TechSpot

Dwm.exe virus

By Kyle95
Apr 26, 2016
  1. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-04-2016
    Ran by Kyle (administrator) on LENOVO-PC (26-04-2016 13:23:25)
    Running from C:\Users\Kyle\Downloads
    Loaded Profiles: Kyle (Available Profiles: Kyle & cw210)
    Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
    (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
    () C:\Windows\SysWOW64\PnkBstrB.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
    (Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    () C:\Windows\SysWOW64\PnkBstrA.exe
    () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
    (Intel Corporation) C:\Windows\System32\igfxTray.exe
    (Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
    (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
    (CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
    (Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [935104 2014-11-25] (Conexant Systems, Inc.)
    HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
    HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17111056 2014-09-20] (Lenovo (Beijing) Limited)
    HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2014-09-20] (Lenovo(beijing) Limited)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-06-03] (Synaptics Incorporated)
    HKLM\...\Run: [WINCOM6H6] => "C:\Program Files (x86)\browseextension\wincom_6H6.exe"
    HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [561672 2015-06-12] (Vimicro)
    HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)
    HKU\S-1-5-21-3278036897-2692558216-3348730596-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3077712 2016-03-31] (Valve Corporation)
    HKU\S-1-5-21-3278036897-2692558216-3348730596-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50599552 2016-02-10] (Skype Technologies S.A.)
    HKU\S-1-5-21-3278036897-2692558216-3348730596-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8686296 2016-03-11] (Piriform Ltd)
    HKU\S-1-5-21-3278036897-2692558216-3348730596-1001\...\Run: [tsiVideo] => C:\WINDOWS\SysWOW64\rundll32.exe C:\Users\Kyle\AppData\Local\Temp\mdi064.dll,fjasdfn <===== ATTENTION
    HKU\S-1-5-21-3278036897-2692558216-3348730596-1001\...\Run: [Chromium] => "c:\users\kyle\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
    HKU\S-1-5-21-3278036897-2692558216-3348730596-1001\...\MountPoints2: F - "F:\OriginInstaller.exe"
    Startup: C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2015-12-15] ()

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{ad3f64f4-91bb-4746-a26e-b8bbaf3a856a}: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{eb32ea8e-8f55-4e4c-921e-1175a432f467}: [DhcpNameServer] 192.168.0.1

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nxtad_16_17&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDyByCtC0CtCtBtAyD0DtCtC0EyBtAtN0D0Tzu0StCyDyByBtN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StD0FtD0AyC0E0BtDtGyCtAtD0DtGtBtDtDtCtGyE0E0C0AtGtCyCtB0AyE0A0B0C0D0C0Dzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0EyCtBtDyDzy0EtGyC0AtCtCtGyEtDtA0AtGzytD0DyDtG0DyDyCtCtBzy0E0F0A0ByE0A2QtN0A0LzuyE%26cr%3D1548146698%26a%3Dwbf_nxtad_16_17%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nxtad_16_17&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDyByCtC0CtCtBtAyD0DtCtC0EyBtAtN0D0Tzu0StCyDyByBtN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StD0FtD0AyC0E0BtDtGyCtAtD0DtGtBtDtDtCtGyE0E0C0AtGtCyCtB0AyE0A0B0C0D0C0Dzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0EyCtBtDyDzy0EtGyC0AtCtCtGyEtDtA0AtGzytD0DyDtG0DyDyCtCtBzy0E0F0A0ByE0A2QtN0A0LzuyE%26cr%3D1548146698%26a%3Dwbf_nxtad_16_17%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
    HKU\S-1-5-21-3278036897-2692558216-3348730596-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
    HKU\S-1-5-21-3278036897-2692558216-3348730596-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
    HKU\S-1-5-21-3278036897-2692558216-3348730596-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
    SearchScopes: HKLM -> DefaultScope {55F58303-11AB-4465-91C1-CF4A998C90DD} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_pwrisofs_15_50&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDyByCtC0CtCtBtAyD0DtCtC0EyBtAtN0D0Tzu0StCyEtAzztN1L2XzutAtFtCyCtFtCtFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StDtDtCzzzyyC0DyCtGyEyEyE0BtG0CyB0D0CtGtByB0CzztGyC0EtDyDtA0F0DyDtA0EtC0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0EyCtBtDyDzy0EtGyC0AtCtCtGyEtDtA0AtGzytD0DyDtG0DyDyCtCtBzy0E0F0A0ByE0A2QtN0A0LzuyE%26cr%3D1154271230%26a%3Dwncy_pwrisofs_15_50%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
    SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nxtad_16_17&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDyByCtC0CtCtBtAyD0DtCtC0EyBtAtN0D0Tzu0StCyDyByBtN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StD0FtD0AyC0E0BtDtGyCtAtD0DtGtBtDtDtCtGyE0E0C0AtGtCyCtB0AyE0A0B0C0D0C0Dzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0EyCtBtDyDzy0EtGyC0AtCtCtGyEtDtA0AtGzytD0DyDtG0DyDyCtCtBzy0E0F0A0ByE0A2QtN0A0LzuyE%26cr%3D1548146698%26a%3Dwbf_nxtad_16_17%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
    SearchScopes: HKLM -> {55F58303-11AB-4465-91C1-CF4A998C90DD} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_pwrisofs_15_50&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDyByCtC0CtCtBtAyD0DtCtC0EyBtAtN0D0Tzu0StCyEtAzztN1L2XzutAtFtCyCtFtCtFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StDtDtCzzzyyC0DyCtGyEyEyE0BtG0CyB0D0CtGtByB0CzztGyC0EtDyDtA0F0DyDtA0EtC0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0EyCtBtDyDzy0EtGyC0AtCtCtGyEtDtA0AtGzytD0DyDtG0DyDyCtCtBzy0E0F0A0ByE0A2QtN0A0LzuyE%26cr%3D1154271230%26a%3Dwncy_pwrisofs_15_50%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-3278036897-2692558216-3348730596-1001 -> DefaultScope {55F58303-11AB-4465-91C1-CF4A998C90DD} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_pwrisofs_15_50&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDyByCtC0CtCtBtAyD0DtCtC0EyBtAtN0D0Tzu0StCyEtAzztN1L2XzutAtFtCyCtFtCtFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StDtDtCzzzyyC0DyCtGyEyEyE0BtG0CyB0D0CtGtByB0CzztGyC0EtDyDtA0F0DyDtA0EtC0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0EyCtBtDyDzy0EtGyC0AtCtCtGyEtDtA0AtGzytD0DyDtG0DyDyCtCtBzy0E0F0A0ByE0A2QtN0A0LzuyE%26cr%3D1154271230%26a%3Dwncy_pwrisofs_15_50%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-3278036897-2692558216-3348730596-1001 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3335112&octid=EB_ORIGINAL_CTID&ISID=MD96DD767-7CA2-4E9E-8631-E22ACB53D56D&SearchSource=58&CUI=&UM=8&UP=SPA6D03BD4-5793-4BEA-AC73-223E7225897E&D=042516&q={searchTerms}&SSPV=
    SearchScopes: HKU\S-1-5-21-3278036897-2692558216-3348730596-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3278036897-2692558216-3348730596-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nxtad_16_17&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDyByCtC0CtCtBtAyD0DtCtC0EyBtAtN0D0Tzu0StCyDyByBtN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StD0FtD0AyC0E0BtDtGyCtAtD0DtGtBtDtDtCtGyE0E0C0AtGtCyCtB0AyE0A0B0C0D0C0Dzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0EyCtBtDyDzy0EtGyC0AtCtCtGyEtDtA0AtGzytD0DyDtG0DyDyCtCtBzy0E0F0A0ByE0A2QtN0A0LzuyE%26cr%3D1548146698%26a%3Dwbf_nxtad_16_17%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-3278036897-2692558216-3348730596-1001 -> {55F58303-11AB-4465-91C1-CF4A998C90DD} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_pwrisofs_15_50&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDyByCtC0CtCtBtAyD0DtCtC0EyBtAtN0D0Tzu0StCyEtAzztN1L2XzutAtFtCyCtFtCtFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StDtDtCzzzyyC0DyCtGyEyEyE0BtG0CyB0D0CtGtByB0CzztGyC0EtDyDtA0F0DyDtA0EtC0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0EyCtBtDyDzy0EtGyC0AtCtCtGyEtDtA0AtGzytD0DyDtG0DyDyCtCtBzy0E0F0A0ByE0A2QtN0A0LzuyE%26cr%3D1154271230%26a%3Dwncy_pwrisofs_15_50%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-04-03] (Microsoft Corporation)
    BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-04-03] (Microsoft Corporation)
    BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll [2013-11-29] (BitComet)
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-03] (Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-03] (Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-03] (Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-03] (Microsoft Corporation)
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe

    FireFox:
    ========
    FF ProfilePath: C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\wh5qfgre.default-1460419834305
    FF NewTab: hxxp://www.google.com
    FF DefaultSearchEngine: Google
    FF SelectedSearchEngine: Google
    FF Homepage: search.mpc.am
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-12] ()
    FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [No File]
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-12] ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-08] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-08] (Intel Corporation)
    FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [No File]
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-04-03] (Microsoft Corporation)
    FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2013-12-13] (Nitro PDF)
    FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll [2015-11-11] (Tencent)
    FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.38\Bin\npSSOAxCtrlForPTLogin.dll [2011-12-22] ()
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
    FF SearchPlugin: C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\wh5qfgre.default-1460419834305\searchplugins\Search Provided by Yahoo.xml [2016-04-26]
    FF SearchPlugin: C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\wh5qfgre.default-1460419834305\searchplugins\trovi.xml [2016-04-26]
    FF Extension: BitComet Video Downloader - C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\wh5qfgre.default-1460419834305\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} [2016-04-25] [not signed]
    FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
    StartMenuInternet: FIREFOX.EXE - firefox.exe

    Chrome:
    =======
    CHR HomePage: Profile 1 -> search.mpc.am
    CHR StartupUrls: Profile 1 -> "search.mpc.am"
    CHR Profile: C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Profile 1
    CHR Extension: (Google Docs) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-26]
    CHR Extension: (AdBlock) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-04-26]
    CHR Extension: (Extutil) - C:\Users\Kyle\AppData\Local\Temp\D8ADFCCA-EE7E-442C-9999-C4D14FEF360B [2016-04-26]
    CHR Extension: (Managera) - C:\Users\Kyle\AppData\Local\Temp\39fdaae5-8e0e-493c-88ec-e05c3be06e42 [2016-04-26]
    CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-3278036897-2692558216-3348730596-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [dhigneefebkcagnpnpbibganpmfgebnk] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2015-03-27] (Broadcom Corporation.)
    S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1225216 2015-10-12] ()
    S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (www.BitComet.com)
    S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-12-26] (BitRaider, LLC)
    R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2838768 2016-04-03] (Microsoft Corporation)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
    R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-10-17] (Intel Corporation)
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
    S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272864 2016-01-08] (Lenovo)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
    R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-13] (Nitro PDF Software)
    S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2015-12-09] (Electronic Arts)
    R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [66872 2016-01-01] ()
    R2 PnkBstrB; C:\WINDOWS\SysWOW64\PnkBstrB.exe [107832 2016-01-01] ()
    R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
    R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [249032 2015-06-03] (Synaptics Incorporated)
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
     
  2. Kyle95

    Kyle95 TS Rookie Topic Starter

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [173312 2015-03-27] (Broadcom Corporation.)
    R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7474864 2013-08-07] (Broadcom Corporation)
    S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2015-12-27] (BitRaider)
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
    R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-26] (Malwarebytes)
    R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
    R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-08] (Intel Corporation)
    R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
    R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-03] (Synaptics Incorporated)
    R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [802312 2015-06-12] (Vimicro Corporation)
    S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
    R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
    R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
    R3 WirelessKeyboardFilter; C:\Windows\System32\drivers\WirelessKeyboardFilter.sys [49384 2016-03-29] (Microsoft Corporation)
    S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
    S1 MPCKpt; system32\DRIVERS\MPCKpt.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-04-26 13:23 - 2016-04-26 13:24 - 00022786 _____ C:\Users\Kyle\Downloads\FRST.txt
    2016-04-26 13:22 - 2016-04-26 13:23 - 00000000 ____D C:\FRST
    2016-04-26 13:21 - 2016-04-26 13:21 - 02376192 _____ (Farbar) C:\Users\Kyle\Downloads\FRST64.exe
    2016-04-26 12:56 - 2016-04-26 12:56 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2016-04-26 12:55 - 2016-04-26 12:55 - 00001186 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2016-04-26 12:55 - 2016-04-26 12:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2016-04-26 12:55 - 2016-04-26 12:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2016-04-26 12:55 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
    2016-04-26 12:55 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2016-04-26 12:55 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
    2016-04-26 12:50 - 2016-04-26 12:55 - 22851472 _____ (Malwarebytes ) C:\Users\Kyle\Downloads\mbam-setup-2.2.1.1043.exe
    2016-04-26 11:54 - 2016-04-26 11:54 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\MCorp
    2016-04-26 07:11 - 2016-04-26 07:11 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\ByteFence
    2016-04-26 07:01 - 2016-04-26 07:13 - 00000000 ____D C:\Program Files (x86)\browseextension
    2016-04-26 07:01 - 2016-04-26 07:01 - 00000000 ____D C:\Users\Kyle\AppData\Local\tuto_monetize_120160425
    2016-04-26 01:27 - 2016-04-26 01:27 - 00001435 _____ C:\Users\Kyle\Desktop\Mass Effect 3.lnk
    2016-04-26 00:50 - 2016-04-26 00:50 - 00000000 ____D C:\Users\Kyle\Documents\BioWare
    2016-04-25 02:46 - 2016-04-26 00:08 - 00000000 ____D C:\Users\Kyle\Desktop\Mass.Effect.3-RELOADED-[BTARENA.org].iso
    2016-04-25 02:45 - 2016-04-25 02:45 - 00000864 _____ C:\Users\Public\Desktop\BitComet.lnk
    2016-04-25 02:45 - 2016-04-25 02:45 - 00000000 ____D C:\Program Files\BitComet
    2016-04-25 02:44 - 2016-04-25 02:44 - 10665336 _____ C:\Users\Kyle\Downloads\BitComet_1.40_x64_setup (1).exe
    2016-04-20 21:36 - 2016-04-20 21:36 - 00000000 ____D C:\WINDOWS\System32\Tasks\Games
    2016-04-19 16:59 - 2016-04-19 16:59 - 00293564 _____ C:\WINDOWS\Minidump\041916-21281-01.dmp
    2016-04-14 12:08 - 2016-04-14 12:24 - 00000728 _____ C:\tracert.txt
    2016-04-14 12:00 - 2016-04-14 12:00 - 01454960 _____ C:\Users\Kyle\Desktop\MsInfo.txt
    2016-04-14 11:59 - 2016-04-14 11:59 - 00079801 _____ C:\Users\Kyle\Desktop\DxDiag.txt
    2016-04-13 00:52 - 2016-04-02 04:14 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
    2016-04-13 00:52 - 2016-03-29 11:20 - 07474016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2016-04-13 00:52 - 2016-03-29 11:20 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
    2016-04-13 00:52 - 2016-03-29 11:18 - 02152280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
    2016-04-13 00:52 - 2016-03-29 10:37 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
    2016-04-13 00:52 - 2016-03-29 09:41 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
    2016-04-13 00:52 - 2016-03-29 09:06 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
    2016-04-13 00:52 - 2016-03-29 09:02 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
    2016-04-13 00:52 - 2016-03-29 09:01 - 00541304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
    2016-04-13 00:52 - 2016-03-29 08:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
    2016-04-13 00:52 - 2016-03-29 08:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
    2016-04-13 00:52 - 2016-03-29 08:46 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
    2016-04-13 00:52 - 2016-03-29 08:36 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
    2016-04-13 00:52 - 2016-03-29 08:20 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
    2016-04-13 00:52 - 2016-03-29 08:19 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
    2016-04-13 00:52 - 2016-03-29 08:15 - 01714688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
    2016-04-13 00:52 - 2016-03-29 08:15 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
    2016-04-13 00:52 - 2016-03-29 08:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
    2016-04-13 00:52 - 2016-03-29 08:12 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
    2016-04-13 00:52 - 2016-03-29 08:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
    2016-04-13 00:52 - 2016-03-29 08:10 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2016-04-13 00:52 - 2016-03-29 08:07 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
    2016-04-13 00:52 - 2016-03-29 08:02 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
    2016-04-13 00:52 - 2016-03-29 08:02 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
    2016-04-13 00:52 - 2016-03-29 08:00 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
    2016-04-13 00:52 - 2016-03-29 07:42 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2016-04-13 00:52 - 2016-03-29 07:37 - 01444352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
    2016-04-13 00:52 - 2016-03-29 07:37 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
    2016-04-13 00:52 - 2016-03-29 07:37 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
    2016-04-13 00:52 - 2016-03-29 07:32 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2016-04-13 00:52 - 2016-03-29 07:31 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2016-04-13 00:52 - 2016-03-29 07:28 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
    2016-04-13 00:52 - 2016-03-29 07:27 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
    2016-04-13 00:52 - 2016-03-29 07:26 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2016-04-13 00:52 - 2016-03-29 07:19 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
    2016-04-13 00:52 - 2016-03-29 07:05 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2016-04-13 00:52 - 2016-03-29 07:05 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2016-04-13 00:52 - 2016-03-29 07:02 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2016-04-13 00:52 - 2016-03-29 07:01 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2016-04-13 00:52 - 2016-03-29 06:56 - 16985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2016-04-13 00:52 - 2016-03-29 06:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2016-04-13 00:52 - 2016-03-29 06:51 - 22378496 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2016-04-13 00:52 - 2016-03-29 06:51 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2016-04-13 00:52 - 2016-03-29 06:49 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
    2016-04-13 00:52 - 2016-03-29 06:43 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
    2016-04-13 00:52 - 2016-03-29 06:41 - 24602112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2016-04-13 00:52 - 2016-03-29 06:41 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2016-04-13 00:52 - 2016-03-29 06:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2016-04-13 00:52 - 2016-03-29 06:38 - 18673664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2016-04-13 00:52 - 2016-03-29 06:38 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
    2016-04-13 00:52 - 2016-03-29 06:37 - 19340800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2016-04-13 00:52 - 2016-03-29 06:27 - 07836160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2016-04-13 00:52 - 2016-03-29 06:27 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2016-04-13 00:51 - 2016-04-02 05:13 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
    2016-04-13 00:51 - 2016-04-02 05:10 - 00770640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
    2016-04-13 00:51 - 2016-04-02 05:10 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
    2016-04-13 00:51 - 2016-04-02 05:10 - 00374008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
    2016-04-13 00:51 - 2016-04-02 04:30 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
    2016-04-13 00:51 - 2016-04-02 04:29 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
    2016-04-13 00:51 - 2016-04-02 04:29 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
    2016-04-13 00:51 - 2016-04-02 04:26 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
    2016-04-13 00:51 - 2016-04-02 04:25 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
    2016-04-13 00:51 - 2016-04-02 04:25 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
    2016-04-13 00:51 - 2016-04-02 04:23 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
    2016-04-13 00:51 - 2016-04-02 04:23 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
    2016-04-13 00:51 - 2016-04-02 04:21 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
    2016-04-13 00:51 - 2016-04-02 04:19 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2016-04-13 00:51 - 2016-04-02 04:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
    2016-04-13 00:51 - 2016-04-02 04:15 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
    2016-04-13 00:51 - 2016-04-02 04:09 - 01832448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
    2016-04-13 00:51 - 2016-04-02 04:07 - 03575296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
    2016-04-13 00:51 - 2016-04-02 04:07 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2016-04-13 00:51 - 2016-04-02 04:03 - 04774912 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
    2016-04-13 00:51 - 2016-04-02 04:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
    2016-04-13 00:51 - 2016-03-29 11:23 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
    2016-04-13 00:51 - 2016-03-29 11:22 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2016-04-13 00:51 - 2016-03-29 11:22 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
    2016-04-13 00:51 - 2016-03-29 11:20 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2016-04-13 00:51 - 2016-03-29 11:20 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2016-04-13 00:51 - 2016-03-29 11:15 - 00100232 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
    2016-04-13 00:51 - 2016-03-29 11:11 - 00686976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
    2016-04-13 00:51 - 2016-03-29 11:05 - 01152864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
    2016-04-13 00:51 - 2016-03-29 11:02 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
    2016-04-13 00:51 - 2016-03-29 11:02 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
    2016-04-13 00:51 - 2016-03-29 10:56 - 01297752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
    2016-04-13 00:51 - 2016-03-29 10:28 - 00696664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
    2016-04-13 00:51 - 2016-03-29 10:28 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
    2016-04-13 00:51 - 2016-03-29 10:28 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
    2016-04-13 00:51 - 2016-03-29 10:25 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
    2016-04-13 00:51 - 2016-03-29 10:25 - 00058400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
    2016-04-13 00:51 - 2016-03-29 10:19 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
    2016-04-13 00:51 - 2016-03-29 10:18 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
    2016-04-13 00:51 - 2016-03-29 10:17 - 00300104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
    2016-04-13 00:51 - 2016-03-29 10:13 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
    2016-04-13 00:51 - 2016-03-29 10:11 - 00605440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2016-04-13 00:51 - 2016-03-29 10:11 - 00074424 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
    2016-04-13 00:51 - 2016-03-29 10:10 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
    2016-04-13 00:51 - 2016-03-29 10:09 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
    2016-04-13 00:51 - 2016-03-29 10:08 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
    2016-04-13 00:51 - 2016-03-29 10:08 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
    2016-04-13 00:51 - 2016-03-29 10:07 - 00081144 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
    2016-04-13 00:51 - 2016-03-29 09:44 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
    2016-04-13 00:51 - 2016-03-29 09:44 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
    2016-04-13 00:51 - 2016-03-29 09:41 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
    2016-04-13 00:51 - 2016-03-29 09:32 - 00253088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
    2016-04-13 00:51 - 2016-03-29 09:26 - 02403680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
    2016-04-13 00:51 - 2016-03-29 09:26 - 01089888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
    2016-04-13 00:51 - 2016-03-29 09:26 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll
    2016-04-13 00:51 - 2016-03-29 09:25 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll
    2016-04-13 00:51 - 2016-03-29 09:24 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
    2016-04-13 00:51 - 2016-03-29 09:23 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll
    2016-04-13 00:51 - 2016-03-29 09:21 - 00378208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
    2016-04-13 00:51 - 2016-03-29 09:16 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
    2016-04-13 00:51 - 2016-03-29 09:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
    2016-04-13 00:51 - 2016-03-29 09:07 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll
    2016-04-13 00:51 - 2016-03-29 08:57 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
    2016-04-13 00:51 - 2016-03-29 08:51 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
    2016-04-13 00:51 - 2016-03-29 08:51 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
    2016-04-13 00:51 - 2016-03-29 08:51 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
    2016-04-13 00:51 - 2016-03-29 08:50 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
    2016-04-13 00:51 - 2016-03-29 08:50 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
    2016-04-13 00:51 - 2016-03-29 08:50 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
    2016-04-13 00:51 - 2016-03-29 08:49 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
    2016-04-13 00:51 - 2016-03-29 08:48 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
    2016-04-13 00:51 - 2016-03-29 08:46 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
    2016-04-13 00:51 - 2016-03-29 08:44 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
    2016-04-13 00:51 - 2016-03-29 08:42 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
    2016-04-13 00:51 - 2016-03-29 08:39 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
    2016-04-13 00:51 - 2016-03-29 08:38 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
    2016-04-13 00:51 - 2016-03-29 08:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
    2016-04-13 00:51 - 2016-03-29 08:36 - 00530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
    2016-04-13 00:51 - 2016-03-29 08:35 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
    2016-04-13 00:51 - 2016-03-29 08:35 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
    2016-04-13 00:51 - 2016-03-29 08:34 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
    2016-04-13 00:51 - 2016-03-29 08:34 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
    2016-04-13 00:51 - 2016-03-29 08:34 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
    2016-04-13 00:51 - 2016-03-29 08:33 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
    2016-04-13 00:51 - 2016-03-29 08:30 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
    2016-04-13 00:51 - 2016-03-29 08:30 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
    2016-04-13 00:51 - 2016-03-29 08:28 - 00460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
    2016-04-13 00:51 - 2016-03-29 08:27 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
    2016-04-13 00:51 - 2016-03-29 08:26 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
    2016-04-13 00:51 - 2016-03-29 08:23 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
    2016-04-13 00:51 - 2016-03-29 08:23 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
    2016-04-13 00:51 - 2016-03-29 08:23 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
    2016-04-13 00:51 - 2016-03-29 08:22 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
    2016-04-13 00:51 - 2016-03-29 08:21 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
    2016-04-13 00:51 - 2016-03-29 08:20 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
    2016-04-13 00:51 - 2016-03-29 08:20 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsdchngr.dll
    2016-04-13 00:51 - 2016-03-29 08:19 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
    2016-04-13 00:51 - 2016-03-29 08:18 - 00676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
    2016-04-13 00:51 - 2016-03-29 08:17 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
    2016-04-13 00:51 - 2016-03-29 08:17 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
    2016-04-13 00:51 - 2016-03-29 08:17 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
    2016-04-13 00:51 - 2016-03-29 08:16 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
    2016-04-13 00:51 - 2016-03-29 08:16 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
    2016-04-13 00:51 - 2016-03-29 08:14 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
    2016-04-13 00:51 - 2016-03-29 08:14 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
    2016-04-13 00:51 - 2016-03-29 08:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
    2016-04-13 00:51 - 2016-03-29 08:12 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
    2016-04-13 00:51 - 2016-03-29 08:11 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
    2016-04-13 00:51 - 2016-03-29 08:11 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
    2016-04-13 00:51 - 2016-03-29 08:11 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
    2016-04-13 00:51 - 2016-03-29 08:11 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll
    2016-04-13 00:51 - 2016-03-29 08:10 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
    2016-04-13 00:51 - 2016-03-29 08:09 - 01239552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
    2016-04-13 00:51 - 2016-03-29 08:08 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
    2016-04-13 00:51 - 2016-03-29 08:08 - 00841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
    2016-04-13 00:51 - 2016-03-29 08:07 - 01902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
    2016-04-13 00:51 - 2016-03-29 08:06 - 01575936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
    2016-04-13 00:51 - 2016-03-29 08:06 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
    2016-04-13 00:51 - 2016-03-29 08:05 - 01395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
    2016-04-13 00:51 - 2016-03-29 08:04 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
    2016-04-13 00:51 - 2016-03-29 08:03 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
    2016-04-13 00:51 - 2016-03-29 08:02 - 01211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
    2016-04-13 00:51 - 2016-03-29 08:00 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
    2016-04-13 00:51 - 2016-03-29 07:59 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
    2016-04-13 00:51 - 2016-03-29 07:59 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
    2016-04-13 00:51 - 2016-03-29 07:56 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
    2016-04-13 00:51 - 2016-03-29 07:56 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
    2016-04-13 00:51 - 2016-03-29 07:55 - 01052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
    2016-04-13 00:51 - 2016-03-29 07:53 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
    2016-04-13 00:51 - 2016-03-29 07:53 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
    2016-04-13 00:51 - 2016-03-29 07:52 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
    2016-04-13 00:51 - 2016-03-29 07:49 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
    2016-04-13 00:51 - 2016-03-29 07:48 - 00346624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
    2016-04-13 00:51 - 2016-03-29 07:44 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
    2016-04-13 00:51 - 2016-03-29 07:43 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AccountsRt.dll
    2016-04-13 00:51 - 2016-03-29 07:42 - 01410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
    2016-04-13 00:51 - 2016-03-29 07:42 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
    2016-04-13 00:51 - 2016-03-29 07:41 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
    2016-04-13 00:51 - 2016-03-29 07:40 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
    2016-04-13 00:51 - 2016-03-29 07:39 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
    2016-04-13 00:51 - 2016-03-29 07:39 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
    2016-04-13 00:51 - 2016-03-29 07:38 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
    2016-04-13 00:51 - 2016-03-29 07:36 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
    2016-04-13 00:51 - 2016-03-29 07:36 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
    2016-04-13 00:51 - 2016-03-29 07:35 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
    2016-04-13 00:51 - 2016-03-29 07:34 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
    2016-04-13 00:51 - 2016-03-29 07:34 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
    2016-04-13 00:51 - 2016-03-29 07:34 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
    2016-04-13 00:51 - 2016-03-29 07:32 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
    2016-04-13 00:51 - 2016-03-29 07:32 - 01098240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
    2016-04-13 00:51 - 2016-03-29 07:32 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
    2016-04-13 00:51 - 2016-03-29 07:32 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
    2016-04-13 00:51 - 2016-03-29 07:32 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
    2016-04-13 00:51 - 2016-03-29 07:32 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
    2016-04-13 00:51 - 2016-03-29 07:32 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
    2016-04-13 00:51 - 2016-03-29 07:31 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
    2016-04-13 00:51 - 2016-03-29 07:31 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
    2016-04-13 00:51 - 2016-03-29 07:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
    2016-04-13 00:51 - 2016-03-29 07:30 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
    2016-04-13 00:51 - 2016-03-29 07:29 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
    2016-04-13 00:51 - 2016-03-29 07:29 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
    2016-04-13 00:51 - 2016-03-29 07:28 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
    2016-04-13 00:51 - 2016-03-29 07:27 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
    2016-04-13 00:51 - 2016-03-29 07:27 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
    2016-04-13 00:51 - 2016-03-29 07:23 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
    2016-04-13 00:51 - 2016-03-29 07:22 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
    2016-04-13 00:51 - 2016-03-29 07:17 - 00765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
    2016-04-13 00:51 - 2016-03-29 07:14 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
    2016-04-13 00:51 - 2016-03-29 07:13 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
    2016-04-13 00:51 - 2016-03-29 07:10 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
    2016-04-13 00:51 - 2016-03-29 07:06 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
    2016-04-13 00:51 - 2016-03-29 07:05 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
    2016-04-13 00:51 - 2016-03-29 07:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
    2016-04-13 00:51 - 2016-03-29 07:05 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
    2016-04-13 00:51 - 2016-03-29 07:04 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
    2016-04-13 00:51 - 2016-03-29 07:04 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
    2016-04-13 00:51 - 2016-03-29 07:01 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
    2016-04-13 00:51 - 2016-03-29 06:58 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
    2016-04-13 00:51 - 2016-03-29 06:45 - 03078144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
    2016-04-13 00:51 - 2016-03-29 06:45 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
    2016-04-13 00:51 - 2016-03-29 06:43 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
    2016-04-13 00:51 - 2016-03-29 06:36 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
    2016-04-13 00:51 - 2016-03-29 06:35 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
    2016-04-13 00:51 - 2016-03-29 06:26 - 00958976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
    2016-04-13 00:51 - 2016-03-29 06:26 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
    2016-04-13 00:51 - 2016-03-29 06:25 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
    2016-04-13 00:51 - 2016-03-29 06:21 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
    2016-04-13 00:50 - 2016-04-02 04:08 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
    2016-04-13 00:50 - 2016-03-29 09:17 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
    2016-04-13 00:50 - 2016-03-29 09:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
    2016-04-13 00:50 - 2016-03-29 09:07 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
    2016-04-13 00:50 - 2016-03-29 09:07 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
    2016-04-13 00:50 - 2016-03-29 09:06 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacchooks.dll
    2016-04-13 00:50 - 2016-03-29 09:00 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
    2016-04-13 00:50 - 2016-03-29 09:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
    2016-04-13 00:50 - 2016-03-29 09:00 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
    2016-04-13 00:50 - 2016-03-29 08:59 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
    2016-04-13 00:50 - 2016-03-29 08:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
    2016-04-13 00:50 - 2016-03-29 08:57 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
    2016-04-13 00:50 - 2016-03-29 08:57 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
    2016-04-13 00:50 - 2016-03-29 08:55 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
    2016-04-13 00:50 - 2016-03-29 08:55 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
    2016-04-13 00:50 - 2016-03-29 08:55 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
    2016-04-13 00:50 - 2016-03-29 08:54 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
    2016-04-13 00:50 - 2016-03-29 08:54 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
    2016-04-13 00:50 - 2016-03-29 08:53 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
    2016-04-13 00:50 - 2016-03-29 08:52 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
    2016-04-13 00:50 - 2016-03-29 08:50 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
    2016-04-13 00:50 - 2016-03-29 08:50 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
    2016-04-13 00:50 - 2016-03-29 08:49 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthLEEnum.sys
    2016-04-13 00:50 - 2016-03-29 08:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
    2016-04-13 00:50 - 2016-03-29 08:34 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
    2016-04-13 00:50 - 2016-03-29 08:32 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2016-04-13 00:50 - 2016-03-29 08:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
    2016-04-13 00:50 - 2016-03-29 08:20 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
    2016-04-13 00:50 - 2016-03-29 08:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacchooks.dll
    2016-04-13 00:50 - 2016-03-29 08:14 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
    2016-04-13 00:50 - 2016-03-29 08:11 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
    2016-04-13 00:50 - 2016-03-29 08:11 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
    2016-04-13 00:50 - 2016-03-29 08:09 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
    2016-04-13 00:50 - 2016-03-29 08:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
    2016-04-13 00:50 - 2016-03-29 08:08 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
    2016-04-13 00:50 - 2016-03-29 08:06 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
    2016-04-13 00:50 - 2016-03-29 08:05 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
    2016-04-13 00:50 - 2016-03-29 08:00 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
    2016-04-13 00:50 - 2016-03-29 08:00 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
    2016-04-13 00:50 - 2016-03-29 07:59 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
    2016-04-13 00:50 - 2016-03-29 07:52 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
    2016-04-13 00:50 - 2016-03-29 07:39 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
    2016-04-13 00:50 - 2016-03-29 07:34 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
    2016-04-13 00:50 - 2016-03-29 07:27 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
    2016-04-13 00:50 - 2016-03-29 07:27 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
    2016-04-13 00:50 - 2016-03-29 07:05 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
    2016-04-13 00:50 - 2016-03-29 07:00 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
    2016-04-13 00:50 - 2016-03-29 06:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
    2016-04-13 00:50 - 2016-03-29 06:27 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
    2016-04-13 00:50 - 2016-03-29 06:25 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
    2016-04-13 00:22 - 2016-04-19 16:59 - 517923711 _____ C:\WINDOWS\MEMORY.DMP
    2016-04-13 00:22 - 2016-04-13 00:22 - 00281020 _____ C:\WINDOWS\Minidump\041316-16718-01.dmp
    2016-04-12 13:57 - 2016-04-26 12:33 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2016-04-12 13:57 - 2016-04-12 13:57 - 00003806 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
    2016-04-12 12:08 - 2016-04-12 12:08 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_ldiagio_uefi_01009.Wdf
    2016-04-12 12:05 - 2016-04-12 12:05 - 00002075 _____ C:\Users\Public\Desktop\Lenovo Solution Center.lnk
    2016-04-12 01:41 - 2016-04-12 01:41 - 00007597 _____ C:\Users\Kyle\AppData\Local\Resmon.ResmonCfg
    2016-04-12 00:56 - 2016-04-12 00:56 - 00002856 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
    2016-04-12 00:56 - 2016-04-12 00:56 - 00000874 _____ C:\Users\Public\Desktop\CCleaner.lnk
    2016-04-12 00:56 - 2016-04-12 00:56 - 00000848 _____ C:\Users\Public\Desktop\Speccy.lnk
    2016-04-12 00:56 - 2016-04-12 00:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2016-04-12 00:56 - 2016-04-12 00:56 - 00000000 ____D C:\Program Files\Speccy
    2016-04-12 00:56 - 2016-04-12 00:56 - 00000000 ____D C:\Program Files\CCleaner
    2016-04-12 00:55 - 2016-04-12 00:55 - 05111240 _____ (Piriform Ltd) C:\Users\Kyle\Downloads\spsetup129.exe
    2016-04-12 00:55 - 2016-04-12 00:55 - 05111240 _____ (Piriform Ltd) C:\Users\Kyle\Downloads\spsetup129 (1).exe
    2016-04-07 15:28 - 2016-04-07 15:28 - 00000219 _____ C:\Users\Kyle\Desktop\Counter-Strike Global Offensive.url
    2016-04-06 20:03 - 2016-04-25 21:07 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\TS3Client
    2016-04-06 20:03 - 2016-04-06 20:03 - 00001019 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
    2016-04-06 20:03 - 2016-04-06 20:03 - 00000981 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk
    2016-04-06 20:03 - 2016-04-06 20:03 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
    2016-04-06 20:01 - 2016-04-06 20:02 - 31414688 _____ (TeamSpeak Systems GmbH) C:\Users\Kyle\Downloads\TeamSpeak3-Client-win64-3.0.19.exe
    2016-04-05 21:01 - 2016-04-05 21:03 - 19719675 _____ C:\Users\Kyle\Downloads\hv-ms728.zip
    2016-04-05 20:47 - 2016-04-05 20:48 - 11603728 _____ (SafeBytes Software Inc.) C:\Users\Kyle\Downloads\DriverAssist-Setup.exe
    2016-04-01 10:02 - 2016-04-01 10:02 - 01704176 _____ (Overwolf) C:\Users\Kyle\Downloads\OverwolfInstaller.exe
    2016-03-29 23:48 - 2016-03-29 23:48 - 00049384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WirelessKeyboardFilter.sys
    2016-03-29 09:58 - 2016-03-29 09:58 - 02160912 _____ (Microsoft Corporation) C:\WINDOWS\system32\WudfUpdate_01009.dll
    2016-03-28 13:44 - 2016-03-28 13:44 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\.mono
    2016-03-28 13:44 - 2016-03-28 13:44 - 00000000 ____D C:\Users\Kyle\AppData\Local\Blizzard
    2016-03-28 13:44 - 2016-03-28 13:44 - 00000000 ____D C:\ProgramData\.mono
    2016-03-28 12:23 - 2016-03-28 12:23 - 00001265 _____ C:\Users\Public\Desktop\Hearthstone.lnk
    2016-03-28 12:23 - 2016-03-28 12:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
    2016-03-28 11:40 - 2016-04-15 10:51 - 00000000 ____D C:\Program Files (x86)\Hearthstone
    2016-03-27 07:04 - 2016-03-27 06:49 - 20802048 _____ C:\Users\Kyle\Desktop\PRO64_94.exe
    2016-03-27 06:49 - 2016-03-27 06:49 - 00000000 ____D C:\Users\Kyle\AppData\LocalLow\Unity
    2016-03-27 06:43 - 2016-03-27 06:52 - 133425699 _____ C:\Users\Kyle\Downloads\PRO941_64.zip

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-04-26 13:18 - 2015-12-10 07:39 - 00000000 ____D C:\Users\Kyle\AppData\Local\CrashDumps
    2016-04-26 12:50 - 2015-10-03 22:09 - 00004154 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{973B3EE9-0DD5-4BDF-A3E6-AC193429EE16}
    2016-04-26 12:31 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
    2016-04-26 12:31 - 2015-10-06 04:49 - 00881036 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2016-04-26 12:25 - 2016-03-16 19:43 - 00000000 ____D C:\Users\Kyle\AppData\Local\Deployment
    2016-04-26 12:25 - 2015-10-06 04:54 - 00000000 __SHD C:\Users\Kyle\IntelGraphicsProfiles
    2016-04-26 12:24 - 2015-12-24 11:11 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2016-04-26 12:24 - 2015-10-03 22:11 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2016-04-26 12:23 - 2015-12-24 10:53 - 00000000 ____D C:\Users\Kyle
    2016-04-26 12:23 - 2015-10-30 07:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
    2016-04-26 12:16 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
    2016-04-26 12:16 - 2015-10-03 00:05 - 00000000 ____D C:\Users\Kyle\AppData\Local\Packages
    2016-04-26 11:57 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-04-26 11:45 - 2015-11-03 08:52 - 00000000 ___RD C:\Users\Kyle\OneDrive
    2016-04-26 11:45 - 2015-10-06 04:59 - 00002375 _____ C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2016-04-26 08:00 - 2015-12-09 10:26 - 00000097 _____ C:\Users\Kyle\AppData\Roaming\WB.CFG
    2016-04-26 07:10 - 2015-10-03 22:12 - 00002319 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-04-26 07:10 - 2015-10-03 22:12 - 00002301 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2016-04-26 07:03 - 2015-10-15 22:22 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\BitComet
    2016-04-26 07:00 - 2015-12-09 09:23 - 00000258 __RSH C:\ProgramData\ntuser.pol
    2016-04-25 05:41 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\rescache
    2016-04-22 08:57 - 2015-10-06 07:02 - 00453288 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
    2016-04-21 10:27 - 2016-02-22 12:42 - 00000086 _____ C:\Users\Kyle\Desktop\Gateway ID.txt
    2016-04-19 17:05 - 2015-12-24 10:45 - 00338816 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2016-04-19 17:02 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2016-04-19 17:02 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
    2016-04-19 17:02 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
    2016-04-19 17:02 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\bcastdvr
    2016-04-19 16:59 - 2015-12-25 22:54 - 00000000 ____D C:\WINDOWS\Minidump
    2016-04-19 16:54 - 2015-12-14 00:01 - 00000000 ____D C:\Users\Kyle\AppData\Local\Battle.net
    2016-04-19 12:49 - 2015-12-14 00:07 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
    2016-04-19 12:48 - 2015-12-14 00:00 - 00000000 ____D C:\Program Files (x86)\Battle.net
    2016-04-19 10:45 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp
    2016-04-19 10:14 - 2015-10-30 08:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2016-04-19 10:12 - 2014-09-20 15:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
    2016-04-13 19:56 - 2015-10-05 17:16 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\Nitro PDF
    2016-04-13 09:54 - 2015-10-04 00:39 - 00000000 ____D C:\WINDOWS\system32\MRT
    2016-04-13 09:40 - 2015-10-04 00:39 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2016-04-12 13:57 - 2015-10-15 22:20 - 00000000 ____D C:\Users\Kyle\AppData\Local\Adobe
    2016-04-12 12:16 - 2015-10-03 22:13 - 00000000 ____D C:\Program Files (x86)\Steam
    2016-04-12 12:15 - 2015-12-24 18:44 - 00000000 ___DC C:\WINDOWS\Panther
    2016-04-12 12:15 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\ModemLogs
    2016-04-12 12:07 - 2015-10-15 22:20 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\LSC
    2016-04-12 12:05 - 2015-10-15 22:22 - 00000000 ____D C:\Users\Kyle\AppData\Local\LSC
    2016-04-12 12:05 - 2014-09-20 15:43 - 00000000 ____D C:\ProgramData\Lenovo
    2016-04-12 12:05 - 2014-09-20 15:38 - 00000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
    2016-04-12 12:05 - 2014-09-20 15:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
    2016-04-12 12:05 - 2014-09-20 15:09 - 00000000 ____D C:\Program Files\Lenovo
    2016-04-12 12:05 - 2014-09-20 15:07 - 00000000 ____D C:\Program Files (x86)\Lenovo
    2016-04-12 12:03 - 2014-09-20 15:38 - 00000000 ____D C:\WINDOWS\Downloaded Installations
    2016-04-12 01:51 - 2015-12-09 09:31 - 00000000 ____D C:\ProgramData\Norton
    2016-04-12 01:50 - 2016-03-25 14:40 - 00000000 ____D C:\Users\Kyle\AppData\Local\ElevatedDiagnostics
    2016-04-12 01:48 - 2015-10-30 08:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
    2016-04-12 01:48 - 2015-10-30 07:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
    2016-04-08 11:01 - 2016-02-20 15:08 - 00000000 ___RD C:\Users\cw210\OneDrive
    2016-04-08 10:34 - 2016-02-20 15:03 - 00000000 __SHD C:\Users\cw210\IntelGraphicsProfiles
    2016-04-07 22:48 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\NDF
    2016-04-06 20:03 - 2016-03-06 20:19 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\Mumble
    2016-04-06 19:32 - 2015-10-30 08:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2016-04-06 19:32 - 2015-10-30 08:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2016-04-05 21:15 - 2014-09-20 15:03 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2016-04-01 10:05 - 2016-03-06 00:26 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\thriXXX
    2016-04-01 09:44 - 2015-10-03 22:09 - 00000000 __SHD C:\Users\Kyle\AppData\Local\EmieUserList
    2016-04-01 09:44 - 2015-10-03 22:09 - 00000000 __SHD C:\Users\Kyle\AppData\Local\EmieSiteList
    2016-03-30 18:50 - 2016-03-14 00:46 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\Skype

    ==================== Files in the root of some directories =======

    2015-12-09 10:26 - 2016-04-26 08:00 - 0000097 _____ () C:\Users\Kyle\AppData\Roaming\WB.CFG
    2016-04-12 01:41 - 2016-04-12 01:41 - 0007597 _____ () C:\Users\Kyle\AppData\Local\Resmon.ResmonCfg
    2015-12-24 10:49 - 2015-12-24 10:49 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

    Some files in TEMP:
    ====================
    C:\Users\Kyle\AppData\Local\Temp\93DC08XMI6.exe
    C:\Users\Kyle\AppData\Local\Temp\HGJD2AACAE.exe
    C:\Users\Kyle\AppData\Local\Temp\mdi064.dll


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2016-04-20 13:12

    ==================== End of FRST.txt ============================
     
  3. Kyle95

    Kyle95 TS Rookie Topic Starter

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-04-2016
    Ran by Kyle (2016-04-26 13:24:22)
    Running from C:\Users\Kyle\Downloads
    Windows 10 Home Version 1511 (X64) (2015-12-24 10:21:15)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3278036897-2692558216-3348730596-500 - Administrator - Disabled)
    cw210 (S-1-5-21-3278036897-2692558216-3348730596-1004 - Limited - Enabled) => C:\Users\cw210
    DefaultAccount (S-1-5-21-3278036897-2692558216-3348730596-503 - Limited - Disabled)
    Guest (S-1-5-21-3278036897-2692558216-3348730596-501 - Limited - Disabled)
    Kyle (S-1-5-21-3278036897-2692558216-3348730596-1001 - Administrator - Enabled) => C:\Users\Kyle

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.198 - Adobe Systems Incorporated)
    Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
    Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
    BitComet 1.40 64-bit (HKLM-x32\...\BitComet_x64) (Version: 1.40 - CometNetwork)
    BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
    CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform)
    Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.16.50 - Conexant)
    Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve)
    Curse Client (HKU\S-1-5-21-3278036897-2692558216-3348730596-1001\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
    CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
    CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
    CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
    Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.6.5.1 - Dolby Laboratories Inc)
    Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.14 - Lenovo)
    Energy Management (x32 Version: 8.0.2.14 - Lenovo) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
    Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
    League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
    League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
    Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
    Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.7850 - Broadcom Corporation)
    Lenovo Browser Guard (HKLM-x32\...\LenovoBrowserGuard) (Version: 2.12.1.1 - ClientConnect LTD) <==== ATTENTION
    Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 3.15.0414.1 - Vimicro)
    Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
    Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
    Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
    Lenovo PowerDVD10 (x32 Version: 10.0.5630.52 - CyberLink Corp.) Hidden
    Lenovo Solution Center (HKLM\...\{49277B39-D2E8-4342-9CE8-FC080C3FA344}) (Version: 2.8.007.00 - Lenovo Group Limited)
    Lenovo_Wireless_Driver (HKLM-x32\...\{5D642A72-8194-4A22-80DA-11FE610CCA8E}) (Version: 6.30.223.143 - Lenovo)
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    Mass Effect™ 3 (HKLM-x32\...\{6A9D1594-7791-48f5-9CAA-DE9BCB968320}) (Version: 1.01.0.0 - Electronic Arts)
    Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6769.2017 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Mozilla Firefox 43.0.4 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-GB)) (Version: 43.0.4 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
    Mumble 1.2.13 (HKLM-x32\...\{AB6B69F9-1A90-44EC-AE6C-A6BEA2C4F0CB}) (Version: 1.2.13 - Thorvald Natvig)
    Nitro Pro 9 (HKLM\...\{70B831B7-A8EE-4C5F-8F34-F383D24B3A04}) (Version: 9.0.5.9 - Nitro)
    NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
    Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6729.1014 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Licensing Component (Version: 16.0.6729.1014 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6729.1014 - Microsoft Corporation) Hidden
    Origin (HKLM-x32\...\Origin) (Version: 9.11.1.6605 - Electronic Arts, Inc.)
    Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10525 - CyberLink Corp.)
    PowerISO (HKLM-x32\...\PowerISO) (Version: 6.4 - Power Software Ltd)
    PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
    Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.)
    Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
    Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
    Star Wars - Battlefront II (HKLM-x32\...\Steam App 6060) (Version: - Pandemic Studios)
    Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: - Bioware/EA)
    Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
    Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.9.5 - Synaptics Incorporated)
    TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
    The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
    The Sims 4 (HKLM-x32\...\VGhlU2ltczQ=_is1) (Version: 1 - )
    The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.0.732.20 - Electronic Arts Inc.)
    Tom Clancy's Rainbow Six: Vegas 2 (HKLM-x32\...\Steam App 15120) (Version: - Ubisoft Montreal)
    Tukui Client (HKLM-x32\...\{BAD6EBBD-A6A9-41C9-898A-8C868A552E4C}) (Version: 2.4.6 - Tukui)
    User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
    User Manuals (x32 Version: 3.0.0.3 - Lenovo) Hidden
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    Windows Driver Package - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
    Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
    WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
    World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-3278036897-2692558216-3348730596-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Kyle\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileCoAuth.exe (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3278036897-2692558216-3348730596-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {142996AF-B830-4C1D-B0E8-924D1AD5FAAA} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {14A84711-9651-436E-9F8D-B574D78641B3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-03] (Google Inc.)
    Task: {2C340BA3-AA70-4D48-B725-C364C2234380} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-08] (CyberLink Corp.)
    Task: {338D763A-E160-4D52-9F51-F2568F63A780} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-01-08] (Lenovo)
    Task: {35C67789-0315-4EF7-AC0C-987269E8CEB9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {3983BE36-6FB6-40CF-92A9-F0595FE64BF2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-04-03] (Microsoft Corporation)
    Task: {3B356AFD-CAC2-4DC1-8404-0AD96C385870} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-06-03] (Synaptics Incorporated)
    Task: {572EFE3A-819C-43F2-9D58-D9F06A351007} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
    Task: {57966252-4F51-4A1C-BDC2-93BADD1E3F9A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {620C22C9-26EF-4E2B-8799-09FB3DFC28F0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {6B62A517-2661-4031-BD08-35BF31D1307D} - System32\Tasks\Pokki => C:\Users\Kyle\AppData\Local\Pokki\Engine\ServiceHostAppUpdater.exe
    Task: {6E394DBE-1C2B-48ED-B69F-38B1DACD2704} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-12] (Adobe Systems Incorporated)
    Task: {882C7D28-AC45-4589-A619-A5F4A07EB7DB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-03] (Google Inc.)
    Task: {8A287F9F-22D8-4327-BE04-3758DD018C97} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-06-01] (McAfee, Inc.)
    Task: {9EA7BFC8-D316-41A1-B8DC-410B09442F5A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {A4D5983F-E202-4235-839B-9BFBB5A9C00E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-04-03] (Microsoft Corporation)
    Task: {A5EE3D5C-B0A9-4F3C-A81A-3FABBDD535D0} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-01-08] ()
    Task: {A71C4E0D-F155-4791-80A3-8E171F6C2749} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2016-01-08] (Lenovo)
    Task: {AA9F6944-C808-473E-BA44-A7CB25602434} - System32\Tasks\Lenovo\LSC\Time72Task => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2016-01-08] (Lenovo)
    Task: {B153BC16-649B-4F75-86DF-04D563362B24} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd)
    Task: {B5D147EB-7CAE-407A-A7F8-B3FD37283118} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2016-01-08] (Lenovo)
    Task: {B8D19F1A-0173-4DC7-8E58-78C214A2740D} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {C7482126-8440-4FBD-B30C-3D6AFD5AFCB2} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {C7823765-89E2-40F3-B9D3-921F9AEDB46A} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-04-03] (Microsoft Corporation)
    Task: {CFB4B50A-CBF1-4A56-BF70-8B098887D797} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {D59B870F-B717-44D1-B32F-A46C8661014F} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-01-08] ()
    Task: {DC751A23-5D17-4478-8847-21F9DF183AD4} - System32\Tasks\Lenovo\LSC\RebootCountTask => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2016-01-08] (Lenovo)
    Task: {DCF1ECFD-51C9-4C72-A617-34A38E8C12D2} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {DF3B9A50-FA60-4725-86C8-D622D5159F4D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {E7C3FE65-2A73-4862-B23C-054976C78B10} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {F0CEDEE1-A2CA-4DD4-B4B7-3D86B4EA8E1D} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3278036897-2692558216-3348730596-1001

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
    2016-01-01 23:53 - 2016-01-01 23:53 - 00107832 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.exe
    2015-10-06 10:40 - 2016-04-03 04:34 - 00172224 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
    2016-01-01 23:53 - 2016-01-01 23:53 - 00066872 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
    2014-09-20 15:38 - 2012-04-24 11:43 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    2016-04-13 00:52 - 2016-03-29 11:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2016-04-13 00:52 - 2016-03-29 11:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
    2016-04-26 11:45 - 2016-04-26 11:45 - 00959176 _____ () C:\Users\Kyle\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\ClientTelemetry.dll
    2016-02-23 11:48 - 2016-04-19 10:11 - 08919232 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
    2016-04-19 10:15 - 2016-04-19 10:16 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    2015-12-24 13:36 - 2015-12-07 05:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
    2016-04-13 00:50 - 2016-04-02 04:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
    2016-04-13 00:51 - 2016-04-02 04:03 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2016-04-13 00:51 - 2016-04-02 03:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2016-04-13 00:52 - 2016-04-02 03:59 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2016-04-13 00:52 - 2016-04-02 04:02 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2016-04-19 10:15 - 2016-04-19 10:16 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
    2016-04-19 10:15 - 2016-04-19 10:16 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
    2016-04-26 11:45 - 2016-04-26 11:45 - 00679624 _____ () C:\Users\Kyle\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\ClientTelemetry.dll
    2016-04-26 06:58 - 2016-04-26 06:58 - 01456128 _____ () C:\Users\Kyle\AppData\Local\Temp\mdi064.dll
    2014-09-20 15:04 - 2013-08-08 21:23 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2016-04-11 20:58 - 2016-04-06 11:04 - 01675928 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\libglesv2.dll
    2016-04-11 20:58 - 2016-04-06 11:04 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\libegl.dll
    2016-04-08 22:41 - 2016-04-08 13:53 - 17532096 _____ () C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\PepperFlash\21.0.0.216\pepflashplayer.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 14:25 - 2016-04-26 07:15 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3278036897-2692558216-3348730596-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Kyle\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{c476cc7d-e5d8-473c-9c53-45041323f370}.jpg
    DNS Servers: 192.168.0.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    HKLM\...\StartupApproved\Run: => "HotKeysCmds"
    HKLM\...\StartupApproved\Run: => "Persistence"
    HKU\S-1-5-21-3278036897-2692558216-3348730596-1001\...\StartupApproved\Run: => "Steam"
    HKU\S-1-5-21-3278036897-2692558216-3348730596-1001\...\StartupApproved\Run: => "Skype"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{D97B7720-5683-4F2E-90B6-15E4D54E2C04}] => (Allow) C:\Program Files (x86)\The Sims 4\Game\Bin\TS4.exe
    FirewallRules: [{F0BB0024-6D53-4F2F-A1DB-05576BAA85E4}] => (Allow) C:\Program Files (x86)\The Sims 4\Game\Bin\TS4.exe
    FirewallRules: [UDP Query User{084CE6D5-58DF-45C1-84A4-BBE71D39F4DD}C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe] => (Block) C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe
    FirewallRules: [TCP Query User{8356F609-60D9-4524-B1EF-5B7D9AB15931}C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe] => (Block) C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe
    FirewallRules: [{084E87F3-50C1-408C-ACA3-8EEBE96E6355}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ_BE.exe
    FirewallRules: [{75B06A15-26A5-4760-9DFD-BFD64ED90F41}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ_BE.exe
    FirewallRules: [{CCF2C4E8-0B5F-4C46-B89D-A6804941C916}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
    FirewallRules: [{3E8C4BEE-B526-459D-B049-4ED780E7F095}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
    FirewallRules: [{F5F80AD5-9C50-4A9C-A4E7-0E2FF00484F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
    FirewallRules: [{7D3782E2-FC33-4F0F-A287-659CAD8652B1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
    FirewallRules: [{FD68E5FA-6D8B-4C16-BE93-99C5B740FEC7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
    FirewallRules: [{FCB20EBC-282A-42D7-97BF-200E0534B206}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
    FirewallRules: [{2F625094-3F08-4BAA-93F2-2CAD80B62878}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
    FirewallRules: [{94277578-2A35-4F58-9129-4170170DA6DC}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
    FirewallRules: [{81264366-8783-4A28-BF41-FE274B82A263}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{03052D8A-76EA-409D-B2CF-5513B943489D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{3A7C03DA-EA0A-4727-9F87-994E7ADEE109}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{581AD0B8-3753-4605-88B4-E043D49717BE}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{E7E056D7-987A-4937-9F30-1DBFFED67E9F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{33F4DA16-DAD0-4666-866D-7353FA5B7725}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{215C7177-D61A-4171-82B3-1BEE11E8D043}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
    FirewallRules: [{FE189E7F-B17E-4E9A-9715-9028DB42671D}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
    FirewallRules: [{042AA7E3-435D-4B4E-99BC-B0D55968995B}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
    FirewallRules: [{9BFEFF45-3982-46F0-BFD2-64DA27DCFDE3}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
    FirewallRules: [{89DAFCF8-F19A-4A8A-A846-977DC4BEE2CF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe
    FirewallRules: [{ED99AF5D-2A8D-461B-BBAD-99AB327365E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe
    FirewallRules: [{801B9BDC-0958-43F7-9589-7EDB382765B3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe
    FirewallRules: [{7171305D-4D20-4313-AB1E-B497471EE70D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe
    FirewallRules: [{D8360FDD-40C6-4C34-8DD8-783DDEAE90DA}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
    FirewallRules: [{AA9920E4-B436-4336-8DBD-9ABD83BF0FAF}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
    FirewallRules: [{CF4D86C6-0D51-43C6-A3D9-CDAE43059C5E}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
    FirewallRules: [{C5F244EF-CC1D-4828-8353-4EDEFEE84924}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
    FirewallRules: [{43DD9C87-6C28-4DD4-81BA-A1847A6A9A86}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{60AB6997-E2F7-4393-BF5E-48A6307F6D2B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
    FirewallRules: [{49D37B0D-7DDE-4110-A57B-C933ED9AFF62}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
    FirewallRules: [{75CC68EB-DC74-4A9C-BC91-B413E15C930C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{ED6E9F1C-395A-4E8C-9669-CB44AB5C6C9E}] => (Allow) C:\Program Files\BitComet\BitComet.exe
    FirewallRules: [{EA5FC926-A758-4A02-86A9-9FEB13A9696E}] => (Allow) C:\Program Files\BitComet\BitComet.exe
    FirewallRules: [{9D74613C-D81A-46FA-9EE4-DBB27E90A818}] => (Allow) D:\Games\Mass Effect 3\Binaries\Win32\MassEffect3.exe
    FirewallRules: [{B7CB859A-1656-457D-B105-656CC0893E20}] => (Allow) D:\Games\Mass Effect 3\Binaries\Win32\MassEffect3.exe

    ==================== Restore Points =========================

    12-04-2016 12:03:48 Installed Lenovo Solution Center.
    19-04-2016 10:43:32 Windows Update
    26-04-2016 00:28:50 Installed DirectX

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (04/26/2016 01:18:34 PM) (Source: Application Error) (EventID: 1005) (User: )
    Description: Windows cannot access the file for one of the following reasons:
    there is a problem with the network connection, the disk that the file is stored on, or the storage
    drivers installed on this computer; or the disk is missing.
    Windows closed the program dwm.exe because of this error.

    Program: dwm.exe
    File:

    The error value is listed in the Additional Data section.
    User Action
    1. Open the file again.
    This situation might be a temporary problem that corrects itself when the program runs again.
    2.
    If the file still cannot be accessed and
    - It is on the network,
    your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
    3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
    4. If the problem persists, restore the file from a backup copy.
    5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
    further assistance.

    Additional Data
    Error value: 00000000
    Disk type: 0

    Error: (04/26/2016 01:18:34 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: dwm.exe, version: 0.0.0.0, time stamp: 0x000e6bfc
    Faulting module name: dwm.exe, version: 0.0.0.0, time stamp: 0x000e6bfc
    Exception code: 0xc000001d
    Fault offset: 0x000000000005c0a8
    Faulting process id: 0x1b5c
    Faulting application start time: 0xdwm.exe0
    Faulting application path: dwm.exe1
    Faulting module path: dwm.exe2
    Report Id: dwm.exe3
    Faulting package full name: dwm.exe4
    Faulting package-relative application ID: dwm.exe5

    Error: (04/26/2016 12:50:05 PM) (Source: Application Error) (EventID: 1005) (User: )
    Description: Windows cannot access the file for one of the following reasons:
    there is a problem with the network connection, the disk that the file is stored on, or the storage
    drivers installed on this computer; or the disk is missing.
    Windows closed the program dwm.exe because of this error.

    Program: dwm.exe
    File:

    The error value is listed in the Additional Data section.
    User Action
    1. Open the file again.
    This situation might be a temporary problem that corrects itself when the program runs again.
    2.
    If the file still cannot be accessed and
    - It is on the network,
    your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
    3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
    4. If the problem persists, restore the file from a backup copy.
    5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
    further assistance.

    Additional Data
    Error value: 00000000
    Disk type: 0

    Error: (04/26/2016 12:50:05 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: dwm.exe, version: 0.0.0.0, time stamp: 0x000e6bfc
    Faulting module name: dwm.exe, version: 0.0.0.0, time stamp: 0x000e6bfc
    Exception code: 0xc000001d
    Fault offset: 0x000000000005c0a8
    Faulting process id: 0x894
    Faulting application start time: 0xdwm.exe0
    Faulting application path: dwm.exe1
    Faulting module path: dwm.exe2
    Report Id: dwm.exe3
    Faulting package full name: dwm.exe4
    Faulting package-relative application ID: dwm.exe5

    Error: (04/26/2016 12:49:18 PM) (Source: Application Error) (EventID: 1005) (User: )
    Description: Windows cannot access the file for one of the following reasons:
    there is a problem with the network connection, the disk that the file is stored on, or the storage
    drivers installed on this computer; or the disk is missing.
    Windows closed the program dwm.exe because of this error.

    Program: dwm.exe
    File:

    The error value is listed in the Additional Data section.
    User Action
    1. Open the file again.
    This situation might be a temporary problem that corrects itself when the program runs again.
    2.
    If the file still cannot be accessed and
    - It is on the network,
    your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
    3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
    4. If the problem persists, restore the file from a backup copy.
    5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
    further assistance.

    Additional Data
    Error value: 00000000
    Disk type: 0

    Error: (04/26/2016 12:49:18 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: dwm.exe, version: 0.0.0.0, time stamp: 0x000e6bfc
    Faulting module name: dwm.exe, version: 0.0.0.0, time stamp: 0x000e6bfc
    Exception code: 0xc000001d
    Fault offset: 0x000000000005c0a8
    Faulting process id: 0x1370
    Faulting application start time: 0xdwm.exe0
    Faulting application path: dwm.exe1
    Faulting module path: dwm.exe2
    Report Id: dwm.exe3
    Faulting package full name: dwm.exe4
    Faulting package-relative application ID: dwm.exe5

    Error: (04/26/2016 12:48:28 PM) (Source: Application Error) (EventID: 1005) (User: )
    Description: Windows cannot access the file for one of the following reasons:
    there is a problem with the network connection, the disk that the file is stored on, or the storage
    drivers installed on this computer; or the disk is missing.
    Windows closed the program dwm.exe because of this error.

    Program: dwm.exe
    File:

    The error value is listed in the Additional Data section.
    User Action
    1. Open the file again.
    This situation might be a temporary problem that corrects itself when the program runs again.
    2.
    If the file still cannot be accessed and
    - It is on the network,
    your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
    3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
    4. If the problem persists, restore the file from a backup copy.
    5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
    further assistance.

    Additional Data
    Error value: 00000000
    Disk type: 0

    Error: (04/26/2016 12:48:28 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: dwm.exe, version: 0.0.0.0, time stamp: 0x000e6bfc
    Faulting module name: dwm.exe, version: 0.0.0.0, time stamp: 0x000e6bfc
    Exception code: 0xc000001d
    Fault offset: 0x000000000005c0a8
    Faulting process id: 0x1b04
    Faulting application start time: 0xdwm.exe0
    Faulting application path: dwm.exe1
    Faulting module path: dwm.exe2
    Report Id: dwm.exe3
    Faulting package full name: dwm.exe4
    Faulting package-relative application ID: dwm.exe5

    Error: (04/26/2016 12:47:44 PM) (Source: Application Error) (EventID: 1005) (User: )
    Description: Windows cannot access the file for one of the following reasons:
    there is a problem with the network connection, the disk that the file is stored on, or the storage
    drivers installed on this computer; or the disk is missing.
    Windows closed the program dwm.exe because of this error.

    Program: dwm.exe
    File:

    The error value is listed in the Additional Data section.
    User Action
    1. Open the file again.
    This situation might be a temporary problem that corrects itself when the program runs again.
    2.
    If the file still cannot be accessed and
    - It is on the network,
    your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
    3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
    4. If the problem persists, restore the file from a backup copy.
    5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
    further assistance.

    Additional Data
    Error value: 00000000
    Disk type: 0

    Error: (04/26/2016 12:47:44 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: dwm.exe, version: 0.0.0.0, time stamp: 0x000e6bfc
    Faulting module name: dwm.exe, version: 0.0.0.0, time stamp: 0x000e6bfc
    Exception code: 0xc000001d
    Fault offset: 0x000000000005c0a8
    Faulting process id: 0x17a4
    Faulting application start time: 0xdwm.exe0
    Faulting application path: dwm.exe1
    Faulting module path: dwm.exe2
    Report Id: dwm.exe3
    Faulting package full name: dwm.exe4
    Faulting package-relative application ID: dwm.exe5


    System errors:
    =============
    Error: (04/26/2016 12:24:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The SAService service failed to start due to the following error:
    %%2

    Error: (04/26/2016 12:23:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The User Data Access_8b3b65a service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (04/26/2016 12:23:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The User Data Storage_8b3b65a service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (04/26/2016 12:23:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Contact Data_8b3b65a service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (04/26/2016 12:23:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Sync Host_8b3b65a service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (04/26/2016 12:23:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

    Error: (04/26/2016 12:22:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

    Error: (04/26/2016 12:21:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The MPC Core Protect Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (04/26/2016 11:50:24 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

    Error: (04/26/2016 11:47:51 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Sync Host_6bfbcd4 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.


    CodeIntegrity:
    ===================================
    Date: 2016-04-26 03:27:51.496
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-04-24 13:54:10.409
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-04-19 17:07:11.725
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-04-19 10:13:25.296
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-04-13 09:51:29.064
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-04-10 10:45:29.508
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-04-01 08:04:46.037
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-03-23 16:53:47.677
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-03-14 14:04:32.112
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-03-14 00:01:41.619
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz
    Percentage of memory in use: 54%
    Total physical RAM: 3993.77 MB
    Available physical RAM: 1828.17 MB
    Total Virtual: 5337.77 MB
    Available Virtual: 2975.81 MB

    ==================== Drives ================================

    Drive c: (Windows8_OS) (Fixed) (Total:424.9 GB) (Free:213.93 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:11.58 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 465.8 GB) (Disk ID: CFFA8524)

    Partition: GPT.

    ==================== End of Addition.txt ============================
     
  4. Kyle95

    Kyle95 TS Rookie Topic Starter

    Any help is much appreciated. I am not a bit expert on these type of things so sorry if I am a bit slow.
    I have a file in AppData containing dwm.exe files that keeping coming back as soon as I delete them using MalwareBytes.
     
  5. Kyle95

    Kyle95 TS Rookie Topic Starter

    Please Close This. Already Solved It.
     
  6. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    No problem.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...