 - 000930816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-05-13 07:58 - 2018-02-10 00:40 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
2018-05-13 07:58 - 2018-02-10 00:38 - 006722560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2018-05-13 07:58 - 2018-02-10 00:37 - 003419136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-05-13 07:58 - 2018-02-10 00:35 - 000941568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-05-13 07:58 - 2018-02-10 00:32 - 002427904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmcndmgr.dll
2018-05-13 07:58 - 2018-02-10 00:31 - 001488896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmc.exe
2018-05-13 07:58 - 2018-02-09 22:59 - 000804240 _____ C:\WINDOWS\SysWOW64\locale.nls
2018-05-13 07:58 - 2018-02-09 22:59 - 000804240 _____ C:\WINDOWS\system32\locale.nls
2018-05-13 07:58 - 2018-02-08 23:35 - 001002952 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmcodecs.dll
2018-05-13 07:58 - 2018-01-01 07:18 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-05-13 07:58 - 2018-01-01 07:15 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
2018-05-13 07:58 - 2018-01-01 07:14 - 000870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-05-13 07:57 - 2018-05-03 03:57 - 000599448 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-05-13 07:57 - 2018-05-03 03:43 - 000702568 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2018-05-13 07:57 - 2018-05-03 03:35 - 000358496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-05-13 07:57 - 2018-05-03 02:44 - 000595448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2018-05-13 07:57 - 2018-05-03 02:43 - 000594056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2018-05-13 07:57 - 2018-05-03 02:29 - 000285144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2018-05-13 07:57 - 2018-05-03 02:19 - 000496640 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-05-13 07:57 - 2018-05-03 02:16 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadauthhelper.dll
2018-05-13 07:57 - 2018-05-03 02:15 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-05-13 07:57 - 2018-05-03 02:13 - 000253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2018-05-13 07:57 - 2018-05-03 02:12 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2018-05-13 07:57 - 2018-05-03 01:57 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-05-13 07:57 - 2018-05-03 01:48 - 001353728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2018-05-13 07:57 - 2018-04-15 17:49 - 000563632 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2018-05-13 07:57 - 2018-04-15 17:29 - 001873944 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2018-05-13 07:57 - 2018-04-15 17:28 - 000688064 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2018-05-13 07:57 - 2018-04-15 17:25 - 000661920 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2018-05-13 07:57 - 2018-04-15 16:36 - 001575896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2018-05-13 07:57 - 2018-04-15 16:36 - 000832648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2018-05-13 07:57 - 2018-04-15 16:36 - 000543920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2018-05-13 07:57 - 2018-04-15 16:11 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountWAMExtension.dll
2018-05-13 07:57 - 2018-04-15 16:10 - 001576960 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2018-05-13 07:57 - 2018-04-15 16:10 - 000371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-05-13 07:57 - 2018-04-15 16:10 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2018-05-13 07:57 - 2018-04-15 16:08 - 000703488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2018-05-13 07:57 - 2018-04-15 16:08 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2018-05-13 07:57 - 2018-04-15 16:07 - 000792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2018-05-13 07:57 - 2018-04-15 16:07 - 000598528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-05-13 07:57 - 2018-04-15 16:07 - 000319488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2018-05-13 07:57 - 2018-04-15 16:06 - 000820224 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2018-05-13 07:57 - 2018-04-15 16:05 - 000626176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2018-05-13 07:57 - 2018-04-15 16:04 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2018-05-13 07:57 - 2018-04-15 16:03 - 000840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2018-05-13 07:57 - 2018-04-15 16:03 - 000826880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2018-05-13 07:57 - 2018-04-15 16:03 - 000825856 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2018-05-13 07:57 - 2018-04-15 16:03 - 000695296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2018-05-13 07:57 - 2018-04-15 16:03 - 000508928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2018-05-13 07:57 - 2018-04-15 16:01 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2018-05-13 07:57 - 2018-04-15 16:01 - 000518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2018-05-13 07:57 - 2018-04-15 16:01 - 000366592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Geolocation.dll
2018-05-13 07:57 - 2018-03-30 01:05 - 000191824 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2018-05-13 07:57 - 2018-03-30 01:03 - 000479920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-05-13 07:57 - 2018-03-30 00:53 - 000163744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2018-05-13 07:57 - 2018-03-30 00:52 - 000192416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2018-05-13 07:57 - 2018-03-30 00:27 - 000481464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2018-05-13 07:57 - 2018-03-30 00:07 - 001003160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-05-13 07:57 - 2018-03-30 00:04 - 000417368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp110_win.dll
2018-05-13 07:57 - 2018-03-29 23:46 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2018-05-13 07:57 - 2018-03-29 23:32 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-05-13 07:57 - 2018-03-29 23:32 - 000212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2018-05-13 07:57 - 2018-03-29 23:31 - 000795136 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalAuth.dll
2018-05-13 07:57 - 2018-03-29 23:30 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2018-05-13 07:57 - 2018-03-29 23:29 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
2018-05-13 07:57 - 2018-03-29 23:29 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2018-05-13 07:57 - 2018-03-29 23:29 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-05-13 07:57 - 2018-03-29 23:28 - 000624128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2018-05-13 07:57 - 2018-03-29 23:27 - 001097728 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2018-05-13 07:57 - 2018-03-29 23:20 - 000199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys
2018-05-13 07:57 - 2018-03-29 23:20 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdppm.sys
2018-05-13 07:57 - 2018-03-29 23:20 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\processr.sys
2018-05-13 07:57 - 2018-03-13 02:54 - 000128928 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2018-05-13 07:57 - 2018-03-13 02:53 - 000774560 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2018-05-13 07:57 - 2018-03-13 02:51 - 002773408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-05-13 07:57 - 2018-03-13 01:36 - 000297984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfksproxy.dll
2018-05-13 07:57 - 2018-03-13 01:33 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2018-05-13 07:57 - 2018-03-13 01:32 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2018-05-13 07:57 - 2018-03-13 01:32 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2018-05-13 07:57 - 2018-03-13 01:30 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2018-05-13 07:57 - 2018-03-13 01:27 - 000599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2018-05-13 07:57 - 2018-03-13 00:37 - 000981504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2018-05-13 07:57 - 2018-03-13 00:34 - 002409984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2018-05-13 07:57 - 2018-03-13 00:33 - 000981504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2018-05-13 07:57 - 2018-03-13 00:31 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2018-05-13 07:57 - 2018-03-13 00:30 - 002349568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2018-05-13 07:57 - 2018-03-01 23:00 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Feedback.Analog.dll
2018-05-13 07:57 - 2018-03-01 03:14 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthFWSnapin.dll
2018-05-13 07:57 - 2018-03-01 03:12 - 000250264 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2018-05-13 07:57 - 2018-03-01 03:12 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-05-13 07:57 - 2018-03-01 02:23 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthFWSnapin.dll
2018-05-13 07:57 - 2018-03-01 01:53 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-05-13 07:57 - 2018-03-01 01:53 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2018-05-13 07:57 - 2018-03-01 01:51 - 002329088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2018-05-13 07:57 - 2018-02-21 21:51 - 000097176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2018-05-13 07:57 - 2018-02-10 02:18 - 001193192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryPS.dll
2018-05-13 07:57 - 2018-02-10 02:12 - 004537040 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2018-05-13 07:57 - 2018-02-10 02:12 - 001313016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Taskmgr.exe
2018-05-13 07:57 - 2018-02-10 02:11 - 001029528 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2018-05-13 07:57 - 2018-02-10 02:09 - 000491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2018-05-13 07:57 - 2018-02-10 02:08 - 000398824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2018-05-13 07:57 - 2018-02-10 02:08 - 000096200 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbrand.dll
2018-05-13 07:57 - 2018-02-10 02:04 - 000339872 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2018-05-13 07:57 - 2018-02-10 02:03 - 000706600 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2018-05-13 07:57 - 2018-02-10 01:17 - 000542856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryPS.dll
2018-05-13 07:57 - 2018-02-10 01:12 - 004382032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2018-05-13 07:57 - 2018-02-10 01:10 - 000422592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2018-05-13 07:57 - 2018-02-10 01:05 - 000654456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
2018-05-13 07:57 - 2018-02-10 01:03 - 000505160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp_win.dll
2018-05-13 07:57 - 2018-02-10 00:50 - 000849920 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2018-05-13 07:57 - 2018-02-10 00:49 - 001664512 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2018-05-13 07:57 - 2018-02-10 00:49 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2018-05-13 07:57 - 2018-02-10 00:46 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2018-05-13 07:57 - 2018-02-10 00:44 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll
2018-05-13 07:57 - 2018-02-10 00:42 - 001113600 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2018-05-13 07:57 - 2018-02-10 00:42 - 000975872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2018-05-13 07:57 - 2018-02-10 00:42 - 000634880 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2018-05-13 07:57 - 2018-02-10 00:42 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2018-05-13 07:57 - 2018-02-10 00:41 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2018-05-13 07:57 - 2018-02-10 00:40 - 000939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2018-05-13 07:57 - 2018-02-10 00:39 - 005500928 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2018-05-13 07:57 - 2018-02-10 00:38 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2018-05-13 07:57 - 2018-02-10 00:37 - 000308224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2018-05-13 07:57 - 2018-02-10 00:35 - 000455680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2018-05-13 07:57 - 2018-02-01 23:36 - 000921032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpal.dll
2018-05-13 07:57 - 2018-02-01 23:36 - 000854976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmcodecs.dll
2018-05-13 07:57 - 2018-01-01 07:19 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2018-05-13 07:57 - 2018-01-01 07:18 - 000380928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EncDec.dll
2018-05-13 07:56 - 2018-05-03 03:49 - 000035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-05-13 07:56 - 2018-05-03 03:48 - 000077216 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-05-13 07:56 - 2018-05-03 03:37 - 000408992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-05-13 07:56 - 2018-05-03 03:34 - 000070864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2018-05-13 07:56 - 2018-05-03 02:28 - 000061024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2018-05-13 07:56 - 2018-05-03 02:16 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-05-13 07:56 - 2018-05-03 02:13 - 000276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2018-05-13 07:56 - 2018-05-03 02:08 - 001597952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-05-13 07:56 - 2018-05-03 02:06 - 003630080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2018-05-13 07:56 - 2018-05-03 02:05 - 000483840 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2018-05-13 07:56 - 2018-05-03 02:05 - 000389120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll
2018-05-13 07:56 - 2018-05-03 01:57 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadauthhelper.dll
2018-05-13 07:56 - 2018-05-03 01:50 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-05-13 07:56 - 2018-05-03 01:49 - 003430400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2018-05-13 07:56 - 2018-05-03 01:48 - 000328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ninput.dll
2018-05-13 07:56 - 2018-04-15 18:03 - 000128408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2018-05-13 07:56 - 2018-04-15 17:57 - 000279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-05-13 07:56 - 2018-04-15 17:29 - 000198440 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudStorageWizard.exe
2018-05-13 07:56 - 2018-04-15 17:25 - 000327008 _____ (Microsoft Corporation) C:\WINDOWS\system32\shlwapi.dll
2018-05-13 07:56 - 2018-04-15 17:25 - 000092032 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudNotifications.exe
2018-05-13 07:56 - 2018-04-15 17:24 - 000063656 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2018-05-13 07:56 - 2018-04-15 16:38 - 000444280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2018-05-13 07:56 - 2018-04-15 16:34 - 000572312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2018-05-13 07:56 - 2018-04-15 16:34 - 000166408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudStorageWizard.exe
2018-05-13 07:56 - 2018-04-15 16:34 - 000077552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudNotifications.exe
2018-05-13 07:56 - 2018-04-15 16:34 - 000052248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2018-05-13 07:56 - 2018-04-15 16:15 - 000674304 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockController.dll
2018-05-13 07:56 - 2018-04-15 16:14 - 000121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-05-13 07:56 - 2018-04-15 16:14 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProv2faHelper.dll
2018-05-13 07:56 - 2018-04-15 16:14 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2018-05-13 07:56 - 2018-04-15 16:14 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProv2faHelper.dll
2018-05-13 07:56 - 2018-04-15 16:11 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll
2018-05-13 07:56 - 2018-04-15 16:10 - 000571904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2018-05-13 07:56 - 2018-04-15 16:10 - 000225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovs.dll
2018-05-13 07:56 - 2018-04-15 16:10 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountWAMExtension.dll
2018-05-13 07:56 - 2018-04-15 16:10 - 000218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2018-05-13 07:56 - 2018-04-15 16:09 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_User.dll
2018-05-13 07:56 - 2018-04-15 16:08 - 000859648 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2018-05-13 07:56 - 2018-04-15 16:08 - 000627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2018-05-13 07:56 - 2018-04-15 16:08 - 000535552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2018-05-13 07:56 - 2018-04-15 16:08 - 000448000 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2018-05-13 07:56 - 2018-04-15 16:08 - 000262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2018-05-13 07:56 - 2018-04-15 16:08 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\twext.dll
2018-05-13 07:56 - 2018-04-15 16:08 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingMonitor.dll
2018-05-13 07:56 - 2018-04-15 16:07 - 003367936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2018-05-13 07:56 - 2018-04-15 16:07 - 000702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2018-05-13 07:56 - 2018-04-15 16:07 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2018-05-13 07:56 - 2018-04-15 16:07 - 000477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2018-05-13 07:56 - 2018-04-15 16:06 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2018-05-13 07:56 - 2018-04-15 16:04 - 000976896 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2018-05-13 07:56 - 2018-04-15 16:04 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll
2018-05-13 07:56 - 2018-04-15 16:03 - 002413568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2018-05-13 07:56 - 2018-04-15 16:03 - 000402432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2018-05-13 07:56 - 2018-04-15 16:03 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingMonitor.dll
2018-05-13 07:56 - 2018-04-15 16:02 - 000440832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2018-05-13 07:56 - 2018-03-30 01:12 - 000270208 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2018-05-13 07:56 - 2018-03-30 01:12 - 000075168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpci.sys
2018-05-13 07:56 - 2018-03-30 01:06 - 000053152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pcw.sys
2018-05-13 07:56 - 2018-03-30 01:05 - 000066720 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumcrypt.dll
2018-05-13 07:56 - 2018-03-30 01:05 - 000022208 _____ (Microsoft Corporation) C:\WINDOWS\system32\IumSdk.dll
2018-05-13 07:56 - 2018-03-30 01:03 - 000292384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2018-05-13 07:56 - 2018-03-30 01:03 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
2018-05-13 07:56 - 2018-03-30 01:00 - 000103320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2018-05-13 07:56 - 2018-03-30 01:00 - 000094104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\disk.sys
2018-05-13 07:56 - 2018-03-30 00:58 - 000039328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storvsc.sys
2018-05-13 07:56 - 2018-03-30 00:57 - 000121248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2018-05-13 07:56 - 2018-03-30 00:57 - 000109976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-05-13 07:56 - 2018-03-30 00:57 - 000081304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2018-05-13 07:56 - 2018-03-30 00:57 - 000031640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhv.sys
2018-05-13 07:56 - 2018-03-30 00:55 - 000367344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2018-05-13 07:56 - 2018-03-30 00:55 - 000062880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fsdepends.sys
2018-05-13 07:56 - 2018-03-30 00:53 - 000094080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwapi.dll
2018-05-13 07:56 - 2018-03-30 00:52 - 000282528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdyboost.sys
2018-05-13 07:56 - 2018-03-30 00:52 - 000247480 _____ (Microsoft Corporation) C:\WINDOWS\system32\logoncli.dll
2018-05-13 07:56 - 2018-03-30 00:52 - 000054688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vdrvroot.sys
2018-05-13 07:56 - 2018-03-30 00:52 - 000047512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmstorfl.sys
2018-05-13 07:56 - 2018-03-30 00:51 - 000123800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mup.sys
2018-05-13 07:56 - 2018-03-30 00:51 - 000071208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WindowsTrustedRT.sys
2018-05-13 07:56 - 2018-03-30 00:50 - 000057760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbios.sys
2018-05-13 07:56 - 2018-03-30 00:49 - 000204184 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2018-05-13 07:56 - 2018-03-30 00:48 - 000586800 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp110_win.dll
2018-05-13 07:56 - 2018-03-30 00:28 - 000777912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-05-13 07:56 - 2018-03-30 00:23 - 000566664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-05-13 07:56 - 2018-03-30 00:16 - 000289824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2018-05-13 07:56 - 2018-03-30 00:13 - 000450936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2018-05-13 07:56 - 2018-03-30 00:10 - 000099240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2018-05-13 07:56 - 2018-03-30 00:06 - 000180632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2018-05-13 07:56 - 2018-03-29 23:38 - 000956928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2018-05-13 07:56 - 2018-03-29 23:38 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-05-13 07:56 - 2018-03-29 23:36 - 002014720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-05-13 07:56 - 2018-03-29 23:36 - 000897024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-05-13 07:56 - 2018-03-29 23:33 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2018-05-13 07:56 - 2018-03-29 23:33 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-05-13 07:56 - 2018-03-29 23:32 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2018-05-13 07:56 - 2018-03-29 23:32 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
2018-05-13 07:56 - 2018-03-29 23:30 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcncsvc.dll
2018-05-13 07:56 - 2018-03-29 23:30 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2018-05-13 07:56 - 2018-03-29 23:29 - 000791552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-05-13 07:56 - 2018-03-29 23:29 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2018-05-13 07:56 - 2018-03-29 23:29 - 000436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-05-13 07:56 - 2018-03-29 23:27 - 000258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2018-05-13 07:56 - 2018-03-29 23:25 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-05-13 07:56 - 2018-03-29 23:23 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll
2018-05-13 07:56 - 2018-03-29 23:20 - 000180736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk8.sys
2018-05-13 07:56 - 2018-03-13 02:59 - 000535968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2018-05-13 07:56 - 2018-03-13 02:58 - 000377760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-05-13 07:56 - 2018-03-13 02:58 - 000170904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-05-13 07:56 - 2018-03-13 02:55 - 000334240 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2018-05-13 07:56 - 2018-03-13 02:53 - 000143264 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2018-05-13 07:56 - 2018-03-13 02:53 - 000113568 _____ (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll
2018-05-13 07:56 - 2018-03-13 02:53 - 000091152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
2018-05-13 07:56 - 2018-03-13 02:52 - 000172112 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2018-05-13 07:56 - 2018-03-13 02:50 - 000617312 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-05-13 07:56 - 2018-03-13 01:36 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2018-05-13 07:56 - 2018-03-13 01:35 - 000758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2018-05-13 07:56 - 2018-03-13 01:34 - 000309248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2018-05-13 07:56 - 2018-03-13 01:34 - 000222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsExt.dll
2018-05-13 07:56 - 2018-03-13 01:30 - 000893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2018-05-13 07:56 - 2018-03-13 01:28 - 000837120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2018-05-13 07:56 - 2018-03-13 01:26 - 001737728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-05-13 07:56 - 2018-03-13 01:24 - 000205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\sensrsvc.dll
2018-05-13 07:56 - 2018-03-13 01:23 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2018-05-13 07:56 - 2018-03-13 01:22 - 000513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll
2018-05-13 07:56 - 2018-03-13 01:07 - 000115104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2018-05-13 07:56 - 2018-03-13 01:06 - 000564640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2018-05-13 07:56 - 2018-03-13 01:04 - 000140592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll
2018-05-13 07:56 - 2018-03-13 00:40 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfksproxy.dll
2018-05-13 07:56 - 2018-03-13 00:39 - 000180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2018-05-13 07:56 - 2018-03-13 00:39 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2018-05-13 07:56 - 2018-03-13 00:36 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2018-05-13 07:56 - 2018-03-13 00:30 - 000464384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2018-05-13 07:56 - 2018-03-13 00:27 - 000190464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2018-05-13 07:56 - 2018-03-13 00:26 - 000483328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll
2018-05-13 07:56 - 2018-03-01 23:00 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll
2018-05-13 07:56 - 2018-03-01 03:11 - 000093600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-05-13 07:56 - 2018-03-01 03:10 - 000075168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-05-13 07:56 - 2018-03-01 02:29 - 000574960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-05-13 07:56 - 2018-03-01 02:27 - 000221592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2018-05-13 07:56 - 2018-03-01 01:58 - 000405504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2018-05-13 07:56 - 2018-02-21 22:07 - 000194456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ataport.sys
2018-05-13 07:56 - 2018-02-21 21:52 - 000103328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-05-13 07:56 - 2018-02-21 21:50 - 000229272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2018-05-13 07:56 - 2018-02-21 20:30 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-05-13 07:56 - 2018-02-21 20:26 - 000441344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\HdAudio.sys
2018-05-13 07:56 - 2018-02-21 20:25 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-05-13 07:56 - 2018-02-21 20:12 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2018-05-13 07:56 - 2018-02-10 02:18 - 000098272 _____ (Microsoft Corporation) C:\WINDOWS\system32\FsIso.exe
2018-05-13 07:56 - 2018-02-10 02:10 - 000154520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2018-05-13 07:56 - 2018-02-10 02:06 - 000100248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2018-05-13 07:56 - 2018-02-10 02:06 - 000087384 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2018-05-13 07:56 - 2018-02-10 02:05 - 000413888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-05-13 07:56 - 2018-02-10 02:04 - 000260896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-05-13 07:56 - 2018-02-10 02:04 - 000212880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2018-05-13 07:56 - 2018-02-10 02:03 - 000849304 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2018-05-13 07:56 - 2018-02-10 02:03 - 000098712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceReactivation.dll
2018-05-13 07:56 - 2018-02-10 01:07 - 000123808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2018-05-13 07:56 - 2018-02-10 01:07 - 000089504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2018-05-13 07:56 - 2018-02-10 01:07 - 000083216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbrand.dll
2018-05-13 07:56 - 2018-02-10 01:05 - 000718232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2018-05-13 07:56 - 2018-02-10 01:05 - 000386424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2018-05-13 07:56 - 2018-02-10 01:05 - 000193248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2018-05-13 07:56 - 2018-02-10 01:05 - 000129184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-05-13 07:56 - 2018-02-10 01:05 - 000079256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceReactivation.dll
2018-05-13 07:56 - 2018-02-10 01:05 - 000074992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2018-05-13 07:56 - 2018-02-10 00:46 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCShellCommonProxyStub.dll
2018-05-13 07:56 - 2018-02-10 00:44 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnify.exe
2018-05-13 07:56 - 2018-02-10 00:44 - 000427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreCommonProxyStub.dll
2018-05-13 07:56 - 2018-02-10 00:44 - 000388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2018-05-13 07:56 - 2018-02-10 00:44 - 000302592 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2018-05-13 07:56 - 2018-02-10 00:43 - 000580608 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2018-05-13 07:56 - 2018-02-10 00:43 - 000566272 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2018-05-13 07:56 - 2018-02-10 00:42 - 000731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Magnify.exe
2018-05-13 07:56 - 2018-02-10 00:41 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2018-05-13 07:56 - 2018-02-10 00:41 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2018-05-13 07:56 - 2018-02-10 00:40 - 000508416 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2018-05-13 07:56 - 2018-02-10 00:40 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2018-05-13 07:56 - 2018-02-10 00:39 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2018-05-13 07:56 - 2018-02-10 00:39 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2018-05-13 07:56 - 2018-02-10 00:38 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2018-05-13 07:56 - 2018-02-10 00:38 - 000506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2018-05-13 07:56 - 2018-02-10 00:37 - 000862208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2018-05-13 07:56 - 2018-02-10 00:36 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcomapi.dll
2018-05-13 07:56 - 2018-02-10 00:35 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2018-05-13 07:56 - 2018-02-10 00:34 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVXENCD.DLL
2018-05-13 07:56 - 2018-02-10 00:34 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSENCD.DLL
2018-05-13 07:56 - 2018-02-10 00:33 - 001661440 _____ (Microsoft Corporation) C:\WINDOWS\system32\vssapi.dll
2018-05-13 07:56 - 2018-02-10 00:33 - 000604672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2018-05-13 07:56 - 2018-02-10 00:33 - 000482816 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2018-05-13 07:56 - 2018-02-10 00:32 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVXENCD.DLL
2018-05-13 07:56 - 2018-02-08 23:35 - 000892872 _____ (Microsoft Corporation) C:\WINDOWS\system32\ortcengine.dll
2018-05-13 07:56 - 2018-02-08 23:35 - 000065992 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmmvrortc.dll
2018-05-13 07:56 - 2018-02-01 23:36 - 000649672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ortcengine.dll
2018-05-13 07:56 - 2018-02-01 23:36 - 000054720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmmvrortc.dll
2018-05-13 07:56 - 2018-01-01 07:24 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboutSettingsHandlers.dll
2018-05-13 07:56 - 2018-01-01 07:21 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2018-05-13 07:56 - 2018-01-01 07:19 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll
2018-05-13 07:56 - 2018-01-01 07:18 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2018-05-13 07:55 - 2018-05-03 02:16 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2018-05-13 07:55 - 2018-05-03 02:16 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-05-13 07:55 - 2018-05-03 02:15 - 000194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\itircl.dll
2018-05-13 07:55 - 2018-05-03 02:04 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-05-13 07:55 - 2018-05-03 01:58 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-05-13 07:55 - 2018-05-03 01:57 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itircl.dll
2018-05-13 07:55 - 2018-05-03 01:53 - 000540672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2018-05-13 07:55 - 2018-05-03 01:50 - 001474560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-05-13 07:55 - 2018-05-03 01:48 - 000408576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2018-05-13 07:55 - 2018-05-03 01:47 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-05-13 07:55 - 2018-04-15 16:34 - 000279472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shlwapi.dll
2018-05-13 07:55 - 2018-04-15 16:11 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2018-05-13 07:55 - 2018-04-15 16:11 - 000125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2018-05-13 07:55 - 2018-04-15 16:11 - 000113664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BitLockerCsp.dll
2018-05-13 07:55 - 2018-04-15 16:11 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\eShims.dll
2018-05-13 07:55 - 2018-04-15 16:10 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2018-05-13 07:55 - 2018-04-15 16:10 - 000192000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovs.dll
2018-05-13 07:55 - 2018-04-15 16:09 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncPolicy.dll
2018-05-13 07:55 - 2018-04-15 16:08 - 000490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2018-05-13 07:55 - 2018-04-15 16:07 - 000406016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2018-05-13 07:55 - 2018-04-15 16:07 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-05-13 07:55 - 2018-04-15 16:07 - 000312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2018-05-13 07:55 - 2018-04-15 16:07 - 000225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2018-05-13 07:55 - 2018-04-15 16:07 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2018-05-13 07:55 - 2018-04-15 16:07 - 000158208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twext.dll
2018-05-13 07:55 - 2018-04-15 16:07 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2018-05-13 07:55 - 2018-04-15 16:06 - 000377856 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2018-05-13 07:55 - 2018-04-15 16:05 - 000863744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2018-05-13 07:55 - 2018-04-15 16:05 - 000516608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2018-05-13 07:55 - 2018-04-15 16:05 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2018-05-13 07:55 - 2018-04-15 16:04 - 002523136 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2018-05-13 07:55 - 2018-04-15 16:04 - 000965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontext.dll
2018-05-13 07:55 - 2018-04-15 16:04 - 000648704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserLanguagesCpl.dll
2018-05-13 07:55 - 2018-04-15 16:04 - 000621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2018-05-13 07:55 - 2018-04-15 16:04 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2018-05-13 07:55 - 2018-04-15 16:03 - 003287040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncCenter.dll
2018-05-13 07:55 - 2018-04-15 16:03 - 002814976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2018-05-13 07:55 - 2018-04-15 16:03 - 000697344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2018-05-13 07:55 - 2018-04-15 16:03 - 000417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2018-05-13 07:55 - 2018-04-15 16:03 - 000383488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2018-05-13 07:55 - 2018-04-15 16:03 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2018-05-13 07:55 - 2018-04-15 16:00 - 000356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2018-05-13 07:55 - 2018-04-15 16:00 - 000252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
2018-05-13 07:55 - 2018-04-15 16:00 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe
2018-05-13 07:55 - 2018-04-15 15:59 - 001332736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2018-05-13 07:55 - 2018-04-15 15:59 - 000971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2018-05-13 07:55 - 2018-04-15 15:58 - 001472000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2018-05-13 07:55 - 2018-03-30 01:05 - 000059808 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvhostsvc.dll
2018-05-13 07:55 - 2018-03-30 01:05 - 000035744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SDFHost.dll
2018-05-13 07:55 - 2018-03-30 01:05 - 000022800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumbase.dll
2018-05-13 07:55 - 2018-03-30 01:03 - 000139680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2018-05-13 07:55 - 2018-03-30 01:03 - 000022400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2018-05-13 07:55 - 2018-03-30 01:01 - 000034208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fs_rec.sys
2018-05-13 07:55 - 2018-03-30 00:56 - 000018680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshhyperv.dll
2018-05-13 07:55 - 2018-03-30 00:52 - 000028520 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmbuspipe.dll
2018-05-13 07:55 - 2018-03-30 00:51 - 000125568 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2018-05-13 07:55 - 2018-03-30 00:18 - 000016600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshhyperv.dll
2018-05-13 07:55 - 2018-03-30 00:13 - 000073896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wwapi.dll
2018-05-13 07:55 - 2018-03-30 00:12 - 000186520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\logoncli.dll
2018-05-13 07:55 - 2018-03-29 23:44 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2018-05-13 07:55 - 2018-03-29 23:43 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2018-05-13 07:55 - 2018-03-29 23:42 - 000397824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2018-05-13 07:55 - 2018-03-29 23:41 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2018-05-13 07:55 - 2018-03-29 23:41 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2018-05-13 07:55 - 2018-03-29 23:41 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2018-05-13 07:55 - 2018-03-29 23:41 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2018-05-13 07:55 - 2018-03-29 23:40 - 000344064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-05-13 07:55 - 2018-03-29 23:39 - 001485312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2018-05-13 07:55 - 2018-03-29 23:38 - 000235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2018-05-13 07:55 - 2018-03-29 23:33 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2018-05-13 07:55 - 2018-03-29 23:33 - 000065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2018-05-13 07:55 - 2018-03-29 23:32 - 000198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2018-05-13 07:55 - 2018-03-29 23:32 - 000186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2018-05-13 07:55 - 2018-03-29 23:32 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2018-05-13 07:55 - 2018-03-29 23:32 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsnmp32.dll
2018-05-13 07:55 - 2018-03-29 23:31 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2018-05-13 07:55 - 2018-03-29 23:30 - 000748032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2018-05-13 07:55 - 2018-03-29 23:30 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmrdvcore.dll
2018-05-13 07:55 - 2018-03-29 23:30 - 000188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2018-05-13 07:55 - 2018-03-29 23:25 - 000374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2018-05-13 07:55 - 2018-03-29 23:23 - 000246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2018-05-13 07:55 - 2018-03-29 23:22 - 000826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
2018-05-13 07:55 - 2018-03-29 23:20 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys
2018-05-13 07:55 - 2018-03-13 02:58 - 000441248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2018-05-13 07:55 - 2018-03-13 02:55 - 000417440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2018-05-13 07:55 - 2018-03-13 02:52 - 000127136 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2018-05-13 07:55 - 2018-03-13 01:37 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelineprxy.dll
2018-05-13 07:55 - 2018-03-13 01:35 - 000245248 _____ (Microsoft Corporation) C:\WINDOWS\system32\icm32.dll
2018-05-13 07:55 - 2018-03-13 01:33 - 000278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2018-05-13 07:55 - 2018-03-13 01:32 - 000200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2018-05-13 07:55 - 2018-03-13 01:31 - 000596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mscms.dll
2018-05-13 07:55 - 2018-03-13 01:24 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2018-05-13 07:55 - 2018-03-13 01:23 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2018-05-13 07:55 - 2018-03-13 00:39 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\icm32.dll
2018-05-13 07:55 - 2018-03-13 00:38 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlgpclnt.dll
2018-05-13 07:55 - 2018-03-13 00:37 - 000537088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscms.dll
2018-05-13 07:55 - 2018-03-13 00:34 - 000706048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2018-05-13 07:55 - 2018-03-13 00:27 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2018-05-13 07:55 - 2018-03-01 23:02 - 000037888 _____ C:\WINDOWS\system32\SpectrumSyncClient.dll
2018-05-13 07:55 - 2018-03-01 23:01 - 000640000 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-05-13 07:55 - 2018-03-01 23:00 - 000248320 _____ (Microsoft Corporation) C:\WINDOWS\system32\svf.dll
2018-05-13 07:55 - 2018-03-01 16:28 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll
2018-05-13 07:55 - 2018-03-01 03:10 - 000022936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys
2018-05-13 07:55 - 2018-03-01 01:55 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-05-13 07:55 - 2018-02-10 00:48 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2018-05-13 07:55 - 2018-02-10 00:47 - 000201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
2018-05-13 07:55 - 2018-02-10 00:46 - 000199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll
2018-05-13 07:55 - 2018-02-10 00:46 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2018-05-13 07:55 - 2018-02-10 00:46 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsetup.dll
2018-05-13 07:55 - 2018-02-10 00:46 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2018-05-13 07:55 - 2018-02-10 00:45 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2018-05-13 07:55 - 2018-02-10 00:45 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2018-05-13 07:55 - 2018-02-10 00:45 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshhttp.dll
2018-05-13 07:55 - 2018-02-10 00:44 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssprxy.dll
2018-05-13 07:55 - 2018-02-10 00:43 - 003756032 _____ (Microsoft Corporation) C:\WINDOWS\system32\bootux.dll
2018-05-13 07:55 - 2018-02-10 00:43 - 000311808 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2018-05-13 07:55 - 2018-02-10 00:43 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shsetup.dll
2018-05-13 07:55 - 2018-02-10 00:43 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCShellCommonProxyStub.dll
2018-05-13 07:55 - 2018-02-10 00:42 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppLockerCSP.dll
2018-05-13 07:55 - 2018-02-10 00:42 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshhttp.dll
2018-05-13 07:55 - 2018-02-10 00:41 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2018-05-13 07:55 - 2018-02-10 00:41 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2018-05-13 07:55 - 2018-02-10 00:40 - 002873344 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2018-05-13 07:55 - 2018-02-10 00:40 - 000886784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2018-05-13 07:55 - 2018-02-10 00:40 - 000298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2018-05-13 07:55 - 2018-02-10 00:40 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll
2018-05-13 07:55 - 2018-02-10 00:40 - 000195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreCommonProxyStub.dll
2018-05-13 07:55 - 2018-02-10 00:39 - 000908800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontext.dll
2018-05-13 07:55 - 2018-02-10 00:39 - 000721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2018-05-13 07:55 - 2018-02-10 00:39 - 000680960 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll
2018-05-13 07:55 - 2018-02-10 00:38 - 000653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sud.dll
2018-05-13 07:55 - 2018-02-10 00:37 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\system32\srchadmin.dll
2018-05-13 07:55 - 2018-02-10 00:36 - 000141824 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2018-05-13 07:55 - 2018-02-10 00:35 - 005388800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2018-05-13 07:55 - 2018-02-10 00:35 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2018-05-13 07:55 - 2018-02-10 00:33 - 000621568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2018-05-13 07:55 - 2018-02-10 00:33 - 000620544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-05-13 07:55 - 2018-02-10 00:33 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmcbase.dll
2018-05-13 07:55 - 2018-02-10 00:32 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSENCD.DLL
2018-05-13 07:55 - 2018-02-10 00:31 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vssapi.dll
2018-05-13 07:55 - 2018-01-01 08:38 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys
2018-05-13 07:55 - 2018-01-01 07:49 - 000258808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2018-05-13 07:55 - 2018-01-01 07:21 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2018-05-13 07:55 - 2018-01-01 07:21 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspptp.sys
2018-05-13 07:55 - 2018-01-01 07:21 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2018-05-13 07:55 - 2018-01-01 07:20 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardDlg.dll
2018-05-13 07:55 - 2018-01-01 07:18 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll
2018-05-13 07:55 - 2018-01-01 07:17 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msoert2.dll
2018-05-13 07:54 - 2018-05-03 02:18 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2018-05-13 07:54 - 2018-05-03 02:18 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2018-05-13 07:54 - 2018-05-03 02:16 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2018-05-13 07:54 - 2018-05-03 02:16 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2018-05-13 07:54 - 2018-05-03 02:14 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-05-13 07:54 - 2018-05-03 02:14 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2018-05-13 07:54 - 2018-05-03 02:03 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-05-13 07:54 - 2018-05-03 02:02 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2018-05-13 07:54 - 2018-05-03 02:00 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2018-05-13 07:54 - 2018-05-03 01:56 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2018-05-13 07:54 - 2018-05-03 01:56 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2018-05-13 07:54 - 2018-05-03 01:55 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-05-13 07:54 - 2018-04-15 16:14 - 000436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2018-05-13 07:54 - 2018-04-15 16:12 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssitlb.dll
2018-05-13 07:54 - 2018-04-15 16:10 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2018-05-13 07:54 - 2018-04-15 16:10 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncPolicy.dll
2018-05-13 07:54 - 2018-04-15 16:09 - 000153600 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2018-05-13 07:54 - 2018-04-15 16:09 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2018-05-13 07:54 - 2018-04-15 16:09 - 000037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2018-05-13 07:54 - 2018-04-15 16:08 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2018-05-13 07:54 - 2018-04-15 16:07 - 000252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2018-05-13 07:54 - 2018-04-15 16:07 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2018-05-13 07:54 - 2018-04-15 16:07 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2018-05-13 07:54 - 2018-04-15 16:07 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2018-05-13 07:54 - 2018-04-15 16:06 - 000421376 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2018-05-13 07:54 - 2018-04-15 16:06 - 000139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2018-05-13 07:54 - 2018-04-15 16:04 - 002490880 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2018-05-13 07:54 - 2018-04-15 16:03 - 002462208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2018-05-13 07:54 - 2018-04-15 16:01 - 000194560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2018-05-13 07:54 - 2018-04-15 16:01 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe
2018-05-13 07:54 - 2018-04-15 16:00 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2018-05-13 07:54 - 2018-04-15 16:00 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2018-05-13 07:54 - 2018-04-15 16:00 - 000215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2018-05-13 07:54 - 2018-04-15 15:58 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2018-05-13 07:54 - 2018-03-29 23:43 - 000233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\url.dll
2018-05-13 07:54 - 2018-03-29 23:43 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IEAdvpack.dll
2018-05-13 07:54 - 2018-03-29 23:43 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsnmp32.dll
2018-05-13 07:54 - 2018-03-29 23:43 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\virtdisk.dll
2018-05-13 07:54 - 2018-03-29 23:42 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2018-05-13 07:54 - 2018-03-29 23:42 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2018-05-13 07:54 - 2018-03-29 23:41 - 000126464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\occache.dll
2018-05-13 07:54 - 2018-03-29 23:40 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2018-05-13 07:54 - 2018-03-29 23:38 - 000966656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2018-05-13 07:54 - 2018-03-29 23:35 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\convertvhd.exe
2018-05-13 07:54 - 2018-03-29 23:35 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2018-05-13 07:54 - 2018-03-29 23:35 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhvr.sys
2018-05-13 07:54 - 2018-03-29 23:33 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2018-05-13 07:54 - 2018-03-29 23:33 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\irda.sys
2018-05-13 07:54 - 2018-03-29 23:33 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storqosflt.sys
2018-05-13 07:54 - 2018-03-29 23:33 - 000072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\IcsEntitlementHost.exe
2018-05-13 07:54 - 2018-03-29 23:33 - 000055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\virtdisk.dll
2018-05-13 07:54 - 2018-03-29 23:33 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dmvsc.sys
2018-05-13 07:54 - 2018-03-29 23:33 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnEapPeerProxy.dll
2018-05-13 07:54 - 2018-03-29 23:33 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnEapAuthProxy.dll
2018-05-13 07:54 - 2018-03-29 23:33 - 000028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\HyperVideo.sys
2018-05-13 07:54 - 2018-03-29 23:33 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\VMBusHID.sys
2018-05-13 07:54 - 2018-03-29 23:33 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidtel.exe
2018-05-13 07:54 - 2018-03-29 23:33 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasacd.sys
2018-05-13 07:54 - 2018-03-29 23:33 - 000017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmApplicationHealthMonitorProxy.dll
2018-05-13 07:54 - 2018-03-29 23:33 - 000016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hyperkbd.sys
2018-05-13 07:54 - 2018-03-29 23:33 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmgencounter.sys
2018-05-13 07:54 - 2018-03-29 23:33 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmgid.sys
2018-05-13 07:54 - 2018-03-29 23:32 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2018-05-13 07:54 - 2018-03-29 23:32 - 000065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndisuio.sys
2018-05-13 07:54 - 2018-03-29 23:32 - 000065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\lltdio.sys
2018-05-13 07:54 - 2018-03-29 23:32 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Synth3dVsc.sys
2018-05-13 07:54 - 2018-03-29 23:32 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2018-05-13 07:54 - 2018-03-29 23:32 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-05-13 07:54 - 2018-03-29 23:31 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2018-05-13 07:54 - 2018-03-29 23:31 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2018-05-13 07:54 - 2018-03-29 23:31 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\IEAdvpack.dll
2018-05-13 07:54 - 2018-03-29 23:31 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2018-05-13 07:54 - 2018-03-29 23:30 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2018-05-13 07:54 - 2018-03-29 23:30 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2018-05-13 07:54 - 2018-03-29 23:29 - 000723968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
2018-05-13 07:54 - 2018-03-29 23:28 - 000147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2018-05-13 07:54 - 2018-03-29 23:27 - 000889856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2018-05-13 07:54 - 2018-03-29 23:23 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys
2018-05-13 07:54 - 2018-03-29 23:22 - 000027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpbus.sys
2018-05-13 07:54 - 2018-03-29 23:22 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\beep.sys
2018-05-13 07:54 - 2018-03-29 23:20 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2018-05-13 07:54 - 2018-03-29 23:20 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2018-05-13 07:54 - 2018-03-29 23:20 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msfs.sys
2018-05-13 07:54 - 2018-03-13 01:38 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2018-05-13 07:54 - 2018-03-13 01:38 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2018-05-13 07:54 - 2018-03-13 01:37 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetDriverInstall.dll
2018-05-13 07:54 - 2018-03-13 01:37 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2018-05-13 07:54 - 2018-03-13 01:35 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2018-05-13 07:54 - 2018-03-13 01:35 - 000240128 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsAuth.dll
2018-05-13 07:54 - 2018-03-13 01:35 - 000219648 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsCfg.dll
2018-05-13 07:54 - 2018-03-13 01:35 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlgpclnt.dll
2018-05-13 07:54 - 2018-03-13 01:34 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2018-05-13 07:54 - 2018-03-13 01:33 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpmon.dll
2018-05-13 07:54 - 2018-03-13 01:32 - 000286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2018-05-13 07:54 - 2018-03-13 01:26 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2018-05-13 07:54 - 2018-03-13 01:25 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2018-05-13 07:54 - 2018-03-13 01:22 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\racpldlg.dll
2018-05-13 07:54 - 2018-03-13 00:40 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\compstui.dll
2018-05-13 07:54 - 2018-03-13 00:39 - 000164352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TtlsCfg.dll
2018-05-13 07:54 - 2018-03-13 00:37 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2018-05-13 07:54 - 2018-03-13 00:37 - 000091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2018-05-13 07:54 - 2018-03-13 00:36 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2018-05-13 07:54 - 2018-03-13 00:31 - 001348608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-05-13 07:54 - 2018-03-01 01:53 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2018-05-13 07:54 - 2018-02-10 00:48 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtClient.dll
2018-05-13 07:54 - 2018-02-10 00:45 - 000288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsku.dll
2018-05-13 07:54 - 2018-02-10 00:45 - 000016384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EnterpriseAppMgmtClient.dll
2018-05-13 07:54 - 2018-02-10 00:43 - 000247296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winsku.dll
2018-05-13 07:54 - 2018-02-10 00:43 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2018-05-13 07:54 - 2018-02-10 00:43 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2018-05-13 07:54 - 2018-02-10 00:42 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
2018-05-13 07:54 - 2018-02-10 00:42 - 000184832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2018-05-13 07:54 - 2018-02-10 00:42 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContent.dll
2018-05-13 07:54 - 2018-02-10 00:42 - 000160256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll
2018-05-13 07:54 - 2018-02-10 00:42 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rshx32.dll
2018-05-13 07:54 - 2018-02-10 00:42 - 000024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\regsvr32.exe
2018-05-13 07:54 - 2018-02-10 00:41 - 000504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2018-05-13 07:54 - 2018-02-10 00:41 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netplwiz.dll
2018-05-13 07:54 - 2018-02-10 00:41 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2018-05-13 07:54 - 2018-02-10 00:40 - 000940544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2018-05-13 07:54 - 2018-02-10 00:40 - 000691200 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2018-05-13 07:54 - 2018-02-10 00:40 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2018-05-13 07:54 - 2018-02-10 00:40 - 000177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2018-05-13 07:54 - 2018-02-10 00:39 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sysdm.cpl
2018-05-13 07:54 - 2018-02-10 00:39 - 000020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\regsvr32.exe
2018-05-13 07:54 - 2018-02-10 00:38 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeHelper.dll
2018-05-13 07:54 - 2018-02-10 00:37 - 000199680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe
2018-05-13 07:54 - 2018-02-10 00:35 - 000796160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2018-05-13 07:54 - 2018-02-10 00:35 - 000332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srchadmin.dll
2018-05-13 07:54 - 2018-02-10 00:34 - 006532096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2018-05-13 07:54 - 2018-02-10 00:34 - 000111104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.ProxyStub.dll
2018-05-13 07:54 - 2018-02-10 00:33 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe
2018-05-13 07:54 - 2018-02-10 00:32 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.ProxyStub.dll
2018-05-13 07:54 - 2018-02-10 00:31 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmcbase.dll
2018-05-13 07:54 - 2018-01-01 07:22 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2018-05-13 07:54 - 2018-01-01 07:22 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2018-05-13 07:54 - 2018-01-01 07:20 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2018-05-13 07:54 - 2018-01-01 07:19 - 000188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2018-05-13 07:54 - 2018-01-01 07:19 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msoert2.dll
2018-05-13 07:54 - 2018-01-01 07:18 - 000082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2018-05-13 07:54 - 2018-01-01 07:10 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscproxystub.dll
2018-05-13 07:54 - 2018-01-01 07:06 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscproxystub.dll
2018-05-13 07:53 - 2018-05-03 02:16 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-05-13 07:53 - 2018-05-03 02:15 - 000055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll
2018-05-13 07:53 - 2018-05-03 02:03 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcadm.dll
2018-05-13 07:53 - 2018-05-03 02:03 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaevts.dll
2018-05-13 07:53 - 2018-05-03 01:57 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2018-05-13 07:53 - 2018-04-15 16:14 - 000047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2018-05-13 07:53 - 2018-04-15 16:14 - 000038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2018-05-13 07:53 - 2018-04-15 16:13 - 000084992 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2018-05-13 07:53 - 2018-03-29 23:45 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2018-05-13 07:53 - 2018-03-29 23:44 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PimIndexMaintenanceClient.dll
2018-05-13 07:53 - 2018-03-29 23:44 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-05-13 07:53 - 2018-03-29 23:43 - 000152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iexpress.exe
2018-05-13 07:53 - 2018-03-29 23:43 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wextract.exe
2018-05-13 07:53 - 2018-03-29 23:43 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2018-05-13 07:53 - 2018-03-29 23:43 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2018-05-13 07:53 - 2018-03-29 23:43 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2018-05-13 07:53 - 2018-03-29 23:43 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2018-05-13 07:53 - 2018-03-29 23:43 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2018-05-13 07:53 - 2018-03-29 23:43 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pngfilt.dll
2018-05-13 07:53 - 2018-03-29 23:43 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2018-05-13 07:53 - 2018-03-29 23:43 - 000013824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedssync.exe
2018-05-13 07:53 - 2018-03-29 23:43 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshta.exe
2018-05-13 07:53 - 2018-03-29 23:43 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2018-05-13 07:53 - 2018-03-29 23:42 - 000253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdm.tsp
2018-05-13 07:53 - 2018-03-29 23:42 - 000099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2018-05-13 07:53 - 2018-03-29 23:42 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inseng.dll
2018-05-13 07:53 - 2018-03-29 23:42 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imgutil.dll
2018-05-13 07:53 - 2018-03-29 23:42 - 000027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licmgr10.dll
2018-05-13 07:53 - 2018-03-29 23:40 - 000314880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2018-05-13 07:53 - 2018-03-29 23:40 - 000257536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2018-05-13 07:53 - 2018-03-29 23:40 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\keyiso.dll
2018-05-13 07:53 - 2018-03-29 23:40 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedsbs.dll
2018-05-13 07:53 - 2018-03-29 23:39 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2018-05-13 07:53 - 2018-03-29 23:36 - 000276992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2018-05-13 07:53 - 2018-03-29 23:35 - 000371200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskcomp.dll
2018-05-13 07:53 - 2018-03-29 23:35 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2018-05-13 07:53 - 2018-03-29 23:35 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2018-05-13 07:53 - 2018-03-29 23:34 - 000339456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SessEnv.dll
2018-05-13 07:53 - 2018-03-29 23:33 - 000707584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2018-05-13 07:53 - 2018-03-29 23:33 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2018-05-13 07:53 - 2018-03-29 23:33 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2018-05-13 07:53 - 2018-03-29 23:33 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2018-05-13 07:53 - 2018-03-29 23:33 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenanceClient.dll
2018-05-13 07:53 - 2018-03-29 23:33 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmictimeprovider.dll
2018-05-13 07:53 - 2018-03-29 23:33 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysntfy.dll
2018-05-13 07:53 - 2018-03-29 23:33 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\nrpsrv.dll
2018-05-13 07:53 - 2018-03-29 23:33 - 000012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2018-05-13 07:53 - 2018-03-29 23:33 - 000009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vms3cap.sys
2018-05-13 07:53 - 2018-03-29 23:33 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-05-13 07:53 - 2018-03-29 23:32 - 000167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iexpress.exe
2018-05-13 07:53 - 2018-03-29 23:32 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wextract.exe
2018-05-13 07:53 - 2018-03-29 23:32 - 000125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2018-05-13 07:53 - 2018-03-29 23:32 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\efslsaext.dll
2018-05-13 07:53 - 2018-03-29 23:32 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2018-05-13 07:53 - 2018-03-29 23:32 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll
2018-05-13 07:53 - 2018-03-29 23:32 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\efssvc.dll
2018-05-13 07:53 - 2018-03-29 23:32 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerSvc.dll
2018-05-13 07:53 - 2018-03-29 23:32 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdPnp.dll
2018-05-13 07:53 - 2018-03-29 23:32 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2018-05-13 07:53 - 2018-03-29 23:32 - 000032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2018-05-13 07:53 - 2018-03-29 23:32 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmiprop.dll
2018-05-13 07:53 - 2018-03-29 23:32 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWNet.dll
2018-05-13 07:53 - 2018-03-29 23:32 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfhost.exe
2018-05-13 07:53 - 2018-03-29 23:32 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshta.exe
2018-05-13 07:53 - 2018-03-29 23:32 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe
2018-05-13 07:53 - 2018-03-29 23:32 - 000008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\gpuenergydrv.sys
2018-05-13 07:53 - 2018-03-29 23:31 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2018-05-13 07:53 - 2018-03-29 23:31 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp
2018-05-13 07:53 - 2018-03-29 23:31 - 000286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsvc.dll
2018-05-13 07:53 - 2018-03-29 23:31 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerServer.dll
2018-05-13 07:53 - 2018-03-29 23:31 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WPTaskScheduler.dll
2018-05-13 07:53 - 2018-03-29 23:31 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2018-05-13 07:53 - 2018-03-29 23:31 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2018-05-13 07:53 - 2018-03-29 23:31 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2018-05-13 07:53 - 2018-03-29 23:31 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\keyiso.dll
2018-05-13 07:53 - 2018-03-29 23:31 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2018-05-13 07:53 - 2018-03-29 23:31 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\nsisvc.dll
2018-05-13 07:53 - 2018-03-29 23:30 - 000309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsvcext.dll
2018-05-13 07:53 - 2018-03-29 23:30 - 000284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2018-05-13 07:53 - 2018-03-29 23:30 - 000262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrokerLib.dll
2018-05-13 07:53 - 2018-03-29 23:29 - 000379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2018-05-13 07:53 - 2018-03-29 23:29 - 000298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2018-05-13 07:53 - 2018-03-29 23:29 - 000253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3svc.dll
2018-05-13 07:53 - 2018-03-29 23:28 - 001245184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2018-05-13 07:53 - 2018-03-29 23:28 - 000820224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2018-05-13 07:53 - 2018-03-29 23:27 - 000947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2018-05-13 07:53 - 2018-03-29 23:27 - 000332288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2018-05-13 07:53 - 2018-03-29 23:27 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ssdpsrv.dll
2018-05-13 07:53 - 2018-03-29 23:25 - 000276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2018-05-13 07:53 - 2018-03-29 23:25 - 000270848 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2018-05-13 07:53 - 2018-03-29 23:23 - 000387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SessEnv.dll
2018-05-13 07:53 - 2018-03-29 23:20 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdPnp.dll
2018-05-13 07:53 - 2018-03-29 23:20 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmiprop.dll
2018-05-13 07:53 - 2018-03-29 23:20 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWNet.dll
2018-05-13 07:53 - 2018-03-29 23:20 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\null.sys
2018-05-13 07:53 - 2018-03-13 01:32 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2018-05-13 07:53 - 2018-03-13 01:31 - 002849792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2018-05-13 07:53 - 2018-03-13 01:31 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2018-05-13 07:53 - 2018-03-13 00:32 - 001948672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2018-05-13 07:53 - 2018-03-01 01:49 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2018-05-13 07:53 - 2018-02-10 00:46 - 000004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2018-05-12 12:40 - 2018-05-12 12:40 - 000001291 _____ C:\Users\Earley Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Drive.lnk
2018-05-12 12:39 - 2018-05-12 12:40 - 000000000 ____D C:\Users\Earley Laptop\AppData\Local\Amazon Drive
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-04 19:24 - 2013-11-24 17:53 - 000000000 ____D C:\FRST
2018-06-04 19:20 - 2018-02-05 03:28 - 000004184 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B50B7D0A-119A-4E41-89F2-C7524BF57F87}
2018-06-04 19:13 - 2018-02-05 02:54 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-06-04 19:03 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-06-04 18:07 - 2017-09-29 09:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-06-04 18:07 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-06-01 18:57 - 2017-09-29 09:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-06-01 18:54 - 2017-09-29 09:44 - 000000000 ____D C:\WINDOWS\INF
2018-06-01 18:51 - 2009-10-30 17:25 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-05-31 18:57 - 2018-02-12 20:52 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-05-29 22:32 - 2018-02-05 16:19 - 000000000 ____D C:\WINDOWS\Minidump
2018-05-29 19:16 - 2015-04-16 17:10 - 000000000 ____D C:\ProgramData\boost_interprocess
2018-05-29 19:05 - 2018-02-05 02:59 - 000000000 ____D C:\Users\Earley Laptop
2018-05-29 19:05 - 2009-10-30 17:28 - 000000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2018-05-29 18:56 - 2018-02-05 03:28 - 000004210 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-05-29 18:54 - 2018-02-05 02:58 - 001186744 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-05-29 18:47 - 2018-02-05 03:28 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-05-27 18:14 - 2012-01-02 16:19 - 000000000 ____D C:\Users\Earley Laptop\AppData\Roaming\com.aspexsoftware.Silhouette_Studio
2018-05-20 08:21 - 2017-09-29 09:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-05-17 18:49 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\rescache
2018-05-17 18:28 - 2018-02-05 03:28 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-17 18:28 - 2018-02-05 03:28 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-16 19:21 - 2013-07-18 07:47 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-13 13:19 - 2017-09-29 04:45 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2018-05-13 13:04 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-05-13 10:11 - 2018-02-05 15:42 - 000000000 ___RD C:\Users\Earley Laptop\3D Objects
2018-05-13 10:11 - 2016-02-13 09:20 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-05-13 09:58 - 2017-09-29 09:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-05-13 09:58 - 2017-09-29 09:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2018-05-13 09:58 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-05-13 09:58 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-05-13 09:57 - 2017-09-29 09:46 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-05-13 09:57 - 2017-09-29 09:46 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2018-05-13 09:57 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-05-13 09:57 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\migwiz
2018-05-13 09:57 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-05-13 09:57 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-05-13 09:57 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\Provisioning
2018-05-13 09:57 - 2017-09-29 04:45 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-05-13 09:57 - 2017-09-29 04:45 - 000000000 ____D C:\WINDOWS\servicing
2018-05-13 09:56 - 2017-09-29 09:46 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-05-13 09:56 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-05-13 09:43 - 2016-02-20 10:54 - 000000000 ____D C:\Program Files\CCleaner
2018-05-12 14:49 - 2013-08-15 03:01 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-05-12 12:35 - 2017-10-11 18:23 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-05-11 19:26 - 2009-12-31 17:14 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-05-08 21:05 - 2018-03-13 18:19 - 000004604 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-05-08 21:05 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-05-08 21:05 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
 
==================== Files in the root of some directories =======
 
2011-12-22 12:18 - 2014-12-15 09:41 - 000007920 _____ () C:\Users\Earley Laptop\AppData\Roaming\UserTile.png
2015-01-16 23:22 - 2015-01-16 23:22 - 000000067 _____ () C:\Users\Earley Laptop\AppData\Roaming\WB.CFG
2009-12-25 00:54 - 2017-07-23 11:59 - 000031472 _____ () C:\Users\Earley Laptop\AppData\Roaming\wklnhst.dat
2009-12-25 00:49 - 2014-10-14 10:04 - 000024576 _____ () C:\Users\Earley Laptop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-06-20 20:55 - 2016-06-20 20:55 - 000004675 _____ () C:\Users\Earley Laptop\AppData\Local\OpalViewerUser.xml
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-06-03 19:28
 
==================== End of FRST.txt ============================
 


BC AdBot (Login to Remove)

 


#2 Fleetwolf90

Fleetwolf90
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:12:42 PM

Posted 04 June 2018 - 06:49 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03.06.2018
Ran by Earley Laptop (04-06-2018 19:29:43)
Running from C:\Users\Earley Laptop\Downloads
Windows 10 Home Version 1709 16299.431 (X64) (2018-02-05 07:31:58)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2224422032-3815502487-2643779824-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2224422032-3815502487-2643779824-503 - Limited - Disabled)
Earley Laptop (S-1-5-21-2224422032-3815502487-2643779824-1001 - Administrator - Enabled) => C:\Users\Earley Laptop
Guest (S-1-5-21-2224422032-3815502487-2643779824-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2224422032-3815502487-2643779824-1002 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-2224422032-3815502487-2643779824-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.6.0.5970 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.171 - Adobe Systems Incorporated)
Adobe Reader 9.4.5 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A94000000001}) (Version: 9.4.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Amazon Drive (HKU\S-1-5-21-2224422032-3815502487-2643779824-1001\...\Amazon Drive) (Version: 5.4.1 - Amazon.com, Inc.)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-2224422032-3815502487-2643779824-1001\...\Amazon Amazon Music) (Version: 3.0.5.567 - Amazon Services LLC)
Amazon Music Importer (HKLM-x32\...\{98823CC0-51DA-565C-FF90-DCC72D47BD24}) (Version: 2.0.1 - Amazon Services LLC) Hidden
Amazon Music Importer (HKLM-x32\...\com.amazon.music.uploader) (Version: 2.0.1 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{05E07D23-91E9-4E70-A4CC-EF505088F967}) (Version: 5.4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{741291DA-2B34-4D44-8FB6-58EDE21261D8}) (Version: 5.4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{DB18F1C0-846F-46F5-A074-5B97C8AF5C8E}) (Version: 10.3.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
ASUS RT-N66U Wireless Router Utilities (HKLM-x32\...\{88CA8932-7987-4D7A-BEE3-227BDB3CA888}) (Version: 4.2.3.9 - ASUS)
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.42 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Complete Control Program (Commercial Version) (HKLM-x32\...\{C5477B91-B5E3-44F2-BDC7-6951C37744FC}) (Version: 1.00.000 - Universal Remote Control, Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell Dock (HKLM\...\{E60B7350-EA5F-41E0-9D6F-E508781E36D2}) (Version: 2.0.0 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 13.2.2.2 - Synaptics Incorporated)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
DIRECTV Player (HKLM-x32\...\{C199DEA2-657E-46C2-9FDB-7C1C068B6B35}) (Version: 5.2 - DIRECTV)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.181 - Google Inc.)
Google Earth Pro (HKLM\...\{D9EF644E-2FAE-493B-8180-5617CC774C4F}) (Version: 7.3.1.4507 - Google)
Google Quick Search Box (HKLM-x32\...\Quick Search Box) (Version: 1.2.1151.245 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HP Dropbox Plugin (HKLM-x32\...\{3E261474-8DF2-463B-984E-0B6396F58D1C}) (Version: 36.0.39.57346 - HP)
HP Google Drive Plugin (HKLM-x32\...\{9469285B-AB76-434A-8533-2EE643318F2E}) (Version: 36.0.39.57346 - HP)
HP OfficeJet Pro 8710 Basic Device Software (HKLM\...\{FD93EB2A-3768-4B16-BDDF-3E2F5667A0A0}) (Version: 38.1.1881.57490 - HP Inc.)
HP OfficeJet Pro 8710 Help (HKLM-x32\...\{92B8A892-1D92-407A-BF5E-26DCE71B9B12}) (Version: 38.0.0 - HP)
I.R.I.S. OCR (HKLM-x32\...\{093C645A-294E-41E4-904C-DDF13DC47A27}) (Version: 12.3.6.12 - HP)
iCloud (HKLM\...\{7F40A9A7-B3BE-4EA8-B052-60449F6C3C02}) (Version: 6.2.1.67 - Apple Inc.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
iTunes (HKLM\...\{6C01A0A7-7440-4D48-93C6-2927A1E93FE6}) (Version: 12.6.0.100 - Apple Inc.)
Java 8 Update 111 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
Microsoft IntelliPoint 7.0 (HKLM\...\{C74A84EC-7C5F-4C36-A4A6-381E516D643B}) (Version: 7.0.260.0 - Microsoft)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.9330.2087 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2224422032-3815502487-2643779824-1001\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9330.2087 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9330.2087 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9330.2087 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9330.2087 - Microsoft Corporation) Hidden
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)
PrintingPress MPDL 6.0 (HKLM\...\{08BE2BF1-8B71-41F3-9131-8C55377FFD6A}) (Version: 6.0 - Mountaincow LLC)
Product Improvement Study for HP OfficeJet Pro 8710 (HKLM\...\{61812F25-2589-498B-AED9-40CBC641247E}) (Version: 38.1.1881.57490 - HP Inc.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.6.6 - Dell Inc.)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.0 - Roxio)
Silhouette Studio (HKLM-x32\...\{72328563-1539-4B32-827E-7FC7536E1241}) (Version: 3.6.057 - Silhouette America)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{AC0D130B-8809-4125-811F-667893B90644}) (Version: 2.11.0.0 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version:  - Yahoo Inc.)
Yahoo! BrowserPlus 2.8.1 (HKU\S-1-5-21-2224422032-3815502487-2643779824-1001\...\Yahoo! BrowserPlus) (Version:  - Yahoo! Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-03-16] (Apple Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers4: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {04253B3F-D6DA-40F0-9B4F-C6B5D209FFE5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {05A1C734-16A0-4777-90DF-7698555F3182} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-06-01] (Microsoft Corporation)
Task: {07B3FFAC-7A9C-48C5-82FC-CAACDEC19CEB} - \Google Software Updater -> No File <==== ATTENTION
Task: {096C32CA-E61A-4281-8673-D1EEF75CAD2C} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {0C521FC2-449D-41AC-9FCE-43A8BB04776C} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0EE0BD31-2AB2-46F6-98DB-0749EDE70E98} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-04-12] (Piriform Ltd)
Task: {116A909A-B2C7-42CB-9950-B3E0209688A9} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {15321B59-0F7A-4E49-AE55-B276159E35CC} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_171_Plugin.exe [2018-05-08] (Adobe Systems Incorporated)
Task: {154A0621-E0B4-44F5-94E3-8E5F595E2A70} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {1C3438EB-3A50-42F9-8C61-80215A82EA0D} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1D0779BD-6895-4031-BAF8-18784939EA2B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {1D2CE114-8D07-4609-9C6B-1A47E4F3D076} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-05-24] (Microsoft Corporation)
Task: {236DC425-9538-4996-A81E-E64DB4BF174D} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {275A57C6-9FF5-49D8-A3F5-24536552E268} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {2C654F85-5273-40E6-A7F5-B12745073224} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {315B1F76-8939-4278-91EA-81B5F779C37A} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {351DC86A-EE7E-49B0-9120-FE8EB9F44F59} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {37B9D36D-FB1C-45F0-8A90-FE9FB2B49980} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {3ACF64F9-EDA8-422B-97EE-A98D225D120F} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-04-12] (Piriform Ltd)
Task: {3BEE400D-D389-462F-A6C3-AB145367F70A} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
Task: {3DDAAD13-A2DF-4315-959B-9C794C996A16} - System32\Tasks\HPCustParticipation HP OfficeJet Pro 8710 => C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\HPCustPartic.exe [2015-08-31] (HP Inc.)
Task: {3F3734D1-0E0F-482F-B165-5412CBCAB2B6} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {3FD8FD42-670F-4DB6-A0C8-B492A970DFE5} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {3FDCF01B-7863-426D-BCE3-5B2FDC82E60D} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4719C25A-9A84-485E-BA45-0A7BF0E38F90} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {4D9AA341-4CEB-43B4-9069-2ACAE7A45493} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {50C37635-3715-45A5-BDCD-9658950E23B5} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {5B986D8C-A0F0-4DEA-B567-521E64C372E1} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-06-01] (Microsoft Corporation)
Task: {5CDF8055-0AD2-4567-A1DA-794C6844BEBC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MpCmdRun.exe [2018-05-31] (Microsoft Corporation)
Task: {607AB89D-AC9B-43C9-8F48-C246211E6707} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {616C8EF3-2364-4969-95BF-4498D3EBE3D4} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2009-05-26] (Microsoft Corporation)
Task: {791CA96A-BA56-4B56-863D-17CF5505ED37} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7941724F-1C44-4632-99AF-CE43F3AB20E5} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7955D45A-2613-4966-BB95-6B790F1AE8B0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {79A1C700-FEDE-4008-A72A-FB4E7A8D5744} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7FDDDCF8-0349-4D50-B645-E73CC5CD4B21} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8EF4E70C-3A7E-4FD2-8CA3-2ABBBEC6324B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {98DDD080-6BF4-414E-8789-0227C463BFB8} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {A1BAD9F3-4406-48BA-AF3B-27E3A8A1E16E} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A3614D6D-A704-452D-8333-29C4FA8F1891} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {AA293311-4F0B-443D-A2C4-E308577DD965} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {AECF51B3-3A4A-4A1B-8057-431FBFBC6237} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-05-24] (Microsoft Corporation)
Task: {B347BA9F-CB32-4851-87BC-F22AE25EB4AF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-06-01] (Microsoft Corporation)
Task: {B4BA3887-B96C-4DE8-9008-7E4785413C9B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-05-08] (Adobe Systems Incorporated)
Task: {BC5EF293-4E68-42E9-A538-B3AF027DB113} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {BF7AB313-6889-42DC-85DB-82E6DC30E8E9} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-06-01] (Microsoft Corporation)
Task: {C2B87C46-5C0B-4852-AEC2-C368D72588E1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MpCmdRun.exe [2018-05-31] (Microsoft Corporation)
Task: {C4FD2ABC-35DD-4FB6-BDA9-C9DC7F3DAE13} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {D27B9295-2666-476A-B678-6771AC05A2E0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MpCmdRun.exe [2018-05-31] (Microsoft Corporation)
Task: {D2DC8E20-B7C9-423A-BB44-531C715960DF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {DB8C47E0-38AD-49C9-A94B-58D1772BD521} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {DE56FFE9-1354-497F-873D-E253C37ED3AB} - System32\Tasks\{FA97FD24-B2BF-4431-9D40-F89AE8BFA58C} => C:\Program Files (x86)\Silhouette Studio\Silhouette Studio.exe [2015-10-28] ()
Task: {E12A9FD8-BD17-4889-91F4-7B613B41EFD4} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {E4F48532-B40D-4DC8-B4BE-392F646B7E1A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {E643456E-5C7D-4CE7-9119-EBAC27B2B48A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {E954AC9D-6F11-4EF2-BC99-567C4105E95E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {E9ADEA23-4B92-4204-9E01-870515C8B452} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe [2018-05-04] (Microsoft Corporation)
Task: {E9FABF18-EB3A-43DF-9556-D27F28BC795F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MpCmdRun.exe [2018-05-31] (Microsoft Corporation)
Task: {EE5F6825-7C62-44C5-9B59-14E4AE89D21D} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F1CB5DFC-00D6-4E81-9A84-AEEEBD58B886} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-06-01] (Microsoft Corporation)
Task: {F3EF4E75-CE27-4019-ADFB-3002C0BEDFEB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {F82A6560-1A42-4B3E-9485-F262292B7F68} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\osfinstaller.exe [2018-06-01] (Microsoft Corporation)
Task: {F902934E-4CEA-42D6-8250-83973CA198E5} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {FD2C775A-2FC4-4969-99C0-B78C8A15A526} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-09-29 09:41 - 2017-09-29 09:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-16 16:08 - 2017-03-16 16:08 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-03-16 16:08 - 2017-03-16 16:08 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-05-13 11:43 - 2018-03-12 15:09 - 002300192 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2009-10-30 17:28 - 2011-08-18 11:05 - 002751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2018-05-13 08:04 - 2018-02-21 20:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-05-13 08:05 - 2018-02-21 20:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-27 12:20 - 2017-03-27 12:20 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll
2017-03-27 12:20 - 2017-03-27 12:20 - 001354040 _____ () C:\Program Files\iTunes\libxml2.dll
2009-06-18 22:46 - 2009-06-18 22:46 - 000494064 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
2018-05-19 12:32 - 2018-05-19 12:33 - 000084992 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11804.1001.10.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-05-12 14:32 - 2018-05-12 14:33 - 001873120 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11804.1001.10.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-05-21 18:40 - 2018-05-21 18:41 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-05-21 18:40 - 2018-05-21 18:41 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-05-21 18:40 - 2018-05-21 18:41 - 022374400 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-05-21 18:40 - 2018-05-21 18:41 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\skypert.dll
2018-05-16 19:21 - 2018-05-14 23:13 - 004443992 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181\libglesv2.dll
2018-05-16 19:21 - 2018-05-14 23:13 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181\libegl.dll
2018-05-19 12:32 - 2018-05-19 12:33 - 000062464 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11804.1001.10.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll
2017-03-16 16:08 - 2017-03-16 16:08 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2017-03-16 16:09 - 2017-03-16 16:09 - 000080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2017-03-16 16:09 - 2017-03-16 16:09 - 001041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:FAB45745 [306]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2224422032-3815502487-2643779824-1001\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-2224422032-3815502487-2643779824-1001\...\sharepoint.com -> hxxps://abb-files.sharepoint.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2013-11-19 22:55 - 000000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2224422032-3815502487-2643779824-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Earley Laptop\Pictures\2015-08-19\007.JPG
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: avast! Antivirus => 2
MSCONFIG\startupfolder: C:^Users^Earley Laptop^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk => C:\Windows\pss\Dell Dock.lnk.Startup
MSCONFIG\startupreg: Amazon Music => "C:\Users\Earley Laptop\AppData\Local\Amazon Music\Amazon Music Helper.exe"
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: PCShowServer => "C:\Users\Earley Laptop\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{6F681FC4-F39D-441D-B4E0-89C0B24B47C8}] => (Allow) C:\Program Files (x86)\ASUS\RT-N66U Wireless Router Utilities\Discovery.exe
FirewallRules: [{B9735A83-8301-4A50-9DDD-E80822B1BEC4}] => (Allow) C:\Program Files (x86)\ASUS\RT-N66U Wireless Router Utilities\Discovery.exe
FirewallRules: [{B6E37E30-1CA7-46F0-BFBB-29D0D83B34CA}] => (Allow) C:\Program Files (x86)\ASUS\RT-N66U Wireless Router Utilities\Rescue.exe
FirewallRules: [{994D4E1A-6B1A-41CC-B765-BAEE4ABA2937}] => (Allow) C:\Program Files (x86)\ASUS\RT-N66U Wireless Router Utilities\Rescue.exe
FirewallRules: [{214CAD64-8576-464B-8155-30E95E7FEC5D}] => (Allow) C:\Program Files (x86)\ASUS\RT-N66U Wireless Router Utilities\QISWizard.exe
FirewallRules: [{E8E19B22-8E09-4307-BD69-7B1266A4FCC0}] => (Allow) C:\Program Files (x86)\ASUS\RT-N66U Wireless Router Utilities\QISWizard.exe
FirewallRules: [TCP Query User{FBE08E6A-6F83-462F-9CE7-810C7A092E71}C:\program files (x86)\asus\rt-n66u wireless router utilities\discovery.exe] => (Allow) C:\program files (x86)\asus\rt-n66u wireless router utilities\discovery.exe
FirewallRules: [UDP Query User{B1E5B11B-8439-42ED-85B5-08B2F240860B}C:\program files (x86)\asus\rt-n66u wireless router utilities\discovery.exe] => (Allow) C:\program files (x86)\asus\rt-n66u wireless router utilities\discovery.exe
FirewallRules: [{D4EA8EF1-D435-4F71-AD64-CA3CAFC15455}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\bin\FaxApplications.exe
FirewallRules: [{0CE0F4A7-AE9C-4BA4-A9F2-97BC55D97001}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\bin\DigitalWizards.exe
FirewallRules: [{4C4A9DFD-B214-4F8C-8A60-B0A84C82B134}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\bin\SendAFax.exe
FirewallRules: [{E897F4E0-8BDC-4651-AD21-4E0BFADEB42B}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\bin\FaxPrinterUtility.exe
FirewallRules: [{4EAE8CAF-8EFC-4E30-83D2-82014AE0E2B9}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\DeviceSetup.exe
FirewallRules: [{3A322F77-848E-4939-8479-98727FB63FA2}] => (Allow) LPort=5357
FirewallRules: [{915F1DF8-4137-4B86-8227-3AFEB8445320}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{4EBDF61A-9596-4725-A7CB-6E6860CCC381}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1D7062A2-3876-4285-9484-7BB79EC500B5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{99FB1AB3-FB0C-400B-87D9-A4BBFB407D04}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{03B72583-6FF0-453A-9520-60811A56C4EF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F7460018-5E3F-426F-9F2D-41391D75FAF4}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{47076A96-8C7A-464A-8995-FC34F577428D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{AEF89140-3AD1-4F74-88DE-57A8824D0A4E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{C0EA10F2-9A25-4378-8FFB-490A42E08ECD}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{F9DAB7AE-DF32-4471-9C74-72C03373A769}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{316CB63B-EAC8-4719-9BA1-0F57A6F5D083}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{0145797F-7143-4D0C-9E91-5E1645493ED1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
20-05-2018 08:16:44 Windows Update
29-05-2018 22:33:58 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/04/2018 01:41:20 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (06/03/2018 11:04:22 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (06/03/2018 08:10:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: osfinstaller.exe, version: 16.0.9330.2087, time stamp: 0x5b049e6c
Faulting module name: Mso30Win32Client.dll, version: 16.0.9330.2073, time stamp: 0x5af9d85f
Exception code: 0xc0000005
Fault offset: 0x00222628
Faulting process id: 0x2cf8
Faulting application start time: 0x01d3fb9701e93328
Faulting application path: C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\osfinstaller.exe
Faulting module path: C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\Mso30Win32Client.dll
Report Id: 6035071f-ac9a-4657-8816-f0c46baab01f
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (06/03/2018 06:57:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SoftwareUpdate.exe version 2.3.0.177 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 26fc
 
Start Time: 01d3f9f79f7c2cae
 
Termination Time: 42
 
Application Path: C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
 
Report Id: f5313bff-260a-4292-bfbe-ae6e36f33418
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (06/03/2018 06:38:59 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (06/02/2018 06:05:45 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (06/01/2018 06:56:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: osfinstaller.exe, version: 16.0.9330.2087, time stamp: 0x5b049e6c
Faulting module name: Mso20Win32Client.dll, version: 16.0.9330.2073, time stamp: 0x5aff7102
Exception code: 0x01483052
Fault offset: 0x0016a930
Faulting process id: 0xe18
Faulting application start time: 0x01d3f9fb6c617ee2
Faulting application path: C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\osfinstaller.exe
Faulting module path: C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\Mso20Win32Client.dll
Report Id: 7dc2dd67-9a45-4b67-a118-44a225e45779
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (06/01/2018 06:28:47 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
 
System errors:
=============
Error: (06/04/2018 07:32:23 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (06/04/2018 07:32:19 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (06/04/2018 07:32:15 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (06/04/2018 07:32:11 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (06/04/2018 07:32:07 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (06/04/2018 07:32:03 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (06/04/2018 07:31:31 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (06/04/2018 07:31:27 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
 
Windows Defender:
===================================
Date: 2018-05-31 18:56:12.144
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {7D96882B-4419-4C2F-84CB-F2DA6A25112B}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-05-29 19:01:38.939
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {255116E5-696F-47A7-B765-CBD50F18273A}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-05-13 06:59:59.158
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {25787E02-04A9-4433-A67A-D208C118C584}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-04-10 21:46:10.550
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {C7B75B32-EBBF-4DDE-AB93-0A64F4FAA75B}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-03-24 19:34:37.341
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {8006CD0A-BF18-4039-8BF9-2B6F8580F044}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-05-29 19:00:13.458
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.269.149.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14901.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2018-05-29 19:00:13.458
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.269.149.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14901.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2018-05-29 19:00:13.457
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.269.149.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14901.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2018-05-29 19:00:13.444
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.269.149.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14901.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2018-05-29 19:00:13.443
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.269.149.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14901.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
CodeIntegrity:
===================================
 
Date: 2018-06-04 19:30:31.629
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-06-04 19:30:31.627
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-06-04 19:28:31.639
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-06-04 19:28:31.637
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-06-04 19:15:25.773
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-06-04 19:15:25.771
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-06-04 19:11:27.005
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-06-04 19:11:27.003
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU T6600 @ 2.20GHz
Percentage of memory in use: 56%
Total physical RAM: 4028.85 MB
Available physical RAM: 1737.07 MB
Total Virtual: 8124.85 MB
Available Virtual: 5300.31 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:281.27 GB) NTFS
 
\\?\Volume{7c8f3b2b-c5a9-11de-a09f-806e6f6e6963}\ (RECOVERY) (Fixed) (Total:14.65 GB) (Free:10.1 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 117D34E4)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451.1 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,701 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:42 PM

Posted 09 June 2018 - 06:50 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> https://www.bleepingcomputer.com/logreply/678609 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,701 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:42 PM

Posted 14 June 2018 - 06:55 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!

#5 Fleetwolf90

Fleetwolf90
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:12:42 PM

Posted 17 June 2018 - 05:57 PM

Here is a fresh scan per your request.  I most likely do have the original Windows CD/DVD, but will have to look to make sure.  

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.06.2018 01
Ran by Earley Laptop (administrator) on EARLEYLAPTOP-PC (17-06-2018 18:49:19)
Running from C:\Users\Earley Laptop\Downloads
Loaded Profiles: Earley Laptop (Available Profiles: Earley Laptop)
Platform: Windows 10 Home Version 1709 16299.431 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.16.17656.18052-0\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(HP Inc.) C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\ScanToPCActivationApp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(HP Inc.) C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\HPNetworkCommunicatorCom.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.16.17656.18052-0\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Earley Laptop\Downloads\FRST64 (1).exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1812776 2009-06-26] (Synaptics Incorporated)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2314120 2009-05-26] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-03-22] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [Google Quick Search Box] => C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe [122880 2009-12-31] (Google Inc.)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [494064 2009-06-18] ()
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67896 2017-03-16] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2011-06-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-2224422032-3815502487-2643779824-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-12-31] (Google Inc.)
HKU\S-1-5-21-2224422032-3815502487-2643779824-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18334528 2018-04-12] (Piriform Ltd)
HKU\S-1-5-21-2224422032-3815502487-2643779824-1001\...\Run: [HP OfficeJet Pro 8710 (NET)] => C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\ScanToPCActivationApp.exe [3736584 2015-08-31] (HP Inc.)
HKU\S-1-5-21-2224422032-3815502487-2643779824-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-03-16] (Apple Inc.)
HKU\S-1-5-21-2224422032-3815502487-2643779824-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-03-16] (Apple Inc.)
HKU\S-1-5-21-2224422032-3815502487-2643779824-1001\...\Run: [Amazon Drive] => C:\Users\Earley Laptop\AppData\Local\Amazon Drive\AmazonDrive.exe [6356648 2018-05-09] (Amazon.com Inc.)
HKU\S-1-5-21-2224422032-3815502487-2643779824-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [148480 2017-09-29] (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-10-30]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-10-30]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-10-30]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{0c337c25-1503-4e6d-8c1a-1a1c59e1fc8a}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{7829ed7d-00d1-4ca1-994d-ca91b5c1e060}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{90bfb7d2-41f7-4f61-8cac-3484a90dc76e}: [DhcpNameServer] 172.20.10.1
 
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2224422032-3815502487-2643779824-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2224422032-3815502487-2643779824-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
SearchScopes: HKLM -> {955FED3B-B6C3-4908-8FC6-E10498FFB366} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {5ED0152D-EA06-41A6-A5FF-F3C463F5788E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2224422032-3815502487-2643779824-1001 -> {5ED0152D-EA06-41A6-A5FF-F3C463F5788E} URL = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2224422032-3815502487-2643779824-1001 -> {8F2DC6D9-8FE3-4B03-B5E0-105006C54860} URL = hxxp://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
SearchScopes: HKU\S-1-5-21-2224422032-3815502487-2643779824-1001 -> {955FED3B-B6C3-4908-8FC6-E10498FFB366} URL = 
SearchScopes: HKU\S-1-5-21-2224422032-3815502487-2643779824-1001 -> {B57C312A-7873-47EE-92F8-B448459134E4} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: No Name -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> No File
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-06-16] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-11-25] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-23] (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-25] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22] (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-04-27] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-11-25] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-23] (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-25] (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-23] (Google Inc.)
Toolbar: HKLM-x32 - No Name - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-23] (Google Inc.)
Toolbar: HKU\S-1-5-21-2224422032-3815502487-2643779824-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-2224422032-3815502487-2643779824-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-23] (Google Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-06-01] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-06-01] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-06-01] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-06-01] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_30_0_0_113.dll [2018-06-07] ()
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-25] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_113.dll [2018-06-07] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-04-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-02] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @pack.google.com/Google Updater;version=14 -> C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2011-06-07] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2224422032-3815502487-2643779824-1001: @nds.com/PCShowPlugin -> C:\Users\Earley Laptop\AppData\Local\DIRECTV Player\npPCShowPlugin.dll [No File]
FF Plugin HKU\S-1-5-21-2224422032-3815502487-2643779824-1001: @nds.com/PlayerPlugin -> C:\Users\Earley Laptop\AppData\Local\DIRECTV Player\npPlayerPlugin.dll [2012-07-19] (NDS)
FF Plugin HKU\S-1-5-21-2224422032-3815502487-2643779824-1001: @yahoo.com/BrowserPlus,version=2.8.1 -> C:\Users\Earley Laptop\AppData\Local\Yahoo!\BrowserPlus\2.8.1\Plugins\npybrowserplus_2.8.1.dll [2010-05-25] (Yahoo! Inc.)
FF Plugin HKU\S-1-5-21-2224422032-3815502487-2643779824-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Earley Laptop\Music\Playlists\npAmazonMP3DownloaderPlugin101799.dll [2013-03-07] (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-2224422032-3815502487-2643779824-1001: NDS.com/PlayerPlugin -> C:\Users\Earley Laptop\AppData\Local\DIRECTV Player\npPlayerPlugin.dll [2012-07-19] (NDS)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> msn.com
CHR StartupUrls: Default -> "hxxps://www.google.com/","hxxps://www.google.com/"
CHR Profile: C:\Users\Earley Laptop\AppData\Local\Google\Chrome\User Data\Default [2018-06-17]
CHR Extension: (FUTBIN) - C:\Users\Earley Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\adicaaffkmhgnfheifkjhopmambgfihl [2017-12-30]
CHR Extension: (Google Drive) - C:\Users\Earley Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (Bing) - C:\Users\Earley Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2018-03-08]
CHR Extension: (Google Docs Offline) - C:\Users\Earley Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-19]
CHR Extension: (Pinterest Save Button) - C:\Users\Earley Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2018-06-11]
CHR Extension: (Rotogrinders DFS Analyzer Sync) - C:\Users\Earley Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\kecgnibeihgmgjcepmfpbjjlnpoelebn [2017-04-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Earley Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Chrome Media Router) - C:\Users\Earley Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-16]
CHR HKU\S-1-5-21-2224422032-3815502487-2643779824-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [aaaangmfdabjilefmognkgcebjgcojek] - C:\Users\Earley Laptop\AppData\Local\APN\GoogleCRXs\aaaangmfdabjilefmognkgcebjgcojek_7.14.1.0.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-03-17] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8654504 2018-06-12] (Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\NisSrv.exe [4682552 2018-05-31] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MsMpEng.exe [101096 2018-05-31] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [38984 2013-11-19] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [84328 2013-11-19] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-19] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-19] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1032416 2013-11-19] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [409832 2013-11-19] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2013-11-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-11-19] ()
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-06-15] (Malwarebytes)
S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-05-31] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [313384 2018-05-31] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-05-31] (Microsoft Corporation)
U4 aspnet_state; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-17 18:47 - 2018-06-17 18:47 - 002413056 _____ (Farbar) C:\Users\Earley Laptop\Downloads\FRST64 (1).exe
2018-06-12 22:23 - 2018-06-12 22:23 - 000063095 _____ C:\Users\Earley Laptop\Downloads\Flash.studio3
2018-06-10 17:19 - 2018-06-10 17:19 - 000064103 _____ C:\Users\Earley Laptop\Downloads\Avery block.studio3
2018-06-10 17:09 - 2018-06-13 21:58 - 000072823 _____ C:\Users\Earley Laptop\Downloads\Cindy retirement.studio3
2018-06-04 19:29 - 2018-06-04 19:32 - 000045473 _____ C:\Users\Earley Laptop\Downloads\Addition.txt
2018-06-04 19:24 - 2018-06-17 18:51 - 000022647 _____ C:\Users\Earley Laptop\Downloads\FRST.txt
2018-06-04 19:22 - 2018-06-04 19:23 - 002413056 _____ (Farbar) C:\Users\Earley Laptop\Downloads\FRST64.exe
2018-05-29 22:05 - 2018-05-29 22:20 - 000225037 _____ C:\Users\Earley Laptop\Downloads\Camping tea towels.studio3
2018-05-27 18:14 - 2018-05-27 18:14 - 000118083 _____ C:\Users\Earley Laptop\Downloads\Amber's tray.studio3
2018-05-27 16:55 - 2018-06-12 22:38 - 000111322 _____ C:\Users\Earley Laptop\Downloads\Cindy's mono.studio3
2018-05-20 08:16 - 2018-05-04 05:37 - 000278448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Notifier.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-17 18:49 - 2013-11-24 17:53 - 000000000 ____D C:\FRST
2018-06-17 18:46 - 2018-02-05 03:28 - 000004184 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B50B7D0A-119A-4E41-89F2-C7524BF57F87}
2018-06-17 18:43 - 2018-02-05 02:54 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-06-17 12:02 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-06-17 07:48 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-06-17 07:48 - 2017-09-29 09:44 - 000000000 ____D C:\WINDOWS\INF
2018-06-17 07:38 - 2017-09-29 09:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-06-17 07:38 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-06-16 13:35 - 2017-09-29 09:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-06-16 13:26 - 2009-10-30 17:25 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-06-16 10:35 - 2018-02-05 03:28 - 000004210 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-06-16 10:32 - 2017-05-28 00:12 - 000351266 _____ C:\Users\Earley Laptop\Downloads\Melissa's chair.studio3
2018-06-15 13:32 - 2015-04-16 17:10 - 000000000 ____D C:\ProgramData\boost_interprocess
2018-06-15 13:31 - 2009-10-30 17:28 - 000000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2018-06-15 13:30 - 2018-05-13 11:44 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-06-15 13:26 - 2018-02-05 03:28 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-06-14 11:25 - 2013-08-15 03:01 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-06-14 11:15 - 2017-10-11 18:23 - 133315992 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-06-14 11:13 - 2009-12-31 17:14 - 133315992 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-06-13 21:58 - 2012-01-02 16:19 - 000000000 ____D C:\Users\Earley Laptop\AppData\Roaming\com.aspexsoftware.Silhouette_Studio
2018-06-13 18:26 - 2013-07-18 07:47 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-11 16:28 - 2018-02-05 02:58 - 001206290 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-06-10 22:20 - 2017-12-21 01:30 - 000181209 _____ C:\Users\Earley Laptop\Downloads\Janie yeti cup.studio3
2018-06-08 13:45 - 2018-02-05 03:28 - 000003394 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2224422032-3815502487-2643779824-1001
2018-06-08 13:45 - 2016-05-18 19:19 - 000002440 _____ C:\Users\Earley Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-06-08 13:45 - 2016-05-18 19:19 - 000000000 ___RD C:\Users\Earley Laptop\OneDrive
2018-06-07 19:24 - 2017-09-29 09:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-06-07 18:46 - 2018-03-13 18:19 - 000004604 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-06-07 18:46 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-06-07 18:46 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-06-05 19:24 - 2017-09-29 09:49 - 000835056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-06-05 19:24 - 2017-09-29 09:49 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-05-31 18:57 - 2018-02-12 20:52 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-05-29 22:32 - 2018-02-05 16:19 - 000000000 ____D C:\WINDOWS\Minidump
2018-05-29 19:05 - 2018-02-05 02:59 - 000000000 ____D C:\Users\Earley Laptop
 
==================== Files in the root of some directories =======
 
2011-12-22 12:18 - 2014-12-15 09:41 - 000007920 _____ () C:\Users\Earley Laptop\AppData\Roaming\UserTile.png
2015-01-16 23:22 - 2015-01-16 23:22 - 000000067 _____ () C:\Users\Earley Laptop\AppData\Roaming\WB.CFG
2009-12-25 00:54 - 2017-07-23 11:59 - 000031472 _____ () C:\Users\Earley Laptop\AppData\Roaming\wklnhst.dat
2009-12-25 00:49 - 2014-10-14 10:04 - 000024576 _____ () C:\Users\Earley Laptop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-06-20 20:55 - 2016-06-20 20:55 - 000004675 _____ () C:\Users\Earley Laptop\AppData\Local\OpalViewerUser.xml
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-06-13 22:49
 
==================== End of FRST.txt ============================
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.06.2018 01
Ran by Earley Laptop (administrator) on EARLEYLAPTOP-PC (17-06-2018 18:49:19)
Running from C:\Users\Earley Laptop\Downloads
Loaded Profiles: Earley Laptop (Available Profiles: Earley Laptop)
Platform: Windows 10 Home Version 1709 16299.431 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.16.17656.18052-0\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(HP Inc.) C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\ScanToPCActivationApp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(HP Inc.) C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\HPNetworkCommunicatorCom.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.16.17656.18052-0\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Earley Laptop\Downloads\FRST64 (1).exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1812776 2009-06-26] (Synaptics Incorporated)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2314120 2009-05-26] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-03-22] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [Google Quick Search Box] => C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe [122880 2009-12-31] (Google Inc.)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [494064 2009-06-18] ()
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67896 2017-03-16] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2011-06-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-2224422032-3815502487-2643779824-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-12-31] (Google Inc.)
HKU\S-1-5-21-2224422032-3815502487-2643779824-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18334528 2018-04-12] (Piriform Ltd)
HKU\S-1-5-21-2224422032-3815502487-2643779824-1001\...\Run: [HP OfficeJet Pro 8710 (NET)] => C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\ScanToPCActivationApp.exe [3736584 2015-08-31] (HP Inc.)
HKU\S-1-5-21-2224422032-3815502487-2643779824-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-03-16] (Apple Inc.)
HKU\S-1-5-21-2224422032-3815502487-2643779824-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-03-16] (Apple Inc.)
HKU\S-1-5-21-2224422032-3815502487-2643779824-1001\...\Run: [Amazon Drive] => C:\Users\Earley Laptop\AppData\Local\Amazon Drive\AmazonDrive.exe [6356648 2018-05-09] (Amazon.com Inc.)
HKU\S-1-5-21-2224422032-3815502487-2643779824-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [148480 2017-09-29] (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-10-30]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-10-30]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-10-30]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{0c337c25-1503-4e6d-8c1a-1a1c59e1fc8a}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{7829ed7d-00d1-4ca1-994d-ca91b5c1e060}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{90bfb7d2-41f7-4f61-8cac-3484a90dc76e}: [DhcpNameServer] 172.20.10.1
 
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2224422032-3815502487-2643779824-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2224422032-3815502487-2643779824-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
SearchScopes: HKLM -> {955FED3B-B6C3-4908-8FC6-E10498FFB366} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {5ED0152D-EA06-41A6-A5FF-F3C463F5788E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2224422032-3815502487-2643779824-1001 -> {5ED0152D-EA06-41A6-A5FF-F3C463F5788E} URL = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2224422032-3815502487-2643779824-1001 -> {8F2DC6D9-8FE3-4B03-B5E0-105006C54860} URL = hxxp://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
SearchScopes: HKU\S-1-5-21-2224422032-3815502487-2643779824-1001 -> {955FED3B-B6C3-4908-8FC6-E10498FFB366} URL = 
SearchScopes: HKU\S-1-5-21-2224422032-3815502487-2643779824-1001 -> {B57C312A-7873-47EE-92F8-B448459134E4} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: No Name -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> No File
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-06-16] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-11-25] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-23] (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-25] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22] (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-04-27] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-11-25] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-23] (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-25] (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-23] (Google Inc.)
Toolbar: HKLM-x32 - No Name - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-23] (Google Inc.)
Toolbar: HKU\S-1-5-21-2224422032-3815502487-2643779824-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-2224422032-3815502487-2643779824-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-23] (Google Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-06-01] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-06-01] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-06-01] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-06-01] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_30_0_0_113.dll [2018-06-07] ()
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-25] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_113.dll [2018-06-07] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-04-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-02] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @pack.google.com/Google Updater;version=14 -> C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2011-06-07] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2224422032-3815502487-2643779824-1001: @nds.com/PCShowPlugin -> C:\Users\Earley Laptop\AppData\Local\DIRECTV Player\npPCShowPlugin.dll [No File]
FF Plugin HKU\S-1-5-21-2224422032-3815502487-2643779824-1001: @nds.com/PlayerPlugin -> C:\Users\Earley Laptop\AppData\Local\DIRECTV Player\npPlayerPlugin.dll [2012-07-19] (NDS)
FF Plugin HKU\S-1-5-21-2224422032-3815502487-2643779824-1001: @yahoo.com/BrowserPlus,version=2.8.1 -> C:\Users\Earley Laptop\AppData\Local\Yahoo!\BrowserPlus\2.8.1\Plugins\npybrowserplus_2.8.1.dll [2010-05-25] (Yahoo! Inc.)
FF Plugin HKU\S-1-5-21-2224422032-3815502487-2643779824-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Earley Laptop\Music\Playlists\npAmazonMP3DownloaderPlugin101799.dll [2013-03-07] (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-2224422032-3815502487-2643779824-1001: NDS.com/PlayerPlugin -> C:\Users\Earley Laptop\AppData\Local\DIRECTV Player\npPlayerPlugin.dll [2012-07-19] (NDS)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> msn.com
CHR StartupUrls: Default -> "hxxps://www.google.com/","hxxps://www.google.com/"
CHR Profile: C:\Users\Earley Laptop\AppData\Local\Google\Chrome\User Data\Default [2018-06-17]
CHR Extension: (FUTBIN) - C:\Users\Earley Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\adicaaffkmhgnfheifkjhopmambgfihl [2017-12-30]
CHR Extension: (Google Drive) - C:\Users\Earley Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (Bing) - C:\Users\Earley Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2018-03-08]
CHR Extension: (Google Docs Offline) - C:\Users\Earley Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-19]
CHR Extension: (Pinterest Save Button) - C:\Users\Earley Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2018-06-11]
CHR Extension: (Rotogrinders DFS Analyzer Sync) - C:\Users\Earley Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\kecgnibeihgmgjcepmfpbjjlnpoelebn [2017-04-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Earley Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Chrome Media Router) - C:\Users\Earley Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-16]
CHR HKU\S-1-5-21-2224422032-3815502487-2643779824-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [aaaangmfdabjilefmognkgcebjgcojek] - C:\Users\Earley Laptop\AppData\Local\APN\GoogleCRXs\aaaangmfdabjilefmognkgcebjgcojek_7.14.1.0.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-03-17] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8654504 2018-06-12] (Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\NisSrv.exe [4682552 2018-05-31] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MsMpEng.exe [101096 2018-05-31] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [38984 2013-11-19] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [84328 2013-11-19] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-19] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-19] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1032416 2013-11-19] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [409832 2013-11-19] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2013-11-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-11-19] ()
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-06-15] (Malwarebytes)
S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-05-31] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [313384 2018-05-31] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-05-31] (Microsoft Corporation)
U4 aspnet_state; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-17 18:47 - 2018-06-17 18:47 - 002413056 _____ (Farbar) C:\Users\Earley Laptop\Downloads\FRST64 (1).exe
2018-06-12 22:23 - 2018-06-12 22:23 - 000063095 _____ C:\Users\Earley Laptop\Downloads\Flash.studio3
2018-06-10 17:19 - 2018-06-10 17:19 - 000064103 _____ C:\Users\Earley Laptop\Downloads\Avery block.studio3
2018-06-10 17:09 - 2018-06-13 21:58 - 000072823 _____ C:\Users\Earley Laptop\Downloads\Cindy retirement.studio3
2018-06-04 19:29 - 2018-06-04 19:32 - 000045473 _____ C:\Users\Earley Laptop\Downloads\Addition.txt
2018-06-04 19:24 - 2018-06-17 18:51 - 000022647 _____ C:\Users\Earley Laptop\Downloads\FRST.txt
2018-06-04 19:22 - 2018-06-04 19:23 - 002413056 _____ (Farbar) C:\Users\Earley Laptop\Downloads\FRST64.exe
2018-05-29 22:05 - 2018-05-29 22:20 - 000225037 _____ C:\Users\Earley Laptop\Downloads\Camping tea towels.studio3
2018-05-27 18:14 - 2018-05-27 18:14 - 000118083 _____ C:\Users\Earley Laptop\Downloads\Amber's tray.studio3
2018-05-27 16:55 - 2018-06-12 22:38 - 000111322 _____ C:\Users\Earley Laptop\Downloads\Cindy's mono.studio3
2018-05-20 08:16 - 2018-05-04 05:37 - 000278448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Notifier.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-17 18:49 - 2013-11-24 17:53 - 000000000 ____D C:\FRST
2018-06-17 18:46 - 2018-02-05 03:28 - 000004184 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B50B7D0A-119A-4E41-89F2-C7524BF57F87}
2018-06-17 18:43 - 2018-02-05 02:54 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-06-17 12:02 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-06-17 07:48 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-06-17 07:48 - 2017-09-29 09:44 - 000000000 ____D C:\WINDOWS\INF
2018-06-17 07:38 - 2017-09-29 09:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-06-17 07:38 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-06-16 13:35 - 2017-09-29 09:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-06-16 13:26 - 2009-10-30 17:25 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-06-16 10:35 - 2018-02-05 03:28 - 000004210 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-06-16 10:32 - 2017-05-28 00:12 - 000351266 _____ C:\Users\Earley Laptop\Downloads\Melissa's chair.studio3
2018-06-15 13:32 - 2015-04-16 17:10 - 000000000 ____D C:\ProgramData\boost_interprocess
2018-06-15 13:31 - 2009-10-30 17:28 - 000000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2018-06-15 13:30 - 2018-05-13 11:44 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-06-15 13:26 - 2018-02-05 03:28 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-06-14 11:25 - 2013-08-15 03:01 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-06-14 11:15 - 2017-10-11 18:23 - 133315992 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-06-14 11:13 - 2009-12-31 17:14 - 133315992 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-06-13 21:58 - 2012-01-02 16:19 - 000000000 ____D C:\Users\Earley Laptop\AppData\Roaming\com.aspexsoftware.Silhouette_Studio
2018-06-13 18:26 - 2013-07-18 07:47 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-11 16:28 - 2018-02-05 02:58 - 001206290 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-06-10 22:20 - 2017-12-21 01:30 - 000181209 _____ C:\Users\Earley Laptop\Downloads\Janie yeti cup.studio3
2018-06-08 13:45 - 2018-02-05 03:28 - 000003394 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2224422032-3815502487-2643779824-1001
2018-06-08 13:45 - 2016-05-18 19:19 - 000002440 _____ C:\Users\Earley Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-06-08 13:45 - 2016-05-18 19:19 - 000000000 ___RD C:\Users\Earley Laptop\OneDrive
2018-06-07 19:24 - 2017-09-29 09:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-06-07 18:46 - 2018-03-13 18:19 - 000004604 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-06-07 18:46 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-06-07 18:46 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-06-05 19:24 - 2017-09-29 09:49 - 000835056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-06-05 19:24 - 2017-09-29 09:49 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-05-31 18:57 - 2018-02-12 20:52 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-05-29 22:32 - 2018-02-05 16:19 - 000000000 ____D C:\WINDOWS\Minidump
2018-05-29 19:05 - 2018-02-05 02:59 - 000000000 ____D C:\Users\Earley Laptop
 
==================== Files in the root of some directories =======
 
2011-12-22 12:18 - 2014-12-15 09:41 - 000007920 _____ () C:\Users\Earley Laptop\AppData\Roaming\UserTile.png
2015-01-16 23:22 - 2015-01-16 23:22 - 000000067 _____ () C:\Users\Earley Laptop\AppData\Roaming\WB.CFG
2009-12-25 00:54 - 2017-07-23 11:59 - 000031472 _____ () C:\Users\Earley Laptop\AppData\Roaming\wklnhst.dat
2009-12-25 00:49 - 2014-10-14 10:04 - 000024576 _____ () C:\Users\Earley Laptop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-06-20 20:55 - 2016-06-20 20:55 - 000004675 _____ () C:\Users\Earley Laptop\AppData\Local\OpalViewerUser.xml
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-06-13 22:49
 
==================== End of FRST.txt ============================


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:42 AM

Posted 18 June 2018 - 10:57 AM

Greetings Fleetwolf90 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Before we do anything I would suggest you immediately back up your data, like music, photos, documents, etc. There is an indication in your reports that you may have a problem with your hard drive. Let me know when you have been able to back up your information.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Fleetwolf90

Fleetwolf90
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:12:42 PM

Posted 18 June 2018 - 08:36 PM

I have backed up my hard drive completely.  



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:42 AM

Posted 18 June 2018 - 09:25 PM

Great, thanks.

Let's start with this then we may move to a more specialized tool.

===================================================

GSmartControl for Windows

-------------------
  • Download GSmartControl for Windows and save it to your desktop
  • Right click on gsmartcontrol.exe and select Run as administrator
  • Follow the prompts to install the program all the way through the Finish button
  • Hit the Windows Key + E at the same time
  • Navigate to and double click the C:\Program Files\gsmartcontrol folder
  • Right click the gsmartcontrol application icon (size approx. 1,934 KB) and select Run as administrator
  • Allow the program to search for and list your hard drive(s)
  • Double click your drive C: drive
  • Go to the Self-tests tab
  • Make sure that the Test Type is set to Short-Self test
  • Click the Execute button
  • After the test completes, click the View Output button and copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • GSmart report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Fleetwolf90

Fleetwolf90
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:12:42 PM

Posted 21 June 2018 - 05:25 AM

smartctl 6.6 2017-11-05 r4594 [i686-w64-mingw32-w10-1709(64)] (sf-6.6-1)
Copyright © 2002-17, Bruce Allen, Christian Franke, www.smartmontools.org
 
=== START OF INFORMATION SECTION ===
Model Family:     Toshiba 2.5" HDD MK..55GSX
Device Model:     TOSHIBA MK5055GSX
Serial Number:    X9IDT98GT
LU WWN Device Id: 5 000039 211605e22
Firmware Version: FG000D
User Capacity:    500,107,862,016 bytes [500 GB]
Sector Size:      512 bytes logical/physical
Device is:        In smartctl database [for details use: -P show]
ATA Version is:   ATA8-ACS (minor revision not indicated)
SATA Version is:  SATA 2.6, 3.0 Gb/s
Local Time is:    Thu Jun 21 06:25:40 2018 EDT
SMART support is: Available - device has SMART capability.
SMART support is: Enabled
AAM level is:     128 (quiet), recommended: 254
APM level is:     128 (minimum power consumption without standby)
Rd look-ahead is: Enabled
Write cache is:   Enabled
DSN feature is:   Unavailable
ATA Security is:  Disabled, frozen [SEC2]
 
=== START OF READ SMART DATA SECTION ===
SMART overall-health self-assessment test result: PASSED
 
General SMART Values:
Offline data collection status:  (0x00) Offline data collection activity
was never started.
Auto Offline Data Collection: Disabled.
Self-test execution status:      (   0) The previous self-test routine completed
without error or no self-test has ever 
been run.
Total time to complete Offline 
data collection: (  120) seconds.
Offline data collection
capabilities: (0x5b) SMART execute Offline immediate.
Auto Offline data collection on/off support.
Suspend Offline collection upon new
command.
Offline surface scan supported.
Self-test supported.
No Conveyance Self-test supported.
Selective Self-test supported.
SMART capabilities:            (0x0003) Saves SMART data before entering
power-saving mode.
Supports SMART auto save timer.
Error logging capability:        (0x01) Error logging supported.
General Purpose Logging supported.
Short self-test routine 
recommended polling time: (   2) minutes.
Extended self-test routine
recommended polling time: ( 180) minutes.
SCT capabilities:        (0x0039) SCT Status supported.
SCT Error Recovery Control supported.
SCT Feature Control supported.
SCT Data Table supported.
 
SMART Attributes Data Structure revision number: 128
Vendor Specific SMART Attributes with Thresholds:
ID# ATTRIBUTE_NAME          FLAGS    VALUE WORST THRESH FAIL RAW_VALUE
  1 Raw_Read_Error_Rate     PO-R--   100   100   050    -    0
  3 Spin_Up_Time            POS--K   100   100   001    -    1632
  5 Reallocated_Sector_Ct   PO--CK   100   100   050    -    3
  9 Power_On_Hours          -O--CK   040   040   000    -    1463932
 12 Power_Cycle_Count       -O--CK   100   100   000    -    19232
191 G-Sense_Error_Rate      -O--CK   100   100   000    -    1602
192 Power-Off_Retract_Count -O--CK   100   100   000    -    142
193 Load_Cycle_Count        -O--CK   066   066   000    -    344270
194 Temperature_Celsius     -O---K   100   100   000    -    43 (Min/Max 13/64)
199 UDMA_CRC_Error_Count    -O--CK   100   100   000    -    192801525
200 Multi_Zone_Error_Rate   -O--CK   100   100   000    -    519443590
240 Head_Flying_Hours       -O--CK   062   062   000    -    926326
241 Total_LBAs_Written      -O--CK   100   100   000    -    44848493403
242 Total_LBAs_Read         -O--CK   100   100   000    -    83006702511
                            ||||||_ K auto-keep
                            |||||__ C event count
                            ||||___ R error rate
                            |||____ S speed/performance
                            ||_____ O updated online
                            |______ P prefailure warning
 
General Purpose Log Directory Version 1
SMART           Log Directory Version 1 [multi-sector log support]
Address    Access  R/W   Size  Description
0x00       GPL,SL  R/O      1  Log Directory
0x01           SL  R/O      1  Summary SMART error log
0x02           SL  R/O     51  Comprehensive SMART error log
0x03       GPL     R/O     64  Ext. Comprehensive SMART error log
0x06           SL  R/O      1  SMART self-test log
0x07       GPL     R/O      1  Extended self-test log
0x09           SL  R/W      1  Selective self-test log
0x10       GPL     R/O      1  NCQ Command Error log
0x11       GPL     R/O      1  SATA Phy Event Counters log
0x80-0x9f  GPL,SL  R/W     16  Host vendor specific log
0xe0       GPL,SL  R/W      1  SCT Command/Status
0xe1       GPL,SL  R/W      1  SCT Data Transfer
 
SMART Extended Comprehensive Error Log Version: 1 (64 sectors)
Device Error Count: 65535 (device log contains only the most recent 256 errors)
CR     = Command Register
FEATR  = Features Register
COUNT  = Count (was: Sector Count) Register
LBA_48 = Upper bytes of LBA High/Mid/Low Registers ]  ATA-8
LH     = LBA High (was: Cylinder High) Register    ]   LBA
LM     = LBA Mid (was: Cylinder Low) Register      ] Register
LL     = LBA Low (was: Sector Number) Register     ]
DV     = Device (was: Device/Head) Register
DC     = Device Control Register
ER     = Error register
ST     = Status register
Powered_Up_Time is measured from power on, and printed as
DDd+hh:mm:SS.sss where DD=days, hh=hours, mm=minutes,
SS=sec, and sss=millisec. It "wraps" after 49.710 days.
 
Error 65535 [127] occurred at disk power-on lifetime: 24398 hours (1016 days + 14 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER -- ST COUNT  LBA_48  LH LM LL DV DC
  -- -- -- == -- == == == -- -- -- -- --
  40 -- 41 00 7a 00 00 13 d0 70 4d 63 00  Error: UNC at LBA = 0x13d0704d = 332427341
 
  Commands leading to the command that caused the error were:
  CR FEATR COUNT  LBA_48  LH LM LL DV DC  Powered_Up_Time  Command/Feature_Name
  -- == -- == -- == == == -- -- -- -- --  ---------------  --------------------
  60 01 00 00 88 00 00 03 2e ed c5 40 00     12:06:56.413  READ FPDMA QUEUED
  60 01 00 00 80 00 00 03 2e ec c5 40 00     12:06:56.413  READ FPDMA QUEUED
  60 00 08 00 78 00 00 13 d0 70 4d 40 00     12:06:56.404  READ FPDMA QUEUED
  61 00 08 00 70 00 00 14 89 f9 b5 40 00     12:06:56.404  WRITE FPDMA QUEUED
  60 00 15 00 68 00 00 03 a8 4e 75 40 00     12:06:56.386  READ FPDMA QUEUED
 
Error 65534 [126] occurred at disk power-on lifetime: 24398 hours (1016 days + 14 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER -- ST COUNT  LBA_48  LH LM LL DV DC
  -- -- -- == -- == == == -- -- -- -- --
  40 -- 41 00 2a 00 00 13 d0 70 4d 63 00  Error: WP at LBA = 0x13d0704d = 332427341
 
  Commands leading to the command that caused the error were:
  CR FEATR COUNT  LBA_48  LH LM LL DV DC  Powered_Up_Time  Command/Feature_Name
  -- == -- == -- == == == -- -- -- -- --  ---------------  --------------------
  61 00 08 00 50 00 00 13 90 70 45 40 00     12:06:52.545  WRITE FPDMA QUEUED
  60 01 00 00 48 00 00 03 a8 4d 75 40 00     12:06:52.544  READ FPDMA QUEUED
  60 01 00 00 40 00 00 03 a8 4c 75 40 00     12:06:52.544  READ FPDMA QUEUED
  60 01 00 00 38 00 00 03 a8 4b 75 40 00     12:06:52.544  READ FPDMA QUEUED
  60 01 00 00 30 00 00 03 a8 4a 75 40 00     12:06:52.544  READ FPDMA QUEUED
 
Error 65533 [125] occurred at disk power-on lifetime: 24398 hours (1016 days + 14 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER -- ST COUNT  LBA_48  LH LM LL DV DC
  -- -- -- == -- == == == -- -- -- -- --
  40 -- 41 00 d2 00 00 13 d0 36 86 63 00  Error: UNC at LBA = 0x13d03686 = 332412550
 
  Commands leading to the command that caused the error were:
  CR FEATR COUNT  LBA_48  LH LM LL DV DC  Powered_Up_Time  Command/Feature_Name
  -- == -- == -- == == == -- -- -- -- --  ---------------  --------------------
  60 00 e5 00 f0 00 00 03 91 7f 05 40 00     12:06:48.660  READ FPDMA QUEUED
  60 01 00 00 e8 00 00 03 91 7e 05 40 00     12:06:48.660  READ FPDMA QUEUED
  60 01 00 00 e0 00 00 03 91 7d 05 40 00     12:06:48.660  READ FPDMA QUEUED
  60 01 00 00 d8 00 00 03 91 7c 05 40 00     12:06:48.660  READ FPDMA QUEUED
  60 00 08 00 d0 00 00 13 d0 36 85 40 00     12:06:48.660  READ FPDMA QUEUED
 
Error 65532 [124] occurred at disk power-on lifetime: 24398 hours (1016 days + 14 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER -- ST COUNT  LBA_48  LH LM LL DV DC
  -- -- -- == -- == == == -- -- -- -- --
  40 -- 41 00 aa 00 00 13 d0 36 86 63 00  Error: UNC at LBA = 0x13d03686 = 332412550
 
  Commands leading to the command that caused the error were:
  CR FEATR COUNT  LBA_48  LH LM LL DV DC  Powered_Up_Time  Command/Feature_Name
  -- == -- == -- == == == -- -- -- -- --  ---------------  --------------------
  60 00 08 00 a8 00 00 13 d0 36 85 40 00     12:06:44.784  READ FPDMA QUEUED
  61 00 20 00 a0 00 00 03 48 5d 85 40 00     12:06:44.784  WRITE FPDMA QUEUED
  61 00 08 00 98 00 00 13 d6 e9 35 40 00     12:06:44.784  WRITE FPDMA QUEUED
  60 00 7d 00 90 00 00 03 12 fd 45 40 00     12:06:44.762  READ FPDMA QUEUED
  ea 00 00 00 00 00 00 00 00 00 00 a0 00     12:06:44.762  FLUSH CACHE EXT
 
Error 65531 [123] occurred at disk power-on lifetime: 24398 hours (1016 days + 14 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER -- ST COUNT  LBA_48  LH LM LL DV DC
  -- -- -- == -- == == == -- -- -- -- --
  40 -- 41 00 7a 00 00 13 d0 36 86 63 00  Error: WP at LBA = 0x13d03686 = 332412550
 
  Commands leading to the command that caused the error were:
  CR FEATR COUNT  LBA_48  LH LM LL DV DC  Powered_Up_Time  Command/Feature_Name
  -- == -- == -- == == == -- -- -- -- --  ---------------  --------------------
  61 00 08 00 80 00 00 02 33 f9 c5 40 00     12:06:40.905  WRITE FPDMA QUEUED
  60 00 08 00 78 00 00 13 d0 36 85 40 00     12:06:40.904  READ FPDMA QUEUED
  60 01 00 00 70 00 00 03 12 fc 45 40 00     12:06:40.903  READ FPDMA QUEUED
  61 00 70 00 68 00 00 02 34 ac 6d 40 00     12:06:40.903  WRITE FPDMA QUEUED
  60 01 00 00 60 00 00 03 12 fb 45 40 00     12:06:40.903  READ FPDMA QUEUED
 
Error 65530 [122] occurred at disk power-on lifetime: 24398 hours (1016 days + 14 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER -- ST COUNT  LBA_48  LH LM LL DV DC
  -- -- -- == -- == == == -- -- -- -- --
  40 -- 41 00 42 00 00 13 d0 36 86 63 00  Error: UNC at LBA = 0x13d03686 = 332412550
 
  Commands leading to the command that caused the error were:
  CR FEATR COUNT  LBA_48  LH LM LL DV DC  Powered_Up_Time  Command/Feature_Name
  -- == -- == -- == == == -- -- -- -- --  ---------------  --------------------
  60 01 00 00 48 00 00 03 12 fa 45 40 00     12:06:37.063  READ FPDMA QUEUED
  60 00 40 00 40 00 00 13 d0 36 85 40 00     12:06:37.053  READ FPDMA QUEUED
  60 00 7d 00 38 00 00 03 3d d7 75 40 00     12:06:37.044  READ FPDMA QUEUED
  60 01 00 00 30 00 00 03 3d d6 75 40 00     12:06:37.037  READ FPDMA QUEUED
  60 01 00 00 28 00 00 03 3d d5 75 40 00     12:06:37.037  READ FPDMA QUEUED
 
Error 65529 [121] occurred at disk power-on lifetime: 24398 hours (1016 days + 14 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER -- ST COUNT  LBA_48  LH LM LL DV DC
  -- -- -- == -- == == == -- -- -- -- --
  40 -- 41 00 7a 00 00 13 d0 70 4d 63 00  Error: UNC at LBA = 0x13d0704d = 332427341
 
  Commands leading to the command that caused the error were:
  CR FEATR COUNT  LBA_48  LH LM LL DV DC  Powered_Up_Time  Command/Feature_Name
  -- == -- == -- == == == -- -- -- -- --  ---------------  --------------------
  60 00 08 00 78 00 00 13 d0 70 4d 40 00     12:05:57.531  READ FPDMA QUEUED
  61 00 08 00 70 00 00 04 f8 e3 cd 40 00     12:05:57.531  WRITE FPDMA QUEUED
  61 00 08 00 68 00 00 02 36 2c 45 40 00     12:05:57.531  WRITE FPDMA QUEUED
  60 01 00 00 60 00 00 03 7f 2b 2d 40 00     12:05:57.531  READ FPDMA QUEUED
  60 01 00 00 58 00 00 03 7f 2a 2d 40 00     12:05:57.451  READ FPDMA QUEUED
 
Error 65528 [120] occurred at disk power-on lifetime: 24398 hours (1016 days + 14 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER -- ST COUNT  LBA_48  LH LM LL DV DC
  -- -- -- == -- == == == -- -- -- -- --
  40 -- 41 00 4a 00 00 13 d0 70 4d 63 00  Error: UNC at LBA = 0x13d0704d = 332427341
 
  Commands leading to the command that caused the error were:
  CR FEATR COUNT  LBA_48  LH LM LL DV DC  Powered_Up_Time  Command/Feature_Name
  -- == -- == -- == == == -- -- -- -- --  ---------------  --------------------
  60 00 08 00 48 00 00 13 d0 70 4d 40 00     12:05:53.455  READ FPDMA QUEUED
  61 00 08 00 40 00 00 02 36 2a 2d 40 00     12:05:53.442  WRITE FPDMA QUEUED
  60 00 8e 00 38 00 00 03 88 23 85 40 00     12:05:53.362  READ FPDMA QUEUED
  ec 00 00 00 00 00 00 10 00 00 00 a0 00     12:05:53.281  IDENTIFY DEVICE
  2f 00 00 00 01 00 00 00 00 00 10 e0 00     12:05:53.200  READ LOG EXT
 
Error 65527 [119] occurred at disk power-on lifetime: 24398 hours (1016 days + 14 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER -- ST COUNT  LBA_48  LH LM LL DV DC
  -- -- -- == -- == == == -- -- -- -- --
  40 -- 41 00 0a 00 00 13 d0 36 86 63 00  Error: UNC at LBA = 0x13d03686 = 332412550
 
  Commands leading to the command that caused the error were:
  CR FEATR COUNT  LBA_48  LH LM LL DV DC  Powered_Up_Time  Command/Feature_Name
  -- == -- == -- == == == -- -- -- -- --  ---------------  --------------------
  60 01 00 00 28 00 00 03 88 22 85 40 00     12:05:49.340  READ FPDMA QUEUED
  60 01 00 00 20 00 00 03 88 21 85 40 00     12:05:49.340  READ FPDMA QUEUED
  60 01 00 00 18 00 00 03 88 20 85 40 00     12:05:49.340  READ FPDMA QUEUED
  60 01 00 00 10 00 00 03 88 1f 85 40 00     12:05:49.340  READ FPDMA QUEUED
  60 00 08 00 08 00 00 13 d0 36 85 40 00     12:05:49.340  READ FPDMA QUEUED
 
Error 65526 [118] occurred at disk power-on lifetime: 24398 hours (1016 days + 14 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER -- ST COUNT  LBA_48  LH LM LL DV DC
  -- -- -- == -- == == == -- -- -- -- --
  40 -- 41 00 aa 00 00 13 d0 36 86 63 00  Error: UNC at LBA = 0x13d03686 = 332412550
 
  Commands leading to the command that caused the error were:
  CR FEATR COUNT  LBA_48  LH LM LL DV DC  Powered_Up_Time  Command/Feature_Name
  -- == -- == -- == == == -- -- -- -- --  ---------------  --------------------
  60 00 08 00 a8 00 00 13 d0 36 85 40 00     12:05:45.194  READ FPDMA QUEUED
  60 00 50 00 a0 00 00 03 80 ad 15 40 00     12:05:45.174  READ FPDMA QUEUED
  60 01 00 00 98 00 00 03 80 ac 15 40 00     12:05:45.174  READ FPDMA QUEUED
  60 01 00 00 90 00 00 03 80 ab 15 40 00     12:05:45.094  READ FPDMA QUEUED
  ea 00 00 00 00 00 00 00 00 00 00 a0 00     12:05:45.014  FLUSH CACHE EXT
 
Error 65525 [117] occurred at disk power-on lifetime: 24398 hours (1016 days + 14 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER -- ST COUNT  LBA_48  LH LM LL DV DC
  -- -- -- == -- == == == -- -- -- -- --
  40 -- 41 00 7a 00 00 13 d0 36 86 63 00  Error: WP at LBA = 0x13d03686 = 332412550
 
  Commands leading to the command that caused the error were:
  CR FEATR COUNT  LBA_48  LH LM LL DV DC  Powered_Up_Time  Command/Feature_Name
  -- == -- == -- == == == -- -- -- -- --  ---------------  --------------------
  61 00 08 00 80 00 00 02 33 fa 45 40 00     12:05:41.074  WRITE FPDMA QUEUED
  60 00 08 00 78 00 00 13 d0 36 85 40 00     12:05:41.073  READ FPDMA QUEUED
  60 01 00 00 70 00 00 03 80 aa 15 40 00     12:05:41.073  READ FPDMA QUEUED
  60 01 00 00 68 00 00 03 80 a9 15 40 00     12:05:41.073  READ FPDMA QUEUED
  60 01 00 00 60 00 00 03 80 a8 15 40 00     12:05:41.073  READ FPDMA QUEUED
 
Error 65524 [116] occurred at disk power-on lifetime: 24398 hours (1016 days + 14 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER -- ST COUNT  LBA_48  LH LM LL DV DC
  -- -- -- == -- == == == -- -- -- -- --
  40 -- 41 00 2a 00 00 13 d0 36 86 63 00  Error: UNC at LBA = 0x13d03686 = 332412550
 
  Commands leading to the command that caused the error were:
  CR FEATR COUNT  LBA_48  LH LM LL DV DC  Powered_Up_Time  Command/Feature_Name
  -- == -- == -- == == == -- -- -- -- --  ---------------  --------------------
  60 01 00 00 38 00 00 03 80 a6 15 40 00     12:05:37.070  READ FPDMA QUEUED
  60 01 00 00 30 00 00 03 80 a5 15 40 00     12:05:37.069  READ FPDMA QUEUED
  60 00 40 00 28 00 00 13 d0 36 85 40 00     12:05:37.063  READ FPDMA QUEUED
  60 00 11 00 20 00 00 03 29 51 0d 40 00     12:05:37.043  READ FPDMA QUEUED
  60 01 00 00 18 00 00 03 29 50 0d 40 00     12:05:36.975  READ FPDMA QUEUED
 
Error 65523 [115] occurred at disk power-on lifetime: 24398 hours (1016 days + 14 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER -- ST COUNT  LBA_48  LH LM LL DV DC
  -- -- -- == -- == == == -- -- -- -- --
  40 -- 41 00 9a 00 00 13 d0 70 4d 63 00  Error: WP at LBA = 0x13d0704d = 332427341
 
  Commands leading to the command that caused the error were:
  CR FEATR COUNT  LBA_48  LH LM LL DV DC  Powered_Up_Time  Command/Feature_Name
  -- == -- == -- == == == -- -- -- -- --  ---------------  --------------------
  61 00 50 00 a0 00 00 12 07 61 b5 40 00     12:04:56.432  WRITE FPDMA QUEUED
  60 00 08 00 98 00 00 13 d0 70 4d 40 00     12:04:56.432  READ FPDMA QUEUED
  ea 00 00 00 00 00 00 00 00 00 00 a0 00     12:04:56.431  FLUSH CACHE EXT
  2f 00 00 00 01 00 00 00 00 00 10 e0 00     12:04:56.430  READ LOG EXT
  60 00 08 00 88 00 00 13 d0 70 4d 40 00     12:04:52.597  READ FPDMA QUEUED
 
Error 65522 [114] occurred at disk power-on lifetime: 24398 hours (1016 days + 14 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER -- ST COUNT  LBA_48  LH LM LL DV DC
  -- -- -- == -- == == == -- -- -- -- --
  40 -- 41 00 8a 00 00 13 d0 70 4d 63 00  Error: UNC at LBA = 0x13d0704d = 332427341
 
  Commands leading to the command that caused the error were:
  CR FEATR COUNT  LBA_48  LH LM LL DV DC  Powered_Up_Time  Command/Feature_Name
  -- == -- == -- == == == -- -- -- -- --  ---------------  --------------------
  60 00 08 00 88 00 00 13 d0 70 4d 40 00     12:04:52.597  READ FPDMA QUEUED
  61 00 08 00 80 00 00 14 93 02 cd 40 00     12:04:52.596  WRITE FPDMA QUEUED
  60 00 08 00 78 00 00 08 00 d7 cc 40 00     12:04:52.579  READ FPDMA QUEUED
  60 01 00 00 58 00 00 03 e5 00 3d 40 00     12:04:52.543  READ FPDMA QUEUED
  60 01 00 00 50 00 00 03 e4 ff 3d 40 00     12:04:52.543  READ FPDMA QUEUED
 
Error 65521 [113] occurred at disk power-on lifetime: 24398 hours (1016 days + 14 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER -- ST COUNT  LBA_48  LH LM LL DV DC
  -- -- -- == -- == == == -- -- -- -- --
  40 -- 41 00 32 00 00 13 d0 36 86 63 00  Error: UNC at LBA = 0x13d03686 = 332412550
 
  Commands leading to the command that caused the error were:
  CR FEATR COUNT  LBA_48  LH LM LL DV DC  Powered_Up_Time  Command/Feature_Name
  -- == -- == -- == == == -- -- -- -- --  ---------------  --------------------
  60 01 00 00 58 00 00 03 e5 00 3d 40 00     12:04:48.708  READ FPDMA QUEUED
  60 01 00 00 50 00 00 03 e4 ff 3d 40 00     12:04:48.708  READ FPDMA QUEUED
  60 01 00 00 48 00 00 03 e4 fe 3d 40 00     12:04:48.708  READ FPDMA QUEUED
  60 01 00 00 40 00 00 03 e4 fd 3d 40 00     12:04:48.708  READ FPDMA QUEUED
  61 00 08 00 38 00 00 02 33 f9 b5 40 00     12:04:48.688  WRITE FPDMA QUEUED
 
Error 65520 [112] occurred at disk power-on lifetime: 24398 hours (1016 days + 14 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER -- ST COUNT  LBA_48  LH LM LL DV DC
  -- -- -- == -- == == == -- -- -- -- --
  40 -- 41 00 f2 00 00 13 d0 36 86 63 00  Error: UNC at LBA = 0x13d03686 = 332412550
 
  Commands leading to the command that caused the error were:
  CR FEATR COUNT  LBA_48  LH LM LL DV DC  Powered_Up_Time  Command/Feature_Name
  -- == -- == -- == == == -- -- -- -- --  ---------------  --------------------
  60 00 a8 00 08 00 00 04 14 5f dd 40 00     12:04:44.829  READ FPDMA QUEUED
  60 01 00 00 f8 00 00 04 14 5e dd 40 00     12:04:44.829  READ FPDMA QUEUED
  60 00 08 00 f0 00 00 13 d0 36 85 40 00     12:04:44.829  READ FPDMA QUEUED
  61 00 20 00 e8 00 00 04 3f 8e c5 40 00     12:04:44.829  WRITE FPDMA QUEUED
  61 00 0b 00 e0 00 00 07 78 e5 ed 40 00     12:04:44.829  WRITE FPDMA QUEUED
 
Error 65519 [111] occurred at disk power-on lifetime: 24398 hours (1016 days + 14 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER -- ST COUNT  LBA_48  LH LM LL DV DC
  -- -- -- == -- == == == -- -- -- -- --
  40 -- 41 00 a2 00 00 13 d0 36 86 63 00  Error: UNC at LBA = 0x13d03686 = 332412550
 
  Commands leading to the command that caused the error were:
  CR FEATR COUNT  LBA_48  LH LM LL DV DC  Powered_Up_Time  Command/Feature_Name
  -- == -- == -- == == == -- -- -- -- --  ---------------  --------------------
  60 00 08 00 a0 00 00 13 d0 36 85 40 00     12:04:40.912  READ FPDMA QUEUED
  61 00 70 00 98 00 00 02 34 a6 9d 40 00     12:04:40.911  WRITE FPDMA QUEUED
  61 00 40 00 90 00 00 11 6c bd ed 40 00     12:04:40.909  WRITE FPDMA QUEUED
  61 00 08 00 88 00 00 0b 97 05 bd 40 00     12:04:40.908  WRITE FPDMA QUEUED
  60 01 00 00 80 00 00 04 14 59 dd 40 00     12:04:40.905  READ FPDMA QUEUED
 
Error 65518 [110] occurred at disk power-on lifetime: 24398 hours (1016 days + 14 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER -- ST COUNT  LBA_48  LH LM LL DV DC
  -- -- -- == -- == == == -- -- -- -- --
  40 -- 41 00 42 00 00 13 d0 36 86 63 00  Error: UNC at LBA = 0x13d03686 = 332412550
 
  Commands leading to the command that caused the error were:
  CR FEATR COUNT  LBA_48  LH LM LL DV DC  Powered_Up_Time  Command/Feature_Name
  -- == -- == -- == == == -- -- -- -- --  ---------------  --------------------
  60 00 40 00 40 00 00 13 d0 36 85 40 00     12:04:37.052  READ FPDMA QUEUED
  60 00 67 00 38 00 00 05 4d 59 2d 40 00     12:04:37.043  READ FPDMA QUEUED
  60 01 00 00 30 00 00 05 4d 58 2d 40 00     12:04:37.043  READ FPDMA QUEUED
  60 01 00 00 28 00 00 05 4d 57 2d 40 00     12:04:37.043  READ FPDMA QUEUED
  60 01 00 00 20 00 00 05 4d 56 2d 40 00     12:04:37.043  READ FPDMA QUEUED
 
Error 65517 [109] occurred at disk power-on lifetime: 24398 hours (1016 days + 14 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER -- ST COUNT  LBA_48  LH LM LL DV DC
  -- -- -- == -- == == == -- -- -- -- --
  40 -- 41 00 22 00 00 13 d0 70 4d 63 00  Error: UNC at LBA = 0x13d0704d = 332427341
 
  Commands leading to the command that caused the error were:
  CR FEATR COUNT  LBA_48  LH LM LL DV DC  Powered_Up_Time  Command/Feature_Name
  -- == -- == -- == == == -- -- -- -- --  ---------------  --------------------
  60 01 00 00 40 00 00 03 bb 92 b5 40 00     12:03:56.534  READ FPDMA QUEUED
  60 01 00 00 38 00 00 03 bb 91 b5 40 00     12:03:56.534  READ FPDMA QUEUED
  60 01 00 00 30 00 00 03 bb 90 b5 40 00     12:03:56.534  READ FPDMA QUEUED
  60 01 00 00 28 00 00 03 bb 8f b5 40 00     12:03:56.534  READ FPDMA QUEUED
  60 00 08 00 20 00 00 13 d0 70 4d 40 00     12:03:56.534  READ FPDMA QUEUED
 
Error 65516 [108] occurred at disk power-on lifetime: 24398 hours (1016 days + 14 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER -- ST COUNT  LBA_48  LH LM LL DV DC
  -- -- -- == -- == == == -- -- -- -- --
  40 -- 41 00 ea 00 00 13 d0 70 4d 63 00  Error: WP at LBA = 0x13d0704d = 332427341
 
  Commands leading to the command that caused the error were:
  CR FEATR COUNT  LBA_48  LH LM LL DV DC  Powered_Up_Time  Command/Feature_Name
  -- == -- == -- == == == -- -- -- -- --  ---------------  --------------------
  61 00 28 00 f0 00 00 02 33 fa 45 40 00     12:03:52.659  WRITE FPDMA QUEUED
  60 00 08 00 e8 00 00 13 d0 70 4d 40 00     12:03:52.658  READ FPDMA QUEUED
  61 00 08 00 e0 00 00 02 33 f9 b5 40 00     12:03:52.658  WRITE FPDMA QUEUED
  60 00 4f 00 d8 00 00 03 94 be 9d 40 00     12:03:52.658  READ FPDMA QUEUED
  61 00 80 00 d0 00 00 01 e9 c6 c5 40 00     12:03:52.657  WRITE FPDMA QUEUED
 
Error 65515 [107] occurred at disk power-on lifetime: 24398 hours (1016 days + 14 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER -- ST COUNT  LBA_48  LH LM LL DV DC
  -- -- -- == -- == == == -- -- -- -- --
  40 -- 41 00 82 00 00 13 d0 36 86 63 00  Error: UNC at LBA = 0x13d03686 = 332412550
 
  Commands leading to the command that caused the error were:
  CR FEATR COUNT  LBA_48  LH LM LL DV DC  Powered_Up_Time  Command/Feature_Name
  -- == -- == -- == == == -- -- -- -- --  ---------------  --------------------
  60 01 00 00 98 00 00 03 94 b9 9d 40 00     12:03:48.747  READ FPDMA QUEUED
  60 01 00 00 90 00 00 03 94 b8 9d 40 00     12:03:48.746  READ FPDMA QUEUED
  61 00 08 00 88 00 00 02 33 f9 c5 40 00     12:03:48.746  WRITE FPDMA QUEUED
  60 00 08 00 80 00 00 13 d0 36 85 40 00     12:03:48.746  READ FPDMA QUEUED
  61 00 18 00 78 00 00 13 c8 ff 3d 40 00     12:03:48.746  WRITE FPDMA QUEUED
 
Error 65514 [106] occurred at disk power-on lifetime: 24398 hours (1016 days + 14 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER -- ST COUNT  LBA_48  LH LM LL DV DC
  -- -- -- == -- == == == -- -- -- -- --
  40 -- 41 00 0a 00 00 13 d0 36 86 63 00  Error: WP at LBA = 0x13d03686 = 332412550
 
  Commands leading to the command that caused the error were:
  CR FEATR COUNT  LBA_48  LH LM LL DV DC  Powered_Up_Time  Command/Feature_Name
  -- == -- == -- == == == -- -- -- -- --  ---------------  --------------------
  61 00 08 00 40 00 00 02 33 fa 4d 40 00     12:03:44.840  WRITE FPDMA QUEUED
  60 01 00 00 38 00 00 03 df 9e e5 40 00     12:03:44.839  READ FPDMA QUEUED
  60 01 00 00 30 00 00 03 df 9d e5 40 00     12:03:44.839  READ FPDMA QUEUED
  60 01 00 00 28 00 00 03 df 9c e5 40 00     12:03:44.839  READ FPDMA QUEUED
  60 01 00 00 20 00 00 03 df 9b e5 40 00     12:03:44.839  READ FPDMA QUEUED
 
Error 65513 [105] occurred at disk power-on lifetime: 24398 hours (1016 days + 14 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER -- ST COUNT  LBA_48  LH LM LL DV DC
  -- -- -- == -- == == == -- -- -- -- --
  40 -- 41 00 d2 00 00 13 d0 36 86 63 00  Error: UNC at LBA = 0x13d03686 = 332412550
 
  Commands leading to the command that caused the error were:
  CR FEATR COUNT  LBA_48  LH LM LL DV DC  Powered_Up_Time  Command/Feature_Name
  -- == -- == -- == == == -- -- -- -- --  ---------------  --------------------
  60 00 40 00 e0 00 00 02 22 ba 17 40 00     12:03:40.968  READ FPDMA QUEUED
  61 00 08 00 d8 00 00 02 33 f9 bd 40 00     12:03:40.948  WRITE FPDMA QUEUED
  60 00 08 00 d0 00 00 13 d0 36 85 40 00     12:03:40.948  READ FPDMA QUEUED
  60 00 40 00 c8 00 00 02 22 ba 57 40 00     12:03:40.948  READ FPDMA QUEUED
  61 00 18 00 c0 00 00 12 2e 06 e5 40 00     12:03:40.948  WRITE FPDMA QUEUED
 
Error 65512 [104] occurred at disk power-on lifetime: 24398 hours (1016 days + 14 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER -- ST COUNT  LBA_48  LH LM LL DV DC
  -- -- -- == -- == == == -- -- -- -- --
  40 -- 41 00 62 00 00 13 d0 36 86 63 00  Error: UNC at LBA = 0x13d03686 = 332412550
 
  Commands leading to the command that caused the error were:
  CR FEATR COUNT  LBA_48  LH LM LL DV DC  Powered_Up_Time  Command/Feature_Name
  -- == -- == -- == == == -- -- -- -- --  ---------------  --------------------
  60 00 40 00 60 00 00 13 d0 36 85 40 00     12:03:37.053  READ FPDMA QUEUED
  60 00 dd 00 58 00 00 03 ab 20 dd 40 00     12:03:37.018  READ FPDMA QUEUED
  60 01 00 00 50 00 00 03 ab 1f dd 40 00     12:03:37.005  READ FPDMA QUEUED
  60 01 00 00 48 00 00 03 ab 1e dd 40 00     12:03:37.004  READ FPDMA QUEUED
  60 01 00 00 40 00 00 03 ab 1d dd 40 00     12:03:37.004  READ FPDMA QUEUED
 
Error 65511 [103] occurred at disk power-on lifetime: 24398 hours (1016 days + 14 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER -- ST COUNT  LBA_48  LH LM LL DV DC
  -- -- -- == -- == == == -- -- -- -- --
  40 -- 41 00 32 00 00 13 d0 70 4d 63 00  Error: UNC at LBA = 0x13d0704d = 332427341
 
  Commands leading to the command that caused the error were:
  CR FEATR COUNT  LBA_48  LH LM LL DV DC  Powered_Up_Time  Command/Feature_Name
  -- == -- == -- == == == -- -- -- -- --  ---------------  --------------------
  60 01 00 00 50 00 00 04 1b 8c dd 40 00     12:02:56.397  READ FPDMA QUEUED
  60 01 00 00 48 00 00 04 1b 8b dd 40 00     12:02:56.397  READ FPDMA QUEUED
  60 01 00 00 40 00 00 04 1b 8a dd 40 00     12:02:56.397  READ FPDMA QUEUED
  60 01 00 00 38 00 00 04 1b 89 dd 40 00     12:02:56.397  READ FPDMA QUEUED
  60 00 08 00 30 00 00 13 d0 70 4d 40 00     12:02:56.397  READ FPDMA QUEUED
 
Error 65510 [102] occurred at disk power-on lifetime: 24398 hours (1016 days + 14 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER -- ST COUNT  LBA_48  LH LM LL DV DC
  -- -- -- == -- == == == -- -- -- -- --
  40 -- 41 00 f2 00 00 13 d0 70 4d 63 00  Error: WP at LBA = 0x13d0704d = 332427341
 
  Commands leading to the command that caused the error were:
  CR FEATR COUNT  LBA_48  LH LM LL DV DC  Powered_Up_Time  Command/Feature_Name
  -- == -- == -- == == == -- -- -- -- --  ---------------  --------------------
  61 00 08 00 18 00 00 02 33 f9 dd 40 00     12:02:52.999  WRITE FPDMA QUEUED
  61 00 10 00 10 00 00 01 d7 24 25 40 00     12:02:52.999  WRITE FPDMA QUEUED
  60 01 00 00 08 00 00 04 1b 88 dd 40 00     12:02:52.552  READ FPDMA QUEUED
  60 01 00 00 f8 00 00 04 1b 87 dd 40 00     12:02:52.552  READ FPDMA QUEUED
  60 00 08 00 f0 00 00 13 d0 70 4d 40 00     12:02:52.526  READ FPDMA QUEUED
 
Error 65509 [101] occurred at disk power-on lifetime: 24398 hours (1016 days + 14 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER -- ST COUNT  LBA_48  LH LM LL DV DC
  -- -- -- == -- == == == -- -- -- -- --
  40 -- 41 00 a2 00 00 13 d0 36 86 63 00  Error: UNC at LBA = 0x13d03686 = 332412550
 
  Commands leading to the command that caused the error were:
  CR FEATR COUNT  LBA_48  LH LM LL DV DC  Powered_Up_Time  Command/Feature_Name
  -- == -- == -- == == == -- -- -- -- --  ---------------  --------------------
  60 01 00 00 c0 00 00 04 20 42 f5 40 00     12:02:48.661  READ FPDMA QUEUED
  60 01 00 00 b8 00 00 04 20 41 f5 40 00     12:02:48.661  READ FPDMA QUEUED
  60 01 00 00 b0 00 00 04 20 40 f5 40 00     12:02:48.661  READ FPDMA QUEUED
  60 01 00 00 a8 00 00 04 20 3f f5 40 00     12:02:48.661  READ FPDMA QUEUED
  60 00 08 00 a0 00 00 13 d0 36 85 40 00     12:02:48.659  READ FPDMA QUEUED
 
Error 65508 [100] occurred at disk power-on lifetime: 24398 hours (1016 days + 14 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER -- ST COUNT  LBA_48  LH LM LL DV DC
  -- -- -- == -- == == == -- -- -- -- --
  40 -- 41 00 7a 00 00 13 d0 36 86 63 00  Error: WP at LBA = 0x13d03686 = 332412550
 
  Commands leading to the command that caused the error were:
  CR FEATR COUNT  LBA_48  LH LM LL DV DC  Powered_Up_Time  Command/Feature_Name
  -- == -- == -- == == == -- -- -- -- --  ---------------  --------------------
  61 00 10 00 80 00 00 02 33 fa 55 40 00     12:02:44.787  WRITE FPDMA QUEUED
  60 00 08 00 78 00 00 13 d0 36 85 40 00     12:02:44.786  READ FPDMA QUEUED
  61 00 20 00 70 00 00 06 59 5e 65 40 00     12:02:44.786  WRITE FPDMA QUEUED
  61 00 18 00 68 00 00 12 2e 06 e5 40 00     12:02:44.786  WRITE FPDMA QUEUED
  60 00 e6 00 60 00 00 02 67 05 65 40 00     12:02:44.768  READ FPDMA QUEUED
 
Error 65507 [99] occurred at disk power-on lifetime: 24398 hours (1016 days + 14 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER -- ST COUNT  LBA_48  LH LM LL DV DC
  -- -- -- == -- == == == -- -- -- -- --
  40 -- 41 00 3a 00 00 13 d0 36 86 63 00  Error: UNC at LBA = 0x13d03686 = 332412550
 
  Commands leading to the command that caused the error were:
  CR FEATR COUNT  LBA_48  LH LM LL DV DC  Powered_Up_Time  Command/Feature_Name
  -- == -- == -- == == == -- -- -- -- --  ---------------  --------------------
  60 01 00 00 50 00 00 02 67 03 65 40 00     12:02:40.921  READ FPDMA QUEUED
  60 01 00 00 48 00 00 02 67 02 65 40 00     12:02:40.921  READ FPDMA QUEUED
  60 01 00 00 40 00 00 02 67 01 65 40 00     12:02:40.921  READ FPDMA QUEUED
  60 00 08 00 38 00 00 13 d0 36 85 40 00     12:02:40.921  READ FPDMA QUEUED
  60 01 00 00 30 00 00 02 67 00 65 40 00     12:02:40.921  READ FPDMA QUEUED
 
Error 65506 [98] occurred at disk power-on lifetime: 24398 hours (1016 days + 14 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER -- ST COUNT  LBA_48  LH LM LL DV DC
  -- -- -- == -- == == == -- -- -- -- --
  40 -- 41 00 12 00 00 13 d0 36 86 63 00  Error: UNC at LBA = 0x13d03686 = 332412550
 
  Commands leading to the command that caused the error were:
  CR FEATR COUNT  LBA_48  LH LM LL DV DC  Powered_Up_Time  Command/Feature_Name
  -- == -- == -- == == == -- -- -- -- --  ---------------  --------------------
  60 00 40 00 10 00 00 13 d0 36 85 40 00     12:02:37.068  READ FPDMA QUEUED
  60 00 61 00 08 00 00 03 3e 9a bd 40 00     12:02:37.016  READ FPDMA QUEUED
  60 01 00 00 f8 00 00 03 3e 99 bd 40 00     12:02:37.016  READ FPDMA QUEUED
  60 01 00 00 f0 00 00 03 3e 98 bd 40 00     12:02:37.016  READ FPDMA QUEUED
  60 01 00 00 e8 00 00 03 3e 97 bd 40 00     12:02:36.982  READ FPDMA QUEUED
 
Error 65505 [97] occurred at disk power-on lifetime: 24398 hours (1016 days + 14 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER -- ST COUNT  LBA_48  LH LM LL DV DC
  -- -- -- == -- == == == -- -- -- -- --
  40 -- 41 00 2a 00 00 13 d0 70 4d 63 00  Error: WP at LBA = 0x13d0704d = 332427341
 
  Commands leading to the command that caused the error were:
  CR FEATR COUNT  LBA_48  LH LM LL DV DC  Powered_Up_Time  Command/Feature_Name
  -- == -- == -- == == == -- -- -- -- --  ---------------  --------------------
  61 00 18 00 38 00 00 02 33 fa a5 40 00     12:02:08.462  WRITE FPDMA QUEUED
  60 00 08 00 30 00 00 15 4c 24 15 40 00     12:02:08.462  READ FPDMA QUEUED
  60 00 08 00 28 00 00 13 d0 70 4d 40 00     12:02:08.462  READ FPDMA QUEUED
  60 00 25 00 20 00 00 03 08 16 05 40 00     12:02:08.460  READ FPDMA QUEUED
  60 01 00 00 18 00 00 03 08 15 05 40 00     12:02:08.460  READ FPDMA QUEUED
 
Error 65504 [96] occurred at disk power-on lifetime: 24398 hours (1016 days + 14 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER -- ST COUNT  LBA_48  LH LM LL DV DC
  -- -- -- == -- == == == -- -- -- -- --
  40 -- 41 00 da 00 00 13 d0 70 4d 63 00  Error: UNC at LBA = 0x13d0704d = 332427341
 
  Commands leading to the command that caused the error were:
  CR FEATR COUNT  LBA_48  LH LM LL DV DC  Powered_Up_Time  Command/Feature_Name
  -- == -- == -- == == == -- -- -- -- --  ---------------  --------------------
  60 01 00 00 f0 00 00 03 08 13 05 40 00     12:02:04.619  READ FPDMA QUEUED
  60 01 00 00 e8 00 00 03 08 12 05 40 00     12:02:04.619  READ FPDMA QUEUED
  60 00 08 00 e0 00 00 15 4c 24 35 40 00     12:02:04.581  READ FPDMA QUEUED
  60 00 08 00 d8 00 00 13 d0 70 4d 40 00     12:02:04.580  READ FPDMA QUEUED
  60 00 90 00 d0 00 00 03 21 a8 4d 40 00     12:02:04.579  READ FPDMA QUEUED
 
Error 65503 [95] occurred at disk power-on lifetime: 24398 hours (1016 days + 14 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER -- ST COUNT  LBA_48  LH LM LL DV DC
  -- -- -- == -- == == == -- -- -- -- --
  40 -- 41 00 0a 00 00 13 d0 70 4d 63 00  Error: WP at LBA = 0x13d0704d = 332427341
 
  Commands leading to the command that caused the error were:
  CR FEATR COUNT  LBA_48  LH LM LL DV DC  Powered_Up_Time  Command/Feature_Name
  -- == -- == -- == == == -- -- -- -- --  ---------------  --------------------
  61 00 c0 00 a8 00 00 0f d4 a1 b5 40 00     12:02:00.842  WRITE FPDMA QUEUED
  61 01 00 00 a0 00 00 0f d4 a0 b5 40 00     12:02:00.842  WRITE FPDMA QUEUED
  61 00 f0 00 98 00 00 0f d4 9f c5 40 00     12:02:00.838  WRITE FPDMA QUEUED
  61 01 00 00 90 00 00 0f d4 9e c5 40 00     12:02:00.838  WRITE FPDMA QUEUED
  61 01 00 00 88 00 00 0f d4 9d c5 40 00     12:02:00.838  WRITE FPDMA QUEUED
 
Error 65502 [94] occurred at disk power-on lifetime: 24398 hours (1016 days + 14 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER -- ST COUNT  LBA_48  LH LM LL DV DC
  -- -- -- == -- == == == -- -- -- -- --
  40 -- 41 00 da 00 00 13 d0 70 4d 63 00  Error: UNC at LBA = 0x13d0704d = 332427341
 
  Commands leading to the command that caused the error were:
  CR FEATR COUNT  LBA_48  LH LM LL DV DC  Powered_Up_Time  Command/Feature_Name
  -- == -- == -- == == == -- -- -- -- --  ---------------  --------------------
  60 01 00 00 f0 00 00 03 5f 59 fd 40 00     12:01:56.769  READ FPDMA QUEUED
  60 01 00 00 e8 00 00 03 5f 58 fd 40 00     12:01:56.769  READ FPDMA QUEUED
  60 00 40 00 e0 00 00 15 4b 1f f5 40 00     12:01:56.742  READ FPDMA QUEUED
  60 00 40 00 d8 00 00 13 d0 70 4d 40 00     12:01:56.727  READ FPDMA QUEUED
  61 00 d0 00 d0 00 00 0d 2e 03 c5 40 00     12:01:56.727  WRITE FPDMA QUEUED
 
Error 65501 [93] occurred at disk power-on lifetime: 24398 hours (1016 days + 14 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER -- ST COUNT  LBA_48  LH LM LL DV DC
  -- -- -- == -- == == == -- -- -- -- --
  40 -- 41 00 4a 00 00 13 d0 36 86 63 00  Error: UNC at LBA = 0x13d03686 = 332412550
 
  Commands leading to the command that caused the error were:
  CR FEATR COUNT  LBA_48  LH LM LL DV DC  Powered_Up_Time  Command/Feature_Name
  -- == -- == -- == == == -- -- -- -- --  ---------------  --------------------
  60 01 00 00 88 00 00 03 24 1e fd 40 00     12:01:52.822  READ FPDMA QUEUED
  60 01 00 00 80 00 00 03 24 1d fd 40 00     12:01:52.822  READ FPDMA QUEUED
  61 00 c8 00 78 00 00 0d 2e 09 d5 40 00     12:01:52.814  WRITE FPDMA QUEUED
  61 01 00 00 70 00 00 0d 2e 08 d5 40 00     12:01:52.814  WRITE FPDMA QUEUED
  61 01 00 00 68 00 00 0d 2e 07 d5 40 00     12:01:52.814  WRITE FPDMA QUEUED
 
Error 65500 [92] occurred at disk power-on lifetime: 24398 hours (1016 days + 14 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER -- ST COUNT  LBA_48  LH LM LL DV DC
  -- -- -- == -- == == == -- -- -- -- --
  40 -- 41 00 0a 00 00 13 d0 36 86 63 00  Error: UNC at LBA = 0x13d03686 = 332412550
 
  Commands leading to the command that caused the error were:
  CR FEATR COUNT  LBA_48  LH LM LL DV DC  Powered_Up_Time  Command/Feature_Name
  -- == -- == -- == == == -- -- -- -- --  ---------------  --------------------
  60 00 08 00 08 00 00 13 d0 36 85 40 00     12:01:48.912  READ FPDMA QUEUED
  61 00 c0 00 f8 00 00 11 1a 3e 7d 40 00     12:01:48.911  WRITE FPDMA QUEUED
  61 00 50 00 f0 00 00 11 1a 3b 15 40 00     12:01:48.909  WRITE FPDMA QUEUED
  61 00 10 00 e8 00 00 02 33 fa 1d 40 00     12:01:48.908  WRITE FPDMA QUEUED
  61 00 28 00 e0 00 00 11 1a 3a 0d 40 00     12:01:48.908  WRITE FPDMA QUEUED
 
Error 65499 [91] occurred at disk power-on lifetime: 24398 hours (1016 days + 14 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER -- ST COUNT  LBA_48  LH LM LL DV DC
  -- -- -- == -- == == == -- -- -- -- --
  40 -- 41 00 e2 00 00 13 d0 36 86 63 00  Error: UNC at LBA = 0x13d03686 = 332412550
 
  Commands leading to the command that caused the error were:
  CR FEATR COUNT  LBA_48  LH LM LL DV DC  Powered_Up_Time  Command/Feature_Name
  -- == -- == -- == == == -- -- -- -- --  ---------------  --------------------
  60 00 da 00 90 00 00 03 68 73 25 40 00     12:01:45.036  READ FPDMA QUEUED
  60 00 20 00 88 00 00 02 22 bd 8c 40 00     12:01:45.000  READ FPDMA QUEUED
  60 00 40 00 80 00 00 04 9f 58 ef 40 00     12:01:44.985  READ FPDMA QUEUED
  60 00 20 00 78 00 00 04 9f 58 67 40 00     12:01:44.985  READ FPDMA QUEUED
  60 00 40 00 70 00 00 04 9f 58 87 40 00     12:01:44.984  READ FPDMA QUEUED
 
Error 65498 [90] occurred at disk power-on lifetime: 24398 hours (1016 days + 14 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER -- ST COUNT  LBA_48  LH LM LL DV DC
  -- -- -- == -- == == == -- -- -- -- --
  40 -- 41 00 8a 00 00 13 d0 36 86 63 00  Error: UNC at LBA = 0x13d03686 = 332412550
 
  Commands leading to the command that caused the error were:
  CR FEATR COUNT  LBA_48  LH LM LL DV DC  Powered_Up_Time  Command/Feature_Name
  -- == -- == -- == == == -- -- -- -- --  ---------------  --------------------
  60 00 40 00 88 00 00 13 d0 36 85 40 00     12:01:41.104  READ FPDMA QUEUED
  60 00 e8 00 80 00 00 03 50 d5 7d 40 00     12:01:41.084  READ FPDMA QUEUED
  60 01 00 00 78 00 00 03 50 d4 7d 40 00     12:01:41.084  READ FPDMA QUEUED
  60 01 00 00 70 00 00 03 50 d3 7d 40 00     12:01:41.083  READ FPDMA QUEUED
  60 01 00 00 68 00 00 03 50 d2 7d 40 00     12:01:41.083  READ FPDMA QUEUED
 
Error 65497 [89] occurred at disk power-on lifetime: 24398 hours (1016 days + 14 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER -- ST COUNT  LBA_48  LH LM LL DV DC
  -- -- -- == -- == == == -- -- -- -- --
  40 -- 41 00 da 00 00 13 d0 70 4d 63 00  Error: WP at LBA = 0x13d0704d = 332427341
 
  Commands leading to the command that caused the error were:
  CR FEATR COUNT  LBA_48  LH LM LL DV DC  Powered_Up_Time  Command/Feature_Name
  -- == -- == -- == == == -- -- -- -- --  ---------------  --------------------
  61 00 30 00 10 00 00 02 33 f9 d5 40 00     12:00:56.845  WRITE FPDMA QUEUED
  60 01 00 00 08 00 00 03 ad c2 45 40 00     12:00:56.789  READ FPDMA QUEUED
  60 01 00 00 f8 00 00 03 ad c1 45 40 00     12:00:56.789  READ FPDMA QUEUED
  60 00 08 00 f0 00 00 02 20 6e 6f 40 00     12:00:56.747  READ FPDMA QUEUED
  61 00 08 00 e8 00 00 12 2b b4 85 40 00     12:00:56.747  WRITE FPDMA QUEUED
 
Error 65496 [88] occurred at disk power-on lifetime: 24398 hours (1016 days + 14 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER -- ST COUNT  LBA_48  LH LM LL DV DC
  -- -- -- == -- == == == -- -- -- -- --
  40 -- 41 00 62 00 00 13 d0 70 4d 63 00  Error: UNC at LBA = 0x13d0704d = 332427341
 
  Commands leading to the command that caused the error were:
  CR FEATR COUNT  LBA_48  LH LM LL DV DC  Powered_Up_Time  Command/Feature_Name
  -- == -- == -- == == == -- -- -- -- --  ---------------  --------------------
  60 00 08 00 60 00 00 13 d0 70 4d 40 00     12:00:52.811  READ FPDMA QUEUED
  60 01 00 00 58 00 00 03 b3 6e dd 40 00     12:00:52.809  READ FPDMA QUEUED
  60 01 00 00 50 00 00 03 b3 6d dd 40 00     12:00:52.809  READ FPDMA QUEUED
  60 01 00 00 48 00 00 03 b3 6c dd 40 00     12:00:52.809  READ FPDMA QUEUED
  60 01 00 00 40 00 00 03 b3 6b dd 40 00     12:00:52.809  READ FPDMA QUEUED
 
Error 65495 [87] occurred at disk power-on lifetime: 24398 hours (1016 days + 14 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER -- ST COUNT  LBA_48  LH LM LL DV DC
  -- -- -- == -- == == == -- -- -- -- --
  40 -- 41 00 ea 00 00 13 d0 36 86 63 00  Error: WP at LBA = 0x13d03686 = 332412550
 
  Commands leading to the command that caused the error were:
  CR FEATR COUNT  LBA_48  LH LM LL DV DC  Powered_Up_Time  Command/Feature_Name
  -- == -- == -- == == == -- -- -- -- --  ---------------  --------------------
  61 00 08 00 f0 00 00 02 33 fa 55 40 00     12:00:48.883  WRITE FPDMA QUEUED
  60 00 08 00 e8 00 00 13 d0 36 85 40 00     12:00:48.878  READ FPDMA QUEUED
  60 00 08 00 e0 00 00 01 e5 ea 9f 40 00     12:00:48.877  READ FPDMA QUEUED
  60 00 08 00 d8 00 00 02 9a c7 e5 40 00     12:00:48.877  READ FPDMA QUEUED
  61 00 d0 00 d0 00 00 0c 18 68 2d 40 00     12:00:48.877  WRITE FPDMA QUEUED
 
Error 65494 [86] occurred at disk power-on lifetime: 24398 hours (1016 days + 14 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER -- ST COUNT  LBA_48  LH LM LL DV DC
  -- -- -- == -- == == == -- -- -- -- --
  40 -- 41 00 7a 00 00 13 d0 36 86 63 00  Error: UNC at LBA = 0x13d03686 = 332412550
 
  Commands leading to the command that caused the error were:
  CR FEATR COUNT  LBA_48  LH LM LL DV DC  Powered_Up_Time  Command/Feature_Name
  -- == -- == -- == == == -- -- -- -- --  ---------------  --------------------
  60 00 08 00 80 00 00 01 fe d6 f7 40 00     12:00:44.942  READ FPDMA QUEUED
  60 00 08 00 78 00 00 13 d0 36 85 40 00     12:00:44.936  READ FPDMA QUEUED
  60 00 08 00 70 00 00 02 18 03 a5 40 00     12:00:44.926  READ FPDMA QUEUED
  61 00 10 00 68 00 00 01 da c4 6d 40 00     12:00:44.926  WRITE FPDMA QUEUED
  61 00 08 00 60 00 00 0b de 84 fd 40 00     12:00:44.926  WRITE FPDMA QUEUED
 
Error 65493 [85] occurred at disk power-on lifetime: 24398 hours (1016 days + 14 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER -- ST COUNT  LBA_48  LH LM LL DV DC
  -- -- -- == -- == == == -- -- -- -- --
  40 -- 41 00 da 00 00 13 d0 36 86 63 00  Error: UNC at LBA = 0x13d03686 = 332412550
 
  Commands leading to the command that caused the error were:
  CR FEATR COUNT  LBA_48  LH LM LL DV DC  Powered_Up_Time  Command/Feature_Name
  -- == -- == -- == == == -- -- -- -- --  ---------------  --------------------
  60 01 00 00 08 00 00 03 1c 34 4d 40 00     12:00:40.934  READ FPDMA QUEUED
  61 00 08 00 f8 00 00 02 26 11 7d 40 00     12:00:40.934  WRITE FPDMA QUEUED
  61 00 20 00 f0 00 00 12 2b b4 85 40 00     12:00:40.934  WRITE FPDMA QUEUED
  61 00 08 00 e8 00 00 02 33 fa 45 40 00     12:00:40.933  WRITE FPDMA QUEUED
  61 00 80 00 e0 00 00 13 3f 27 45 40 00     12:00:40.933  WRITE FPDMA QUEUED
 
Error 65492 [84] occurred at disk power-on lifetime: 24398 hours (1016 days + 14 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER -- ST COUNT  LBA_48  LH LM LL DV DC
  -- -- -- == -- == == == -- -- -- -- --
  40 -- 41 00 72 00 00 13 d0 36 86 63 00  Error: UNC at LBA = 0x13d03686 = 332412550
 
  Commands leading to the command that caused the error were:
  CR FEATR COUNT  LBA_48  LH LM LL DV DC  Powered_Up_Time  Command/Feature_Name
  -- == -- == -- == == == -- -- -- -- --  ---------------  --------------------
  60 00 32 00 80 00 00 03 b3 fa a5 40 00     12:00:37.079  READ FPDMA QUEUED
  60 00 08 00 78 00 00 02 1d fa 45 40 00     12:00:37.068  READ FPDMA QUEUED
  60 00 40 00 70 00 00 13 d0 36 85 40 00     12:00:37.051  READ FPDMA QUEUED
  60 00 08 00 68 00 00 02 21 27 25 40 00     12:00:37.049  READ FPDMA QUEUED
  60 00 08 00 60 00 00 02 21 bb e5 40 00     12:00:36.998  READ FPDMA QUEUED
 
Error 65491 [83] occurred at disk power-on lifetime: 24398 hours (1016 days + 14 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER -- ST COUNT  LBA_48  LH LM LL DV DC
  -- -- -- == -- == == == -- -- -- -- --
  40 -- 41 00 ea 00 00 13 d0 70 4d 63 00  Error: WP at LBA = 0x13d0704d = 332427341
 
  Commands leading to the command that caused the error were:
  CR FEATR COUNT  LBA_48  LH LM LL DV DC  Powered_Up_Time  Command/Feature_Name
  -- == -- == -- == == == -- -- -- -- --  ---------------  --------------------
  61 00 18 00 60 00 00 02 33 f9 c5 40 00     12:00:05.207  WRITE FPDMA QUEUED
  60 00 f8 00 58 00 00 08 1b e8 0d 40 00     12:00:05.207  READ FPDMA QUEUED
  60 01 00 00 50 00 00 08 1b e7 0d 40 00     12:00:05.207  READ FPDMA QUEUED
  61 00 08 00 48 00 00 02 33 f9 bd 40 00     12:00:05.205  WRITE FPDMA QUEUED
  61 00 18 00 40 00 00 02 2e 7d e5 40 00     12:00:05.205  WRITE FPDMA QUEUED
 
Error 65490 [82] occurred at disk power-on lifetime: 24398 hours (1016 days + 14 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER -- ST COUNT  LBA_48  LH LM LL DV DC
  -- -- -- == -- == == == -- -- -- -- --
  40 -- 41 00 8a 00 00 13 d0 70 4d 63 00  Error: UNC at LBA = 0x13d0704d = 332427341
 
  Commands leading to the command that caused the error were:
  CR FEATR COUNT  LBA_48  LH LM LL DV DC  Powered_Up_Time  Command/Feature_Name
  -- == -- == -- == == == -- -- -- -- --  ---------------  --------------------
  60 00 8a 00 20 00 00 04 47 cb 6d 40 00     12:00:01.056  READ FPDMA QUEUED
  60 00 08 00 18 00 00 01 fe 3e 47 40 00     12:00:01.052  READ FPDMA QUEUED
  60 01 00 00 10 00 00 04 47 ca 6d 40 00     12:00:01.040  READ FPDMA QUEUED
  60 01 00 00 08 00 00 04 47 c9 6d 40 00     12:00:01.040  READ FPDMA QUEUED
  60 01 00 00 f8 00 00 04 47 c8 6d 40 00     12:00:01.040  READ FPDMA QUEUED
 
Error 65489 [81] occurred at disk power-on lifetime: 24398 hours (1016 days + 14 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER -- ST COUNT  LBA_48  LH LM LL DV DC
  -- -- -- == -- == == == -- -- -- -- --
  40 -- 41 00 82 00 00 13 d0 70 4d 63 00  Error: WP at LBA = 0x13d0704d = 332427341
 
  Commands leading to the command that caused the error were:
  CR FEATR COUNT  LBA_48  LH LM LL DV DC  Powered_Up_Time  Command/Feature_Name
  -- == -- == -- == == == -- -- -- -- --  ---------------  --------------------
  61 00 a0 00 d8 00 00 06 29 ba 85 40 00     11:59:57.316  WRITE FPDMA QUEUED
  61 01 00 00 d0 00 00 06 29 b9 85 40 00     11:59:57.316  WRITE FPDMA QUEUED
  60 01 00 00 c8 00 00 03 b9 31 b5 40 00     11:59:56.887  READ FPDMA QUEUED
  60 01 00 00 c0 00 00 03 b9 30 b5 40 00     11:59:56.887  READ FPDMA QUEUED
  60 00 40 00 b8 00 00 02 33 bd cf 40 00     11:59:56.865  READ FPDMA QUEUED
 
Error 65488 [80] occurred at disk power-on lifetime: 24398 hours (1016 days + 14 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER -- ST COUNT  LBA_48  LH LM LL DV DC
  -- -- -- == -- == == == -- -- -- -- --
  40 -- 41 00 82 00 00 13 d0 70 4d 63 00  Error: WP at LBA = 0x13d0704d = 332427341
 
  Commands leading to the command that caused the error were:
  CR FEATR COUNT  LBA_48  LH LM LL DV DC  Powered_Up_Time  Command/Feature_Name
  -- == -- == -- == == == -- -- -- -- --  ---------------  --------------------
  61 00 c0 00 08 00 00 01 e1 92 c5 40 00     11:59:53.351  WRITE FPDMA QUEUED
  61 00 08 00 f8 00 00 01 de 03 f5 40 00     11:59:53.078  WRITE FPDMA QUEUED
  61 00 70 00 f0 00 00 02 56 8c d5 40 00     11:59:53.077  WRITE FPDMA QUEUED
  61 01 00 00 e8 00 00 02 56 8b d5 40 00     11:59:53.077  WRITE FPDMA QUEUED
  61 00 18 00 e0 00 00 02 33 fa 5d 40 00     11:59:53.077  WRITE FPDMA QUEUED
 
Error 65487 [79] occurred at disk power-on lifetime: 24398 hours (1016 days + 14 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER -- ST COUNT  LBA_48  LH LM LL DV DC
  -- -- -- == -- == == == -- -- -- -- --
  40 -- 41 00 22 00 00 13 d0 36 86 63 00  Error: UNC at LBA = 0x13d03686 = 332412550
 
  Commands leading to the command that caused the error were:
  CR FEATR COUNT  LBA_48  LH LM LL DV DC  Powered_Up_Time  Command/Feature_Name
  -- == -- == -- == == == -- -- -- -- --  ---------------  --------------------
  60 01 00 00 40 00 00 04 76 4c 05 40 00     11:59:48.874  READ FPDMA QUEUED
  60 00 08 00 38 00 00 02 08 6e 2f 40 00     11:59:48.874  READ FPDMA QUEUED
  60 01 00 00 30 00 00 04 76 4b 05 40 00     11:59:48.874  READ FPDMA QUEUED
  61 00 08 00 28 00 00 02 33 f9 c5 40 00     11:59:48.871  WRITE FPDMA QUEUED
  60 00 08 00 20 00 00 13 d0 36 85 40 00     11:59:48.871  READ FPDMA QUEUED
 
Error 65486 [78] occurred at disk power-on lifetime: 24398 hours (1016 days + 14 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER -- ST COUNT  LBA_48  LH LM LL DV DC
  -- -- -- == -- == == == -- -- -- -- --
  40 -- 41 00 ca 00 00 13 d0 36 86 63 00  Error: UNC at LBA = 0x13d03686 = 332412550
 
  Commands leading to the command that caused the error were:
  CR FEATR COUNT  LBA_48  LH LM LL DV DC  Powered_Up_Time  Command/Feature_Name
  -- == -- == -- == == == -- -- -- -- --  ---------------  --------------------
  60 00 08 00 d0 00 00 02 08 6d a7 40 00     11:59:45.002  READ FPDMA QUEUED
  60 00 08 00 c8 00 00 13 d0 36 85 40 00     11:59:44.999  READ FPDMA QUEUED
  60 01 00 00 c0 00 00 04 76 4a 05 40 00     11:59:44.993  READ FPDMA QUEUED
  60 01 00 00 b8 00 00 04 76 49 05 40 00     11:59:44.993  READ FPDMA QUEUED
  60 00 20 00 b0 00 00 02 08 72 db 40 00     11:59:44.991  READ FPDMA QUEUED
 
SMART Extended Self-test Log Version: 1 (1 sectors)
Num  Test_Description    Status                  Remaining  LifeTime(hours)  LBA_of_first_error
# 1  Short offline       Completed without error       00%     24398         -
# 2  Short offline       Completed without error       00%     11647         -
# 3  Short offline       Completed without error       00%         0         -
 
SMART Selective self-test log data structure revision number 1
 SPAN  MIN_LBA  MAX_LBA  CURRENT_TEST_STATUS
    1        0        0  Not_testing
    2        0        0  Not_testing
    3        0        0  Not_testing
    4        0        0  Not_testing
    5        0        0  Not_testing
Selective self-test flags (0x0):
  After scanning selected spans, do NOT read-scan remainder of disk.
If Selective self-test is pending on power-up, resume after 0 minute delay.
 
SCT Status Version:                  2
SCT Version (vendor specific):       1 (0x0001)
SCT Support Level:                   1
Device State:                        Active (0)
Current Temperature:                    44 Celsius
Power Cycle Min/Max Temperature:     21/44 Celsius
Lifetime    Min/Max Temperature:     13/64 Celsius
Lifetime    Average Temperature:        37 Celsius
Under/Over Temperature Limit Count:   0/44
 
SCT Temperature History Version:     2
Temperature Sampling Period:         1 minute
Temperature Logging Interval:        10 minutes
Min/Max recommended Temperature:     15/55 Celsius
Min/Max Temperature Limit:           10/60 Celsius
Temperature History Size (Index):    478 (411)
 
Index    Estimated Time   Temperature Celsius
 412    2018-06-17 22:50    42  ***********************
 413    2018-06-17 23:00    42  ***********************
 414    2018-06-17 23:10    42  ***********************
 415    2018-06-17 23:20    41  **********************
 416    2018-06-17 23:30    42  ***********************
 ...    ..(  2 skipped).    ..  ***********************
 419    2018-06-18 00:00    42  ***********************
 420    2018-06-18 00:10    41  **********************
 421    2018-06-18 00:20    42  ***********************
 ...    ..(  3 skipped).    ..  ***********************
 425    2018-06-18 01:00    42  ***********************
 426    2018-06-18 01:10    41  **********************
 427    2018-06-18 01:20    41  **********************
 428    2018-06-18 01:30    42  ***********************
 429    2018-06-18 01:40    42  ***********************
 430    2018-06-18 01:50    42  ***********************
 431    2018-06-18 02:00     ?  -
 432    2018-06-18 02:10    33  **************
 433    2018-06-18 02:20    36  *****************
 434    2018-06-18 02:30     ?  -
 435    2018-06-18 02:40     ?  -
 436    2018-06-18 02:50    35  ****************
 437    2018-06-18 03:00    37  ******************
 438    2018-06-18 03:10    39  ********************
 439    2018-06-18 03:20    40  *********************
 440    2018-06-18 03:30    39  ********************
 441    2018-06-18 03:40    39  ********************
 442    2018-06-18 03:50    40  *********************
 443    2018-06-18 04:00    42  ***********************
 444    2018-06-18 04:10    40  *********************
 445    2018-06-18 04:20    41  **********************
 ...    ..(  5 skipped).    ..  **********************
 451    2018-06-18 05:20    41  **********************
 452    2018-06-18 05:30     ?  -
 453    2018-06-18 05:40     ?  -
 454    2018-06-18 05:50    31  ************
 455    2018-06-18 06:00    37  ******************
 456    2018-06-18 06:10    41  **********************
 457    2018-06-18 06:20    42  ***********************
 458    2018-06-18 06:30    44  *************************
 459    2018-06-18 06:40    43  ************************
 460    2018-06-18 06:50    43  ************************
 461    2018-06-18 07:00    43  ************************
 462    2018-06-18 07:10    44  *************************
 463    2018-06-18 07:20    45  **************************
 ...    ..(  3 skipped).    ..  **************************
 467    2018-06-18 08:00    45  **************************
 468    2018-06-18 08:10    44  *************************
 469    2018-06-18 08:20    43  ************************
 470    2018-06-18 08:30    44  *************************
 471    2018-06-18 08:40    44  *************************
 472    2018-06-18 08:50    45  **************************
 473    2018-06-18 09:00    44  *************************
 474    2018-06-18 09:10    43  ************************
 475    2018-06-18 09:20    44  *************************
 476    2018-06-18 09:30    44  *************************
 477    2018-06-18 09:40    43  ************************
   0    2018-06-18 09:50    44  *************************
   1    2018-06-18 10:00    44  *************************
   2    2018-06-18 10:10    42  ***********************
   3    2018-06-18 10:20    41  **********************
   4    2018-06-18 10:30    40  *********************
   5    2018-06-18 10:40    40  *********************
   6    2018-06-18 10:50    44  *************************
   7    2018-06-18 11:00    47  ****************************
   8    2018-06-18 11:10    47  ****************************
   9    2018-06-18 11:20    45  **************************
  10    2018-06-18 11:30    43  ************************
  11    2018-06-18 11:40    42  ***********************
  12    2018-06-18 11:50    42  ***********************
  13    2018-06-18 12:00    44  *************************
 ...    ..(  2 skipped).    ..  *************************
  16    2018-06-18 12:30    44  *************************
  17    2018-06-18 12:40    43  ************************
  18    2018-06-18 12:50    42  ***********************
  19    2018-06-18 13:00    42  ***********************
  20    2018-06-18 13:10    42  ***********************
  21    2018-06-18 13:20     ?  -
  22    2018-06-18 13:30    37  ******************
  23    2018-06-18 13:40    40  *********************
  24    2018-06-18 13:50    41  **********************
  25    2018-06-18 14:00    41  **********************
  26    2018-06-18 14:10    41  **********************
  27    2018-06-18 14:20    42  ***********************
  28    2018-06-18 14:30    41  **********************
 ...    ..(  2 skipped).    ..  **********************
  31    2018-06-18 15:00    41  **********************
  32    2018-06-18 15:10    42  ***********************
  33    2018-06-18 15:20    42  ***********************
  34    2018-06-18 15:30    42  ***********************
  35    2018-06-18 15:40    41  **********************
  36    2018-06-18 15:50    41  **********************
  37    2018-06-18 16:00    41  **********************
  38    2018-06-18 16:10    42  ***********************
  39    2018-06-18 16:20    42  ***********************
  40    2018-06-18 16:30    41  **********************
  41    2018-06-18 16:40    42  ***********************
  42    2018-06-18 16:50    42  ***********************
  43    2018-06-18 17:00    42  ***********************
  44    2018-06-18 17:10    41  **********************
  45    2018-06-18 17:20    42  ***********************
  46    2018-06-18 17:30    42  ***********************
  47    2018-06-18 17:40    43  ************************
  48    2018-06-18 17:50    44  *************************
  49    2018-06-18 18:00    44  *************************
  50    2018-06-18 18:10    43  ************************
  51    2018-06-18 18:20    42  ***********************
 ...    ..(  2 skipped).    ..  ***********************
  54    2018-06-18 18:50    42  ***********************
  55    2018-06-18 19:00    41  **********************
  56    2018-06-18 19:10    42  ***********************
  57    2018-06-18 19:20    41  **********************
  58    2018-06-18 19:30    42  ***********************
  59    2018-06-18 19:40    42  ***********************
  60    2018-06-18 19:50    42  ***********************
  61    2018-06-18 20:00    41  **********************
  62    2018-06-18 20:10    42  ***********************
  63    2018-06-18 20:20    41  **********************
  64    2018-06-18 20:30    41  **********************
  65    2018-06-18 20:40    42  ***********************
  66    2018-06-18 20:50    42  ***********************
  67    2018-06-18 21:00    41  **********************
  68    2018-06-18 21:10    41  **********************
  69    2018-06-18 21:20    42  ***********************
  70    2018-06-18 21:30    42  ***********************
  71    2018-06-18 21:40    42  ***********************
  72    2018-06-18 21:50    41  **********************
  73    2018-06-18 22:00    42  ***********************
 ...    ..(  3 skipped).    ..  ***********************
  77    2018-06-18 22:40    42  ***********************
  78    2018-06-18 22:50    41  **********************
  79    2018-06-18 23:00    41  **********************
  80    2018-06-18 23:10    42  ***********************
 ...    ..(  2 skipped).    ..  ***********************
  83    2018-06-18 23:40    42  ***********************
  84    2018-06-18 23:50    44  *************************
  85    2018-06-19 00:00    45  **************************
  86    2018-06-19 00:10    44  *************************
  87    2018-06-19 00:20    42  ***********************
  88    2018-06-19 00:30    42  ***********************
  89    2018-06-19 00:40    41  **********************
  90    2018-06-19 00:50    42  ***********************
  91    2018-06-19 01:00    42  ***********************
  92    2018-06-19 01:10    41  **********************
  93    2018-06-19 01:20    41  **********************
  94    2018-06-19 01:30    41  **********************
  95    2018-06-19 01:40    42  ***********************
  96    2018-06-19 01:50    41  **********************
  97    2018-06-19 02:00    41  **********************
  98    2018-06-19 02:10    42  ***********************
  99    2018-06-19 02:20    42  ***********************
 100    2018-06-19 02:30    43  ************************
 101    2018-06-19 02:40    44  *************************
 102    2018-06-19 02:50    44  *************************
 103    2018-06-19 03:00    43  ************************
 104    2018-06-19 03:10    42  ***********************
 105    2018-06-19 03:20    42  ***********************
 106    2018-06-19 03:30    41  **********************
 ...    ..(  5 skipped).    ..  **********************
 112    2018-06-19 04:30    41  **********************
 113    2018-06-19 04:40    42  ***********************
 114    2018-06-19 04:50    42  ***********************
 115    2018-06-19 05:00    41  **********************
 ...    ..(  2 skipped).    ..  **********************
 118    2018-06-19 05:30    41  **********************
 119    2018-06-19 05:40    42  ***********************
 120    2018-06-19 05:50    42  ***********************
 121    2018-06-19 06:00    42  ***********************
 122    2018-06-19 06:10    41  **********************
 123    2018-06-19 06:20    41  **********************
 124    2018-06-19 06:30    42  ***********************
 ...    ..(  6 skipped).    ..  ***********************
 131    2018-06-19 07:40    42  ***********************
 132    2018-06-19 07:50    41  **********************
 133    2018-06-19 08:00    41  **********************
 134    2018-06-19 08:10    42  ***********************
 135    2018-06-19 08:20    42  ***********************
 136    2018-06-19 08:30    42  ***********************
 137    2018-06-19 08:40     ?  -
 138    2018-06-19 08:50     ?  -
 139    2018-06-19 09:00    33  **************
 140    2018-06-19 09:10    38  *******************
 141    2018-06-19 09:20    39  ********************
 142    2018-06-19 09:30    39  ********************
 143    2018-06-19 09:40    40  *********************
 144    2018-06-19 09:50    42  ***********************
 145    2018-06-19 10:00    40  *********************
 146    2018-06-19 10:10     ?  -
 147    2018-06-19 10:20    38  *******************
 148    2018-06-19 10:30    41  **********************
 149    2018-06-19 10:40    42  ***********************
 150    2018-06-19 10:50    43  ************************
 151    2018-06-19 11:00    44  *************************
 152    2018-06-19 11:10     ?  -
 153    2018-06-19 11:20     ?  -
 154    2018-06-19 11:30    35  ****************
 155    2018-06-19 11:40     ?  -
 156    2018-06-19 11:50    30  ***********
 157    2018-06-19 12:00    36  *****************
 158    2018-06-19 12:10    39  ********************
 159    2018-06-19 12:20     ?  -
 160    2018-06-19 12:30    36  *****************
 161    2018-06-19 12:40    38  *******************
 162    2018-06-19 12:50     ?  -
 163    2018-06-19 13:00     ?  -
 164    2018-06-19 13:10    29  **********
 165    2018-06-19 13:20    34  ***************
 166    2018-06-19 13:30    35  ****************
 167    2018-06-19 13:40    36  *****************
 168    2018-06-19 13:50    37  ******************
 169    2018-06-19 14:00    38  *******************
 170    2018-06-19 14:10    38  *******************
 171    2018-06-19 14:20    40  *********************
 172    2018-06-19 14:30    42  ***********************
 173    2018-06-19 14:40    43  ************************
 ...    ..(  3 skipped).    ..  ************************
 177    2018-06-19 15:20    43  ************************
 178    2018-06-19 15:30     ?  -
 179    2018-06-19 15:40    31  ************
 180    2018-06-19 15:50    36  *****************
 181    2018-06-19 16:00    40  *********************
 182    2018-06-19 16:10    42  ***********************
 183    2018-06-19 16:20    43  ************************
 184    2018-06-19 16:30    43  ************************
 185    2018-06-19 16:40    42  ***********************
 186    2018-06-19 16:50    41  **********************
 ...    ..(  3 skipped).    ..  **********************
 190    2018-06-19 17:30    41  **********************
 191    2018-06-19 17:40    40  *********************
 192    2018-06-19 17:50    39  ********************
 193    2018-06-19 18:00    39  ********************
 194    2018-06-19 18:10    40  *********************
 195    2018-06-19 18:20    40  *********************
 196    2018-06-19 18:30    40  *********************
 197    2018-06-19 18:40    41  **********************
 ...    ..(  7 skipped).    ..  **********************
 205    2018-06-19 20:00    41  **********************
 206    2018-06-19 20:10    42  ***********************
 207    2018-06-19 20:20    43  ************************
 208    2018-06-19 20:30    42  ***********************
 ...    ..(  4 skipped).    ..  ***********************
 213    2018-06-19 21:20    42  ***********************
 214    2018-06-19 21:30    40  *********************
 215    2018-06-19 21:40    43  ************************
 216    2018-06-19 21:50    44  *************************
 217    2018-06-19 22:00    44  *************************
 218    2018-06-19 22:10    44  *************************
 219    2018-06-19 22:20    42  ***********************
 220    2018-06-19 22:30    42  ***********************
 221    2018-06-19 22:40    41  **********************
 222    2018-06-19 22:50    42  ***********************
 223    2018-06-19 23:00    42  ***********************
 224    2018-06-19 23:10    42  ***********************
 225    2018-06-19 23:20    41  **********************
 ...    ..(  2 skipped).    ..  **********************
 228    2018-06-19 23:50    41  **********************
 229    2018-06-20 00:00    42  ***********************
 230    2018-06-20 00:10    41  **********************
 ...    ..(  3 skipped).    ..  **********************
 234    2018-06-20 00:50    41  **********************
 235    2018-06-20 01:00    42  ***********************
 236    2018-06-20 01:10    41  **********************
 ...    ..(  3 skipped).    ..  **********************
 240    2018-06-20 01:50    41  **********************
 241    2018-06-20 02:00    42  ***********************
 242    2018-06-20 02:10    41  **********************
 243    2018-06-20 02:20    41  **********************
 244    2018-06-20 02:30    42  ***********************
 245    2018-06-20 02:40    42  ***********************
 246    2018-06-20 02:50    42  ***********************
 247    2018-06-20 03:00    41  **********************
 ...    ..(  2 skipped).    ..  **********************
 250    2018-06-20 03:30    41  **********************
 251    2018-06-20 03:40    43  ************************
 252    2018-06-20 03:50    44  *************************
 253    2018-06-20 04:00    45  **************************
 254    2018-06-20 04:10    44  *************************
 255    2018-06-20 04:20    42  ***********************
 ...    ..(  4 skipped).    ..  ***********************
 260    2018-06-20 05:10    42  ***********************
 261    2018-06-20 05:20    41  **********************
 262    2018-06-20 05:30    41  **********************
 263    2018-06-20 05:40    42  ***********************
 264    2018-06-20 05:50    42  ***********************
 265    2018-06-20 06:00    41  **********************
 ...    ..(  2 skipped).    ..  **********************
 268    2018-06-20 06:30    41  **********************
 269    2018-06-20 06:40    42  ***********************
 270    2018-06-20 06:50    41  **********************
 271    2018-06-20 07:00    41  **********************
 272    2018-06-20 07:10    40  *********************
 273    2018-06-20 07:20    41  **********************
 274    2018-06-20 07:30    41  **********************
 275    2018-06-20 07:40    41  **********************
 276    2018-06-20 07:50    40  *********************
 277    2018-06-20 08:00    40  *********************
 278    2018-06-20 08:10    40  *********************
 279    2018-06-20 08:20    41  **********************
 ...    ..(  6 skipped).    ..  **********************
 286    2018-06-20 09:30    41  **********************
 287    2018-06-20 09:40    43  ************************
 288    2018-06-20 09:50    44  *************************
 289    2018-06-20 10:00    44  *************************
 290    2018-06-20 10:10    44  *************************
 291    2018-06-20 10:20    41  **********************
 292    2018-06-20 10:30    40  *********************
 293    2018-06-20 10:40    40  *********************
 294    2018-06-20 10:50    41  **********************
 295    2018-06-20 11:00    41  **********************
 296    2018-06-20 11:10    41  **********************
 297    2018-06-20 11:20    42  ***********************
 298    2018-06-20 11:30    41  **********************
 ...    ..(  3 skipped).    ..  **********************
 302    2018-06-20 12:10    41  **********************
 303    2018-06-20 12:20    40  *********************
 304    2018-06-20 12:30    40  *********************
 305    2018-06-20 12:40    41  **********************
 306    2018-06-20 12:50    41  **********************
 307    2018-06-20 13:00    41  **********************
 308    2018-06-20 13:10    42  ***********************
 309    2018-06-20 13:20    41  **********************
 310    2018-06-20 13:30    42  ***********************
 311    2018-06-20 13:40    41  **********************
 312    2018-06-20 13:50    40  *********************
 313    2018-06-20 14:00    41  **********************
 ...    ..(  3 skipped).    ..  **********************
 317    2018-06-20 14:40    41  **********************
 318    2018-06-20 14:50    40  *********************
 319    2018-06-20 15:00    41  **********************
 320    2018-06-20 15:10    40  *********************
 321    2018-06-20 15:20    40  *********************
 322    2018-06-20 15:30    40  *********************
 323    2018-06-20 15:40    42  ***********************
 324    2018-06-20 15:50    42  ***********************
 325    2018-06-20 16:00    43  ************************
 326    2018-06-20 16:10    44  *************************
 327    2018-06-20 16:20    42  ***********************
 328    2018-06-20 16:30    41  **********************
 329    2018-06-20 16:40    39  ********************
 330    2018-06-20 16:50    40  *********************
 331    2018-06-20 17:00    40  *********************
 332    2018-06-20 17:10     ?  -
 333    2018-06-20 17:20    33  **************
 334    2018-06-20 17:30     ?  -
 335    2018-06-20 17:40    30  ***********
 336    2018-06-20 17:50    34  ***************
 337    2018-06-20 18:00    38  *******************
 338    2018-06-20 18:10    40  *********************
 339    2018-06-20 18:20     ?  -
 340    2018-06-20 18:30    28  *********
 341    2018-06-20 18:40    32  *************
 342    2018-06-20 18:50    34  ***************
 343    2018-06-20 19:00    36  *****************
 344    2018-06-20 19:10    38  *******************
 345    2018-06-20 19:20    38  *******************
 346    2018-06-20 19:30    39  ********************
 347    2018-06-20 19:40    39  ********************
 348    2018-06-20 19:50    40  *********************
 349    2018-06-20 20:00    40  *********************
 350    2018-06-20 20:10    41  **********************
 ...    ..(  4 skipped).    ..  **********************
 355    2018-06-20 21:00    41  **********************
 356    2018-06-20 21:10    40  *********************
 357    2018-06-20 21:20    40  *********************
 358    2018-06-20 21:30    41  **********************
 ...    ..(  4 skipped).    ..  **********************
 363    2018-06-20 22:20    41  **********************
 364    2018-06-20 22:30    40  *********************
 365    2018-06-20 22:40    40  *********************
 366    2018-06-20 22:50    41  **********************
 367    2018-06-20 23:00    41  **********************
 368    2018-06-20 23:10    41  **********************
 369    2018-06-20 23:20    40  *********************
 370    2018-06-20 23:30    41  **********************
 371    2018-06-20 23:40    41  **********************
 372    2018-06-20 23:50    41  **********************
 373    2018-06-21 00:00    40  *********************
 374    2018-06-21 00:10    40  *********************
 375    2018-06-21 00:20    41  **********************
 376    2018-06-21 00:30    41  **********************
 377    2018-06-21 00:40    40  *********************
 378    2018-06-21 00:50    40  *********************
 379    2018-06-21 01:00    41  **********************
 ...    ..( 20 skipped).    ..  **********************
 400    2018-06-21 04:30    41  **********************
 401    2018-06-21 04:40    42  ***********************
 402    2018-06-21 04:50    41  **********************
 ...    ..(  2 skipped).    ..  **********************
 405    2018-06-21 05:20    41  **********************
 406    2018-06-21 05:30    42  ***********************
 407    2018-06-21 05:40    41  **********************
 408    2018-06-21 05:50    41  **********************
 409    2018-06-21 06:00    40  *********************
 410    2018-06-21 06:10    41  **********************
 411    2018-06-21 06:20    42  ***********************
 
SCT Error Recovery Control:
           Read: Disabled
          Write: Disabled
 
Device Statistics (GP/SMART Log 0x04) not supported
 
SATA Phy Event Counters (GP Log 0x11)
ID      Size     Value  Description
0x0001  4            0  Command failed due to ICRC error
0x0002  4            0  R_ERR response for data FIS
0x0003  4            0  R_ERR response for device-to-host data FIS
0x0004  4            0  R_ERR response for host-to-device data FIS
0x0005  4            0  R_ERR response for non-data FIS
0x0006  4            0  R_ERR response for device-to-host non-data FIS
0x0007  4            0  R_ERR response for host-to-device non-data FIS
0x0008  4            0  Device-to-host non-data FIS retries
0x0009  4        13590  Transition from drive PhyRdy to drive PhyNRdy
0x000a  4            0  Device-to-host register FISes sent due to a COMRESET
0x000b  4            0  CRC errors within host-to-device FIS
0x000d  4            0  Non-CRC errors within host-to-device FIS
0x000f  4            0  R_ERR response for host-to-device data FIS, CRC
0x0010  4            0  R_ERR response for host-to-device data FIS, non-CRC
0x0012  4            0  R_ERR response for host-to-device non-data FIS, CRC
0x0013  4            0  R_ERR response for host-to-device non-data FIS, non-CRC


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:42 AM

Posted 21 June 2018 - 09:06 AM

We need to run another diagnostic utility. We are not getting the full results.

Please run this.

===================================================

SeaTools for Windows Hard Drive Test

--------------
  • Please download Seatools for Windows and save it to your Desktop
  • Close all open windows or programs
  • Right click on the icon and select Run as administrator
  • Install the program following the prompts
  • Hit the Windows Key + E at the same time
  • Navigate to C:\Program Files\Seagate\SeaTools for Windows\SeaToolsforWindows.exe
  • Right click on SeaToolsforWindows.exe and select Run as administrator
  • Place a check mark next to your listed hard drive
  • On the Basic Test dropdown menu select Short Drive Self Test to start the test
  • Once the test is complete you will be notified regarding the state of your hard drive. Include that information in your reply
  • Hit the Windows Key + E at the same time
  • Navigate to C:\Program Files\Seagate\SeaTools for Windows
  • Copy and paste the contents of the .log file created today (i.e. 090403FBE200LCJUB2PF.log) in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Seatools results

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Fleetwolf90

Fleetwolf90
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:12:42 PM

Posted 21 June 2018 - 06:11 PM

--------------- SeaTools for Windows v1.4.0.6 ---------------
6/21/2018 7:09:27 PM
Model Number: TOSHIBA MK5055GSX
Serial Number: X9IDT98GT
Firmware Revision: FG000D
Short DST - Started 6/21/2018 7:09:27 PM
Short DST - Pass 6/21/2018 7:11:36 PM


#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:42 AM

Posted 21 June 2018 - 09:23 PM

Thank you.

Please do these things.

===================================================

Crystal Disk Info

--------------
  • Download Crystal Disk Info and save it to your Desktop
  • Right click on the icon and select Run as administrator (Windows XP simply double click)
  • Select I accept the agreement and click Next 4 times
  • Click Install
  • Click Finish to launch the program
  • On the CrystalDiskInfo screen click Edit, then Copy
  • Paste the information in your reply
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
  • The information will be copied invisibly and will be "pasted" into FRST automatically when you click Fix as instructed below
Start::
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKU\S-1-5-21-2224422032-3815502487-2643779824-1001 -> {955FED3B-B6C3-4908-8FC6-E10498FFB366} URL = 
BHO: No Name -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5}
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5}
Toolbar: HKLM-x32 - No Name - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
Toolbar: HKU\S-1-5-21-2224422032-3815502487-2643779824-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068}
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll
FF Plugin HKU\S-1-5-21-2224422032-3815502487-2643779824-1001: @nds.com/PCShowPlugin -> C:\Users\Earley Laptop\AppData\Local\DIRECTV Player\npPCShowPlugin.dll
CHR HKU\S-1-5-21-2224422032-3815502487-2643779824-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [aaaangmfdabjilefmognkgcebjgcojek] - C:\Users\Earley Laptop\AppData\Local\APN\GoogleCRXs\aaaangmfdabjilefmognkgcebjgcojek_7.14.1.0.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - hxxps://clients2.google.com/service/update2/crx
U4 aspnet_state; no ImagePath
Task: {07B3FFAC-7A9C-48C5-82FC-CAACDEC19CEB} - \Google Software Updater
AlternateDataStreams: C:\ProgramData\TEMP:FAB45745 [306]
cmd: chkdsk
cmd: sfc /scannow
emptytemp:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Crystal Disk information
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Fleetwolf90

Fleetwolf90
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:12:42 PM

Posted 22 June 2018 - 06:47 PM

----------------------------------------------------------------------------
CrystalDiskInfo 7.6.1 © 2008-2018 hiyohiyo
                                Crystal Dew World : https://crystalmark.info/
----------------------------------------------------------------------------
 
    OS : Windows 10  [10.0 Build 16299] (x64)
  Date : 2018/06/22 19:45:14
 
-- Controller Map ----------------------------------------------------------
 - Ricoh xD-Picture Card Controller [ATA]
 - Ricoh SD/MMC Host Controller [ATA]
 + Standard SATA AHCI Controller [ATA]
   - TOSHIBA MK5055GSX
   - TSSTcorp DVD+-RW TS-T633C
 - Ricoh Memory Stick Controller [ATA]
 - Microsoft Storage Spaces Controller [SCSI]
 
-- Disk List ---------------------------------------------------------------
 (1) TOSHIBA MK5055GSX : 500.1 GB [0/0/0, pd1]
 
----------------------------------------------------------------------------
 (1) TOSHIBA MK5055GSX
----------------------------------------------------------------------------
           Model : TOSHIBA MK5055GSX
        Firmware : FG000D
   Serial Number : X9IDT98GT
       Disk Size : 500.1 GB (8.4/137.4/500.1/500.1)
     Buffer Size : 8192 KB
     Queue Depth : 32
    # of Sectors : 976773168
   Rotation Rate : Unknown
       Interface : Serial ATA
   Major Version : ATA8-ACS
   Minor Version : ----
   Transfer Mode : ---- | SATA/300
  Power On Hours : 570602 hours
  Power On Count : 19236 count
     Temperature : 31 C (87 F)
   Health Status : Caution
        Features : S.M.A.R.T., APM, AAM, 48bit LBA, NCQ
       APM Level : 0080h [ON]
       AAM Level : FE80h [ON]
    Drive Letter : C:
 
-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 100 100 _50 000000000000 Read Error Rate
03 100 100 __1 000000000670 Spin-Up Time
05 100 100 _50 000000000003 Reallocated Sectors Count
09 _39 _39 __0 000000165C3D Power-On Hours
0C 100 100 __0 000000004B24 Power Cycle Count
BF 100 100 __0 000000000642 G-Sense Error Rate
C0 100 100 __0 00000000008E Power-off Retract Count
C1 _66 _66 __0 00000005425E Load/Unload Cycle Count
C2 100 100 __0 0040000D001F Temperature
C7 100 100 __0 00000B815319 UltraDMA CRC Error Count
C8 100 100 __0 00001EFCA474 Write Error Rate
F0 _62 _62 __0 0000000E265F Head Flying Hours
F1 100 100 __0 000A720656EF Total Host Writes
F2 100 100 __0 001361E762ED Total Host Reads
 
-- IDENTIFY_DEVICE ---------------------------------------------------------
        0    1    2    3    4    5    6    7    8    9
000: 0040 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 2020 2020 2020 2020 2020 2058 3949 4454 3938 4754
020: 0000 4000 0000 4647 3030 3044 2020 544F 5348 4942
030: 4120 4D4B 3530 3535 4753 5820 2020 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 0000 2F00
050: 4000 0200 0000 0007 3FFF 0010 003F FC10 00FB 0110
060: FFFF 0FFF 0007 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 001F 0F06 0000 004C 0040
080: 01F8 0000 746B 7F09 6163 7469 3E09 6163 203F 0055
090: 0000 0080 FFFE 0000 FE80 0000 0000 0000 0000 0000
100: 6030 3A38 0000 0000 0000 0000 4000 0000 5000 0392
110: 1160 5E22 0000 0000 0000 0000 0000 0000 0000 0000
120: 0000 0000 0000 0000 0000 0000 0000 0000 0009 0000
130: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
140: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 0039 0000 0000 0000
210: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
220: 0000 0000 101F 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 BFA5
 
-- SMART_READ_DATA ---------------------------------------------------------
     +0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 80 00 01 0B 00 64 64 00 00 00 00 00 00 00 03 27
010: 00 64 64 70 06 00 00 00 00 00 05 33 00 64 64 03
020: 00 00 00 00 00 00 09 32 00 27 27 3D 5C 16 00 00
030: 00 00 0C 32 00 64 64 24 4B 00 00 00 00 00 BF 32
040: 00 64 64 42 06 00 00 00 00 00 C0 32 00 64 64 8E
050: 00 00 00 00 00 00 C1 32 00 42 42 5E 42 05 00 00
060: 00 00 C2 22 00 64 64 1F 00 0D 00 40 00 00 C7 32
070: 00 64 64 19 53 81 0B 00 00 00 C8 32 00 64 64 74
080: A4 FC 1E 00 00 00 F0 32 00 3E 3E 5F 26 0E 00 00
090: 00 00 F1 32 00 64 64 EF 56 06 72 0A 00 00 F2 32
0A0: 00 64 64 ED 62 E7 61 13 00 00 00 00 00 00 00 00
0B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 5B
170: 03 00 01 00 02 B4 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 64
 
-- SMART_READ_THRESHOLD ----------------------------------------------------
     +0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 80 00 01 32 00 00 00 00 00 00 00 00 00 00 03 01
010: 00 00 00 00 00 00 00 00 00 00 05 32 00 00 00 00
020: 00 00 00 00 00 00 09 00 00 00 00 00 00 00 00 00
030: 00 00 0C 00 00 00 00 00 00 00 00 00 00 00 BF 00
040: 00 00 00 00 00 00 00 00 00 00 C0 00 00 00 00 00
050: 00 00 00 00 00 00 C1 00 00 00 00 00 00 00 00 00
060: 00 00 C2 00 00 00 00 00 00 00 00 00 00 00 C7 00
070: 00 00 00 00 00 00 00 00 00 00 C8 00 00 00 00 00
080: 00 00 00 00 00 00 F0 00 00 00 00 00 00 00 00 00
090: 00 00 F1 00 00 00 00 00 00 00 00 00 00 00 F2 00
0A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 99
 
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
Ran by Earley Laptop (22-06-2018 06:24:31) Run:1
Running from C:\Users\Earley Laptop\Downloads
Loaded Profiles: Earley Laptop (Available Profiles: Earley Laptop)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKU\S-1-5-21-2224422032-3815502487-2643779824-1001 -> {955FED3B-B6C3-4908-8FC6-E10498FFB366} URL = 
BHO: No Name -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5}
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5}
Toolbar: HKLM-x32 - No Name - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
Toolbar: HKU\S-1-5-21-2224422032-3815502487-2643779824-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068}
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll
FF Plugin HKU\S-1-5-21-2224422032-3815502487-2643779824-1001: @nds.com/PCShowPlugin -> C:\Users\Earley Laptop\AppData\Local\DIRECTV Player\npPCShowPlugin.dll
CHR HKU\S-1-5-21-2224422032-3815502487-2643779824-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [aaaangmfdabjilefmognkgcebjgcojek] - C:\Users\Earley Laptop\AppData\Local\APN\GoogleCRXs\aaaangmfdabjilefmognkgcebjgcojek_7.14.1.0.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - hxxps://clients2.google.com/service/update2/crx
U4 aspnet_state; no ImagePath
Task: {07B3FFAC-7A9C-48C5-82FC-CAACDEC19CEB} - \Google Software Updater
AlternateDataStreams: C:\ProgramData\TEMP:FAB45745 [306]
cmd: chkdsk
cmd: sfc /scannow
emptytemp:
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-2224422032-3815502487-2643779824-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{955FED3B-B6C3-4908-8FC6-E10498FFB366}" => removed successfully
HKLM\Software\Classes\CLSID\{955FED3B-B6C3-4908-8FC6-E10498FFB366} => not found
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\BHO: No Name -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => not found
HKLM\Software\Classes\CLSID\BHO: No Name -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => not found
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => removed successfully
HKLM\Software\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} => not found
"HKU\S-1-5-21-2224422032-3815502487-2643779824-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068}" => removed successfully
HKLM\Software\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => not found
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer" => removed successfully
"FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll" => not found
"HKU\S-1-5-21-2224422032-3815502487-2643779824-1001\Software\MozillaPlugins\@nds.com/PCShowPlugin" => removed successfully
"FF Plugin HKU\S-1-5-21-2224422032-3815502487-2643779824-1001: @nds.com/PCShowPlugin -> C:\Users\Earley Laptop\AppData\Local\DIRECTV Player\npPCShowPlugin.dll" => not found
"HKU\S-1-5-21-2224422032-3815502487-2643779824-1001\SOFTWARE\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aaaangmfdabjilefmognkgcebjgcojek" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gihfmmedoddijgnhkgfgnkeohkpbipol" => removed successfully
"HKLM\System\CurrentControlSet\Services\aspnet_state" => removed successfully
aspnet_state => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{07B3FFAC-7A9C-48C5-82FC-CAACDEC19CEB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07B3FFAC-7A9C-48C5-82FC-CAACDEC19CEB}" => removed successfully
C:\ProgramData\TEMP => ":FAB45745" ADS removed successfully
 
========= chkdsk =========
 
The type of the file system is NTFS.
Volume label is OS.
 
WARNING!  /F parameter not specified.
Running CHKDSK in read-only mode.
 
Stage 1: Examining basic file system structure ...
Progress: 0 of 540928 done; Stage:  0%; Total:  0%; ETA:   0:26:01    
Progress: 727 of 540928 done; Stage:  0%; Total:  0%; ETA:   0:26:01 .  
Progress: 2337 of 540928 done; Stage:  0%; Total:  0%; ETA:   0:25:00 .. 
Progress: 3859 of 540928 done; Stage:  0%; Total:  0%; ETA:   0:07:02 ...
Progress: 9121 of 540928 done; Stage:  1%; Total:  0%; ETA:   0:04:29    
Progress: 15105 of 540928 done; Stage:  2%; Total:  0%; ETA:   0:03:34 .  
Progress: 20225 of 540928 done; Stage:  3%; Total:  1%; ETA:   0:03:15 .. 
                                                                                       
File record segment 4F20 is corrupt.
File record segment 4F22 is corrupt.
File record segment 4F23 is corrupt.
Progress: 20609 of 540928 done; Stage:  3%; Total:  1%; ETA:   0:08:18 ...
Progress: 20610 of 540928 done; Stage:  3%; Total:  1%; ETA:   0:09:11    
Progress: 20611 of 540928 done; Stage:  3%; Total:  1%; ETA:   0:11:11 .  
Progress: 20612 of 540928 done; Stage:  3%; Total:  1%; ETA:   0:13:40 .. 
Progress: 20613 of 540928 done; Stage:  3%; Total:  1%; ETA:   0:16:36 ...
Progress: 20614 of 540928 done; Stage:  3%; Total:  1%; ETA:   0:19:58    
Progress: 20615 of 540928 done; Stage:  3%; Total:  1%; ETA:   0:23:44 .  
Progress: 20616 of 540928 done; Stage:  3%; Total:  1%; ETA:   0:27:34 .. 
Progress: 20617 of 540928 done; Stage:  3%; Total:  1%; ETA:   0:32:03 ...
Progress: 20618 of 540928 done; Stage:  3%; Total:  1%; ETA:   0:37:10    
Progress: 20619 of 540928 done; Stage:  3%; Total:  1%; ETA:   0:42:33 .  
Progress: 20620 of 540928 done; Stage:  3%; Total:  1%; ETA:   0:48:32 .. 
Progress: 20621 of 540928 done; Stage:  3%; Total:  1%; ETA:   0:54:26 ...
Progress: 20622 of 540928 done; Stage:  3%; Total:  1%; ETA:   1:00:34    
Progress: 20623 of 540928 done; Stage:  3%; Total:  1%; ETA:   1:06:37 .  
Progress: 20624 of 540928 done; Stage:  3%; Total:  1%; ETA:   1:12:37 .. 
Progress: 20625 of 540928 done; Stage:  3%; Total:  1%; ETA:   1:19:07 ...
Progress: 20626 of 540928 done; Stage:  3%; Total:  1%; ETA:   1:25:49    
Progress: 20627 of 540928 done; Stage:  3%; Total:  1%; ETA:   1:33:01 .  
Progress: 20628 of 540928 done; Stage:  3%; Total:  1%; ETA:   1:40:39 .. 
Progress: 20629 of 540928 done; Stage:  3%; Total:  1%; ETA:   1:48:41 ...
Progress: 20630 of 540928 done; Stage:  3%; Total:  1%; ETA:   1:56:50    
Progress: 20631 of 540928 done; Stage:  3%; Total:  1%; ETA:   2:05:22 .  
Progress: 20632 of 540928 done; Stage:  3%; Total:  1%; ETA:   2:13:59 .. 
Progress: 20633 of 540928 done; Stage:  3%; Total:  1%; ETA:   2:22:40 ...
Progress: 20634 of 540928 done; Stage:  3%; Total:  1%; ETA:   2:31:06    
Progress: 20635 of 540928 done; Stage:  3%; Total:  1%; ETA:   2:39:36 .  
Progress: 20636 of 540928 done; Stage:  3%; Total:  1%; ETA:   2:48:09 .. 
Progress: 20637 of 540928 done; Stage:  3%; Total:  1%; ETA:   2:56:29 ...
Progress: 20638 of 540928 done; Stage:  3%; Total:  1%; ETA:   3:04:36    
Progress: 20639 of 540928 done; Stage:  3%; Total:  1%; ETA:   3:12:31 .  
Progress: 20640 of 540928 done; Stage:  3%; Total:  1%; ETA:   3:20:15 .. 
Progress: 20641 of 540928 done; Stage:  3%; Total:  1%; ETA:   3:28:23 ...
Progress: 20642 of 540928 done; Stage:  3%; Total:  1%; ETA:   3:36:54    
Progress: 20643 of 540928 done; Stage:  3%; Total:  1%; ETA:   3:45:48 .  
Progress: 20644 of 540928 done; Stage:  3%; Total:  1%; ETA:   3:54:43 .. 
Progress: 20645 of 540928 done; Stage:  3%; Total:  1%; ETA:   4:03:42 ...
Progress: 20646 of 540928 done; Stage:  3%; Total:  1%; ETA:   4:12:25    
Progress: 20647 of 540928 done; Stage:  3%; Total:  1%; ETA:   4:20:55 .  
Progress: 20648 of 540928 done; Stage:  3%; Total:  1%; ETA:   4:29:10 .. 
Progress: 20649 of 540928 done; Stage:  3%; Total:  1%; ETA:   4:37:50 ...
Progress: 20650 of 540928 done; Stage:  3%; Total:  1%; ETA:   4:46:33    
Progress: 20651 of 540928 done; Stage:  3%; Total:  1%; ETA:   4:55:20 .  
Progress: 20652 of 540928 done; Stage:  3%; Total:  1%; ETA:   5:04:10 .. 
Progress: 20653 of 540928 done; Stage:  3%; Total:  1%; ETA:   5:13:03 ...
Progress: 20654 of 540928 done; Stage:  3%; Total:  1%; ETA:   5:22:00    
Progress: 20655 of 540928 done; Stage:  3%; Total:  1%; ETA:   5:30:42 .  
Progress: 20656 of 540928 done; Stage:  3%; Total:  1%; ETA:   5:39:09 .. 
Progress: 20657 of 540928 done; Stage:  3%; Total:  1%; ETA:   5:47:41 ...
Progress: 20658 of 540928 done; Stage:  3%; Total:  1%; ETA:   5:56:18    
Progress: 20659 of 540928 done; Stage:  3%; Total:  1%; ETA:   6:04:59 .  
Progress: 20660 of 540928 done; Stage:  3%; Total:  1%; ETA:   6:13:43 .. 
Progress: 20661 of 540928 done; Stage:  3%; Total:  1%; ETA:   6:22:31 ...
Progress: 20662 of 540928 done; Stage:  3%; Total:  1%; ETA:   6:31:23    
Progress: 20663 of 540928 done; Stage:  3%; Total:  1%; ETA:   6:40:35 .  
Progress: 20664 of 540928 done; Stage:  3%; Total:  1%; ETA:   6:50:06 .. 
Progress: 20665 of 540928 done; Stage:  3%; Total:  1%; ETA:   7:00:13 ...
Progress: 20666 of 540928 done; Stage:  3%; Total:  1%; ETA:   7:10:36    
Progress: 20667 of 540928 done; Stage:  3%; Total:  1%; ETA:   7:20:57 .  
Progress: 20668 of 540928 done; Stage:  3%; Total:  1%; ETA:   7:31:16 .. 
Progress: 20669 of 540928 done; Stage:  3%; Total:  1%; ETA:   7:41:15 ...
Progress: 20670 of 540928 done; Stage:  3%; Total:  1%; ETA:   7:51:12    
Progress: 20671 of 540928 done; Stage:  3%; Total:  1%; ETA:   8:00:50 .  
Progress: 20672 of 540928 done; Stage:  3%; Total:  1%; ETA:   8:10:28 .. 
Progress: 20673 of 540928 done; Stage:  3%; Total:  1%; ETA:   8:20:06 ...
Progress: 20674 of 540928 done; Stage:  3%; Total:  1%; ETA:   8:29:44    
Progress: 20675 of 540928 done; Stage:  3%; Total:  1%; ETA:   8:39:22 .  
Progress: 20676 of 540928 done; Stage:  3%; Total:  1%; ETA:   8:49:00 .. 
Progress: 20677 of 540928 done; Stage:  3%; Total:  1%; ETA:   8:58:20 ...
Progress: 20678 of 540928 done; Stage:  3%; Total:  1%; ETA:   9:07:25    
Progress: 20679 of 540928 done; Stage:  3%; Total:  1%; ETA:   9:16:32 .  
Progress: 20680 of 540928 done; Stage:  3%; Total:  1%; ETA:   9:25:23 .. 
Progress: 20681 of 540928 done; Stage:  3%; Total:  1%; ETA:   9:34:16 ...
Progress: 20682 of 540928 done; Stage:  3%; Total:  1%; ETA:   9:43:31    
Progress: 20683 of 540928 done; Stage:  3%; Total:  1%; ETA:   9:52:49 .  
Progress: 20684 of 540928 done; Stage:  3%; Total:  1%; ETA:  10:02:07 .. 
Progress: 20685 of 540928 done; Stage:  3%; Total:  1%; ETA:  10:11:10 ...
Progress: 20686 of 540928 done; Stage:  3%; Total:  1%; ETA:  10:19:58    
Progress: 20687 of 540928 done; Stage:  3%; Total:  1%; ETA:  10:28:31 .  
Progress: 20688 of 540928 done; Stage:  3%; Total:  1%; ETA:  10:36:51 .. 
Progress: 20689 of 540928 done; Stage:  3%; Total:  1%; ETA:  10:45:16 ...
Progress: 20690 of 540928 done; Stage:  3%; Total:  1%; ETA:  10:53:45    
Progress: 20691 of 540928 done; Stage:  3%; Total:  1%; ETA:  11:02:19 .  
Progress: 20692 of 540928 done; Stage:  3%; Total:  1%; ETA:  11:11:16 .. 
Progress: 20693 of 540928 done; Stage:  3%; Total:  1%; ETA:  11:20:32 ...
Progress: 20694 of 540928 done; Stage:  3%; Total:  1%; ETA:  11:29:51    
Progress: 20695 of 540928 done; Stage:  3%; Total:  1%; ETA:  11:38:54 .  
Progress: 20696 of 540928 done; Stage:  3%; Total:  1%; ETA:  11:47:59 .. 
Progress: 20697 of 540928 done; Stage:  3%; Total:  1%; ETA:  11:57:08 ...
Progress: 20698 of 540928 done; Stage:  3%; Total:  1%; ETA:  12:06:37    
Progress: 20699 of 540928 done; Stage:  3%; Total:  1%; ETA:  12:16:27 .  
Progress: 20700 of 540928 done; Stage:  3%; Total:  1%; ETA:  12:25:57 .. 
Progress: 20701 of 540928 done; Stage:  3%; Total:  1%; ETA:  12:35:12 ...
Progress: 20702 of 540928 done; Stage:  3%; Total:  1%; ETA:  12:44:14    
Progress: 20703 of 540928 done; Stage:  3%; Total:  1%; ETA:  12:52:59 .  
Progress: 20704 of 540928 done; Stage:  3%; Total:  1%; ETA:  13:01:32 .. 
Progress: 20705 of 540928 done; Stage:  3%; Total:  1%; ETA:  13:10:10 ...
Progress: 20706 of 540928 done; Stage:  3%; Total:  1%; ETA:  13:18:36    
Progress: 20707 of 540928 done; Stage:  3%; Total:  1%; ETA:  13:27:25 .  
Progress: 20708 of 540928 done; Stage:  3%; Total:  1%; ETA:  13:36:38 .. 
Progress: 20709 of 540928 done; Stage:  3%; Total:  1%; ETA:  13:46:11 ...
Progress: 20710 of 540928 done; Stage:  3%; Total:  1%; ETA:  13:55:46    
Progress: 20711 of 540928 done; Stage:  3%; Total:  1%; ETA:  14:05:03 .  
Progress: 20712 of 540928 done; Stage:  3%; Total:  1%; ETA:  14:14:42 .. 
Progress: 20713 of 540928 done; Stage:  3%; Total:  1%; ETA:  14:23:47 ...
Progress: 20737 of 540928 done; Stage:  3%; Total:  1%; ETA:  16:10:50    
Progress: 21505 of 540928 done; Stage:  3%; Total:  1%; ETA:  16:09:45 .  
Progress: 21761 of 540928 done; Stage:  4%; Total:  1%; ETA:  16:02:59 .. 
Progress: 22017 of 540928 done; Stage:  4%; Total:  1%; ETA:  15:52:16 ...
Progress: 23198 of 540928 done; Stage:  4%; Total:  1%; ETA:  15:02:57    
Progress: 23553 of 540928 done; Stage:  4%; Total:  1%; ETA:  14:49:01 .  
Progress: 27379 of 540928 done; Stage:  5%; Total:  1%; ETA:  12:43:00 .. 
Progress: 29441 of 540928 done; Stage:  5%; Total:  1%; ETA:  11:48:57 ...
Progress: 32285 of 540928 done; Stage:  5%; Total:  2%; ETA:  10:46:28    
Progress: 34588 of 540928 done; Stage:  6%; Total:  2%; ETA:  10:00:44 .  
Progress: 39425 of 540928 done; Stage:  7%; Total:  2%; ETA:   8:46:47 .. 
Progress: 45973 of 540928 done; Stage:  8%; Total:  2%; ETA:   7:31:24 ...
Progress: 47865 of 540928 done; Stage:  8%; Total:  3%; ETA:   7:12:22    
Progress: 50177 of 540928 done; Stage:  9%; Total:  3%; ETA:   6:51:59 .  
Progress: 52978 of 540928 done; Stage:  9%; Total:  3%; ETA:   6:29:52 .. 
Progress: 59773 of 540928 done; Stage: 11%; Total:  3%; ETA:   5:44:22 ...
Progress: 61441 of 540928 done; Stage: 11%; Total:  3%; ETA:   5:34:34    
Progress: 70408 of 540928 done; Stage: 13%; Total:  4%; ETA:   4:51:09 .  
Progress: 76201 of 540928 done; Stage: 14%; Total:  4%; ETA:   4:28:12 .. 
Progress: 89594 of 540928 done; Stage: 16%; Total:  5%; ETA:   3:46:46 ...
Progress: 106035 of 540928 done; Stage: 19%; Total:  6%; ETA:   3:09:59    
Progress: 117577 of 540928 done; Stage: 21%; Total:  7%; ETA:   2:50:07 .  
Progress: 135293 of 540928 done; Stage: 25%; Total:  8%; ETA:   2:26:27 .. 
Progress: 142849 of 540928 done; Stage: 26%; Total:  9%; ETA:   2:17:50 ...
Progress: 149723 of 540928 done; Stage: 27%; Total:  9%; ETA:   2:10:36    
Progress: 159407 of 540928 done; Stage: 29%; Total: 10%; ETA:   2:01:04 .  
Progress: 183553 of 540928 done; Stage: 33%; Total: 11%; ETA:   1:43:45 .. 
Progress: 198278 of 540928 done; Stage: 36%; Total: 12%; ETA:   1:35:13 ...
Progress: 218881 of 540928 done; Stage: 40%; Total: 13%; ETA:   1:25:08    
Progress: 234981 of 540928 done; Stage: 43%; Total: 14%; ETA:   1:18:30 .  
Progress: 237164 of 540928 done; Stage: 43%; Total: 15%; ETA:   1:17:37 .. 
Progress: 244678 of 540928 done; Stage: 45%; Total: 15%; ETA:   1:14:44 ...
Progress: 250625 of 540928 done; Stage: 46%; Total: 15%; ETA:   1:12:39    
Progress: 256437 of 540928 done; Stage: 47%; Total: 16%; ETA:   1:10:46 .  
Progress: 278363 of 540928 done; Stage: 51%; Total: 17%; ETA:   1:04:07 .. 
Progress: 290274 of 540928 done; Stage: 53%; Total: 18%; ETA:   1:00:59 ...
Progress: 301569 of 540928 done; Stage: 55%; Total: 19%; ETA:   0:58:01    
Progress: 315759 of 540928 done; Stage: 58%; Total: 20%; ETA:   0:54:52 .  
Progress: 316429 of 540928 done; Stage: 58%; Total: 20%; ETA:   0:54:44 .. 
Progress: 317414 of 540928 done; Stage: 58%; Total: 20%; ETA:   0:54:30 ...
Progress: 318400 of 540928 done; Stage: 58%; Total: 20%; ETA:   0:54:14    
Progress: 318589 of 540928 done; Stage: 58%; Total: 20%; ETA:   0:54:10 .  
Progress: 318773 of 540928 done; Stage: 58%; Total: 20%; ETA:   0:54:06 .. 
Progress: 319489 of 540928 done; Stage: 59%; Total: 20%; ETA:   0:53:56 ...
Progress: 319492 of 540928 done; Stage: 59%; Total: 20%; ETA:   0:53:58    
Progress: 319500 of 540928 done; Stage: 59%; Total: 20%; ETA:   0:54:11 .  
Progress: 319506 of 540928 done; Stage: 59%; Total: 20%; ETA:   0:54:30 .. 
Progress: 319518 of 540928 done; Stage: 59%; Total: 20%; ETA:   0:55:30 ...
Progress: 319522 of 540928 done; Stage: 59%; Total: 20%; ETA:   0:56:02    
Progress: 319648 of 540928 done; Stage: 59%; Total: 20%; ETA:   0:58:27 .  
Progress: 319736 of 540928 done; Stage: 59%; Total: 20%; ETA:   0:59:08 .. 
Progress: 319745 of 540928 done; Stage: 59%; Total: 20%; ETA:   0:59:15 ...
Progress: 319999 of 540928 done; Stage: 59%; Total: 20%; ETA:   0:59:36    
Progress: 320001 of 540928 done; Stage: 59%; Total: 20%; ETA:   0:59:39 .  
Progress: 320116 of 540928 done; Stage: 59%; Total: 20%; ETA:   1:00:04 .. 
Progress: 320165 of 540928 done; Stage: 59%; Total: 20%; ETA:   1:00:17 ...
Progress: 320782 of 540928 done; Stage: 59%; Total: 20%; ETA:   1:00:15    
Progress: 322750 of 540928 done; Stage: 59%; Total: 20%; ETA:   0:59:42 .  
Progress: 334004 of 540928 done; Stage: 61%; Total: 21%; ETA:   0:57:13 .. 
Progress: 341556 of 540928 done; Stage: 63%; Total: 22%; ETA:   0:55:41 ...
Progress: 341559 of 540928 done; Stage: 63%; Total: 22%; ETA:   0:55:53    
Progress: 341575 of 540928 done; Stage: 63%; Total: 22%; ETA:   0:56:58 .  
Progress: 341578 of 540928 done; Stage: 63%; Total: 22%; ETA:   0:57:23 .. 
Progress: 341581 of 540928 done; Stage: 63%; Total: 22%; ETA:   0:57:56 ...
Progress: 341584 of 540928 done; Stage: 63%; Total: 22%; ETA:   0:58:33    
Progress: 341588 of 540928 done; Stage: 63%; Total: 22%; ETA:   0:59:32 .  
Progress: 342021 of 540928 done; Stage: 63%; Total: 22%; ETA:   1:03:35 .. 
Progress: 343404 of 540928 done; Stage: 63%; Total: 22%; ETA:   1:03:15 ...
Progress: 344065 of 540928 done; Stage: 63%; Total: 22%; ETA:   1:03:05    
Progress: 344167 of 540928 done; Stage: 63%; Total: 22%; ETA:   1:03:00 .  
Progress: 344222 of 540928 done; Stage: 63%; Total: 22%; ETA:   1:02:59 .. 
Progress: 344269 of 540928 done; Stage: 63%; Total: 22%; ETA:   1:02:57 ...
Progress: 349441 of 540928 done; Stage: 64%; Total: 22%; ETA:   1:01:47    
Progress: 352948 of 540928 done; Stage: 65%; Total: 22%; ETA:   1:00:55 .  
Progress: 353482 of 540928 done; Stage: 65%; Total: 22%; ETA:   1:00:46 .. 
Progress: 355196 of 540928 done; Stage: 65%; Total: 23%; ETA:   1:00:23 ...
Progress: 359835 of 540928 done; Stage: 66%; Total: 23%; ETA:   0:59:19    
Progress: 365798 of 540928 done; Stage: 67%; Total: 23%; ETA:   0:58:04 .  
Progress: 370674 of 540928 done; Stage: 68%; Total: 24%; ETA:   0:57:03 .. 
Progress: 378881 of 540928 done; Stage: 70%; Total: 24%; ETA:   0:55:29 ...
Progress: 391241 of 540928 done; Stage: 72%; Total: 25%; ETA:   0:53:13    
Progress: 393448 of 540928 done; Stage: 72%; Total: 25%; ETA:   0:52:49 .  
Progress: 393734 of 540928 done; Stage: 72%; Total: 25%; ETA:   0:52:44 .. 
Progress: 396482 of 540928 done; Stage: 73%; Total: 25%; ETA:   0:52:14 ...
Progress: 398337 of 540928 done; Stage: 73%; Total: 25%; ETA:   0:51:53    
Progress: 402054 of 540928 done; Stage: 74%; Total: 26%; ETA:   0:51:15 .  
Progress: 411393 of 540928 done; Stage: 76%; Total: 26%; ETA:   0:49:42 .. 
Progress: 427521 of 540928 done; Stage: 79%; Total: 27%; ETA:   0:47:11 ...
Progress: 457473 of 540928 done; Stage: 84%; Total: 29%; ETA:   0:43:05    
Progress: 489217 of 540928 done; Stage: 90%; Total: 31%; ETA:   0:39:16 .  
Progress: 516865 of 540928 done; Stage: 95%; Total: 33%; ETA:   0:36:19 .. 
Progress: 540928 of 540928 done; Stage: 100%; Total: 34%; ETA:   0:33:58 ...
                                                                                       
                                                                                       
  540928 file records processed.                                                        
 
File verification completed.
Progress: 6633 of 6633 done; Stage: 100%; Total: 29%; ETA:   0:44:30    
                                                                                       
                                                                                       
  6633 large file records processed.                                   
 
 
Errors found.  CHKDSK cannot continue in read-only mode.
 
========= End of CMD: =========
 
 
========= sfc /scannow =========
 
 
 
Beginning system scan.  This process will take some time.
 
 
 
Beginning verification phase of system scan.
 
 
Verification 0% complete.
Verification 1% complete.
Verification 1% complete.
Verification 2% complete.
Verification 2% complete.
Verification 3% complete.
Verification 3% complete.
Verification 4% complete.
Verification 4% complete.
Verification 5% complete.
Verification 5% complete.
Verification 6% complete.
Verification 6% complete.
Verification 7% complete.
Verification 7% complete.
Verification 8% complete.
Verification 8% complete.
Verification 9% complete.
Verification 9% complete.
Verification 10% complete.
Verification 11% complete.
Verification 11% complete.
Verification 12% complete.
Verification 12% complete.
Verification 13% complete.
Verification 13% complete.
Verification 14% complete.
Verification 14% complete.
Verification 15% complete.
Verification 15% complete.
Verification 16% complete.
Verification 16% complete.
Verification 17% complete.
Verification 17% complete.
Verification 18% complete.
Verification 18% complete.
Verification 19% complete.
Verification 19% complete.
Verification 20% complete.
Verification 21% complete.
Verification 21% complete.
Verification 22% complete.
Verification 22% complete.
Verification 23% complete.
Verification 23% complete.
Verification 24% complete.
Verification 24% complete.
Verification 25% complete.
Verification 25% complete.
Verification 26% complete.
Verification 26% complete.
Verification 27% complete.
Verification 27% complete.
Verification 28% complete.
Verification 28% complete.
Verification 29% complete.
Verification 29% complete.
Verification 30% complete.
Verification 31% complete.
Verification 31% complete.
Verification 32% complete.
Verification 32% complete.
Verification 33% complete.
Verification 33% complete.
Verification 34% complete.
Verification 34% complete.
Verification 35% complete.
Verification 35% complete.
Verification 36% complete.
Verification 36% complete.
Verification 37% complete.
Verification 37% complete.
Verification 38% complete.
Verification 38% complete.
Verification 39% complete.
Verification 39% complete.
Verification 40% complete.
Verification 41% complete.
Verification 41% complete.
Verification 42% complete.
Verification 42% complete.
Verification 43% complete.
Verification 43% complete.
Verification 44% complete.
Verification 44% complete.
Verification 45% complete.
Verification 45% complete.
Verification 46% complete.
Verification 46% complete.
Verification 47% complete.
Verification 47% complete.
Verification 48% complete.
Verification 48% complete.
Verification 49% complete.
Verification 49% complete.
Verification 50% complete.
Verification 50% complete.
Verification 51% complete.
Verification 52% complete.
Verification 52% complete.
Verification 53% complete.
Verification 53% complete.
Verification 54% complete.
Verification 54% complete.
Verification 55% complete.
Verification 55% complete.
Verification 56% complete.
Verification 56% complete.
Verification 57% complete.
Verification 57% complete.
Verification 58% complete.
Verification 58% complete.
Verification 59% complete.
Verification 59% complete.
Verification 60% complete.
Verification 60% complete.
Verification 61% complete.
Verification 62% complete.
Verification 62% complete.
Verification 63% complete.
Verification 63% complete.
Verification 64% complete.
Verification 64% complete.
Verification 65% complete.
Verification 65% complete.
Verification 66% complete.
Verification 66% complete.
Verification 67% complete.
Verification 67% complete.
Verification 68% complete.
Verification 68% complete.
Verification 69% complete.
Verification 69% complete.
Verification 70% complete.
Verification 70% complete.
Verification 71% complete.
Verification 72% complete.
Verification 72% complete.
Verification 73% complete.
Verification 73% complete.
Verification 74% complete.
Verification 74% complete.
Verification 75% complete.
Verification 75% complete.
Verification 76% complete.
Verification 76% complete.
Verification 77% complete.
Verification 77% complete.
Verification 78% complete.
Verification 78% complete.
Verification 79% complete.
Verification 79% complete.
Verification 80% complete.
Verification 80% complete.
Verification 81% complete.
Verification 82% complete.
Verification 82% complete.
Verification 83% complete.
Verification 83% complete.
Verification 84% complete.
Verification 84% complete.
Verification 85% complete.
Verification 85% complete.
Verification 86% complete.
Verification 86% complete.
Verification 87% complete.
Verification 87% complete.
Verification 88% complete.
Verification 88% complete.
Verification 89% complete.
Verification 89% complete.
Verification 90% complete.
Verification 90% complete.
Verification 91% complete.
Verification 91% complete.
Verification 92% complete.
Verification 93% complete.
Verification 93% complete.
Verification 94% complete.
Verification 94% complete.
Verification 95% complete.
Verification 95% complete.
Verification 96% complete.
Verification 96% complete.
Verification 97% complete.
Verification 97% complete.
Verification 98% complete.
Verification 98% complete.
Verification 99% complete.
Verification 99% complete.
Verification 100% complete.
 
 
Windows Resource Protection did not find any integrity violations.
 
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 16940404 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 8187540 B
Edge => 9305 B
Chrome => 202496435 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 16674 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 1277990 B
Earley Laptop => 43884007 B
 
RecycleBin => 0 B
EmptyTemp: => 270.2 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 07:37:53 ====


#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:42 AM

Posted 22 June 2018 - 07:25 PM

Though I am not a hardware expert, based on the information I have reviewed I would say you need to replace your hard drive. It appears the drive was damaged due to a substantial shock or drop. If you want a second opinion you can post in the Internal Hardware Forum to see if someone with more expertise can offer you some guidance. The other option would be to just continue on here and hope for the best. It is possible your symptoms are directly related to the state of your drive and if so we will not be able to overcome them.

 

Your thoughts?


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:42 AM

Posted 25 June 2018 - 08:03 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users