Solved CPU at 100% due to multiple internet explorer processes

Y

YoungZay

Posts: 22   +0
My laptop started running unusually slow and when I checked Task Manager I noticed the CPU was maxed out. The source seems to be multiple Internet Explorers running in tbe background each taking up to 30% of the CPU. When I try to end these tasks they do not go away so here I am.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:28-05-2016
Ran by Jeremy platano (administrator) on JEREMY (28-05-2016 17:44:41)
Running from C:\Users\Jeremy platano\Desktop
Loaded Profiles: Jeremy platano (Available Profiles: Jeremy platano)
Platform: Microsoft Windows 10 Pro Version 1511 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
() C:\Windows\System32\CpuHeatMapping\165271\CpuHeatMapping.exe
() C:\Windows\Cudm1110\cudm.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Windows\CpuEssentials\165271\CpuEssentials.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat DC\Acrobat\acrotray.exe
(© 2015 Microsoft Corporation) C:\Users\Jeremy platano\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Adobe Systems, Incorporated) C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
() C:\Windows\BugFixxer\1004\BugFixxer.exe
() C:\Windows\BinEssentials\BinEssentials1110\BinEssentials.exe
() C:\Windows\WinEssentials\516\WinEssentials.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6868.41111.0_x86__8wekyb3d8bbwe\HxTsr.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3519144 2015-07-29] (Synaptics Incorporated)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2484424 2015-10-07] (ELAN Microelectronics Corp.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [748744 2015-08-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1867448 2016-05-03] (Adobe Systems Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Sound+] => "C:\Program Files\Sound+\Sound+.exe"
HKLM\...\Run: [csrssf.exe -start] => C:\ProgramData\csrssf.exe -start
HKU\S-1-5-21-2498457770-3637397173-802165776-1001\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [53123712 2016-05-17] (Skype Technologies S.A.)
HKU\S-1-5-21-2498457770-3637397173-802165776-1001\...\Run: [BingSvc] => C:\Users\Jeremy platano\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-2498457770-3637397173-802165776-1001\...\RunOnce: [Uninstall C:\Users\Jeremy platano\AppData\Local\Microsoft\OneDrive\17.3.5892.0626] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jeremy platano\AppData\Local\Microsoft\OneDrive\17.3.5892.0626"
Startup: C:\Users\Jeremy platano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mysystem.lnk [2016-05-28]
ShortcutTarget: mysystem.lnk -> C:\Program Files\Microsoft Corporation\SystemAlert.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.226
Tcpip\..\Interfaces\{2865be08-9578-4d5e-a073-d3a1e94e4263}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{63cba9cf-bd04-4513-8188-a403bffe9b72}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{63cba9cf-bd04-4513-8188-a403bffe9b72}: [DhcpNameServer] 192.168.0.1 205.171.2.226
Tcpip\..\Interfaces\{99fb17ac-ae73-453d-9a02-2f98b48358ce}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{9fc5b24f-a667-419b-85ec-d742fbb935ca}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{ba94e176-0fb7-11e6-b770-806e6f6e6963}: [NameServer] 104.197.191.4

Internet Explorer:
==================
HKU\S-1-5-21-2498457770-3637397173-802165776-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1ewenusDefaultPack/SKY2_FRPage
SearchScopes: HKU\S-1-5-21-2498457770-3637397173-802165776-1001 -> {FC1D3D98-F6B8-4ADF-BEC1-4BCEACE2ED32} URL = hxxp://www-searching.com/s.ashx?prd=opensearch&q={searchTerms}&s=G5Szamotn11426BP,8197403f-b495-42c2-82a8-269bcf0b8d7e,
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2016-05-26] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-05-03] (Adobe Systems Incorporated)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-05-26] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-05-03] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-05-03] (Adobe Systems Incorporated)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-26] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-26] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-26] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-26] (Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-05-26] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-05-26] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-28] (Google Inc.)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
FF HKLM\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat DC - Create PDF - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2016-05-11]

Chrome:
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR DefaultSearchURL: Default -> hxxp://search.mpc.am?q={searchTerms}&cx=partner-pub-3796753109442372:3837783968
CHR DefaultSearchKeyword: Default -> mpc safe search
CHR Profile: C:\Users\Jeremy platano\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Jeremy platano\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-02]
CHR Extension: (Google Docs) - C:\Users\Jeremy platano\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-02]
CHR Extension: (Google Drive) - C:\Users\Jeremy platano\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-02]
CHR Extension: (YouTube) - C:\Users\Jeremy platano\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-02]
CHR Extension: (Adobe Acrobat) - C:\Users\Jeremy platano\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2016-05-11]
CHR Extension: (Google Sheets) - C:\Users\Jeremy platano\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-02]
CHR Extension: (Google Docs Offline) - C:\Users\Jeremy platano\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jeremy platano\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-02]
CHR Extension: (Gmail) - C:\Users\Jeremy platano\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-02]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2498457770-3637397173-802165776-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [276992 2015-08-21] (Advanced Micro Devices, Inc.) [File not signed]
R2 BinEssentials; C:\WINDOWS\BinEssentials\BinEssentials1110\BinEssentials.exe [6656 2016-05-23] () [File not signed]
R2 BugFixxer; C:\WINDOWS\BugFixxer\1004\BugFixxer.exe [6144 2016-04-23] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [1867504 2016-05-01] (Microsoft Corporation)
R2 CpuEssentials; C:\WINDOWS\CpuEssentials/165271\CpuEssentials.exe [7680 2016-05-27] () [File not signed]
R2 CpuHeatMapping; C:\WINDOWS\system32\CpuHeatMapping/165271\CpuHeatMapping.exe [44544 2016-05-27] () [File not signed]
R2 cudm; C:\WINDOWS\Cudm1110\cudm.exe [6144 2016-05-09] () [File not signed]
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [124616 2015-10-07] (ELAN Microelectronics Corp.)
S2 Policies; C:\WINDOWS\system32\Policies/Policies165240\Policies.exe [44032 2016-05-25] () [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [280376 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23256 2015-10-30] (Microsoft Corporation)
R2 WinEssentials; C:\WINDOWS\WinEssentials/516\WinEssentials.exe [7680 2016-05-16] () [File not signed]
S2 Aotauch; "C:\Users\Jeremy platano\AppData\Roaming\ElorfoVomn\Faeyjde.exe" -cms [X]
S2 dowidoly; C:\Program Files\E0EDABFE-1464404103-E011-9748-00266CC6FF05\jnswDEFE.tmp [X]
S2 Fuxikireli; "C:\Users\Jeremy platano\AppData\Roaming\Caporoduu\Caporoduu.exe" -cms [X]
S2 Rijjerebad; "C:\Users\Jeremy platano\AppData\Roaming\Zaouzvidna\Zaouzvidna.exe" -cms [X]
S2 sotutomizbt; C:\Program Files\E0EDABFE-1464404103-E011-9748-00266CC6FF05\knso7E5A.tmpfs [X]
S2 Wuqbooi; "C:\Users\Jeremy platano\AppData\Roaming\XaxhMorhi\Ifyccoq.exe" -cms [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Andbus; C:\WINDOWS\System32\drivers\lgandbus.sys [14336 2012-03-02] (LG Electronics Inc.)
S3 AndDiag; C:\WINDOWS\System32\drivers\lganddiag.sys [20736 2012-03-02] (LG Electronics Inc.)
S3 AndGps; C:\WINDOWS\System32\drivers\lgandgps.sys [20096 2012-03-02] (LG Electronics Inc.)
S3 AndnetBus; C:\WINDOWS\System32\drivers\lgandnetbus.sys [15744 2015-01-21] (LG Electronics Inc.)
S3 AndNetDiag; C:\WINDOWS\System32\drivers\lgandnetdiag.sys [24576 2015-01-26] (LG Electronics Inc.)
S3 AndNetDiag2; C:\WINDOWS\System32\drivers\lgandnetdiag2.sys [24576 2015-01-26] (LG Electronics Inc.)
S3 AndNetGps; C:\WINDOWS\System32\drivers\lgandnetgps.sys [22912 2015-01-21] (LG Electronics Inc.)
R1 cherimoya; C:\WINDOWS\System32\drivers\cherimoya.sys [56128 2016-05-27] (Windows (R) Win 7 DDK provider)
S3 dot4; C:\WINDOWS\System32\drivers\Dot4.sys [137632 2012-09-25] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [22432 2012-09-25] (Windows (R) Win 7 DDK provider)
R3 ETD; C:\WINDOWS\system32\DRIVERS\ETD.sys [514760 2015-10-07] (ELAN Microelectronics Corp.)
S3 HtcVCom32; C:\WINDOWS\System32\drivers\HtcVComV32.sys [105984 2009-10-27] (QUALCOMM Incorporated)
S3 imxusb; C:\WINDOWS\System32\drivers\imxusb.sys [15872 2011-03-24] (Windows (R) Win 7 DDK provider)
R3 rtwlane_13; C:\WINDOWS\System32\drivers\rtwlane_13.sys [3215360 2015-10-30] (Realtek Semiconductor Corporation )
S3 ssudrmnet; C:\WINDOWS\System32\drivers\ssudrmnet.sys [59160 2013-06-04] (DEVGURU Co., LTD.)
S3 ssudserd; C:\WINDOWS\System32\drivers\ssudserd.sys [181912 2013-06-04] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [42088 2015-12-31] (Toshiba Corporation)
S3 usbbus; C:\WINDOWS\System32\drivers\lgusbbus.sys [13056 2014-11-17] (LG Electronics Inc.)
S3 UsbDiag; C:\WINDOWS\System32\drivers\lgusbdiag.sys [22016 2014-11-21] (LG Electronics Inc.)
S3 UsbGps; C:\WINDOWS\System32\drivers\lgusbgps.sys [20096 2014-11-17] (LG Electronics Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [37400 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [246104 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [98648 2015-10-30] (Microsoft Corporation)
R3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [163328 2015-10-30] (Microsoft Corporation)
S0 MPCBase; System32\drivers\MPCBase.sys [X]
S1 MPCKpt; system32\DRIVERS\MPCKpt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-28 17:44 - 2016-05-28 17:47 - 00016464 _____ C:\Users\Jeremy platano\Desktop\FRST.txt
2016-05-28 17:42 - 2016-05-28 17:44 - 00000000 ____D C:\FRST
2016-05-28 17:41 - 2016-05-28 17:38 - 01734144 ____N (Farbar) C:\Users\Jeremy platano\Desktop\FRST.exe
2016-05-28 17:16 - 2016-05-28 17:16 - 07269656 _____ (Bitdefender LLC) C:\Users\Jeremy platano\Downloads\BootkitRemoval_x86.exe
2016-05-28 16:25 - 2016-05-28 16:25 - 00002290 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-28 16:25 - 2016-05-28 16:25 - 00002278 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-28 16:22 - 2016-05-28 17:53 - 00000908 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-28 16:22 - 2016-05-28 16:47 - 00000904 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-28 16:20 - 2016-05-28 16:20 - 00987728 _____ (Google Inc.) C:\Users\Jeremy platano\Downloads\ChromeSetup (4).exe
2016-05-28 16:07 - 2016-05-28 16:07 - 00000000 ____D C:\WINDOWS\WinEssentials
2016-05-28 16:07 - 2016-05-28 16:07 - 00000000 ____D C:\WINDOWS\BinEssentials
2016-05-28 16:06 - 2016-05-28 16:06 - 00000000 ____D C:\WINDOWS\BugFixxer
2016-05-28 15:08 - 2016-05-28 15:09 - 00000410 __RSH C:\ProgramData\ntuser.pol
2016-05-28 15:01 - 2016-05-28 15:01 - 00000000 ____D C:\WINDOWS\CpuEssentials
2016-05-28 14:56 - 2016-05-28 14:56 - 00000000 ____D C:\WINDOWS\system32\CpuHeatMapping
2016-05-27 23:55 - 2016-05-28 14:55 - 00000000 ____D C:\WINDOWS\Cudm1110
2016-05-27 23:26 - 2016-05-27 23:26 - 00000000 ____D C:\Users\Public\Thunder Network
2016-05-27 23:24 - 2016-05-27 23:24 - 00007387 _____ C:\WINDOWS\system32\hst.pcm
2016-05-27 23:21 - 2016-05-28 15:00 - 00000000 ____D C:\WINDOWS\SysSecure1.0.0.5
2016-05-27 23:20 - 2016-05-27 23:20 - 00000000 ____D C:\WINDOWS\system32\Policies
2016-05-27 23:17 - 2016-05-27 23:17 - 00187904 _____ C:\WINDOWS\rsrcs.dll
2016-05-27 23:15 - 2016-05-27 23:15 - 00000000 ____H C:\WINDOWS\system32\BIT6406.tmp
2016-05-27 22:53 - 2016-05-27 22:53 - 00000000 ____D C:\Users\Jeremy platano\AppData\LocalLow\Company
2016-05-27 22:53 - 2016-05-27 22:53 - 00000000 ____D C:\Users\Jeremy platano\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2016-05-27 22:53 - 2016-05-27 22:53 - 00000000 ____D C:\uninst
2016-05-27 22:52 - 2016-05-27 23:53 - 00000000 ____D C:\Users\Jeremy platano\AppData\Local\Tempfolder
2016-05-27 22:51 - 2016-05-27 22:51 - 00032576 _____ C:\WINDOWS\system32\Drivers\bsdp32.sys
2016-05-27 22:49 - 2016-05-28 16:03 - 00000000 ____D C:\Program Files\MPC Cleaner
2016-05-27 22:41 - 2016-05-27 22:41 - 00000000 ____D C:\Users\Jeremy platano\AppData\Local\WINTUNEPRO
2016-05-27 22:40 - 2016-05-27 22:40 - 00000000 ____D C:\Users\Jeremy platano\AppData\Local\QuickCleaner
2016-05-27 22:35 - 2016-05-27 22:35 - 02433024 _____ C:\WINDOWS\chromebrowser.exe
2016-05-27 22:21 - 2016-05-27 22:21 - 00000000 ____D C:\Users\Jeremy platano\Downloads\Sony Vegas Pro 13.0 build 310 (64 bit) (patch KHG) [ChingLiu]
2016-05-27 22:14 - 2016-05-27 22:14 - 00002717 _____ C:\Users\Jeremy platano\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2016-05-27 22:14 - 2016-05-27 22:14 - 00000000 ____D C:\Users\Jeremy platano\AppData\LocalLow\uTorrent
2016-05-27 22:12 - 2016-05-27 23:53 - 00000000 ____D C:\Users\Jeremy platano\AppData\Roaming\uTorrent
2016-05-27 22:12 - 2016-05-27 22:12 - 02530304 _____ (BitTorrent Inc.) C:\Users\Jeremy platano\Downloads\uTorrent.exe
2016-05-27 21:17 - 2016-05-27 22:52 - 00056128 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\cherimoya.sys
2016-05-27 10:01 - 2016-05-27 10:02 - 00235603 _____ C:\Users\Jeremy platano\Downloads\R526 A1 FL PLAN-Model.pdf
2016-05-27 10:01 - 2016-05-27 10:01 - 00021896 _____ C:\Users\Jeremy platano\Downloads\R526 A1 FL PLAN-AB-2.pdf
2016-05-27 10:00 - 2016-05-27 10:00 - 00208153 _____ C:\Users\Jeremy platano\Downloads\R526 A1 FL PLAN-A1.3.pdf
2016-05-27 10:00 - 2016-05-27 10:00 - 00021099 _____ C:\Users\Jeremy platano\Downloads\R526 A1 FL PLAN-AB-1.pdf
2016-05-27 09:59 - 2016-05-27 09:59 - 00209104 _____ C:\Users\Jeremy platano\Downloads\R526 A1 FL PLAN-A1.2A.pdf
2016-05-27 09:59 - 2016-05-27 09:59 - 00209104 _____ C:\Users\Jeremy platano\Downloads\R526 A1 FL PLAN-A1.2A (1).pdf
2016-05-27 09:59 - 2016-05-27 09:59 - 00087701 _____ C:\Users\Jeremy platano\Downloads\R526 A1 FL PLAN-A1.2B.pdf
2016-05-27 09:58 - 2016-05-27 09:58 - 00356280 _____ C:\Users\Jeremy platano\Downloads\R526 A1 FL PLAN-A1.1A.pdf
2016-05-27 09:58 - 2016-05-27 09:58 - 00301063 _____ C:\Users\Jeremy platano\Downloads\R526 A1 FL PLAN-A1.1B.pdf
2016-05-27 09:57 - 2016-05-27 09:57 - 00109523 _____ C:\Users\Jeremy platano\Downloads\R526 A1 FL PLAN-A D-1.pdf
2016-05-27 09:57 - 2016-05-27 09:57 - 00088548 _____ C:\Users\Jeremy platano\Downloads\R526 A1 FL PLAN-A D-2.pdf
2016-05-27 09:57 - 2016-05-27 09:57 - 00032980 _____ C:\Users\Jeremy platano\Downloads\R526 A1 FL PLAN-A1 O-A.pdf
2016-05-27 09:48 - 2016-05-27 09:48 - 00006983 _____ C:\Users\Jeremy platano\Downloads\R526 BASE-01-Model.pdf
2016-05-27 09:47 - 2016-05-27 09:47 - 00004256 _____ C:\Users\Jeremy platano\Downloads\R526 BASE-01-Layout1.pdf
2016-05-27 09:46 - 2016-05-27 09:46 - 00004262 _____ C:\Users\Jeremy platano\Downloads\R526 BASE OVERLAY-Model.pdf
2016-05-27 09:41 - 2016-05-27 09:41 - 00004256 _____ C:\Users\Jeremy platano\Downloads\R526 BASE OVERLAY-Layout1.pdf
2016-05-27 09:40 - 2016-05-27 09:40 - 00145600 _____ C:\Users\Jeremy platano\Downloads\R526 A0.2 CALC AREA-A0.2.pdf
2016-05-27 09:40 - 2016-05-27 09:40 - 00132147 _____ C:\Users\Jeremy platano\Downloads\R526 A0.2 CALC AREA-Model.pdf
2016-05-27 09:22 - 2016-05-27 10:10 - 00000000 ____D C:\Users\Jeremy platano\Desktop\Attachments_2016527
2016-05-26 18:37 - 2016-05-26 18:37 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-05-26 18:27 - 2016-05-26 18:27 - 00002492 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2016-05-26 18:27 - 2016-05-26 18:27 - 00002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2016-05-26 18:27 - 2016-05-26 18:27 - 00002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-05-26 18:27 - 2016-05-26 18:27 - 00002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-05-26 18:27 - 2016-05-26 18:27 - 00002414 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2016-05-26 18:27 - 2016-05-26 18:27 - 00002413 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-05-26 18:27 - 2016-05-26 18:27 - 00002407 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-05-26 18:27 - 2016-05-26 18:27 - 00002401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-05-26 18:27 - 2016-05-26 18:27 - 00002393 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-05-26 18:27 - 2016-05-26 18:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2016-05-26 18:10 - 2016-05-27 05:41 - 00000000 ____D C:\Program Files\Microsoft Office
2016-05-26 18:10 - 2016-05-26 18:10 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-05-26 18:09 - 2016-05-26 18:09 - 03191496 _____ (Microsoft Corporation) C:\Users\Jeremy platano\Downloads\Setup.X86.en-US_O365ProPlusRetail_897fbb38-39a4-419e-a1e3-83102e3d11bd_TX_PR_b_64_.exe
2016-05-23 15:54 - 2016-05-23 15:54 - 00269506 _____ C:\Users\Jeremy platano\Downloads\residency affidavit nondegree.pdf
2016-05-20 19:10 - 2016-05-28 16:36 - 00000000 ____D C:\Users\Jeremy platano\AppData\Roaming\Skype
2016-05-20 18:57 - 2016-05-20 18:58 - 01463424 _____ (Skype Technologies S.A.) C:\Users\Jeremy platano\Downloads\SkypeSetup (2).exe
2016-05-15 11:33 - 2016-05-23 16:32 - 00000000 ____D C:\Users\Jeremy platano\Desktop\UF Papers
2016-05-14 18:13 - 2016-05-20 19:04 - 00000000 ____D C:\Users\Jeremy platano\AppData\Roaming\Skype_old
2016-05-14 18:12 - 2016-05-20 19:00 - 00000000 ____D C:\ProgramData\Skype
2016-05-14 18:12 - 2016-05-14 18:12 - 00002628 _____ C:\Users\Public\Desktop\Skype.lnk
2016-05-14 18:12 - 2016-05-14 18:12 - 00000000 ___RD C:\Program Files\Skype
2016-05-14 18:12 - 2016-05-14 18:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-05-14 18:12 - 2016-05-14 18:12 - 00000000 ____D C:\Program Files\Common Files\Skype
2016-05-14 18:10 - 2016-05-14 18:11 - 01463424 _____ (Skype Technologies S.A.) C:\Users\Jeremy platano\Downloads\SkypeSetup (1).exe
2016-05-11 16:28 - 2016-05-11 16:28 - 00065109 _____ C:\Users\Jeremy platano\Desktop\JLD EDIT.pdf
2016-05-11 16:13 - 2016-05-11 16:13 - 00074836 _____ C:\Users\Jeremy platano\Desktop\JLD.pdf
2016-05-11 15:53 - 2016-05-11 16:10 - 00061435 _____ C:\Users\Jeremy platano\Desktop\JLD ELECTRICAL CHANGE ORDER.pdf
2016-05-11 15:49 - 2016-05-27 09:23 - 00000000 ____D C:\Users\Jeremy platano\AppData\Local\Adobe
2016-05-11 15:49 - 2016-05-11 15:50 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-05-11 15:49 - 2016-05-11 15:49 - 00000000 ____D C:\Users\Jeremy platano\AppData\Local\CEF
2016-05-11 15:48 - 2016-05-20 18:35 - 00002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2016-05-11 15:48 - 2016-05-11 15:48 - 00002084 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2016-05-11 15:48 - 2016-05-11 15:48 - 00002061 _____ C:\Users\Public\Desktop\Adobe Acrobat DC.lnk
2016-05-11 15:43 - 2016-05-11 15:51 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-05-11 15:43 - 2016-05-11 15:43 - 00000000 ____D C:\Program Files\Adobe
2016-05-11 15:25 - 2016-05-11 15:52 - 00000000 ____D C:\ProgramData\Adobe
2016-05-11 15:25 - 2016-05-11 15:25 - 02094184 _____ (Adobe) C:\Users\Jeremy platano\Downloads\acrobatproDC_00000000000000000000000409.exe
2016-05-11 15:19 - 2016-05-11 15:19 - 00150977 ____T C:\Users\Jeremy platano\Documents\JLD.pdf
2016-05-11 15:12 - 2016-05-11 15:12 - 00273682 _____ C:\Users\Jeremy platano\Downloads\JLD ELECTRICAL CHANGE ORDER.pdf
2016-05-11 08:57 - 2016-05-11 08:57 - 00564736 _____ C:\WINDOWS\system32\bitst.exe
2016-05-10 18:24 - 2016-04-23 00:35 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-05-10 18:24 - 2016-04-23 00:31 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-05-10 18:24 - 2016-04-23 00:27 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-05-10 18:24 - 2016-04-23 00:26 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-05-10 18:24 - 2016-04-23 00:25 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-05-10 18:24 - 2016-04-23 00:24 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-05-10 18:24 - 2016-04-23 00:22 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-05-10 18:24 - 2016-04-23 00:20 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-05-10 18:24 - 2016-04-23 00:20 - 18676224 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-05-10 18:24 - 2016-04-23 00:18 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-05-10 18:24 - 2016-04-23 00:16 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-05-10 18:24 - 2016-04-23 00:15 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-05-10 18:24 - 2016-04-23 00:15 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-05-10 18:24 - 2016-04-23 00:15 - 00612352 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-05-10 18:24 - 2016-04-23 00:14 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-05-10 18:24 - 2016-04-23 00:13 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-05-10 18:24 - 2016-04-23 00:07 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-05-10 18:23 - 2016-04-30 02:46 - 02974720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-05-10 18:23 - 2016-04-23 02:06 - 01232576 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-05-10 18:23 - 2016-04-23 02:06 - 00973504 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-05-10 18:23 - 2016-04-23 02:06 - 00576192 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-05-10 18:23 - 2016-04-23 02:06 - 00440512 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-05-10 18:23 - 2016-04-23 02:06 - 00248512 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-05-10 18:23 - 2016-04-23 02:06 - 00149696 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-05-10 18:23 - 2016-04-23 02:06 - 00042688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-05-10 18:23 - 2016-04-23 01:28 - 05796704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-05-10 18:23 - 2016-04-23 01:28 - 01561392 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-05-10 18:23 - 2016-04-23 01:28 - 01541792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-05-10 18:23 - 2016-04-23 01:12 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-05-10 18:23 - 2016-04-23 01:12 - 00451928 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-05-10 18:23 - 2016-04-23 01:10 - 02919832 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-05-10 18:23 - 2016-04-23 01:09 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-05-10 18:23 - 2016-04-23 01:09 - 05240960 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-05-10 18:23 - 2016-04-23 01:09 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-05-10 18:23 - 2016-04-23 01:01 - 01714520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-05-10 18:23 - 2016-04-23 01:01 - 00522176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-05-10 18:23 - 2016-04-23 00:22 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-05-10 18:23 - 2016-04-23 00:16 - 00484864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-05-10 18:23 - 2016-04-23 00:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-05-10 18:23 - 2016-04-23 00:14 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-05-10 18:23 - 2016-04-23 00:14 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-05-10 18:23 - 2016-04-23 00:13 - 01028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-05-10 18:23 - 2016-04-23 00:13 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-05-10 18:23 - 2016-04-23 00:13 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-05-10 18:23 - 2016-04-23 00:11 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-05-10 18:23 - 2016-04-23 00:10 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-05-10 18:23 - 2016-04-23 00:10 - 00639488 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-05-10 18:23 - 2016-04-23 00:09 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-05-10 18:23 - 2016-04-23 00:08 - 05324288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-05-10 18:23 - 2016-04-23 00:08 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-05-10 18:23 - 2016-04-23 00:07 - 01793024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-05-10 18:23 - 2016-04-23 00:07 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-05-10 18:23 - 2016-04-23 00:05 - 01895936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-05-10 18:23 - 2016-04-23 00:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-05-10 18:23 - 2016-04-23 00:04 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-05-10 18:23 - 2016-04-23 00:04 - 01733632 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-05-10 18:23 - 2016-04-23 00:03 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-05-10 18:23 - 2016-04-23 00:03 - 02000896 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-05-10 18:23 - 2016-04-23 00:03 - 01899520 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-05-10 18:23 - 2016-04-23 00:03 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-05-10 18:22 - 2016-05-06 01:20 - 00077664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdport.sys
2016-05-10 18:22 - 2016-05-06 00:23 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-05-10 18:22 - 2016-05-06 00:13 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-05-10 18:22 - 2016-05-06 00:10 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2016-05-10 18:22 - 2016-05-06 00:05 - 00487936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-05-10 18:22 - 2016-05-06 00:05 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-05-10 18:22 - 2016-05-05 23:49 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-05-10 18:22 - 2016-04-30 02:53 - 01152000 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-05-10 18:22 - 2016-04-23 02:06 - 00081088 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-05-10 18:22 - 2016-04-23 01:28 - 00550240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-05-10 18:22 - 2016-04-23 01:28 - 00545432 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-05-10 18:22 - 2016-04-23 01:28 - 00278368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-05-10 18:22 - 2016-04-23 01:28 - 00083808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-05-10 18:22 - 2016-04-23 01:26 - 00792328 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-05-10 18:22 - 2016-04-23 01:21 - 00023776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-05-10 18:22 - 2016-04-23 01:14 - 00310112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-05-10 18:22 - 2016-04-23 01:13 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-05-10 18:22 - 2016-04-23 01:13 - 00306832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-05-10 18:22 - 2016-04-23 01:13 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-05-10 18:22 - 2016-04-23 01:12 - 00104800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufxsynopsys.sys
2016-05-10 18:22 - 2016-04-23 01:11 - 00259424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-05-10 18:22 - 2016-04-23 01:09 - 00569744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2016-05-10 18:22 - 2016-04-23 01:09 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-05-10 18:22 - 2016-04-23 01:09 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-05-10 18:22 - 2016-04-23 01:07 - 01536088 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-05-10 18:22 - 2016-04-23 01:07 - 00192704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2016-05-10 18:22 - 2016-04-23 01:07 - 00183904 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2016-05-10 18:22 - 2016-04-23 01:02 - 00188256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-05-10 18:22 - 2016-04-23 01:01 - 00513368 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-05-10 18:22 - 2016-04-23 01:01 - 00484704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-05-10 18:22 - 2016-04-23 01:01 - 00336224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-05-10 18:22 - 2016-04-23 01:00 - 01522152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-05-10 18:22 - 2016-04-23 01:00 - 01396584 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-05-10 18:22 - 2016-04-23 01:00 - 01273720 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-05-10 18:22 - 2016-04-23 01:00 - 00453472 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2016-05-10 18:22 - 2016-04-23 01:00 - 00049504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwminit.dll
2016-05-10 18:22 - 2016-04-23 00:55 - 00430432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-05-10 18:22 - 2016-04-23 00:30 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-05-10 18:22 - 2016-04-23 00:29 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-05-10 18:22 - 2016-04-23 00:29 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2016-05-10 18:22 - 2016-04-23 00:29 - 00046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2016-05-10 18:22 - 2016-04-23 00:29 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe
2016-05-10 18:22 - 2016-04-23 00:29 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-05-10 18:22 - 2016-04-23 00:28 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-05-10 18:22 - 2016-04-23 00:28 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-05-10 18:22 - 2016-04-23 00:27 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2016-05-10 18:22 - 2016-04-23 00:27 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-05-10 18:22 - 2016-04-23 00:25 - 00070144 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-05-10 18:22 - 2016-04-23 00:24 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-05-10 18:22 - 2016-04-23 00:24 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-05-10 18:22 - 2016-04-23 00:24 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\filecrypt.sys
2016-05-10 18:22 - 2016-04-23 00:23 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-05-10 18:22 - 2016-04-23 00:23 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2016-05-10 18:22 - 2016-04-23 00:23 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-05-10 18:22 - 2016-04-23 00:23 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-05-10 18:22 - 2016-04-23 00:22 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2016-05-10 18:22 - 2016-04-23 00:21 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-05-10 18:22 - 2016-04-23 00:21 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-05-10 18:22 - 2016-04-23 00:21 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2016-05-10 18:22 - 2016-04-23 00:21 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-05-10 18:22 - 2016-04-23 00:20 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-05-10 18:22 - 2016-04-23 00:20 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-05-10 18:22 - 2016-04-23 00:20 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-05-10 18:22 - 2016-04-23 00:20 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2016-05-10 18:22 - 2016-04-23 00:20 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2016-05-10 18:22 - 2016-04-23 00:19 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-05-10 18:22 - 2016-04-23 00:19 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-05-10 18:22 - 2016-04-23 00:19 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2016-05-10 18:22 - 2016-04-23 00:18 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-05-10 18:22 - 2016-04-23 00:17 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-05-10 18:22 - 2016-04-23 00:17 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-05-10 18:22 - 2016-04-23 00:17 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-05-10 18:22 - 2016-04-23 00:16 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-05-10 18:22 - 2016-04-23 00:16 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-05-10 18:22 - 2016-04-23 00:15 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-05-10 18:22 - 2016-04-23 00:14 - 00739328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-05-10 18:22 - 2016-04-23 00:14 - 00647680 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-05-10 18:22 - 2016-04-23 00:14 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-05-10 18:22 - 2016-04-23 00:14 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-05-10 18:22 - 2016-04-23 00:14 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-05-10 18:22 - 2016-04-23 00:13 - 00951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-05-10 18:22 - 2016-04-23 00:13 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-05-10 18:22 - 2016-04-23 00:12 - 00783872 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-05-10 18:22 - 2016-04-23 00:12 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-05-10 18:22 - 2016-04-23 00:05 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-05-10 18:22 - 2016-04-23 00:03 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-05-10 18:22 - 2016-04-23 00:03 - 00704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-05-10 18:22 - 2016-04-23 00:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-05-10 18:22 - 2016-04-23 00:01 - 01075200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-05-10 18:22 - 2016-04-22 22:10 - 00177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-05-10 18:22 - 2016-04-18 18:30 - 00002186 _____ C:\WINDOWS\system32\AppxProvisioning.xml
2016-05-09 16:40 - 2016-05-09 16:40 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2016-05-09 16:40 - 2016-05-09 16:40 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-05-08 10:17 - 2016-05-08 10:18 - 38168696 _____ (Vivaldi Technologies AS) C:\Users\Jeremy platano\Downloads\Vivaldi.1.1.453.52.exe
2016-05-03 16:32 - 2016-05-28 16:03 - 00000000 ____D C:\Users\Jeremy platano\AppData\Local\Kingsoft
2016-05-03 16:31 - 2016-05-26 18:11 - 00000000 ____D C:\ProgramData\kingsoft
2016-05-03 16:29 - 2016-05-03 16:31 - 78745832 _____ (Kingsoft Corp. Ltd.) C:\Users\Jeremy platano\Downloads\setup_wps_office_2016_en.exe
2016-05-03 16:18 - 2016-05-03 16:18 - 18685479 _____ C:\Users\Jeremy platano\Downloads\ibsl-3.pdf
2016-05-03 16:16 - 2016-05-03 16:16 - 03531642 _____ C:\Users\Jeremy platano\Downloads\InShot_20160430_163028.mp4
2016-05-02 19:04 - 2016-05-02 19:04 - 00000000 ____D C:\Users\Jeremy platano\AppData\Local\PeerDistRepub
2016-05-02 16:06 - 2016-05-02 16:06 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-05-02 11:28 - 2016-05-28 16:24 - 00000000 ____D C:\Program Files\Google
2016-05-02 11:28 - 2016-05-02 15:50 - 00000000 ____D C:\Users\Jeremy platano\AppData\Local\Google
2016-05-02 11:28 - 2016-05-02 11:32 - 00987728 _____ (Google Inc.) C:\Users\Jeremy platano\Downloads\ChromeSetup (3).exe
2016-05-01 22:08 - 2016-05-01 22:08 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2016-05-01 16:12 - 2016-05-01 16:12 - 00000000 ____D C:\WINDOWS\InfusedApps
2016-05-01 16:12 - 2016-05-01 12:33 - 00000000 ___DC C:\WINDOWS\Panther
2016-05-01 16:11 - 2016-05-01 15:53 - 00000000 ____D C:\Windows.old
2016-05-01 16:00 - 2016-05-01 16:00 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-05-01 15:58 - 2016-05-01 15:58 - 00000000 ____D C:\Program Files\Synaptics
2016-05-01 15:54 - 2016-05-01 15:54 - 00000000 ____D C:\WINDOWS\Setup
2016-05-01 15:52 - 2016-05-01 15:52 - 00000000 ____D C:\WINDOWS\OCR
2016-05-01 15:51 - 2016-05-01 15:51 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-05-01 15:51 - 2016-05-01 15:51 - 00000000 ____D C:\Program Files\MSBuild
2016-05-01 15:50 - 2016-05-01 15:50 - 00000000 ____D C:\WINDOWS\system32\winrm
2016-05-01 15:50 - 2016-05-01 15:50 - 00000000 ____D C:\WINDOWS\system32\WCN
2016-05-01 15:50 - 2016-05-01 15:50 - 00000000 ____D C:\WINDOWS\system32\slmgr
2016-05-01 15:50 - 2016-05-01 15:50 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2016-05-01 15:50 - 2016-05-01 15:50 - 00000000 ____D C:\WINDOWS\system32\0409
2016-05-01 15:50 - 2016-05-01 15:50 - 00000000 ____D C:\WINDOWS\DigitalLocker
2016-05-01 15:43 - 2016-05-11 15:57 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-05-01 15:43 - 2016-05-11 15:57 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-05-01 15:38 - 2016-05-28 15:06 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-05-01 15:38 - 2016-05-27 21:58 - 00000000 ___HD C:\Program Files\WindowsApps
2016-05-01 15:38 - 2016-05-27 21:58 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-05-01 15:38 - 2016-05-26 18:38 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-05-01 15:38 - 2016-05-26 18:37 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-05-01 15:38 - 2016-05-15 14:09 - 00000000 ____D C:\WINDOWS\rescache
2016-05-01 15:38 - 2016-05-11 16:37 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-05-01 15:38 - 2016-05-11 16:37 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-05-01 15:38 - 2016-05-11 16:37 - 00000000 ____D C:\WINDOWS\Provisioning
2016-05-01 15:38 - 2016-05-11 16:37 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-05-01 15:38 - 2016-05-11 16:37 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-01 15:38 - 2016-05-11 16:36 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-05-01 15:38 - 2016-05-03 15:39 - 00000000 ____D C:\WINDOWS\AppCompat
2016-05-01 15:38 - 2016-05-02 09:50 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-05-01 15:38 - 2016-05-02 09:50 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-05-01 15:38 - 2016-05-02 09:50 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-05-01 15:38 - 2016-05-02 09:50 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-05-01 15:38 - 2016-05-02 09:49 - 00000000 __RSD C:\WINDOWS\Media
2016-05-01 15:38 - 2016-05-02 09:49 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-05-01 15:38 - 2016-05-02 09:49 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-05-01 15:38 - 2016-05-02 09:49 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-05-01 15:38 - 2016-05-02 09:49 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-05-01 15:38 - 2016-05-02 09:49 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-05-01 15:38 - 2016-05-01 16:12 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-05-01 15:38 - 2016-05-01 15:50 - 00000000 ___SD C:\WINDOWS\system32\dsc
2016-05-01 15:38 - 2016-05-01 15:50 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-05-01 15:38 - 2016-05-01 15:50 - 00000000 ____D C:\WINDOWS\system32\setup
2016-05-01 15:38 - 2016-05-01 15:50 - 00000000 ____D C:\WINDOWS\system32\MUI
2016-05-01 15:38 - 2016-05-01 15:50 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-05-01 15:38 - 2016-05-01 15:50 - 00000000 ____D C:\WINDOWS\system32\Com
2016-05-01 15:38 - 2016-05-01 15:50 - 00000000 ____D C:\WINDOWS\IME
2016-05-01 15:38 - 2016-05-01 15:50 - 00000000 ____D C:\WINDOWS\Help
2016-05-01 15:38 - 2016-05-01 15:49 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-05-01 15:38 - 2016-05-01 15:49 - 00000000 ____D C:\Program Files\Windows Defender
2016-05-01 15:38 - 2016-05-01 15:49 - 00000000 ____D C:\Program Files\Common Files\System
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 __SHD C:\WINDOWS\BitLockerDiscoveryVolumeContents
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 __SHD C:\Program Files\Windows Sidebar
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ___SD C:\WINDOWS\system32\Nui
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ___SD C:\WINDOWS\system32\Configuration
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ___RD C:\WINDOWS\Offline Web Pages
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ___RD C:\WINDOWS\DesktopTileResources
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\Web
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\Vss
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\tracing
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\TAPI
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\SystemResources
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\SystemApps
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\system32\WinMetadata
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\system32\winevt
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\system32\spool
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\system32\ras
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\system32\ProximityToast
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\system32\PointOfService
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\system32\MsDtc
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\system32\Ipmi
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\system32\IME
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\system32\icsxml
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\system32\ias
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\system32\GroupPolicyUsers
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\system32\downlevel
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\system32\config\Journal
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\system32\Bthprops
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\system32\AppLocker
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\System
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\SKB
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\ShellNew
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\security
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\schemas
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\SchCache
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\Resources
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\Registration
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\PLA
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\Performance
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\ModemLogs
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\L2Schemas
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\InputMethod
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\Globalization
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\Cursors
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\Branding
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\addins
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\ProgramData\USOPrivate
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\ProgramData\Comms
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\Program Files\Windows NT
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\Program Files\Common Files\Services
2016-05-01 15:38 - 2016-05-01 15:31 - 00215943 _____ C:\WINDOWS\system32\dssec.dat
2016-05-01 15:38 - 2016-05-01 15:31 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2016-05-01 15:38 - 2016-05-01 15:31 - 00017463 _____ C:\WINDOWS\system32\Drivers\etc\services
2016-05-01 15:38 - 2016-05-01 15:31 - 00008798 _____ C:\WINDOWS\system32\icrav03.rat
2016-05-01 15:38 - 2016-05-01 15:31 - 00003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2016-05-01 15:38 - 2016-05-01 15:31 - 00002577 _____ C:\WINDOWS\system32\config.nt
2016-05-01 15:38 - 2016-05-01 15:31 - 00001988 _____ C:\WINDOWS\system32\ticrf.rat
2016-05-01 15:38 - 2016-05-01 15:31 - 00001688 _____ C:\WINDOWS\system32\autoexec.nt
2016-05-01 15:38 - 2016-05-01 15:31 - 00001358 _____ C:\WINDOWS\system32\Drivers\etc\protocol
2016-05-01 15:38 - 2016-05-01 15:31 - 00000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2016-05-01 15:38 - 2016-05-01 15:31 - 00000741 _____ C:\WINDOWS\system32\NOISE.DAT
2016-05-01 15:38 - 2016-05-01 15:31 - 00000407 _____ C:\WINDOWS\system32\Drivers\etc\networks
2016-05-01 15:38 - 2016-05-01 15:31 - 00000389 _____ C:\WINDOWS\system32\AutoWorkplace.exe.config
2016-05-01 15:38 - 2016-05-01 15:31 - 00000219 _____ C:\WINDOWS\system.ini
2016-05-01 15:38 - 2016-05-01 15:31 - 00000092 _____ C:\WINDOWS\win.ini
2016-05-01 15:38 - 2016-05-01 12:59 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2016-05-01 15:38 - 2016-05-01 12:37 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-05-01 15:38 - 2016-05-01 12:37 - 00000000 ___RD C:\WINDOWS\MiracastView
2016-05-01 15:38 - 2016-05-01 12:31 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-05-01 15:38 - 2016-05-01 12:29 - 00000000 __RHD C:\Users\Public\Libraries
2016-05-01 15:38 - 2016-05-01 12:26 - 00000000 ____D C:\WINDOWS\CSC
2016-05-01 15:38 - 2016-05-01 12:24 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2016-05-01 15:38 - 2016-05-01 12:23 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-05-01 15:32 - 2016-05-28 16:13 - 00000000 ____D C:\WINDOWS\INF
2016-05-01 15:20 - 2016-05-15 12:15 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-01 15:08 - 2016-04-22 03:57 - 00374944 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-05-01 15:07 - 2015-10-30 01:18 - 00000164 _____ C:\WINDOWS\system32\config\FP
2016-05-01 15:06 - 2016-05-28 16:02 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-05-01 15:06 - 2016-05-01 15:50 - 00000000 ____D C:\WINDOWS\servicing
2016-05-01 15:06 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\system32\SMI
2016-05-01 15:06 - 2016-05-01 12:19 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-05-01 15:05 - 2016-05-01 15:16 - 00000000 ___HD C:\$SysReset
2016-05-01 15:01 - 2016-05-10 19:18 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-01 15:01 - 2016-05-10 19:00 - 136686448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-05-01 14:59 - 2016-04-01 23:20 - 00826368 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-05-01 14:59 - 2016-04-01 23:14 - 03197440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-05-01 14:59 - 2016-04-01 23:10 - 02871296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-05-01 14:59 - 2016-03-29 05:37 - 01862008 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-05-01 14:59 - 2016-03-29 05:36 - 01820512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-05-01 14:59 - 2016-03-29 05:13 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-05-01 14:59 - 2016-03-29 04:24 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-05-01 14:59 - 2016-03-29 02:43 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2016-05-01 14:59 - 2016-03-29 02:41 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-05-01 14:59 - 2016-03-29 02:37 - 01444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-05-01 14:59 - 2016-03-29 02:36 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-05-01 14:59 - 2016-03-29 02:30 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-05-01 14:59 - 2016-03-29 02:28 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-05-01 14:59 - 2016-03-29 02:28 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-05-01 14:59 - 2016-03-29 02:14 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-05-01 14:59 - 2016-03-29 02:10 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-05-01 14:59 - 2016-03-29 02:06 - 00813056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-05-01 14:59 - 2016-03-29 02:02 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-05-01 14:59 - 2016-03-29 01:58 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-05-01 14:59 - 2016-03-29 01:49 - 01085952 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-05-01 14:59 - 2016-03-29 01:38 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-05-01 14:59 - 2016-03-29 01:36 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-05-01 14:59 - 2016-03-29 01:25 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-05-01 14:58 - 2016-03-29 05:38 - 01051584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-05-01 14:57 - 2016-04-02 00:17 - 00297072 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-05-01 14:57 - 2016-04-02 00:14 - 00757192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2016-05-01 14:57 - 2016-04-02 00:14 - 00613112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-05-01 14:57 - 2016-04-02 00:14 - 00305296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
 
2016-05-01 14:57 - 2016-03-29 05:41 - 00875992 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-05-01 14:57 - 2016-03-29 05:41 - 00771120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-05-01 14:57 - 2016-03-29 05:41 - 00228696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-05-01 14:57 - 2016-03-29 05:38 - 00927072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-05-01 14:57 - 2016-03-29 05:33 - 00084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2016-05-01 14:57 - 2016-03-29 05:28 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-05-01 14:57 - 2016-03-29 05:21 - 00922456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-05-01 14:57 - 2016-03-29 05:20 - 00856928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-05-01 14:57 - 2016-03-29 05:19 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-05-01 14:57 - 2016-03-29 04:41 - 00203104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-05-01 14:57 - 2016-03-29 04:41 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-05-01 14:57 - 2016-03-29 04:34 - 00153952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-05-01 14:57 - 2016-03-29 04:26 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
2016-05-01 14:57 - 2016-03-29 04:25 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
2016-05-01 14:57 - 2016-03-29 04:24 - 00063008 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2016-05-01 14:57 - 2016-03-29 04:23 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
2016-05-01 14:57 - 2016-03-29 04:01 - 00541304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-05-01 14:57 - 2016-03-29 03:46 - 01861984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-05-01 14:57 - 2016-03-29 03:46 - 00771424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-05-01 14:57 - 2016-03-29 03:42 - 00287072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2016-05-01 14:57 - 2016-03-29 03:04 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2016-05-01 14:57 - 2016-03-29 03:02 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-05-01 14:57 - 2016-03-29 03:00 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2016-05-01 14:57 - 2016-03-29 02:56 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-05-01 14:57 - 2016-03-29 02:53 - 00424448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2016-05-01 14:57 - 2016-03-29 02:53 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2016-05-01 14:57 - 2016-03-29 02:53 - 00150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-05-01 14:57 - 2016-03-29 02:52 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-05-01 14:57 - 2016-03-29 02:49 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-05-01 14:57 - 2016-03-29 02:47 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-05-01 14:57 - 2016-03-29 02:44 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-05-01 14:57 - 2016-03-29 02:41 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2016-05-01 14:57 - 2016-03-29 02:40 - 00445952 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-05-01 14:57 - 2016-03-29 02:39 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2016-05-01 14:57 - 2016-03-29 02:37 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-05-01 14:57 - 2016-03-29 02:36 - 00453632 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-05-01 14:57 - 2016-03-29 02:34 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2016-05-01 14:57 - 2016-03-29 02:32 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-05-01 14:57 - 2016-03-29 02:32 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2016-05-01 14:57 - 2016-03-29 02:32 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-05-01 14:57 - 2016-03-29 02:31 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-05-01 14:57 - 2016-03-29 02:29 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-05-01 14:57 - 2016-03-29 02:27 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-05-01 14:57 - 2016-03-29 02:23 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2016-05-01 14:57 - 2016-03-29 02:18 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2016-05-01 14:57 - 2016-03-29 02:13 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2016-05-01 14:57 - 2016-03-29 02:07 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-05-01 14:57 - 2016-03-29 02:06 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-05-01 14:57 - 2016-03-29 02:06 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-05-01 14:57 - 2016-03-29 02:06 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2016-05-01 14:57 - 2016-03-29 02:04 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-05-01 14:57 - 2016-03-29 01:55 - 00614912 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-05-01 14:57 - 2016-03-29 01:46 - 00307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-05-01 14:57 - 2016-03-29 01:43 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-05-01 14:57 - 2016-03-29 01:36 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2016-05-01 14:57 - 2016-03-29 01:25 - 00554496 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-05-01 14:56 - 2016-04-01 23:25 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2016-05-01 14:56 - 2016-03-29 03:30 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msorcl32.dll
2016-05-01 14:56 - 2016-03-29 03:28 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-05-01 14:56 - 2016-03-29 03:20 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2016-05-01 14:56 - 2016-03-29 03:20 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2016-05-01 14:56 - 2016-03-29 03:20 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2016-05-01 14:56 - 2016-03-29 03:20 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll
2016-05-01 14:56 - 2016-03-29 03:19 - 00037376 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-05-01 14:56 - 2016-03-29 03:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacchooks.dll
2016-05-01 14:56 - 2016-03-29 03:16 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-05-01 14:56 - 2016-03-29 03:14 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2016-05-01 14:56 - 2016-03-29 03:13 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2016-05-01 14:56 - 2016-03-29 03:12 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-05-01 14:56 - 2016-03-29 03:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-05-01 14:56 - 2016-03-29 03:11 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-05-01 14:56 - 2016-03-29 03:11 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-05-01 14:56 - 2016-03-29 03:11 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
2016-05-01 14:56 - 2016-03-29 03:09 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
2016-05-01 14:56 - 2016-03-29 03:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2016-05-01 14:56 - 2016-03-29 03:08 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-05-01 14:56 - 2016-03-29 03:08 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2016-05-01 14:56 - 2016-03-29 03:06 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-05-01 14:56 - 2016-03-29 03:06 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-05-01 14:56 - 2016-03-29 03:06 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2016-05-01 14:56 - 2016-03-29 03:05 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2016-05-01 14:56 - 2016-03-29 03:05 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-05-01 14:56 - 2016-03-29 03:05 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-05-01 14:56 - 2016-03-29 03:05 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-05-01 14:56 - 2016-03-29 03:05 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2016-05-01 14:56 - 2016-03-29 03:02 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2016-05-01 14:56 - 2016-03-29 02:53 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2016-05-01 14:56 - 2016-03-29 02:52 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2016-05-01 14:56 - 2016-03-29 02:52 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2016-05-01 14:56 - 2016-03-29 02:52 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2016-05-01 14:56 - 2016-03-29 02:46 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-05-01 14:56 - 2016-03-29 02:44 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2016-05-01 14:56 - 2016-03-29 02:42 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-05-01 14:56 - 2016-03-29 02:39 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2016-05-01 14:56 - 2016-03-29 02:32 - 00601600 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-05-01 14:56 - 2016-03-29 02:27 - 00162816 _____ C:\WINDOWS\system32\MTF.dll
2016-05-01 14:56 - 2016-03-29 02:27 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-05-01 14:56 - 2016-03-29 02:27 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-05-01 14:56 - 2016-03-29 02:26 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-05-01 14:56 - 2016-03-29 02:26 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-05-01 14:56 - 2016-03-29 02:25 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2016-05-01 14:56 - 2016-03-29 02:05 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-05-01 14:56 - 2016-03-29 01:32 - 00742400 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-05-01 14:56 - 2016-03-29 01:30 - 00782336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2016-05-01 14:56 - 2016-03-29 01:25 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-05-01 14:56 - 2016-03-29 01:24 - 00310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2016-05-01 14:56 - 2016-03-29 01:21 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-05-01 13:24 - 2016-05-01 13:24 - 00000000 ____D C:\Users\Jeremy platano\AppData\Roaming\Macromedia
2016-05-01 13:12 - 2016-05-01 13:12 - 00000000 ____D C:\Users\Jeremy platano\AppData\Local\Comms
2016-05-01 13:09 - 2016-05-01 13:09 - 00000000 ____D C:\Users\Jeremy platano\AppData\Roaming\ATI
2016-05-01 13:09 - 2016-05-01 13:09 - 00000000 ____D C:\Users\Jeremy platano\AppData\Local\ATI
2016-05-01 13:09 - 2016-05-01 13:09 - 00000000 ____D C:\Users\Jeremy platano\AppData\Local\AMD
2016-05-01 13:09 - 2016-05-01 13:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2016-05-01 13:09 - 2016-05-01 13:09 - 00000000 ____D C:\ProgramData\ATI
2016-05-01 13:08 - 2016-05-01 13:08 - 00000000 ____D C:\ProgramData\AMD
2016-05-01 13:07 - 2016-05-01 13:08 - 00000000 ____D C:\Program Files\ATI Technologies
2016-05-01 13:07 - 2016-05-01 13:07 - 00000000 ____D C:\ProgramData\Package Cache
2016-05-01 13:04 - 2016-05-15 11:51 - 00000000 ____D C:\Program Files\AMD
2016-05-01 13:04 - 2016-05-01 13:04 - 00000000 _____ C:\WINDOWS\ativpsrm.bin
2016-05-01 12:56 - 2016-05-01 12:56 - 00000000 ____D C:\Users\Jeremy platano\AppData\Local\MicrosoftEdge
2016-05-01 12:54 - 2016-05-01 12:55 - 00002390 _____ C:\Users\Jeremy platano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-05-01 12:44 - 2016-05-01 12:44 - 00025526 _____ C:\Users\Jeremy platano\Desktop\Removed Apps.html
2016-05-01 12:44 - 2016-05-01 12:44 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-05-01 12:43 - 2016-05-01 12:43 - 00000000 ____D C:\Program Files\Elantech
2016-05-01 12:41 - 2016-05-01 12:41 - 00000000 ____D C:\Users\Jeremy platano\AppData\Local\Publishers
2016-05-01 12:37 - 2016-05-01 12:37 - 00000000 ____D C:\Users\Jeremy platano\AppData\Local\ActiveSync
2016-05-01 12:35 - 2016-05-26 18:47 - 00000000 ____D C:\Users\Jeremy platano\AppData\Local\Packages
2016-05-01 12:35 - 2016-05-11 16:13 - 00000000 ____D C:\Users\Jeremy platano\AppData\Roaming\Adobe
2016-05-01 12:35 - 2016-05-01 12:35 - 00000020 ___SH C:\Users\Jeremy platano\ntuser.ini
2016-05-01 12:35 - 2016-05-01 12:35 - 00000000 ____D C:\Users\Jeremy platano\AppData\Local\VirtualStore
2016-05-01 12:35 - 2016-05-01 12:35 - 00000000 ____D C:\Users\Jeremy platano\AppData\Local\TileDataLayer
2016-05-01 12:33 - 2016-05-28 16:13 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-05-01 12:32 - 2016-05-01 12:32 - 00000000 _SHDL C:\Users\Default\My Documents
2016-05-01 12:32 - 2016-05-01 12:32 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2016-05-01 12:32 - 2016-05-01 12:32 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2016-05-01 12:32 - 2016-05-01 12:32 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2016-05-01 12:32 - 2016-05-01 12:32 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2016-05-01 12:32 - 2016-05-01 12:32 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2016-05-01 12:32 - 2016-05-01 12:32 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2016-05-01 12:32 - 2016-05-01 12:32 - 00000000 _SHDL C:\Users\Default User
2016-05-01 12:32 - 2016-05-01 12:32 - 00000000 _SHDL C:\Users\All Users
2016-05-01 12:28 - 2016-05-15 22:32 - 00000000 ____D C:\Users\Jeremy platano
2016-05-01 12:28 - 2016-05-01 12:28 - 00000000 _SHDL C:\Users\Jeremy platano\My Documents
2016-05-01 12:28 - 2016-05-01 12:28 - 00000000 _SHDL C:\Users\Jeremy platano\Documents\My Videos
2016-05-01 12:28 - 2016-05-01 12:28 - 00000000 _SHDL C:\Users\Jeremy platano\Documents\My Pictures
2016-05-01 12:28 - 2016-05-01 12:28 - 00000000 _SHDL C:\Users\Jeremy platano\Documents\My Music
2016-05-01 12:19 - 2016-05-01 12:19 - 00000000 ____D C:\ProgramData\USOShared
2016-05-01 12:15 - 2016-05-28 16:03 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-05-01 12:15 - 2016-05-01 12:15 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2016-05-01 12:14 - 2016-05-28 16:03 - 00336512 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-05-01 09:51 - 2016-05-01 09:51 - 00439536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140.dll
2016-05-01 09:51 - 2016-05-01 09:51 - 00267016 _____ (Microsoft Corporation) C:\WINDOWS\system32\vccorlib140.dll
2016-05-01 09:51 - 2016-05-01 09:51 - 00243480 _____ (Microsoft Corporation) C:\WINDOWS\system32\concrt140.dll
2016-05-01 09:51 - 2016-05-01 09:51 - 00085232 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcruntime140.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-27 22:14 - 2013-09-20 18:26 - 00002717 _____ C:\Users\Jeremy platano\Desktop\µTorrent.lnk
2016-05-26 14:46 - 2014-06-29 20:44 - 00000000 ____D C:\AMD
2016-05-12 15:56 - 2015-07-29 18:13 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-05-11 15:19 - 2013-10-06 17:07 - 00000000 ____D C:\Users\Jeremy platano\AppData\LocalLow\Temp
2016-05-01 12:55 - 2015-07-29 18:23 - 00000000 ___RD C:\Users\Jeremy platano\OneDrive

Some files in TEMP:
====================
C:\Users\Jeremy platano\AppData\Local\Temp\ads.exe
C:\Users\Jeremy platano\AppData\Local\Temp\amisetup8702__12202_il2.exe
C:\Users\Jeremy platano\AppData\Local\Temp\appstart.exe
C:\Users\Jeremy platano\AppData\Local\Temp\brastub6ab_amotn_inst.exe
C:\Users\Jeremy platano\AppData\Local\Temp\BSvcProcessor.exe
C:\Users\Jeremy platano\AppData\Local\Temp\BSvcUpdater.exe
C:\Users\Jeremy platano\AppData\Local\Temp\DTOSIFBEI9.exe
C:\Users\Jeremy platano\AppData\Local\Temp\install.exe
C:\Users\Jeremy platano\AppData\Local\Temp\MediaPlayer__11426.exe
C:\Users\Jeremy platano\AppData\Local\Temp\msconfig.exe
C:\Users\Jeremy platano\AppData\Local\Temp\nsy26B9.exe
C:\Users\Jeremy platano\AppData\Local\Temp\playstv_patch.exe
C:\Users\Jeremy platano\AppData\Local\Temp\raptrpatch.exe
C:\Users\Jeremy platano\AppData\Local\Temp\raptr_stub.exe
C:\Users\Jeremy platano\AppData\Local\Temp\sdfBDC9.exe
C:\Users\Jeremy platano\AppData\Local\Temp\sdfBE07.exe
C:\Users\Jeremy platano\AppData\Local\Temp\setup_765.exe
C:\Users\Jeremy platano\AppData\Local\Temp\tmp1069.exe
C:\Users\Jeremy platano\AppData\Local\Temp\XQ6TG2ER5H.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-05-20 19:31

==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version:28-05-2016
Ran by Jeremy platano (2016-05-28 18:00:14)
Running from C:\Users\Jeremy platano\Desktop
Microsoft Windows 10 Pro Version 1511 (X86) (2016-05-01 16:33:25)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2498457770-3637397173-802165776-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2498457770-3637397173-802165776-503 - Limited - Disabled)
Guest (S-1-5-21-2498457770-3637397173-802165776-501 - Limited - Disabled)
Jeremy platano (S-1-5-21-2498457770-3637397173-802165776-1001 - Administrator - Enabled) => C:\Users\Jeremy platano

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2498457770-3637397173-802165776-1001\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.)
Adobe Acrobat DC (HKLM\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.016.20041 - Adobe Systems Incorporated)
AMD Catalyst Control Center (HKLM\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
ELAN Touchpad 11.15.0.18_X86 (HKLM\...\Elantech) (Version: 11.15.0.18 - ELAN Microelectronic Corp.)
Google Chrome (HKLM\...\Google Chrome) (Version: 51.0.2704.63 - Google Inc.)
Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.6001.1078 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (Version: 16.0.6001.1078 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6001.1078 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.6001.1078 - Microsoft Corporation) Hidden
Skype™ 7.24 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.13.0 - Synaptics Incorporated)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2498457770-3637397173-802165776-1001_Classes\CLSID\{B722BCCD-4E68-101B-A2BC-00AA00404770}\InprocServer32 -> C:\Users\Jeremy platano\AppData\Local\Kingsoft\WPS Office\10.1.0.5579\office6\ksoapi.dll => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B9A3C30-9173-43ED-A31A-5907461F931A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-05-26] (Microsoft Corporation)
Task: {1E6D6C19-21D3-4444-984E-FB8AB7C48B59} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-05-26] (Microsoft Corporation)
Task: {1F9F701B-1E77-4D5F-A2E6-4C0A83172B80} - System32\Tasks\SMW_P => C:\ProgramData\smp2.exe <==== ATTENTION
Task: {253908DB-A8E8-485C-ABAB-DFCCB8B1C188} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-05-01] (Microsoft Corporation)
Task: {4ABEA0D9-309C-4CF3-AB63-2ADD7DC423C8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-05-26] (Microsoft Corporation)
Task: {69C8105C-63BD-4544-8AA2-51A72983A704} - System32\Tasks\e02c4bd5-54d5-4470-9ea0-a68d88112c00 => C:\Users\Jeremy platano\AppData\Roaming\QuickCleaner\QuickCleaner.exe <==== ATTENTION
Task: {98C8ECE9-8663-4089-BA26-0605F279A959} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {A1041151-0DA1-4D52-8D90-E4F796BE33D8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-05-28] (Google Inc.)
Task: {A50C4873-67AB-4219-A7D8-FADE55DAC17C} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin\InstallManagerApp.exe [2016-03-21] (Advanced Micro Devices, Inc.)
Task: {B20369CB-CC1A-42ED-AEB2-EDA7AA056BF8} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-05-01] (Microsoft Corporation)
Task: {E64BB497-48E1-42BB-A5D7-5ED8BA2371B8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-05-28] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Jeremy platano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epf&s=g5szamotn11426bp,8197403f-b495-42c2-82a8-269bcf0b8d7e,
ShortcutWithArgument: C:\Users\Jeremy platano\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> "microsoft-edge:hxxp://www-searching.com/?prd=set_epe&s=G5Szamotn11426BP,8197403f-b495-42c2-82a8-269bcf0b8d7e,"

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 01:44 - 2015-10-30 01:44 - 00149504 ____N () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-08-21 22:08 - 2015-08-21 22:08 - 00114688 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2016-05-28 14:57 - 2016-05-27 18:42 - 00044544 _____ () C:\WINDOWS\system32\CpuHeatMapping\165271\CpuHeatMapping.exe
2016-05-28 14:55 - 2016-05-09 17:51 - 00006144 _____ () C:\WINDOWS\Cudm1110\cudm.exe
2016-05-26 18:09 - 2016-05-01 04:40 - 00143552 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2016-05-28 15:01 - 2016-05-27 17:00 - 00007680 _____ () C:\WINDOWS\CpuEssentials\165271\CpuEssentials.exe
2016-05-01 14:59 - 2016-03-29 05:37 - 01862008 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-05-01 14:59 - 2016-03-29 05:37 - 01862008 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-05-01 12:54 - 2016-05-01 12:54 - 00679624 _____ () C:\Users\Jeremy platano\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\ClientTelemetry.dll
2016-05-26 18:24 - 2016-05-26 18:24 - 08911048 _____ () C:\Program Files\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2016-03-19 09:54 - 2015-12-07 00:11 - 00070656 ____N () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-10 18:22 - 2016-04-23 00:20 - 00316416 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-10 18:22 - 2016-04-23 00:21 - 00428032 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2016-05-10 18:23 - 2016-04-23 00:05 - 05340672 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-10 18:23 - 2016-04-22 23:58 - 00471552 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-05-10 18:23 - 2016-04-22 23:58 - 02366976 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-10 18:23 - 2016-04-23 00:01 - 02656768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-05-02 10:50 - 2016-05-02 10:51 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-05-02 10:50 - 2016-05-02 10:51 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-05-28 16:06 - 2016-04-23 16:14 - 00006144 _____ () C:\WINDOWS\BugFixxer\1004\BugFixxer.exe
2016-05-28 16:06 - 2016-04-23 16:14 - 00028160 _____ () C:\WINDOWS\BugFixxer\1004\Util.dll
2016-05-28 16:07 - 2016-05-23 15:07 - 00006656 _____ () C:\WINDOWS\BinEssentials\BinEssentials1110\BinEssentials.exe
2016-05-28 16:07 - 2016-05-16 19:05 - 00007680 _____ () C:\WINDOWS\WinEssentials\516\WinEssentials.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2498457770-3637397173-802165776-1001\...\sharepoint.com -> hxxps://osceolak12-files.sharepoint.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-05-01 15:38 - 2016-05-27 22:43 - 00001006 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com
127.0.0.1 www.czzsyzxl.com
127.0.0.1 union.baidu2019.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2498457770-3637397173-802165776-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jeremy platano\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 104.197.191.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "csrssf.exe -start"
HKLM\...\StartupApproved\Run: => "Sound+"
HKU\S-1-5-21-2498457770-3637397173-802165776-1001\...\StartupApproved\StartupFolder: => "mysystem.lnk"
HKU\S-1-5-21-2498457770-3637397173-802165776-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2498457770-3637397173-802165776-1001\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{272C712F-8E4A-47DC-9F81-D58D933BE6CB}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{55EA84DF-59A5-4D13-8FEF-0EFE57638C6D}] => (Allow) C:\Program Files\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{8CF52DB3-9580-4607-8B49-1E43E43A2AE3}] => (Allow) C:\Program Files\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{5A749836-53B1-4D64-B6B3-B009FD9C8001}] => (Allow) C:\Program Files\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{72F506D3-0A4F-4883-82DA-63C2E3EE9093}] => (Allow) C:\Program Files\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{A1955473-6CF3-43EE-B425-BA0435A6ABD7}] => (Allow) C:\Program Files\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{6E777007-2357-4097-80DE-878B49C4E130}] => (Allow) C:\Program Files\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{0C8E1D88-E4F8-4D35-B999-64085ED947F2}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{28A1B5FB-127B-4597-AD74-1C14F9A75063}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{0069DE2F-FB61-4DEF-9E79-D1C323E3C9FB}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{00E27C2A-F984-4A43-86E4-62FE72285850}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{EF27D91A-3F30-4651-865D-FFA6E202E82B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{7A01FEF5-8AB5-44D4-90E9-D4E72251E2BB}] => (Allow) C:\Users\Jeremy platano\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C0D9A734-158D-4D6A-9B3F-D51F5823E7A5}] => (Allow) C:\Users\Jeremy platano\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3465906F-9245-466F-9466-39695F0F7824}] => (Allow) C:\Users\Jeremy platano\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A647D14D-F75B-4BBF-A885-C1084F7500E1}] => (Allow) C:\Users\Jeremy platano\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{59A1FBC1-D96D-43A0-BAE2-6544177147A1}] => (Allow) C:\Users\Jeremy platano\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3B797DC2-3802-4EF2-A5C1-72A7BFD793F0}] => (Allow) C:\Users\Jeremy platano\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AEF4237C-5EDD-48A4-A717-8D3279C525CC}] => (Allow) C:\ProgramData\download\MiniThunderPlatform.exe
FirewallRules: [{AADB48CB-3293-4F57-A3FD-39D37519A632}] => (Allow) C:\ProgramData\download\MiniThunderPlatform.exe
FirewallRules: [{D57D1E50-42FC-43F1-BED7-A8A315271433}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

08-05-2016 12:33:03 Windows Modules Installer
12-05-2016 16:31:19 Windows Update
15-05-2016 19:10:34 Windows Update
15-05-2016 19:11:43 Windows Update

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/28/2016 05:32:04 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/28/2016 05:16:20 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/28/2016 05:14:24 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/28/2016 04:07:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JEREMY)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/28/2016 04:07:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JEREMY)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/28/2016 04:04:20 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (05/28/2016 04:04:16 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (05/28/2016 04:04:04 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - The process cannot access the file because it is being used by another process.

Error: (05/28/2016 04:04:04 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.

DETAIL - The process cannot access the file because it is being used by another process.
for C:\Users\Jeremy platano\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (05/28/2016 03:41:46 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.1"1".Error in manifest or policy file "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.1"2" on line Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.1".
Definition is Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.1".
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (05/28/2016 04:47:14 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
%%1

Error: (05/28/2016 04:07:46 PM) (Source: DCOM) (EventID: 10001) (User: JEREMY)
Description: "C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca31CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mcaUnavailableUnavailable

Error: (05/28/2016 04:07:46 PM) (Source: DCOM) (EventID: 10010) (User: JEREMY)
Description: CortanaUI.AppXr0dtzccx33hvam1xwfz3c1354p6222qd.mca

Error: (05/28/2016 04:03:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Wuqbooi service failed to start due to the following error:
%%2

Error: (05/28/2016 04:03:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The sotutomizbt service failed to start due to the following error:
%%2

Error: (05/28/2016 04:03:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Rijjerebad service failed to start due to the following error:
%%2

Error: (05/28/2016 04:03:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Fuxikireli service failed to start due to the following error:
%%2

Error: (05/28/2016 04:03:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The dowidoly service failed to start due to the following error:
%%2

Error: (05/28/2016 04:03:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Aotauch service failed to start due to the following error:
%%2

Error: (05/28/2016 04:02:13 PM) (Source: DCOM) (EventID: 10010) (User: JEREMY)
Description: {D63B10C5-BB46-4990-A94F-E40B9D520160}


CodeIntegrity:
===================================
Date: 2016-05-26 18:48:07.477
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-26 18:25:23.309
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-26 14:43:07.525
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Raptr Inc\PlaysTV\ltc_help32-112681.dll that did not meet the Store signing level requirements.

Date: 2016-05-26 14:43:07.510
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Raptr Inc\PlaysTV\ltc_help32-112681.dll that did not meet the Store signing level requirements.

Date: 2016-05-26 14:43:07.496
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Raptr Inc\PlaysTV\ltc_help32-112681.dll that did not meet the Store signing level requirements.

Date: 2016-05-15 14:44:47.029
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-15 12:45:41.645
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-12 17:26:29.743
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-12 15:54:54.423
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-10 19:57:51.757
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD C-50 Processor
Percentage of memory in use: 41%
Total physical RAM: 3574.86 MB
Available physical RAM: 2104.92 MB
Total Virtual: 4214.86 MB
Available Virtual: 2655.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.31 GB) (Free:173.91 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: E1C26B7C)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=297.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

==================== End of Addition.txt ============================
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==================================

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
redtarget.gif
Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.
  • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
If you already have MBAM 2.0 installed:
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs:
(Export log to save as txt)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.
redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
The Internet Explorer processes are still running in the background (despite me never even opening internet explorer). On the bright side, the computer is running noticeably faster and the CPU isn't always maxed out at 100%. I'll post the logs following this.
 
RogueKiller V12.3.0.0 [May 22 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.10586) 32 bits version
Started in : Normal mode
User : Jeremy platano [Administrator]
Started from : C:\Users\Jeremy platano\Desktop\RogueKiller.exe
Mode : Delete -- Date : 05/29/2016 00:34:02

¤¤¤ Processes : 2 ¤¤¤
[VT.Unknown] WinEssentials.exe(5964) -- C:\Windows\WinEssentials\516\WinEssentials.exe[-] -> Killed [TermProc]
[PUP|VT.Unknown] (SVC) cherimoya -- system32\drivers\cherimoya.sys[7] -> Stopped

¤¤¤ Registry : 16 ¤¤¤
[PUP] HKEY_LOCAL_MACHINE\Software\SearchModule -> Deleted
[PUP] HKEY_LOCAL_MACHINE\Software\SoundPlus -> Deleted
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Sound+ : "C:\Program Files\Sound+\Sound+.exe" [x] -> Deleted
[Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | csrssf.exe -start : C:\ProgramData\csrssf.exe -start [x][x] -> Deleted
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Aotauch ("C:\Users\Jeremy platano\AppData\Roaming\ElorfoVomn\Faeyjde.exe" -cms) -> Deleted
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Fuxikireli ("C:\Users\Jeremy platano\AppData\Roaming\Caporoduu\Caporoduu.exe" -cms) -> Deleted
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MPCBase (System32\drivers\MPCBase.sys) -> Deleted
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MPCKpt (system32\DRIVERS\MPCKpt.sys) -> Deleted
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Rijjerebad ("C:\Users\Jeremy platano\AppData\Roaming\Zaouzvidna\Zaouzvidna.exe" -cms) -> Deleted
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Wuqbooi ("C:\Users\Jeremy platano\AppData\Roaming\XaxhMorhi\Ifyccoq.exe" -cms) -> Deleted
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Aotauch ("C:\Users\Jeremy platano\AppData\Roaming\ElorfoVomn\Faeyjde.exe" -cms) -> Deleted
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fuxikireli ("C:\Users\Jeremy platano\AppData\Roaming\Caporoduu\Caporoduu.exe" -cms) -> Deleted
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MPCBase (System32\drivers\MPCBase.sys) -> Deleted
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MPCKpt (system32\DRIVERS\MPCKpt.sys) -> Deleted
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rijjerebad ("C:\Users\Jeremy platano\AppData\Roaming\Zaouzvidna\Zaouzvidna.exe" -cms) -> Deleted
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wuqbooi ("C:\Users\Jeremy platano\AppData\Roaming\XaxhMorhi\Ifyccoq.exe" -cms) -> Deleted

¤¤¤ Tasks : 2 ¤¤¤
[Suspicious.Path] \e02c4bd5-54d5-4470-9ea0-a68d88112c00 -- C:\Users\Jeremy platano\AppData\Roaming\QuickCleaner\QuickCleaner.exe (789902332HADB31378B2323) -> Deleted
[Suspicious.Path] \SMW_P -- C:\ProgramData\smp2.exe (install1 "http://www-searching.com/?prd=set_epf&s=g5szamotn11426bp,8197403f-b495-42c2-82a8-269bcf0b8d7e," Search) -> Deleted

¤¤¤ Files : 1 ¤¤¤
[PUP][File] C:\Windows\System32\drivers\cherimoya.sys -> Deleted

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK3276GSX +++++
--- User ---
[MBR] 3c2e94215058117515e34159dea56afd
[BSP] ae30d46f6cdd9a9ebfec22542b223ab1 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 304443 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 624218112 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic- Multi-Card USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date:
Scan Time:
Logfile: Malwarebytes Save Log.txt
Administrator: Yes

Version: 0.0.0.0000
Malware Database: v0000.00.00.00
Rootkit Database: v0000.00.00.00
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x86
File System: NTFS
User: Jeremy platano

Scan Type:
Result: Completed
Objects Scanned: 0
(No malicious items detected)
Time Elapsed: 0 min, 0 sec

Memory: Disabled
Startup: Disabled
Filesystem: Disabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Disabled
PUP: Disabled
PUM: Disabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
 
# AdwCleaner v5.118 - Logfile created 29/05/2016 at 11:28:57
# Updated 23/05/2016 by Xplode
# Database : 2016-05-26.2 [Server]
# Operating system : Windows 10 Pro (X86)
# Username : Jeremy platano - JEREMY
# Running from : C:\Users\Jeremy platano\Desktop\adwcleaner_5.118.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

Folder Found : C:\Program Files\MPC Cleaner
Folder Found : C:\WINDOWS\BugFixxer
Folder Found : C:\WINDOWS\SysSecure1.0.0.5
Folder Found : C:\Users\JEREMY~1\AppData\Local\Temp\MPC
Folder Found : C:\WINDOWS\system32\config\systemprofile\AppData\Local\BugFixxer
Folder Found : C:\WINDOWS\system32\config\systemprofile\AppData\Local\SysSecureService
Folder Found : C:\Users\Jeremy platano\AppData\Local\QuickCleaner
Folder Found : C:\Users\Jeremy platano\AppData\Local\WINTUNEPRO
Folder Found : C:\uninst

***** [ Files ] *****

File Found : C:\END
File Found : C:\WINDOWS\system32\bi3.exe
File Found : C:\Users\Jeremy platano\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.mpc.am_0.localstorage
File Found : C:\Users\Jeremy platano\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.mpc.am_0.localstorage-journal

***** [ DLL ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Key Found : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC}
Key Found : HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEEFACB3-729F-4484-B66D-E7A7917BBFC1}
Key Found : HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
Key Found : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
Key Found : HKCU\Software\powerpack
Key Found : HKCU\Software\MICROSOFT\OTUT
Key Found : HKCU\Software\INSTALLPATH\STATUS
Key Found : HKLM\SOFTWARE\SearchModule
Key Found : HKLM\SOFTWARE\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}
Key Found : HKLM\SOFTWARE\MIITS LLC
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\NetStream 1.0
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WeatherChickn
Key Found : HKU\S-1-5-21-2498457770-3637397173-802165776-1001\Software\powerpack
Key Found : HKU\S-1-5-21-2498457770-3637397173-802165776-1001\Software\MICROSOFT\OTUT
Key Found : HKU\S-1-5-21-2498457770-3637397173-802165776-1001\Software\INSTALLPATH\STATUS
Key Found : HKU\S-1-5-21-2498457770-3637397173-802165776-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\NetStream 1.0
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\mpc.am
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\search.mpc.am
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Sound+]
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Policies
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SYSSECURE
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\BugFixxer

***** [ Web browsers ] *****

[C:\Users\Jeremy platano\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Jeremy platano\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\Jeremy platano\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : mpc safe search
[C:\Users\Jeremy platano\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : www-searching.com
[C:\Users\Jeremy platano\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Found : hxxp://www-searching.com/?pid=s&s=g5szamotn11426bp,8197403f-b495-42c2-82a8-269bcf0b8d7e,&vp=ch&prd=set_ch
[C:\Users\Jeremy platano\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Found : hxxp://www-searching.com/search.aspx?site=shyos&prd=set_ch&q={searchTerms}&s=g5szamotn11426bp,8197403f-b495-42c2-82a8-269bcf0b8d7e,
[C:\Users\Jeremy platano\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Found : hxxp://www-searching.com/?pid=s&s=g5szamotn11426bp,8197403f-b495-42c2-82a8-269bcf0b8d7e,&vp=ch&prd=set_ch

*************************

C:\AdwCleaner\AdwCleaner[S1].txt - [4359 bytes] - [29/05/2016 11:28:57]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4432 bytes] ##########
 
# AdwCleaner v5.118 - Logfile created 29/05/2016 at 11:35:25
# Updated 23/05/2016 by Xplode
# Database : 2016-05-26.2 [Server]
# Operating system : Windows 10 Pro (X86)
# Username : Jeremy platano - JEREMY
# Running from : C:\Users\Jeremy platano\Desktop\adwcleaner_5.118.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files\MPC Cleaner
[-] Folder Deleted : C:\WINDOWS\BugFixxer
[-] Folder Deleted : C:\WINDOWS\SysSecure1.0.0.5
[-] Folder Deleted : C:\Users\JEREMY~1\AppData\Local\Temp\MPC
[-] Folder Deleted : C:\WINDOWS\system32\config\systemprofile\AppData\Local\BugFixxer
[-] Folder Deleted : C:\WINDOWS\system32\config\systemprofile\AppData\Local\SysSecureService
[-] Folder Deleted : C:\Users\Jeremy platano\AppData\Local\QuickCleaner
[-] Folder Deleted : C:\Users\Jeremy platano\AppData\Local\WINTUNEPRO
[-] Folder Deleted : C:\uninst

***** [ Files ] *****

[-] File Deleted : C:\END
[-] File Deleted : C:\WINDOWS\system32\bi3.exe
[-] File Deleted : C:\Users\Jeremy platano\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.mpc.am_0.localstorage
[-] File Deleted : C:\Users\Jeremy platano\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.mpc.am_0.localstorage-journal

***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC}
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEEFACB3-729F-4484-B66D-E7A7917BBFC1}
[-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
[-] Key Deleted : HKCU\Software\powerpack
[-] Key Deleted : HKCU\Software\MICROSOFT\OTUT
[-] Key Deleted : HKCU\Software\INSTALLPATH\STATUS
[-] Key Deleted : HKLM\SOFTWARE\SearchModule
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}
[-] Key Deleted : HKLM\SOFTWARE\MIITS LLC
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\NetStream 1.0
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WeatherChickn
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\mpc.am
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\search.mpc.am
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Sound+]
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Policies
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SYSSECURE
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\BugFixxer

***** [ Web browsers ] *****

[-] [C:\Users\Jeremy platano\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Jeremy platano\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Jeremy platano\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : mpc safe search
[-] [C:\Users\Jeremy platano\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : www-searching.com
[-] [C:\Users\Jeremy platano\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www-searching.com/?pid=s&s=g5szamotn11426bp,8197403f-b495-42c2-82a8-269bcf0b8d7e,&vp=ch&prd=set_ch
[-] [C:\Users\Jeremy platano\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Deleted : hxxp://www-searching.com/search.aspx?site=shyos&prd=set_ch&q={searchTerms}&s=g5szamotn11426bp,8197403f-b495-42c2-82a8-269bcf0b8d7e,
[-] [C:\Users\Jeremy platano\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://www-searching.com/?pid=s&s=g5szamotn11426bp,8197403f-b495-42c2-82a8-269bcf0b8d7e,&vp=ch&prd=set_ch

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [4287 bytes] - [29/05/2016 11:35:25]
C:\AdwCleaner\AdwCleaner[S1].txt - [4511 bytes] - [29/05/2016 11:28:57]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4433 bytes] ##########
 
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 10 Pro x86
Ran by Jeremy platano (Administrator) on Sun 05/29/2016 at 11:44:47.38
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 3

Successfully deleted: C:\ProgramData\Start Menu\Programs\search.lnk (Shortcut)
Successfully deleted: C:\Users\Jeremy platano\Appdata\LocalLow\company (Folder)
Successfully deleted: C:\Users\Public\thunder network (Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 05/29/2016 at 11:50:35.70
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:29-05-2016 02
Ran by Jeremy platano (administrator) on JEREMY (29-05-2016 12:10:12)
Running from C:\Users\Jeremy platano\Desktop
Loaded Profiles: Jeremy platano (Available Profiles: Jeremy platano)
Platform: Microsoft Windows 10 Pro Version 1511 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Users\Jeremy platano\AppData\Local\BrowserAir\Application\BrowserAir.exe" -- "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Adobe Systems, Incorporated) C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe
() C:\Windows\System32\CpuHeatMapping\165271\CpuHeatMapping.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
() C:\Windows\BinEssentials\BinEssentials1110\BinEssentials.exe
() C:\Windows\Cudm1110\cudm.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
() C:\Windows\CpuEssentials\165271\CpuEssentials.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Windows\WinEssentials\516\WinEssentials.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3519144 2015-07-29] (Synaptics Incorporated)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2484424 2015-10-07] (ELAN Microelectronics Corp.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [748744 2015-08-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1867448 2016-05-03] (Adobe Systems Inc.)
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-2498457770-3637397173-802165776-1001\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [53123712 2016-05-17] (Skype Technologies S.A.)
HKU\S-1-5-21-2498457770-3637397173-802165776-1001\...\Run: [BingSvc] => C:\Users\Jeremy platano\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-2498457770-3637397173-802165776-1001\...\RunOnce: [Uninstall C:\Users\Jeremy platano\AppData\Local\Microsoft\OneDrive\17.3.5892.0626] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jeremy platano\AppData\Local\Microsoft\OneDrive\17.3.5892.0626"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.226
Tcpip\..\Interfaces\{63cba9cf-bd04-4513-8188-a403bffe9b72}: [DhcpNameServer] 192.168.0.1 205.171.2.226

Internet Explorer:
==================
HKU\S-1-5-21-2498457770-3637397173-802165776-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1ewenusDefaultPack/SKY2_FRPage
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2016-05-26] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-05-03] (Adobe Systems Incorporated)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-05-26] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-05-03] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-05-03] (Adobe Systems Incorporated)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-26] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-26] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-26] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-26] (Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-05-26] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-05-26] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-28] (Google Inc.)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
FF HKLM\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat DC - Create PDF - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2016-05-11]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR Profile: C:\Users\Jeremy platano\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Jeremy platano\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-02]
CHR Extension: (Google Docs) - C:\Users\Jeremy platano\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-02]
CHR Extension: (Google Drive) - C:\Users\Jeremy platano\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-02]
CHR Extension: (YouTube) - C:\Users\Jeremy platano\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-02]
CHR Extension: (Adobe Acrobat) - C:\Users\Jeremy platano\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2016-05-11]
CHR Extension: (Google Sheets) - C:\Users\Jeremy platano\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-02]
CHR Extension: (Google Docs Offline) - C:\Users\Jeremy platano\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jeremy platano\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-02]
CHR Extension: (Gmail) - C:\Users\Jeremy platano\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-02]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [276992 2015-08-21] (Advanced Micro Devices, Inc.) [File not signed]
R2 BinEssentials; C:\WINDOWS\BinEssentials\BinEssentials1110\BinEssentials.exe [6656 2016-05-23] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [1867504 2016-05-01] (Microsoft Corporation)
R2 CpuEssentials; C:\WINDOWS\CpuEssentials/165271\CpuEssentials.exe [7680 2016-05-27] () [File not signed]
R2 CpuHeatMapping; C:\WINDOWS\system32\CpuHeatMapping/165271\CpuHeatMapping.exe [44544 2016-05-27] () [File not signed]
R2 cudm; C:\WINDOWS\Cudm1110\cudm.exe [6144 2016-05-09] () [File not signed]
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [124616 2015-10-07] (ELAN Microelectronics Corp.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [280376 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23256 2015-10-30] (Microsoft Corporation)
R2 WinEssentials; C:\WINDOWS\WinEssentials/516\WinEssentials.exe [7680 2016-05-16] () [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Andbus; C:\WINDOWS\System32\drivers\lgandbus.sys [14336 2012-03-02] (LG Electronics Inc.)
S3 AndDiag; C:\WINDOWS\System32\drivers\lganddiag.sys [20736 2012-03-02] (LG Electronics Inc.)
S3 AndGps; C:\WINDOWS\System32\drivers\lgandgps.sys [20096 2012-03-02] (LG Electronics Inc.)
S3 AndnetBus; C:\WINDOWS\System32\drivers\lgandnetbus.sys [15744 2015-01-21] (LG Electronics Inc.)
S3 AndNetDiag; C:\WINDOWS\System32\drivers\lgandnetdiag.sys [24576 2015-01-26] (LG Electronics Inc.)
S3 AndNetDiag2; C:\WINDOWS\System32\drivers\lgandnetdiag2.sys [24576 2015-01-26] (LG Electronics Inc.)
S3 AndNetGps; C:\WINDOWS\System32\drivers\lgandnetgps.sys [22912 2015-01-21] (LG Electronics Inc.)
S3 dot4; C:\WINDOWS\System32\drivers\Dot4.sys [137632 2012-09-25] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [22432 2012-09-25] (Windows (R) Win 7 DDK provider)
R3 ETD; C:\WINDOWS\system32\DRIVERS\ETD.sys [514760 2015-10-07] (ELAN Microelectronics Corp.)
S3 HtcVCom32; C:\WINDOWS\System32\drivers\HtcVComV32.sys [105984 2009-10-27] (QUALCOMM Incorporated)
S3 imxusb; C:\WINDOWS\System32\drivers\imxusb.sys [15872 2011-03-24] (Windows (R) Win 7 DDK provider)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [170200 2016-05-29] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation)
R3 rtwlane_13; C:\WINDOWS\System32\drivers\rtwlane_13.sys [3215360 2015-10-30] (Realtek Semiconductor Corporation )
S3 ssudrmnet; C:\WINDOWS\System32\drivers\ssudrmnet.sys [59160 2013-06-04] (DEVGURU Co., LTD.)
S3 ssudserd; C:\WINDOWS\System32\drivers\ssudserd.sys [181912 2013-06-04] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [42088 2015-12-31] (Toshiba Corporation)
S3 usbbus; C:\WINDOWS\System32\drivers\lgusbbus.sys [13056 2014-11-17] (LG Electronics Inc.)
S3 UsbDiag; C:\WINDOWS\System32\drivers\lgusbdiag.sys [22016 2014-11-21] (LG Electronics Inc.)
S3 UsbGps; C:\WINDOWS\System32\drivers\lgusbgps.sys [20096 2014-11-17] (LG Electronics Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [37400 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [246104 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [98648 2015-10-30] (Microsoft Corporation)
R3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [163328 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-29 12:09 - 2016-05-29 12:09 - 00000000 ____D C:\Users\Jeremy platano\Desktop\FRST-OlderVersion
2016-05-29 11:50 - 2016-05-29 11:50 - 00000791 _____ C:\Users\Jeremy platano\Desktop\JRT.txt
2016-05-29 11:43 - 2016-05-29 11:34 - 00004511 _____ C:\Users\Jeremy platano\Desktop\AdwCleaner[S1].txt
2016-05-29 11:42 - 2016-05-29 11:42 - 00004512 _____ C:\Users\Jeremy platano\Desktop\AdwCleaner[C1].txt
2016-05-29 11:27 - 2016-05-29 11:35 - 00000000 ____D C:\AdwCleaner
2016-05-29 11:25 - 2016-05-29 11:25 - 00001068 _____ C:\Users\Jeremy platano\Desktop\Malwarebytes Save Log.txt
2016-05-29 00:51 - 2016-05-29 12:04 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-05-29 00:46 - 2016-05-29 11:25 - 00001123 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-05-29 00:46 - 2016-05-29 00:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-05-29 00:41 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-05-29 00:41 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-05-29 00:41 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-05-29 00:40 - 2016-05-29 00:45 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-05-29 00:40 - 2016-05-29 00:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-05-29 00:36 - 2016-05-29 00:36 - 00008460 _____ C:\Users\Jeremy platano\Desktop\rk_65B5.tmp.txt
2016-05-28 20:15 - 2016-05-29 11:24 - 00002139 _____ C:\Users\Jeremy platano\Desktop\Hotmail.lnk
2016-05-28 20:15 - 2016-05-29 11:24 - 00002131 _____ C:\Users\Jeremy platano\Desktop\Gmail.lnk
2016-05-28 19:51 - 2016-05-28 19:51 - 00024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-05-28 19:49 - 2016-05-29 00:46 - 00000000 ____D C:\ProgramData\RogueKiller
2016-05-28 19:47 - 2016-05-28 19:45 - 03678272 ____N C:\Users\Jeremy platano\Desktop\adwcleaner_5.118.exe
2016-05-28 19:47 - 2016-05-28 19:42 - 22851472 ____N (Malwarebytes ) C:\Users\Jeremy platano\Desktop\mbam-setup-2.2.1.1043.exe
2016-05-28 19:46 - 2016-05-28 19:40 - 19867720 ____N C:\Users\Jeremy platano\Desktop\RogueKiller.exe
2016-05-28 19:45 - 2016-05-28 19:45 - 01610816 ____N (Malwarebytes) C:\Users\Jeremy platano\Desktop\JRT.exe
2016-05-28 18:00 - 2016-05-28 18:04 - 00025893 _____ C:\Users\Jeremy platano\Desktop\Addition.txt
2016-05-28 17:44 - 2016-05-29 12:10 - 00013825 _____ C:\Users\Jeremy platano\Desktop\FRST.txt
2016-05-28 17:42 - 2016-05-29 12:10 - 00000000 ____D C:\FRST
2016-05-28 17:41 - 2016-05-29 12:09 - 01734656 _____ (Farbar) C:\Users\Jeremy platano\Desktop\FRST.exe
2016-05-28 17:16 - 2016-05-28 17:16 - 07269656 _____ (Bitdefender LLC) C:\Users\Jeremy platano\Downloads\BootkitRemoval_x86.exe
2016-05-28 16:25 - 2016-05-29 11:25 - 00002290 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-28 16:25 - 2016-05-29 11:25 - 00002272 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-28 16:22 - 2016-05-29 11:52 - 00000908 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-28 16:22 - 2016-05-28 16:47 - 00000904 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-28 16:20 - 2016-05-28 16:20 - 00987728 _____ (Google Inc.) C:\Users\Jeremy platano\Downloads\ChromeSetup (4).exe
2016-05-28 16:07 - 2016-05-28 16:07 - 00000000 ____D C:\WINDOWS\WinEssentials
2016-05-28 16:07 - 2016-05-28 16:07 - 00000000 ____D C:\WINDOWS\BinEssentials
2016-05-28 15:08 - 2016-05-28 15:09 - 00000410 __RSH C:\ProgramData\ntuser.pol
2016-05-28 15:01 - 2016-05-28 15:01 - 00000000 ____D C:\WINDOWS\CpuEssentials
2016-05-28 14:56 - 2016-05-28 14:56 - 00000000 ____D C:\WINDOWS\system32\CpuHeatMapping
2016-05-27 23:55 - 2016-05-28 14:55 - 00000000 ____D C:\WINDOWS\Cudm1110
2016-05-27 23:24 - 2016-05-27 23:24 - 00007387 _____ C:\WINDOWS\system32\hst.pcm
2016-05-27 23:20 - 2016-05-27 23:20 - 00000000 ____D C:\WINDOWS\system32\Policies
2016-05-27 23:17 - 2016-05-28 20:08 - 00187904 _____ C:\WINDOWS\rsrcs.dll
2016-05-27 22:52 - 2016-05-27 23:53 - 00000000 ____D C:\Users\Jeremy platano\AppData\Local\Tempfolder
2016-05-27 22:21 - 2016-05-27 22:21 - 00000000 ____D C:\Users\Jeremy platano\Downloads\Sony Vegas Pro 13.0 build 310 (64 bit) (patch KHG) [ChingLiu]
2016-05-27 22:14 - 2016-05-29 11:24 - 00002655 _____ C:\Users\Jeremy platano\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2016-05-27 22:14 - 2016-05-27 22:14 - 00000000 ____D C:\Users\Jeremy platano\AppData\LocalLow\uTorrent
2016-05-27 22:12 - 2016-05-27 23:53 - 00000000 ____D C:\Users\Jeremy platano\AppData\Roaming\uTorrent
2016-05-27 22:12 - 2016-05-27 22:12 - 02530304 _____ (BitTorrent Inc.) C:\Users\Jeremy platano\Downloads\uTorrent.exe
2016-05-27 10:01 - 2016-05-27 10:02 - 00235603 _____ C:\Users\Jeremy platano\Downloads\R526 A1 FL PLAN-Model.pdf
2016-05-27 10:01 - 2016-05-27 10:01 - 00021896 _____ C:\Users\Jeremy platano\Downloads\R526 A1 FL PLAN-AB-2.pdf
2016-05-27 10:00 - 2016-05-27 10:00 - 00208153 _____ C:\Users\Jeremy platano\Downloads\R526 A1 FL PLAN-A1.3.pdf
2016-05-27 10:00 - 2016-05-27 10:00 - 00021099 _____ C:\Users\Jeremy platano\Downloads\R526 A1 FL PLAN-AB-1.pdf
2016-05-27 09:59 - 2016-05-27 09:59 - 00209104 _____ C:\Users\Jeremy platano\Downloads\R526 A1 FL PLAN-A1.2A.pdf
2016-05-27 09:59 - 2016-05-27 09:59 - 00209104 _____ C:\Users\Jeremy platano\Downloads\R526 A1 FL PLAN-A1.2A (1).pdf
2016-05-27 09:59 - 2016-05-27 09:59 - 00087701 _____ C:\Users\Jeremy platano\Downloads\R526 A1 FL PLAN-A1.2B.pdf
2016-05-27 09:58 - 2016-05-27 09:58 - 00356280 _____ C:\Users\Jeremy platano\Downloads\R526 A1 FL PLAN-A1.1A.pdf
2016-05-27 09:58 - 2016-05-27 09:58 - 00301063 _____ C:\Users\Jeremy platano\Downloads\R526 A1 FL PLAN-A1.1B.pdf
2016-05-27 09:57 - 2016-05-27 09:57 - 00109523 _____ C:\Users\Jeremy platano\Downloads\R526 A1 FL PLAN-A D-1.pdf
2016-05-27 09:57 - 2016-05-27 09:57 - 00088548 _____ C:\Users\Jeremy platano\Downloads\R526 A1 FL PLAN-A D-2.pdf
2016-05-27 09:57 - 2016-05-27 09:57 - 00032980 _____ C:\Users\Jeremy platano\Downloads\R526 A1 FL PLAN-A1 O-A.pdf
2016-05-27 09:48 - 2016-05-27 09:48 - 00006983 _____ C:\Users\Jeremy platano\Downloads\R526 BASE-01-Model.pdf
2016-05-27 09:47 - 2016-05-27 09:47 - 00004256 _____ C:\Users\Jeremy platano\Downloads\R526 BASE-01-Layout1.pdf
2016-05-27 09:46 - 2016-05-27 09:46 - 00004262 _____ C:\Users\Jeremy platano\Downloads\R526 BASE OVERLAY-Model.pdf
2016-05-27 09:41 - 2016-05-27 09:41 - 00004256 _____ C:\Users\Jeremy platano\Downloads\R526 BASE OVERLAY-Layout1.pdf
2016-05-27 09:40 - 2016-05-27 09:40 - 00145600 _____ C:\Users\Jeremy platano\Downloads\R526 A0.2 CALC AREA-A0.2.pdf
2016-05-27 09:40 - 2016-05-27 09:40 - 00132147 _____ C:\Users\Jeremy platano\Downloads\R526 A0.2 CALC AREA-Model.pdf
2016-05-27 09:22 - 2016-05-27 10:10 - 00000000 ____D C:\Users\Jeremy platano\Desktop\Attachments_2016527
2016-05-26 18:37 - 2016-05-26 18:37 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-05-26 18:27 - 2016-05-29 11:26 - 00002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-05-26 18:27 - 2016-05-29 11:25 - 00002492 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2016-05-26 18:27 - 2016-05-29 11:25 - 00002414 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2016-05-26 18:27 - 2016-05-29 11:25 - 00002413 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-05-26 18:27 - 2016-05-29 11:25 - 00002407 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-05-26 18:27 - 2016-05-29 11:25 - 00002393 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-05-26 18:27 - 2016-05-29 11:24 - 00002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2016-05-26 18:27 - 2016-05-29 11:24 - 00002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-05-26 18:27 - 2016-05-29 11:24 - 00002401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-05-26 18:27 - 2016-05-26 18:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2016-05-26 18:10 - 2016-05-27 05:41 - 00000000 ____D C:\Program Files\Microsoft Office
2016-05-26 18:10 - 2016-05-26 18:10 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-05-26 18:09 - 2016-05-26 18:09 - 03191496 _____ (Microsoft Corporation) C:\Users\Jeremy platano\Downloads\Setup.X86.en-US_O365ProPlusRetail_897fbb38-39a4-419e-a1e3-83102e3d11bd_TX_PR_b_64_.exe
2016-05-23 15:54 - 2016-05-23 15:54 - 00269506 _____ C:\Users\Jeremy platano\Downloads\residency affidavit nondegree.pdf
2016-05-20 19:10 - 2016-05-28 16:36 - 00000000 ____D C:\Users\Jeremy platano\AppData\Roaming\Skype
2016-05-20 18:57 - 2016-05-20 18:58 - 01463424 _____ (Skype Technologies S.A.) C:\Users\Jeremy platano\Downloads\SkypeSetup (2).exe
2016-05-15 11:33 - 2016-05-23 16:32 - 00000000 ____D C:\Users\Jeremy platano\Desktop\UF Papers
2016-05-14 18:13 - 2016-05-20 19:04 - 00000000 ____D C:\Users\Jeremy platano\AppData\Roaming\Skype_old
2016-05-14 18:12 - 2016-05-29 11:25 - 00002622 _____ C:\Users\Public\Desktop\Skype.lnk
2016-05-14 18:12 - 2016-05-20 19:00 - 00000000 ____D C:\ProgramData\Skype
2016-05-14 18:12 - 2016-05-14 18:12 - 00000000 ___RD C:\Program Files\Skype
2016-05-14 18:12 - 2016-05-14 18:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-05-14 18:12 - 2016-05-14 18:12 - 00000000 ____D C:\Program Files\Common Files\Skype
2016-05-14 18:10 - 2016-05-14 18:11 - 01463424 _____ (Skype Technologies S.A.) C:\Users\Jeremy platano\Downloads\SkypeSetup (1).exe
2016-05-11 16:28 - 2016-05-11 16:28 - 00065109 _____ C:\Users\Jeremy platano\Desktop\JLD EDIT.pdf
2016-05-11 16:13 - 2016-05-11 16:13 - 00074836 _____ C:\Users\Jeremy platano\Desktop\JLD.pdf
2016-05-11 15:53 - 2016-05-11 16:10 - 00061435 _____ C:\Users\Jeremy platano\Desktop\JLD ELECTRICAL CHANGE ORDER.pdf
2016-05-11 15:49 - 2016-05-27 09:23 - 00000000 ____D C:\Users\Jeremy platano\AppData\Local\Adobe
2016-05-11 15:49 - 2016-05-11 15:50 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-05-11 15:49 - 2016-05-11 15:49 - 00000000 ____D C:\Users\Jeremy platano\AppData\Local\CEF
2016-05-11 15:48 - 2016-05-29 11:25 - 00002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2016-05-11 15:48 - 2016-05-29 11:25 - 00002084 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2016-05-11 15:48 - 2016-05-29 11:25 - 00002055 _____ C:\Users\Public\Desktop\Adobe Acrobat DC.lnk
2016-05-11 15:43 - 2016-05-11 15:51 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-05-11 15:43 - 2016-05-11 15:43 - 00000000 ____D C:\Program Files\Adobe
2016-05-11 15:25 - 2016-05-11 15:52 - 00000000 ____D C:\ProgramData\Adobe
2016-05-11 15:25 - 2016-05-11 15:25 - 02094184 _____ (Adobe) C:\Users\Jeremy platano\Downloads\acrobatproDC_00000000000000000000000409.exe
2016-05-11 15:19 - 2016-05-11 15:19 - 00150977 ____T C:\Users\Jeremy platano\Documents\JLD.pdf
2016-05-11 15:12 - 2016-05-11 15:12 - 00273682 _____ C:\Users\Jeremy platano\Downloads\JLD ELECTRICAL CHANGE ORDER.pdf
2016-05-11 08:57 - 2016-05-11 08:57 - 00564736 _____ C:\WINDOWS\system32\bitst.exe
2016-05-10 18:24 - 2016-04-23 00:35 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-05-10 18:24 - 2016-04-23 00:31 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-05-10 18:24 - 2016-04-23 00:27 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-05-10 18:24 - 2016-04-23 00:26 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-05-10 18:24 - 2016-04-23 00:25 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-05-10 18:24 - 2016-04-23 00:24 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-05-10 18:24 - 2016-04-23 00:22 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-05-10 18:24 - 2016-04-23 00:20 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-05-10 18:24 - 2016-04-23 00:20 - 18676224 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-05-10 18:24 - 2016-04-23 00:18 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-05-10 18:24 - 2016-04-23 00:16 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-05-10 18:24 - 2016-04-23 00:15 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-05-10 18:24 - 2016-04-23 00:15 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-05-10 18:24 - 2016-04-23 00:15 - 00612352 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-05-10 18:24 - 2016-04-23 00:14 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-05-10 18:24 - 2016-04-23 00:13 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-05-10 18:24 - 2016-04-23 00:07 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-05-10 18:23 - 2016-04-30 02:46 - 02974720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-05-10 18:23 - 2016-04-23 02:06 - 01232576 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-05-10 18:23 - 2016-04-23 02:06 - 00973504 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-05-10 18:23 - 2016-04-23 02:06 - 00576192 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-05-10 18:23 - 2016-04-23 02:06 - 00440512 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-05-10 18:23 - 2016-04-23 02:06 - 00248512 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-05-10 18:23 - 2016-04-23 02:06 - 00149696 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-05-10 18:23 - 2016-04-23 02:06 - 00042688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-05-10 18:23 - 2016-04-23 01:28 - 05796704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-05-10 18:23 - 2016-04-23 01:28 - 01561392 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-05-10 18:23 - 2016-04-23 01:28 - 01541792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-05-10 18:23 - 2016-04-23 01:12 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-05-10 18:23 - 2016-04-23 01:12 - 00451928 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-05-10 18:23 - 2016-04-23 01:10 - 02919832 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-05-10 18:23 - 2016-04-23 01:09 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-05-10 18:23 - 2016-04-23 01:09 - 05240960 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-05-10 18:23 - 2016-04-23 01:09 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-05-10 18:23 - 2016-04-23 01:01 - 01714520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-05-10 18:23 - 2016-04-23 01:01 - 00522176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-05-10 18:23 - 2016-04-23 00:22 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-05-10 18:23 - 2016-04-23 00:16 - 00484864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-05-10 18:23 - 2016-04-23 00:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-05-10 18:23 - 2016-04-23 00:14 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-05-10 18:23 - 2016-04-23 00:14 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-05-10 18:23 - 2016-04-23 00:13 - 01028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-05-10 18:23 - 2016-04-23 00:13 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-05-10 18:23 - 2016-04-23 00:13 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-05-10 18:23 - 2016-04-23 00:11 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-05-10 18:23 - 2016-04-23 00:10 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-05-10 18:23 - 2016-04-23 00:10 - 00639488 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-05-10 18:23 - 2016-04-23 00:09 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-05-10 18:23 - 2016-04-23 00:08 - 05324288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-05-10 18:23 - 2016-04-23 00:08 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-05-10 18:23 - 2016-04-23 00:07 - 01793024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-05-10 18:23 - 2016-04-23 00:07 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-05-10 18:23 - 2016-04-23 00:05 - 01895936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-05-10 18:23 - 2016-04-23 00:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-05-10 18:23 - 2016-04-23 00:04 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-05-10 18:23 - 2016-04-23 00:04 - 01733632 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-05-10 18:23 - 2016-04-23 00:03 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-05-10 18:23 - 2016-04-23 00:03 - 02000896 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-05-10 18:23 - 2016-04-23 00:03 - 01899520 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-05-10 18:23 - 2016-04-23 00:03 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-05-10 18:22 - 2016-05-06 01:20 - 00077664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdport.sys
2016-05-10 18:22 - 2016-05-06 00:23 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-05-10 18:22 - 2016-05-06 00:13 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-05-10 18:22 - 2016-05-06 00:10 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2016-05-10 18:22 - 2016-05-06 00:05 - 00487936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-05-10 18:22 - 2016-05-06 00:05 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-05-10 18:22 - 2016-05-05 23:49 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-05-10 18:22 - 2016-04-30 02:53 - 01152000 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-05-10 18:22 - 2016-04-23 02:06 - 00081088 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-05-10 18:22 - 2016-04-23 01:28 - 00550240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-05-10 18:22 - 2016-04-23 01:28 - 00545432 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-05-10 18:22 - 2016-04-23 01:28 - 00278368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-05-10 18:22 - 2016-04-23 01:28 - 00083808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-05-10 18:22 - 2016-04-23 01:26 - 00792328 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-05-10 18:22 - 2016-04-23 01:21 - 00023776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-05-10 18:22 - 2016-04-23 01:14 - 00310112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-05-10 18:22 - 2016-04-23 01:13 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-05-10 18:22 - 2016-04-23 01:13 - 00306832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-05-10 18:22 - 2016-04-23 01:13 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-05-10 18:22 - 2016-04-23 01:12 - 00104800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufxsynopsys.sys
2016-05-10 18:22 - 2016-04-23 01:11 - 00259424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-05-10 18:22 - 2016-04-23 01:09 - 00569744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2016-05-10 18:22 - 2016-04-23 01:09 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-05-10 18:22 - 2016-04-23 01:09 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-05-10 18:22 - 2016-04-23 01:07 - 01536088 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-05-10 18:22 - 2016-04-23 01:07 - 00192704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2016-05-10 18:22 - 2016-04-23 01:07 - 00183904 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2016-05-10 18:22 - 2016-04-23 01:02 - 00188256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-05-10 18:22 - 2016-04-23 01:01 - 00513368 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-05-10 18:22 - 2016-04-23 01:01 - 00484704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-05-10 18:22 - 2016-04-23 01:01 - 00336224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-05-10 18:22 - 2016-04-23 01:00 - 01522152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-05-10 18:22 - 2016-04-23 01:00 - 01396584 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-05-10 18:22 - 2016-04-23 01:00 - 01273720 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-05-10 18:22 - 2016-04-23 01:00 - 00453472 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2016-05-10 18:22 - 2016-04-23 01:00 - 00049504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwminit.dll
2016-05-10 18:22 - 2016-04-23 00:55 - 00430432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-05-10 18:22 - 2016-04-23 00:30 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-05-10 18:22 - 2016-04-23 00:29 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-05-10 18:22 - 2016-04-23 00:29 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2016-05-10 18:22 - 2016-04-23 00:29 - 00046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2016-05-10 18:22 - 2016-04-23 00:29 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe
2016-05-10 18:22 - 2016-04-23 00:29 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-05-10 18:22 - 2016-04-23 00:28 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-05-10 18:22 - 2016-04-23 00:28 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-05-10 18:22 - 2016-04-23 00:27 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2016-05-10 18:22 - 2016-04-23 00:27 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-05-10 18:22 - 2016-04-23 00:25 - 00070144 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-05-10 18:22 - 2016-04-23 00:24 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-05-10 18:22 - 2016-04-23 00:24 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-05-10 18:22 - 2016-04-23 00:24 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\filecrypt.sys
2016-05-10 18:22 - 2016-04-23 00:23 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-05-10 18:22 - 2016-04-23 00:23 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2016-05-10 18:22 - 2016-04-23 00:23 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-05-10 18:22 - 2016-04-23 00:23 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-05-10 18:22 - 2016-04-23 00:22 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2016-05-10 18:22 - 2016-04-23 00:21 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-05-10 18:22 - 2016-04-23 00:21 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-05-10 18:22 - 2016-04-23 00:21 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2016-05-10 18:22 - 2016-04-23 00:21 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-05-10 18:22 - 2016-04-23 00:20 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-05-10 18:22 - 2016-04-23 00:20 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-05-10 18:22 - 2016-04-23 00:20 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-05-10 18:22 - 2016-04-23 00:20 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2016-05-10 18:22 - 2016-04-23 00:20 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2016-05-10 18:22 - 2016-04-23 00:19 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-05-10 18:22 - 2016-04-23 00:19 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-05-10 18:22 - 2016-04-23 00:19 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2016-05-10 18:22 - 2016-04-23 00:18 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-05-10 18:22 - 2016-04-23 00:17 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-05-10 18:22 - 2016-04-23 00:17 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-05-10 18:22 - 2016-04-23 00:17 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-05-10 18:22 - 2016-04-23 00:16 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-05-10 18:22 - 2016-04-23 00:16 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-05-10 18:22 - 2016-04-23 00:15 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-05-10 18:22 - 2016-04-23 00:14 - 00739328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-05-10 18:22 - 2016-04-23 00:14 - 00647680 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-05-10 18:22 - 2016-04-23 00:14 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-05-10 18:22 - 2016-04-23 00:14 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-05-10 18:22 - 2016-04-23 00:14 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-05-10 18:22 - 2016-04-23 00:13 - 00951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-05-10 18:22 - 2016-04-23 00:13 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-05-10 18:22 - 2016-04-23 00:12 - 00783872 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-05-10 18:22 - 2016-04-23 00:12 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-05-10 18:22 - 2016-04-23 00:05 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-05-10 18:22 - 2016-04-23 00:03 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-05-10 18:22 - 2016-04-23 00:03 - 00704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-05-10 18:22 - 2016-04-23 00:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-05-10 18:22 - 2016-04-23 00:01 - 01075200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-05-10 18:22 - 2016-04-22 22:10 - 00177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-05-10 18:22 - 2016-04-18 18:30 - 00002186 _____ C:\WINDOWS\system32\AppxProvisioning.xml
2016-05-09 16:40 - 2016-05-09 16:40 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2016-05-09 16:40 - 2016-05-09 16:40 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-05-08 10:17 - 2016-05-08 10:18 - 38168696 _____ (Vivaldi Technologies AS) C:\Users\Jeremy platano\Downloads\Vivaldi.1.1.453.52.exe
2016-05-03 16:32 - 2016-05-28 16:03 - 00000000 ____D C:\Users\Jeremy platano\AppData\Local\Kingsoft
2016-05-03 16:31 - 2016-05-26 18:11 - 00000000 ____D C:\ProgramData\kingsoft
2016-05-03 16:29 - 2016-05-03 16:31 - 78745832 _____ (Kingsoft Corp. Ltd.) C:\Users\Jeremy platano\Downloads\setup_wps_office_2016_en.exe
 
2016-05-03 16:18 - 2016-05-03 16:18 - 18685479 _____ C:\Users\Jeremy platano\Downloads\ibsl-3.pdf
2016-05-03 16:16 - 2016-05-03 16:16 - 03531642 _____ C:\Users\Jeremy platano\Downloads\InShot_20160430_163028.mp4
2016-05-02 19:04 - 2016-05-02 19:04 - 00000000 ____D C:\Users\Jeremy platano\AppData\Local\PeerDistRepub
2016-05-02 16:06 - 2016-05-02 16:06 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-05-02 11:28 - 2016-05-28 16:24 - 00000000 ____D C:\Program Files\Google
2016-05-02 11:28 - 2016-05-02 15:50 - 00000000 ____D C:\Users\Jeremy platano\AppData\Local\Google
2016-05-02 11:28 - 2016-05-02 11:32 - 00987728 _____ (Google Inc.) C:\Users\Jeremy platano\Downloads\ChromeSetup (3).exe
2016-05-01 22:08 - 2016-05-01 22:08 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2016-05-01 16:12 - 2016-05-01 16:12 - 00000000 ____D C:\WINDOWS\InfusedApps
2016-05-01 16:12 - 2016-05-01 12:33 - 00000000 ___DC C:\WINDOWS\Panther
2016-05-01 16:11 - 2016-05-01 15:53 - 00000000 ____D C:\Windows.old
2016-05-01 16:00 - 2016-05-01 16:00 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-05-01 15:58 - 2016-05-01 15:58 - 00000000 ____D C:\Program Files\Synaptics
2016-05-01 15:54 - 2016-05-01 15:54 - 00000000 ____D C:\WINDOWS\Setup
2016-05-01 15:52 - 2016-05-01 15:52 - 00000000 ____D C:\WINDOWS\OCR
2016-05-01 15:51 - 2016-05-01 15:51 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-05-01 15:51 - 2016-05-01 15:51 - 00000000 ____D C:\Program Files\MSBuild
2016-05-01 15:50 - 2016-05-01 15:50 - 00000000 ____D C:\WINDOWS\system32\winrm
2016-05-01 15:50 - 2016-05-01 15:50 - 00000000 ____D C:\WINDOWS\system32\WCN
2016-05-01 15:50 - 2016-05-01 15:50 - 00000000 ____D C:\WINDOWS\system32\slmgr
2016-05-01 15:50 - 2016-05-01 15:50 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2016-05-01 15:50 - 2016-05-01 15:50 - 00000000 ____D C:\WINDOWS\system32\0409
2016-05-01 15:50 - 2016-05-01 15:50 - 00000000 ____D C:\WINDOWS\DigitalLocker
2016-05-01 15:43 - 2016-05-11 15:57 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-05-01 15:43 - 2016-05-11 15:57 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-05-01 15:38 - 2016-05-29 11:19 - 00000000 ____D C:\WINDOWS\addins
2016-05-01 15:38 - 2016-05-29 00:29 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-05-01 15:38 - 2016-05-28 15:06 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-05-01 15:38 - 2016-05-27 21:58 - 00000000 ___HD C:\Program Files\WindowsApps
2016-05-01 15:38 - 2016-05-26 18:38 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-05-01 15:38 - 2016-05-26 18:37 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-05-01 15:38 - 2016-05-15 14:09 - 00000000 ____D C:\WINDOWS\rescache
2016-05-01 15:38 - 2016-05-11 16:37 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-05-01 15:38 - 2016-05-11 16:37 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-05-01 15:38 - 2016-05-11 16:37 - 00000000 ____D C:\WINDOWS\Provisioning
2016-05-01 15:38 - 2016-05-11 16:37 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-05-01 15:38 - 2016-05-11 16:37 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-01 15:38 - 2016-05-11 16:36 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-05-01 15:38 - 2016-05-03 15:39 - 00000000 ____D C:\WINDOWS\AppCompat
2016-05-01 15:38 - 2016-05-02 09:50 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-05-01 15:38 - 2016-05-02 09:50 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-05-01 15:38 - 2016-05-02 09:50 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-05-01 15:38 - 2016-05-02 09:50 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-05-01 15:38 - 2016-05-02 09:49 - 00000000 __RSD C:\WINDOWS\Media
2016-05-01 15:38 - 2016-05-02 09:49 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-05-01 15:38 - 2016-05-02 09:49 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-05-01 15:38 - 2016-05-02 09:49 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-05-01 15:38 - 2016-05-02 09:49 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-05-01 15:38 - 2016-05-02 09:49 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-05-01 15:38 - 2016-05-01 16:12 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-05-01 15:38 - 2016-05-01 15:50 - 00000000 ___SD C:\WINDOWS\system32\dsc
2016-05-01 15:38 - 2016-05-01 15:50 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-05-01 15:38 - 2016-05-01 15:50 - 00000000 ____D C:\WINDOWS\system32\setup
2016-05-01 15:38 - 2016-05-01 15:50 - 00000000 ____D C:\WINDOWS\system32\MUI
2016-05-01 15:38 - 2016-05-01 15:50 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-05-01 15:38 - 2016-05-01 15:50 - 00000000 ____D C:\WINDOWS\system32\Com
2016-05-01 15:38 - 2016-05-01 15:50 - 00000000 ____D C:\WINDOWS\IME
2016-05-01 15:38 - 2016-05-01 15:50 - 00000000 ____D C:\WINDOWS\Help
2016-05-01 15:38 - 2016-05-01 15:49 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-05-01 15:38 - 2016-05-01 15:49 - 00000000 ____D C:\Program Files\Windows Defender
2016-05-01 15:38 - 2016-05-01 15:49 - 00000000 ____D C:\Program Files\Common Files\System
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 __SHD C:\WINDOWS\BitLockerDiscoveryVolumeContents
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 __SHD C:\Program Files\Windows Sidebar
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ___SD C:\WINDOWS\system32\Nui
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ___SD C:\WINDOWS\system32\Configuration
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ___RD C:\WINDOWS\Offline Web Pages
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ___RD C:\WINDOWS\DesktopTileResources
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\Web
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\Vss
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\tracing
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\TAPI
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\SystemResources
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\SystemApps
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\system32\WinMetadata
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\system32\winevt
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\system32\spool
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\system32\ras
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\system32\ProximityToast
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\system32\PointOfService
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\system32\MsDtc
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\system32\Ipmi
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\system32\IME
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\system32\icsxml
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\system32\ias
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\system32\GroupPolicyUsers
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\system32\downlevel
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\system32\config\Journal
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\system32\Bthprops
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\system32\AppLocker
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\System
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\SKB
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\ShellNew
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\security
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\schemas
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\SchCache
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\Resources
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\Registration
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\PLA
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\Performance
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\ModemLogs
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\L2Schemas
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\InputMethod
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\Globalization
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\Cursors
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\Branding
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\ProgramData\Comms
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\Program Files\Windows NT
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\Program Files\Common Files\Services
2016-05-01 15:38 - 2016-05-01 15:31 - 00215943 _____ C:\WINDOWS\system32\dssec.dat
2016-05-01 15:38 - 2016-05-01 15:31 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2016-05-01 15:38 - 2016-05-01 15:31 - 00017463 _____ C:\WINDOWS\system32\Drivers\etc\services
2016-05-01 15:38 - 2016-05-01 15:31 - 00008798 _____ C:\WINDOWS\system32\icrav03.rat
2016-05-01 15:38 - 2016-05-01 15:31 - 00003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2016-05-01 15:38 - 2016-05-01 15:31 - 00002577 _____ C:\WINDOWS\system32\config.nt
2016-05-01 15:38 - 2016-05-01 15:31 - 00001988 _____ C:\WINDOWS\system32\ticrf.rat
2016-05-01 15:38 - 2016-05-01 15:31 - 00001688 _____ C:\WINDOWS\system32\autoexec.nt
2016-05-01 15:38 - 2016-05-01 15:31 - 00001358 _____ C:\WINDOWS\system32\Drivers\etc\protocol
2016-05-01 15:38 - 2016-05-01 15:31 - 00000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2016-05-01 15:38 - 2016-05-01 15:31 - 00000741 _____ C:\WINDOWS\system32\NOISE.DAT
2016-05-01 15:38 - 2016-05-01 15:31 - 00000407 _____ C:\WINDOWS\system32\Drivers\etc\networks
2016-05-01 15:38 - 2016-05-01 15:31 - 00000389 _____ C:\WINDOWS\system32\AutoWorkplace.exe.config
2016-05-01 15:38 - 2016-05-01 15:31 - 00000219 _____ C:\WINDOWS\system.ini
2016-05-01 15:38 - 2016-05-01 15:31 - 00000092 _____ C:\WINDOWS\win.ini
2016-05-01 15:38 - 2016-05-01 12:59 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2016-05-01 15:38 - 2016-05-01 12:37 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-05-01 15:38 - 2016-05-01 12:37 - 00000000 ___RD C:\WINDOWS\MiracastView
2016-05-01 15:38 - 2016-05-01 12:31 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-05-01 15:38 - 2016-05-01 12:29 - 00000000 __RHD C:\Users\Public\Libraries
2016-05-01 15:38 - 2016-05-01 12:26 - 00000000 ____D C:\WINDOWS\CSC
2016-05-01 15:38 - 2016-05-01 12:24 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2016-05-01 15:38 - 2016-05-01 12:23 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-05-01 15:38 - 2016-05-01 12:19 - 00000000 ____D C:\ProgramData\USOPrivate
2016-05-01 15:32 - 2016-05-29 11:45 - 00000000 ____D C:\WINDOWS\INF
2016-05-01 15:20 - 2016-05-15 12:15 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-01 15:08 - 2016-04-22 03:57 - 00374944 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-05-01 15:07 - 2015-10-30 01:18 - 00000164 _____ C:\WINDOWS\system32\config\FP
2016-05-01 15:06 - 2016-05-29 11:36 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-05-01 15:06 - 2016-05-01 15:50 - 00000000 ____D C:\WINDOWS\servicing
2016-05-01 15:06 - 2016-05-01 15:38 - 00000000 ____D C:\WINDOWS\system32\SMI
2016-05-01 15:06 - 2016-05-01 12:19 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-05-01 15:05 - 2016-05-01 15:16 - 00000000 ___HD C:\$SysReset
2016-05-01 15:01 - 2016-05-10 19:18 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-01 15:01 - 2016-05-10 19:00 - 136686448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-05-01 14:59 - 2016-04-01 23:20 - 00826368 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-05-01 14:59 - 2016-04-01 23:14 - 03197440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-05-01 14:59 - 2016-04-01 23:10 - 02871296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-05-01 14:59 - 2016-03-29 05:37 - 01862008 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-05-01 14:59 - 2016-03-29 05:36 - 01820512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-05-01 14:59 - 2016-03-29 05:13 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-05-01 14:59 - 2016-03-29 04:24 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-05-01 14:59 - 2016-03-29 02:43 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2016-05-01 14:59 - 2016-03-29 02:41 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-05-01 14:59 - 2016-03-29 02:37 - 01444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-05-01 14:59 - 2016-03-29 02:36 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-05-01 14:59 - 2016-03-29 02:30 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-05-01 14:59 - 2016-03-29 02:28 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-05-01 14:59 - 2016-03-29 02:28 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-05-01 14:59 - 2016-03-29 02:14 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-05-01 14:59 - 2016-03-29 02:10 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-05-01 14:59 - 2016-03-29 02:06 - 00813056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-05-01 14:59 - 2016-03-29 02:02 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-05-01 14:59 - 2016-03-29 01:58 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-05-01 14:59 - 2016-03-29 01:49 - 01085952 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-05-01 14:59 - 2016-03-29 01:38 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-05-01 14:59 - 2016-03-29 01:36 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-05-01 14:59 - 2016-03-29 01:25 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-05-01 14:58 - 2016-03-29 05:38 - 01051584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-05-01 14:57 - 2016-04-02 00:17 - 00297072 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-05-01 14:57 - 2016-04-02 00:14 - 00757192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2016-05-01 14:57 - 2016-04-02 00:14 - 00613112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-05-01 14:57 - 2016-04-02 00:14 - 00305296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-05-01 14:57 - 2016-03-29 05:41 - 00875992 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-05-01 14:57 - 2016-03-29 05:41 - 00771120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-05-01 14:57 - 2016-03-29 05:41 - 00228696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-05-01 14:57 - 2016-03-29 05:38 - 00927072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-05-01 14:57 - 2016-03-29 05:33 - 00084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2016-05-01 14:57 - 2016-03-29 05:28 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-05-01 14:57 - 2016-03-29 05:21 - 00922456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-05-01 14:57 - 2016-03-29 05:20 - 00856928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-05-01 14:57 - 2016-03-29 05:19 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-05-01 14:57 - 2016-03-29 04:41 - 00203104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-05-01 14:57 - 2016-03-29 04:41 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-05-01 14:57 - 2016-03-29 04:34 - 00153952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-05-01 14:57 - 2016-03-29 04:26 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
2016-05-01 14:57 - 2016-03-29 04:25 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
2016-05-01 14:57 - 2016-03-29 04:24 - 00063008 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2016-05-01 14:57 - 2016-03-29 04:23 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
2016-05-01 14:57 - 2016-03-29 04:01 - 00541304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-05-01 14:57 - 2016-03-29 03:46 - 01861984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-05-01 14:57 - 2016-03-29 03:46 - 00771424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-05-01 14:57 - 2016-03-29 03:42 - 00287072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2016-05-01 14:57 - 2016-03-29 03:04 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2016-05-01 14:57 - 2016-03-29 03:02 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-05-01 14:57 - 2016-03-29 03:00 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2016-05-01 14:57 - 2016-03-29 02:56 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-05-01 14:57 - 2016-03-29 02:53 - 00424448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2016-05-01 14:57 - 2016-03-29 02:53 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2016-05-01 14:57 - 2016-03-29 02:53 - 00150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-05-01 14:57 - 2016-03-29 02:52 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-05-01 14:57 - 2016-03-29 02:49 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-05-01 14:57 - 2016-03-29 02:47 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-05-01 14:57 - 2016-03-29 02:44 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-05-01 14:57 - 2016-03-29 02:41 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2016-05-01 14:57 - 2016-03-29 02:40 - 00445952 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-05-01 14:57 - 2016-03-29 02:39 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2016-05-01 14:57 - 2016-03-29 02:37 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-05-01 14:57 - 2016-03-29 02:36 - 00453632 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-05-01 14:57 - 2016-03-29 02:34 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2016-05-01 14:57 - 2016-03-29 02:32 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-05-01 14:57 - 2016-03-29 02:32 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2016-05-01 14:57 - 2016-03-29 02:32 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-05-01 14:57 - 2016-03-29 02:31 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-05-01 14:57 - 2016-03-29 02:29 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-05-01 14:57 - 2016-03-29 02:27 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-05-01 14:57 - 2016-03-29 02:23 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2016-05-01 14:57 - 2016-03-29 02:18 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2016-05-01 14:57 - 2016-03-29 02:13 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2016-05-01 14:57 - 2016-03-29 02:07 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-05-01 14:57 - 2016-03-29 02:06 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-05-01 14:57 - 2016-03-29 02:06 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-05-01 14:57 - 2016-03-29 02:06 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2016-05-01 14:57 - 2016-03-29 02:04 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-05-01 14:57 - 2016-03-29 01:55 - 00614912 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-05-01 14:57 - 2016-03-29 01:46 - 00307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-05-01 14:57 - 2016-03-29 01:43 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-05-01 14:57 - 2016-03-29 01:36 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2016-05-01 14:57 - 2016-03-29 01:25 - 00554496 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-05-01 14:56 - 2016-04-01 23:25 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2016-05-01 14:56 - 2016-03-29 03:30 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msorcl32.dll
2016-05-01 14:56 - 2016-03-29 03:28 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-05-01 14:56 - 2016-03-29 03:20 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2016-05-01 14:56 - 2016-03-29 03:20 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2016-05-01 14:56 - 2016-03-29 03:20 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2016-05-01 14:56 - 2016-03-29 03:20 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll
2016-05-01 14:56 - 2016-03-29 03:19 - 00037376 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-05-01 14:56 - 2016-03-29 03:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacchooks.dll
2016-05-01 14:56 - 2016-03-29 03:16 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-05-01 14:56 - 2016-03-29 03:14 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2016-05-01 14:56 - 2016-03-29 03:13 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2016-05-01 14:56 - 2016-03-29 03:12 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-05-01 14:56 - 2016-03-29 03:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-05-01 14:56 - 2016-03-29 03:11 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-05-01 14:56 - 2016-03-29 03:11 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-05-01 14:56 - 2016-03-29 03:11 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
2016-05-01 14:56 - 2016-03-29 03:09 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
2016-05-01 14:56 - 2016-03-29 03:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2016-05-01 14:56 - 2016-03-29 03:08 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-05-01 14:56 - 2016-03-29 03:08 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2016-05-01 14:56 - 2016-03-29 03:06 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-05-01 14:56 - 2016-03-29 03:06 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-05-01 14:56 - 2016-03-29 03:06 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2016-05-01 14:56 - 2016-03-29 03:05 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2016-05-01 14:56 - 2016-03-29 03:05 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-05-01 14:56 - 2016-03-29 03:05 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-05-01 14:56 - 2016-03-29 03:05 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-05-01 14:56 - 2016-03-29 03:05 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2016-05-01 14:56 - 2016-03-29 03:02 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2016-05-01 14:56 - 2016-03-29 02:53 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2016-05-01 14:56 - 2016-03-29 02:52 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2016-05-01 14:56 - 2016-03-29 02:52 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2016-05-01 14:56 - 2016-03-29 02:52 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2016-05-01 14:56 - 2016-03-29 02:46 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-05-01 14:56 - 2016-03-29 02:44 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2016-05-01 14:56 - 2016-03-29 02:42 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-05-01 14:56 - 2016-03-29 02:39 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2016-05-01 14:56 - 2016-03-29 02:32 - 00601600 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-05-01 14:56 - 2016-03-29 02:27 - 00162816 _____ C:\WINDOWS\system32\MTF.dll
2016-05-01 14:56 - 2016-03-29 02:27 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-05-01 14:56 - 2016-03-29 02:27 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-05-01 14:56 - 2016-03-29 02:26 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-05-01 14:56 - 2016-03-29 02:26 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-05-01 14:56 - 2016-03-29 02:25 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2016-05-01 14:56 - 2016-03-29 02:05 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-05-01 14:56 - 2016-03-29 01:32 - 00742400 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-05-01 14:56 - 2016-03-29 01:30 - 00782336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2016-05-01 14:56 - 2016-03-29 01:25 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-05-01 14:56 - 2016-03-29 01:24 - 00310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2016-05-01 14:56 - 2016-03-29 01:21 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-05-01 13:24 - 2016-05-01 13:24 - 00000000 ____D C:\Users\Jeremy platano\AppData\Roaming\Macromedia
2016-05-01 13:12 - 2016-05-01 13:12 - 00000000 ____D C:\Users\Jeremy platano\AppData\Local\Comms
2016-05-01 13:09 - 2016-05-01 13:09 - 00000000 ____D C:\Users\Jeremy platano\AppData\Roaming\ATI
2016-05-01 13:09 - 2016-05-01 13:09 - 00000000 ____D C:\Users\Jeremy platano\AppData\Local\ATI
2016-05-01 13:09 - 2016-05-01 13:09 - 00000000 ____D C:\Users\Jeremy platano\AppData\Local\AMD
2016-05-01 13:09 - 2016-05-01 13:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2016-05-01 13:09 - 2016-05-01 13:09 - 00000000 ____D C:\ProgramData\ATI
2016-05-01 13:08 - 2016-05-01 13:08 - 00000000 ____D C:\ProgramData\AMD
2016-05-01 13:07 - 2016-05-01 13:08 - 00000000 ____D C:\Program Files\ATI Technologies
2016-05-01 13:07 - 2016-05-01 13:07 - 00000000 ____D C:\ProgramData\Package Cache
2016-05-01 13:04 - 2016-05-15 11:51 - 00000000 ____D C:\Program Files\AMD
2016-05-01 13:04 - 2016-05-01 13:04 - 00000000 _____ C:\WINDOWS\ativpsrm.bin
2016-05-01 12:56 - 2016-05-01 12:56 - 00000000 ____D C:\Users\Jeremy platano\AppData\Local\MicrosoftEdge
2016-05-01 12:54 - 2016-05-29 11:24 - 00002390 _____ C:\Users\Jeremy platano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-05-01 12:44 - 2016-05-01 12:44 - 00025526 _____ C:\Users\Jeremy platano\Desktop\Removed Apps.html
2016-05-01 12:44 - 2016-05-01 12:44 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-05-01 12:43 - 2016-05-01 12:43 - 00000000 ____D C:\Program Files\Elantech
2016-05-01 12:41 - 2016-05-01 12:41 - 00000000 ____D C:\Users\Jeremy platano\AppData\Local\Publishers
2016-05-01 12:37 - 2016-05-01 12:37 - 00000000 ____D C:\Users\Jeremy platano\AppData\Local\ActiveSync
2016-05-01 12:35 - 2016-05-26 18:47 - 00000000 ____D C:\Users\Jeremy platano\AppData\Local\Packages
2016-05-01 12:35 - 2016-05-11 16:13 - 00000000 ____D C:\Users\Jeremy platano\AppData\Roaming\Adobe
2016-05-01 12:35 - 2016-05-01 12:35 - 00000020 ___SH C:\Users\Jeremy platano\ntuser.ini
2016-05-01 12:35 - 2016-05-01 12:35 - 00000000 ____D C:\Users\Jeremy platano\AppData\Local\VirtualStore
2016-05-01 12:35 - 2016-05-01 12:35 - 00000000 ____D C:\Users\Jeremy platano\AppData\Local\TileDataLayer
2016-05-01 12:33 - 2016-05-29 11:45 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-05-01 12:32 - 2016-05-01 12:32 - 00000000 _SHDL C:\Users\Default\My Documents
2016-05-01 12:32 - 2016-05-01 12:32 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2016-05-01 12:32 - 2016-05-01 12:32 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2016-05-01 12:32 - 2016-05-01 12:32 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2016-05-01 12:32 - 2016-05-01 12:32 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2016-05-01 12:32 - 2016-05-01 12:32 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2016-05-01 12:32 - 2016-05-01 12:32 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2016-05-01 12:32 - 2016-05-01 12:32 - 00000000 _SHDL C:\Users\Default User
2016-05-01 12:32 - 2016-05-01 12:32 - 00000000 _SHDL C:\Users\All Users
2016-05-01 12:28 - 2016-05-15 22:32 - 00000000 ____D C:\Users\Jeremy platano
2016-05-01 12:28 - 2016-05-01 12:28 - 00000000 _SHDL C:\Users\Jeremy platano\My Documents
2016-05-01 12:28 - 2016-05-01 12:28 - 00000000 _SHDL C:\Users\Jeremy platano\Documents\My Videos
2016-05-01 12:28 - 2016-05-01 12:28 - 00000000 _SHDL C:\Users\Jeremy platano\Documents\My Pictures
2016-05-01 12:28 - 2016-05-01 12:28 - 00000000 _SHDL C:\Users\Jeremy platano\Documents\My Music
2016-05-01 12:19 - 2016-05-01 12:19 - 00000000 ____D C:\ProgramData\USOShared
2016-05-01 12:15 - 2016-05-29 11:37 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-05-01 12:15 - 2016-05-01 12:15 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2016-05-01 12:14 - 2016-05-28 16:03 - 00336512 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-05-01 09:51 - 2016-05-01 09:51 - 00439536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140.dll
2016-05-01 09:51 - 2016-05-01 09:51 - 00267016 _____ (Microsoft Corporation) C:\WINDOWS\system32\vccorlib140.dll
2016-05-01 09:51 - 2016-05-01 09:51 - 00243480 _____ (Microsoft Corporation) C:\WINDOWS\system32\concrt140.dll
2016-05-01 09:51 - 2016-05-01 09:51 - 00085232 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcruntime140.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-29 11:25 - 2015-10-30 01:45 - 00002437 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk
2016-05-29 11:25 - 2015-10-30 01:45 - 00002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Devices Flow.lnk
2016-05-29 11:25 - 2015-10-30 01:45 - 00000853 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop.lnk
2016-05-29 11:25 - 2015-10-30 01:44 - 00002325 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk
2016-05-29 11:24 - 2015-10-30 01:45 - 00002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk
2016-05-29 11:24 - 2015-08-08 00:56 - 00001895 _____ C:\Users\Jeremy platano\Desktop\Spotify.lnk
2016-05-29 11:24 - 2014-02-11 18:23 - 00001006 _____ C:\Users\Jeremy platano\Desktop\Dropbox.lnk
2016-05-29 11:24 - 2013-09-20 18:26 - 00002675 _____ C:\Users\Jeremy platano\Desktop\µTorrent.lnk
2016-05-26 14:46 - 2014-06-29 20:44 - 00000000 ____D C:\AMD
2016-05-12 15:56 - 2015-07-29 18:13 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-05-11 15:19 - 2013-10-06 17:07 - 00000000 ____D C:\Users\Jeremy platano\AppData\LocalLow\Temp
2016-05-01 12:55 - 2015-07-29 18:23 - 00000000 ___RD C:\Users\Jeremy platano\OneDrive

Some files in TEMP:
====================
C:\Users\Jeremy platano\AppData\Local\Temp\ads.exe
C:\Users\Jeremy platano\AppData\Local\Temp\appstart.exe
C:\Users\Jeremy platano\AppData\Local\Temp\brastub6ab_amotn_inst.exe
C:\Users\Jeremy platano\AppData\Local\Temp\BSvcProcessor.exe
C:\Users\Jeremy platano\AppData\Local\Temp\BSvcUpdater.exe
C:\Users\Jeremy platano\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Jeremy platano\AppData\Local\Temp\install.exe
C:\Users\Jeremy platano\AppData\Local\Temp\libeay32.dll
C:\Users\Jeremy platano\AppData\Local\Temp\msvcr120.dll
C:\Users\Jeremy platano\AppData\Local\Temp\playstv_patch.exe
C:\Users\Jeremy platano\AppData\Local\Temp\raptrpatch.exe
C:\Users\Jeremy platano\AppData\Local\Temp\raptr_stub.exe
C:\Users\Jeremy platano\AppData\Local\Temp\sqlite3.dll
C:\Users\Jeremy platano\AppData\Local\Temp\tmp1069.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-05-20 19:31

==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version:29-05-2016 02
Ran by Jeremy platano (2016-05-29 12:14:13)
Running from C:\Users\Jeremy platano\Desktop
Microsoft Windows 10 Pro Version 1511 (X86) (2016-05-01 16:33:25)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2498457770-3637397173-802165776-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2498457770-3637397173-802165776-503 - Limited - Disabled)
Guest (S-1-5-21-2498457770-3637397173-802165776-501 - Limited - Disabled)
Jeremy platano (S-1-5-21-2498457770-3637397173-802165776-1001 - Administrator - Enabled) => C:\Users\Jeremy platano

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2498457770-3637397173-802165776-1001\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.)
Adobe Acrobat DC (HKLM\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.016.20041 - Adobe Systems Incorporated)
AMD Catalyst Control Center (HKLM\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
ELAN Touchpad 11.15.0.18_X86 (HKLM\...\Elantech) (Version: 11.15.0.18 - ELAN Microelectronic Corp.)
Google Chrome (HKLM\...\Google Chrome) (Version: 51.0.2704.63 - Google Inc.)
Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.6001.1078 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (Version: 16.0.6001.1078 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6001.1078 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.6001.1078 - Microsoft Corporation) Hidden
Skype™ 7.24 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.13.0 - Synaptics Incorporated)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2498457770-3637397173-802165776-1001_Classes\CLSID\{B722BCCD-4E68-101B-A2BC-00AA00404770}\InprocServer32 -> C:\Users\Jeremy platano\AppData\Local\Kingsoft\WPS Office\10.1.0.5579\office6\ksoapi.dll => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B9A3C30-9173-43ED-A31A-5907461F931A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-05-26] (Microsoft Corporation)
Task: {1E6D6C19-21D3-4444-984E-FB8AB7C48B59} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-05-26] (Microsoft Corporation)
Task: {253908DB-A8E8-485C-ABAB-DFCCB8B1C188} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-05-01] (Microsoft Corporation)
Task: {4ABEA0D9-309C-4CF3-AB63-2ADD7DC423C8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-05-26] (Microsoft Corporation)
Task: {98C8ECE9-8663-4089-BA26-0605F279A959} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {A1041151-0DA1-4D52-8D90-E4F796BE33D8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-05-28] (Google Inc.)
Task: {A50C4873-67AB-4219-A7D8-FADE55DAC17C} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin\InstallManagerApp.exe [2016-03-21] (Advanced Micro Devices, Inc.)
Task: {B20369CB-CC1A-42ED-AEB2-EDA7AA056BF8} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-05-01] (Microsoft Corporation)
Task: {E64BB497-48E1-42BB-A5D7-5ED8BA2371B8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-05-28] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 01:44 - 2015-10-30 01:44 - 00149504 ____N () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-08-21 22:08 - 2015-08-21 22:08 - 00114688 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2016-05-28 14:57 - 2016-05-27 18:42 - 00044544 _____ () C:\WINDOWS\system32\CpuHeatMapping\165271\CpuHeatMapping.exe
2016-05-28 16:07 - 2016-05-23 15:07 - 00006656 _____ () C:\WINDOWS\BinEssentials\BinEssentials1110\BinEssentials.exe
2016-05-28 14:55 - 2016-05-09 17:51 - 00006144 _____ () C:\WINDOWS\Cudm1110\cudm.exe
2016-05-26 18:09 - 2016-05-01 04:40 - 00143552 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2016-05-28 15:01 - 2016-05-27 17:00 - 00007680 _____ () C:\WINDOWS\CpuEssentials\165271\CpuEssentials.exe
2016-05-28 16:07 - 2016-05-16 19:05 - 00007680 _____ () C:\WINDOWS\WinEssentials\516\WinEssentials.exe
2016-05-01 14:59 - 2016-03-29 05:37 - 01862008 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-05-01 14:59 - 2016-03-29 05:37 - 01862008 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-05-01 12:54 - 2016-05-01 12:54 - 00679624 _____ () C:\Users\Jeremy platano\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\ClientTelemetry.dll
2016-05-26 18:24 - 2016-05-26 18:24 - 08911048 _____ () C:\Program Files\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2016-03-19 09:54 - 2015-12-07 00:11 - 00070656 ____N () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-10 18:22 - 2016-04-23 00:20 - 00316416 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-10 18:23 - 2016-04-23 00:05 - 05340672 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-10 18:23 - 2016-04-22 23:58 - 00471552 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-05-10 18:23 - 2016-04-22 23:58 - 02366976 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-10 18:23 - 2016-04-23 00:01 - 02656768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2498457770-3637397173-802165776-1001\...\sharepoint.com -> hxxps://osceolak12-files.sharepoint.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-05-01 15:38 - 2016-05-27 22:43 - 00001006 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com
127.0.0.1 www.czzsyzxl.com
127.0.0.1 union.baidu2019.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2498457770-3637397173-802165776-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jeremy platano\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.0.1 - 205.171.2.226
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "csrssf.exe -start"
HKU\S-1-5-21-2498457770-3637397173-802165776-1001\...\StartupApproved\StartupFolder: => "mysystem.lnk"
HKU\S-1-5-21-2498457770-3637397173-802165776-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2498457770-3637397173-802165776-1001\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{272C712F-8E4A-47DC-9F81-D58D933BE6CB}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{55EA84DF-59A5-4D13-8FEF-0EFE57638C6D}] => (Allow) C:\Program Files\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{8CF52DB3-9580-4607-8B49-1E43E43A2AE3}] => (Allow) C:\Program Files\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{5A749836-53B1-4D64-B6B3-B009FD9C8001}] => (Allow) C:\Program Files\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{72F506D3-0A4F-4883-82DA-63C2E3EE9093}] => (Allow) C:\Program Files\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{A1955473-6CF3-43EE-B425-BA0435A6ABD7}] => (Allow) C:\Program Files\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{6E777007-2357-4097-80DE-878B49C4E130}] => (Allow) C:\Program Files\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{0C8E1D88-E4F8-4D35-B999-64085ED947F2}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{28A1B5FB-127B-4597-AD74-1C14F9A75063}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{0069DE2F-FB61-4DEF-9E79-D1C323E3C9FB}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{00E27C2A-F984-4A43-86E4-62FE72285850}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{EF27D91A-3F30-4651-865D-FFA6E202E82B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{7A01FEF5-8AB5-44D4-90E9-D4E72251E2BB}] => (Allow) C:\Users\Jeremy platano\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C0D9A734-158D-4D6A-9B3F-D51F5823E7A5}] => (Allow) C:\Users\Jeremy platano\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3465906F-9245-466F-9466-39695F0F7824}] => (Allow) C:\Users\Jeremy platano\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A647D14D-F75B-4BBF-A885-C1084F7500E1}] => (Allow) C:\Users\Jeremy platano\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{59A1FBC1-D96D-43A0-BAE2-6544177147A1}] => (Allow) C:\Users\Jeremy platano\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3B797DC2-3802-4EF2-A5C1-72A7BFD793F0}] => (Allow) C:\Users\Jeremy platano\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AEF4237C-5EDD-48A4-A717-8D3279C525CC}] => (Allow) C:\ProgramData\download\MiniThunderPlatform.exe
FirewallRules: [{AADB48CB-3293-4F57-A3FD-39D37519A632}] => (Allow) C:\ProgramData\download\MiniThunderPlatform.exe
FirewallRules: [{D57D1E50-42FC-43F1-BED7-A8A315271433}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

08-05-2016 12:33:03 Windows Modules Installer
12-05-2016 16:31:19 Windows Update
15-05-2016 19:10:34 Windows Update
15-05-2016 19:11:43 Windows Update
29-05-2016 11:44:56 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/29/2016 11:50:40 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JEREMY)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/29/2016 11:45:12 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (05/29/2016 11:38:02 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (05/29/2016 11:37:59 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (05/29/2016 11:18:32 AM) (Source: ESENT) (EventID: 908) (User: )
Description: svchost (1944) Terminating process due to non-recoverable failure: PV: 10.0.10586.0 SV: 10.0.10586.0 GLE: 0 ERR: -1603(fucb.cxx:359): dllentry.cxx(103) (ESENT[10.0.10586.0] RETAIL RTM MBCS)

Error: (05/29/2016 03:07:39 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220

Error: (05/28/2016 10:59:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JEREMY)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/28/2016 07:40:14 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JEREMY)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/28/2016 07:40:14 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JEREMY)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/28/2016 05:32:04 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (05/29/2016 11:50:40 AM) (Source: DCOM) (EventID: 10010) (User: JEREMY)
Description: CortanaUI.AppXr0dtzccx33hvam1xwfz3c1354p6222qd.mca

Error: (05/29/2016 11:37:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMScheduler service failed to start due to the following error:
%%1053

Error: (05/29/2016 11:37:51 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect.

Error: (05/29/2016 11:37:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMService service failed to start due to the following error:
%%1053

Error: (05/29/2016 11:37:51 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the MBAMService service to connect.

Error: (05/29/2016 11:36:26 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_7d3bd service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (05/29/2016 11:36:26 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_7d3bd service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (05/29/2016 11:36:26 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_7d3bd service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (05/29/2016 11:36:26 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_7d3bd service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (05/29/2016 11:36:26 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable


CodeIntegrity:
===================================
Date: 2016-05-26 18:48:07.477
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-26 18:25:23.309
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-26 14:43:07.525
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Raptr Inc\PlaysTV\ltc_help32-112681.dll that did not meet the Store signing level requirements.

Date: 2016-05-26 14:43:07.510
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Raptr Inc\PlaysTV\ltc_help32-112681.dll that did not meet the Store signing level requirements.

Date: 2016-05-26 14:43:07.496
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Raptr Inc\PlaysTV\ltc_help32-112681.dll that did not meet the Store signing level requirements.

Date: 2016-05-15 14:44:47.029
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-15 12:45:41.645
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-12 17:26:29.743
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-12 15:54:54.423
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-10 19:57:51.757
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD C-50 Processor
Percentage of memory in use: 42%
Total physical RAM: 3574.86 MB
Available physical RAM: 2054.54 MB
Total Virtual: 4214.86 MB
Available Virtual: 2670.48 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.31 GB) (Free:173.76 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: E1C26B7C)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=297.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

==================== End of Addition.txt ============================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    1.1 KB · Views: 4
Fix result of Farbar Recovery Scan Tool (x86) Version:29-05-2016 02
Ran by Jeremy platano (2016-05-29 13:13:30) Run:1
Running from C:\Users\Jeremy platano\Desktop
Loaded Profiles: Jeremy platano (Available Profiles: Jeremy platano)
Boot Mode: Normal

==============================================

fixlist content:
*****************
HKLM\...\Run: [] => [X]
C:\Users\Jeremy platano\AppData\Local\Temp\ads.exe
C:\Users\Jeremy platano\AppData\Local\Temp\appstart.exe
C:\Users\Jeremy platano\AppData\Local\Temp\brastub6ab_amotn_inst.exe
C:\Users\Jeremy platano\AppData\Local\Temp\BSvcProcessor.exe
C:\Users\Jeremy platano\AppData\Local\Temp\BSvcUpdater.exe
C:\Users\Jeremy platano\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Jeremy platano\AppData\Local\Temp\install.exe
C:\Users\Jeremy platano\AppData\Local\Temp\libeay32.dll
C:\Users\Jeremy platano\AppData\Local\Temp\msvcr120.dll
C:\Users\Jeremy platano\AppData\Local\Temp\playstv_patch.exe
C:\Users\Jeremy platano\AppData\Local\Temp\raptrpatch.exe
C:\Users\Jeremy platano\AppData\Local\Temp\raptr_stub.exe
C:\Users\Jeremy platano\AppData\Local\Temp\sqlite3.dll
C:\Users\Jeremy platano\AppData\Local\Temp\tmp1069.exe
CustomCLSID: HKU\S-1-5-21-2498457770-3637397173-802165776-1001_Classes\CLSID\{B722BCCD-4E68-101B-A2BC-00AA00404770}\InprocServer32 -> C:\Users\Jeremy platano\AppData\Local\Kingsoft\WPS Office\10.1.0.5579\office6\ksoapi.dll => No File

*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully.
C:\Users\Jeremy platano\AppData\Local\Temp\ads.exe => moved successfully
C:\Users\Jeremy platano\AppData\Local\Temp\appstart.exe => moved successfully
C:\Users\Jeremy platano\AppData\Local\Temp\brastub6ab_amotn_inst.exe => moved successfully
C:\Users\Jeremy platano\AppData\Local\Temp\BSvcProcessor.exe => moved successfully
C:\Users\Jeremy platano\AppData\Local\Temp\BSvcUpdater.exe => moved successfully
C:\Users\Jeremy platano\AppData\Local\Temp\dllnt_dump.dll => moved successfully
C:\Users\Jeremy platano\AppData\Local\Temp\install.exe => moved successfully
C:\Users\Jeremy platano\AppData\Local\Temp\libeay32.dll => moved successfully
C:\Users\Jeremy platano\AppData\Local\Temp\msvcr120.dll => moved successfully
C:\Users\Jeremy platano\AppData\Local\Temp\playstv_patch.exe => moved successfully
C:\Users\Jeremy platano\AppData\Local\Temp\raptrpatch.exe => moved successfully
C:\Users\Jeremy platano\AppData\Local\Temp\raptr_stub.exe => moved successfully
C:\Users\Jeremy platano\AppData\Local\Temp\sqlite3.dll => moved successfully
C:\Users\Jeremy platano\AppData\Local\Temp\tmp1069.exe => moved successfully
"HKU\S-1-5-21-2498457770-3637397173-802165776-1001_Classes\CLSID\{B722BCCD-4E68-101B-A2BC-00AA00404770}" => key removed successfully.

==== End of Fixlog 13:13:38 ====
 
Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
Results of screen317's Security Check version 1.014 --- 12/23/15
x86 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
Google Chrome (51.0.2704.63)
Google Chrome (SetupMetrics.pma..)
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Malwarebytes Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C::
````````````````````End of Log``````````````````````
 
Farbar Service Scanner Version: 27-01-2016
Ran by Jeremy platano (administrator) on 29-05-2016 at 15:20:57
Running from "C:\Users\Jeremy platano\Desktop"
Microsoft Windows 10 Pro (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\WINDOWS\system32\nsisvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\afd.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\tdx.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\tcpip.sys => File is digitally signed
C:\WINDOWS\system32\dnsrslvr.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\mpssvc.dll => File is digitally signed
C:\WINDOWS\system32\bfe.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\WINDOWS\system32\SDRSVC.dll => File is digitally signed
C:\WINDOWS\system32\vssvc.exe => File is digitally signed
C:\WINDOWS\system32\wscsvc.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\wuaueng.dll => File is digitally signed
C:\WINDOWS\system32\qmgr.dll => File is digitally signed
C:\WINDOWS\system32\es.dll => File is digitally signed
C:\WINDOWS\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\WINDOWS\system32\ipnathlp.dll => File is digitally signed
C:\WINDOWS\system32\iphlpsvc.dll => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed


**** End of log ****
 
The Virus Removal Tool found no viruses so there was no log for that. The computer is running better than before; however I still have those numerous internet explorer background processes that won't end and the CPU is almost maxed out because of them (if I am not even doing anything there should be no reason for internet explorer to be using 50% of the CPU).
 
Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
NOTE. Windows Vista, 7 and 8 users right click on procexp.exe, click "Run As Administrator".
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Paste the content into your next reply.
 
I figured out how to disable Internet Explorer so now it no longer appears on the task manager list and I believe it has stopped affecting the CPU as much. I still have the procexp.txt document for you just in case there is a possibility that something else may also be causing unusual CPU spikes.
 
You must log in or register to reply here.

Similar threads

A
Apple M3 MacBook Air hits 114 degrees Celsius under full load
2
Replies
32
Views
503
hwertz
hwertz
Daniel Sims
AMD patent potentially describes future GPU chiplet design
Replies
21
Views
440
HardReset
H
D
"Stop Killing Games" is a new campaign to prevent publishers from taking their titles offline
2
Replies
35
Views
402
magisys
magisys

Latest posts

Back