Inactive FRST Part 1

Status
Not open for further replies.
M

Mikjensen

Posts: 43   +0
FRST Log Part 1:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Mike Work (administrator) on MIKEWORK-HP (01-04-2016 11:18:56)
Running from C:\Users\Mike Work\Desktop
Loaded Profiles: Mike Work & DefaultAppPool (Available Profiles: Mike Work & DefaultAppPool)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Parallels IP Holdings GmbH.) C:\Program Files\2X\Client\TUXCredProv.exe
(Parallels IP Holdings GmbH.) C:\Program Files\2X\Client\x86\TuxWinClientService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpCardEngine.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\Hewlett-Packard\HP Wireless Keyboard and Mouse Applet\KBDOSD.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Parallels IP Holdings GmbH.) C:\Program Files\2X\Client\APPServerClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfica32.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_197.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_197.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8513792 2015-08-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411328 2015-08-07] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\windows\system32\igfxtray.exe [402344 2015-12-19] ()
HKLM\...\Run: [HotKeysCmds] => "C:\windows\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\windows\system32\igfxpers.exe"
HKLM\...\Run: [HPKBDOSD] => C:\Program Files\Hewlett-Packard\HP Wireless Keyboard and Mouse Applet\KBDOSD.exe [802816 2012-08-14] ()
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [464608 2014-09-08] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [103768 2009-09-12] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7386448 2016-04-01] (AVAST Software)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
HKU\S-1-5-21-1950372069-2512553761-2839990813-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3077712 2016-03-31] (Valve Corporation)
HKU\S-1-5-21-1950372069-2512553761-2839990813-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-11-30] (Apple Inc.)
HKU\S-1-5-21-1950372069-2512553761-2839990813-1001\...\RunOnce: [Uninstall C:\Users\Mike Work\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Mike Work\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"
HKU\S-1-5-21-1950372069-2512553761-2839990813-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Bubbles.scr [805888 2015-10-30] (Microsoft Corporation)
Lsa: [Notification Packages] DPPassFilter scecli
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-04-01] (AVAST Software)
Startup: C:\Users\Mike Work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Parallels 2X RDP.lnk [2016-03-30]
ShortcutTarget: Parallels 2X RDP.lnk -> C:\Program Files\2X\Client\APPServerClient.exe (Parallels IP Holdings GmbH.)
Startup: C:\Users\Mike Work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-12-08]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{900e677b-3fba-40ea-b522-63c23ffcee1f}: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{fdd603df-2482-4919-a333-f16035dd7bac}: [DhcpNameServer] 75.75.76.76 75.75.75.75

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCOM14/19
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM14/19
HKU\S-1-5-21-1950372069-2512553761-2839990813-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCOM14/19
HKU\S-1-5-21-1950372069-2512553761-2839990813-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM14/19
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-03-20] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-04-01] (AVAST Software)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-03-20] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-03-31] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-04-01] (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-31] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-20] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-20] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-20] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-20] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Mike Work\AppData\Roaming\Mozilla\Firefox\Profiles\g7g80xv5.default
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_21_0_0_197.dll [2016-03-24] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-03-24] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2013-12-18] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2013-12-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-08-13] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-08-13] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-31] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-03-20] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: digitalpersona.com/ChromeDPAgent -> c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\components\npChromeDPAgent.dll [2014-03-28] (DigitalPersona, Inc.)
FF Plugin HKU\S-1-5-21-1950372069-2512553761-2839990813-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Mike Work\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-11-19] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll [2009-09-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll [2009-09-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2009-09-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2009-09-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2009-09-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll [2009-09-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll [2009-09-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll [2009-09-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2009-09-12] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll [2009-08-14] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll [2009-09-12] (Citrix Systems, Inc.)
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-19] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-04-01]
FF HKLM-x32\...\Firefox\Extensions: [dpmaxz_ng@jetpack] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome
FF Extension: HP Client Security Manager - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome [2015-08-08] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

Chrome:
=======
CHR Profile: C:\Users\Mike Work\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Mike Work\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-29]
CHR Extension: (Google Docs) - C:\Users\Mike Work\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-29]
CHR Extension: (Google Drive) - C:\Users\Mike Work\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-29]
CHR Extension: (YouTube) - C:\Users\Mike Work\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-29]
CHR Extension: (Google Search) - C:\Users\Mike Work\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Google Sheets) - C:\Users\Mike Work\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-29]
CHR Extension: (Google Docs Offline) - C:\Users\Mike Work\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (QuizScope) - C:\Users\Mike Work\AppData\Local\Google\Chrome\User Data\Default\Extensions\gncgegkgenccbddnkchgikilcfkhoced [2016-03-29]
CHR Extension: (HP Client Security Manager) - C:\Users\Mike Work\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncffjdbbodifgldkcbhmiiljfcnbgjab [2015-10-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mike Work\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-29]
CHR Extension: (Gmail) - C:\Users\Mike Work\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-29]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-04-01]
CHR HKLM-x32\...\Chrome\Extension: [ncffjdbbodifgldkcbhmiiljfcnbgjab] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome.crx [2014-03-28]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 2X RDP Backend Service; C:\Program Files\2X\Client\x86\TuxWinClientService.exe [2022760 2015-10-28] (Parallels IP Holdings GmbH.)
R2 2X SSO Service; C:\Program Files\2X\Client\\TUXCredProv.exe [2215784 2015-10-28] (Parallels IP Holdings GmbH.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-04-01] (AVAST Software)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2823920 2016-03-20] (Microsoft Corporation)
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [500048 2014-04-03] (DigitalPersona, Inc.)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373160 2015-12-19] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-08-13] (Intel Corporation)
S3 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [203296 2016-03-19] (Microsoft Corporation) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312064 2015-08-07] (Realtek Semiconductor)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-04-01] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-04-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-04-01] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-04-01] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-04-01] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-04-01] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-04-01] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-04-01] (AVAST Software)
R1 dfmirage; C:\Windows\system32\DRIVERS\dfmirage.sys [36432 2008-03-05] (DemoForge, LLC)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [125952 2014-08-13] (Intel Corporation)
R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3485696 2015-10-30] (Intel Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [896768 2016-02-17] (Realtek )
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [206744 2013-06-20] (Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-24 08:39

==================== End of FRST.txt ============================
 
FRST Part 2:

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-01 11:18 - 2016-04-01 11:19 - 00022271 _____ C:\Users\Mike Work\Desktop\FRST.txt
2016-04-01 11:18 - 2016-04-01 11:18 - 00000000 ____D C:\FRST
2016-04-01 11:17 - 2016-04-01 11:18 - 02374144 _____ (Farbar) C:\Users\Mike Work\Desktop\FRST64.exe
2016-04-01 11:13 - 2016-04-01 11:13 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2016-04-01 11:13 - 2016-04-01 11:13 - 00000000 _SHDL C:\Users\DefaultAppPool\My Documents
2016-04-01 11:13 - 2016-04-01 11:13 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Videos
2016-04-01 11:13 - 2016-04-01 11:13 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Pictures
2016-04-01 11:13 - 2016-04-01 11:13 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Music
2016-04-01 11:13 - 2016-04-01 11:13 - 00000000 ____D C:\Users\DefaultAppPool
2016-04-01 11:13 - 2016-03-24 08:49 - 00000000 ____D C:\Users\DefaultAppPool\Documents\hp.system.package.metadata
2016-04-01 11:13 - 2016-03-24 08:49 - 00000000 ____D C:\Users\DefaultAppPool\Documents\hp.applications.package.appdata
2016-04-01 11:13 - 2016-03-24 08:49 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Media Center Programs
2016-04-01 11:13 - 2015-10-28 12:44 - 00002112 _____ C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-04-01 11:10 - 2016-04-01 11:10 - 01070904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2016-04-01 11:10 - 2016-04-01 11:10 - 00465792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\ihulbbwk.sys
2016-04-01 11:10 - 2016-04-01 11:10 - 00465792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2016-04-01 11:10 - 2016-04-01 11:10 - 00398152 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2016-04-01 11:10 - 2016-04-01 11:10 - 00287528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2016-04-01 11:10 - 2016-04-01 11:10 - 00166432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2016-04-01 11:10 - 2016-04-01 11:10 - 00107792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2016-04-01 11:10 - 2016-04-01 11:10 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2016-04-01 11:10 - 2016-04-01 11:10 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2016-04-01 11:10 - 2016-04-01 11:10 - 00052184 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2016-04-01 11:10 - 2016-04-01 11:10 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2016-04-01 11:10 - 2016-04-01 11:10 - 00004006 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-04-01 11:10 - 2016-04-01 11:10 - 00001987 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2016-04-01 11:10 - 2016-04-01 11:10 - 00001975 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-04-01 11:10 - 2016-04-01 11:10 - 00000000 ____D C:\Users\Mike Work\AppData\Roaming\AVAST Software
2016-04-01 11:10 - 2016-04-01 11:10 - 00000000 ____D C:\ProgramData\AVAST Software
2016-04-01 11:10 - 2016-04-01 11:10 - 00000000 ____D C:\Program Files\AVAST Software
2016-04-01 11:09 - 2016-04-01 11:10 - 170976424 _____ (AVAST Software) C:\Users\Mike Work\Downloads\avast_free_antivirus_setup.exe
2016-03-30 19:27 - 2016-03-30 19:35 - 00000000 ____D C:\ProgramData\HitmanPro
2016-03-30 19:27 - 2016-03-30 19:29 - 11441744 _____ (SurfRight B.V.) C:\Users\Mike Work\Downloads\HitmanPro_x64.exe
2016-03-30 11:58 - 2016-03-30 11:58 - 00001190 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-30 11:58 - 2016-03-30 11:58 - 00000000 ____D C:\Users\Mike Work\AppData\Roaming\Malwarebytes
2016-03-30 11:58 - 2016-03-30 11:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2016-03-30 11:58 - 2016-03-30 11:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-30 11:58 - 2016-03-30 11:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2016-03-30 11:58 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2016-03-30 11:57 - 2016-03-30 11:57 - 10284816 _____ (Malwarebytes Corporation ) C:\Users\Mike Work\Downloads\mbam-setup-1.75.0.1300.exe
2016-03-30 10:37 - 2016-03-30 10:37 - 00000942 _____ C:\Users\Mike Work\Desktop\JRT.txt
2016-03-30 10:35 - 2016-03-30 10:35 - 01610352 _____ (Malwarebytes) C:\Users\Mike Work\Downloads\JRT(1).exe
2016-03-30 10:34 - 2016-03-30 10:34 - 00000000 _____ C:\Users\Mike Work\Downloads\JRT.exe
2016-03-30 10:28 - 2016-03-30 10:30 - 00000000 ____D C:\AdwCleaner
2016-03-30 10:28 - 2016-03-30 10:28 - 03102208 _____ C:\Users\Mike Work\Downloads\AdwCleaner.exe
2016-03-29 18:36 - 2016-03-29 18:36 - 00001830 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-03-29 18:36 - 2016-03-29 18:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-03-29 18:36 - 2016-03-29 18:36 - 00000000 ____D C:\Program Files\iTunes
2016-03-29 18:36 - 2016-03-29 18:36 - 00000000 ____D C:\Program Files\iPod
2016-03-29 18:36 - 2016-03-29 18:36 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-03-29 15:57 - 2016-03-29 15:57 - 00133431 _____ C:\Users\Mike Work\Downloads\OTC Form (1).pdf
2016-03-29 15:56 - 2016-03-29 15:56 - 00133431 _____ C:\Users\Mike Work\Downloads\OTC Form.pdf
2016-03-29 15:56 - 2016-03-29 15:56 - 00087328 _____ C:\Users\Mike Work\Downloads\OS Prescribed Medication Permission Form.pdf
2016-03-29 13:34 - 2016-03-29 13:34 - 00120169 _____ C:\Users\Mike Work\Downloads\BCHH - C ICD-10 Completed.zip
2016-03-27 19:34 - 2016-03-27 19:34 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2016-03-25 10:16 - 2016-03-25 10:16 - 00000000 ____D C:\Users\Mike Work\AppData\Local\PeerDistRepub
2016-03-25 10:15 - 2016-03-25 10:15 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-03-25 06:56 - 2016-03-25 06:56 - 00000000 ___HD C:\OneDriveTemp
2016-03-24 12:38 - 2016-03-24 08:59 - 00000000 ___DC C:\WINDOWS\Panther
2016-03-24 12:37 - 2016-03-24 12:37 - 00000000 ____D C:\Windows.old
2016-03-24 12:36 - 2016-03-24 12:36 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 09919488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 08705672 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 07533568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 06952088 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 06740992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 05503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 04827136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 04502352 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-03-24 12:36 - 2016-03-24 12:36 - 04412928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-03-24 12:36 - 2016-03-24 12:36 - 03993600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 03425792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 03355136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 02912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 02843136 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 02793472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 02773096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2016-03-24 12:36 - 2016-03-24 12:36 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2016-03-24 12:36 - 2016-03-24 12:36 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 02680320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 02654872 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 02635264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 02606824 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 02587696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 02581504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 02544264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 02186864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 02155008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 02152288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-03-24 12:36 - 2016-03-24 12:36 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-03-24 12:36 - 2016-03-24 12:36 - 02061312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-03-24 12:36 - 2016-03-24 12:36 - 02026736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 02001408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 01860096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 01859960 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 01818696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 01814528 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 01804664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 01799168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2016-03-24 12:36 - 2016-03-24 12:36 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 01648640 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 01594408 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-03-24 12:36 - 2016-03-24 12:36 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-03-24 12:36 - 2016-03-24 12:36 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 01371792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-03-24 12:36 - 2016-03-24 12:36 - 01309376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 01281376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 01270072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-03-24 12:36 - 2016-03-24 12:36 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 01152328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-03-24 12:36 - 2016-03-24 12:36 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSave.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 01092456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 01089880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-03-24 12:36 - 2016-03-24 12:36 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-03-24 12:36 - 2016-03-24 12:36 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 01042432 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 01035776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-03-24 12:36 - 2016-03-24 12:36 - 01017032 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 01009152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-03-24 12:36 - 2016-03-24 12:36 - 00997376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00990720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-03-24 12:36 - 2016-03-24 12:36 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00980352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00973664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00931328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
2016-03-24 12:36 - 2016-03-24 12:36 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00911648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00900608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00895080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-03-24 12:36 - 2016-03-24 12:36 - 00884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00882720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-03-24 12:36 - 2016-03-24 12:36 - 00871936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2016-03-24 12:36 - 2016-03-24 12:36 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00858952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00819648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00803840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00791744 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00786696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-03-24 12:36 - 2016-03-24 12:36 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00779384 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2016-03-24 12:36 - 2016-03-24 12:36 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00713824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00713728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00701384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00698208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-03-24 12:36 - 2016-03-24 12:36 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00683008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00675064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00671472 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00644096 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-03-24 12:36 - 2016-03-24 12:36 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00591872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00586208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00586080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-03-24 12:36 - 2016-03-24 12:36 - 00578912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2016-03-24 12:36 - 2016-03-24 12:36 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00572272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00563552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2016-03-24 12:36 - 2016-03-24 12:36 - 00558592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00534368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-03-24 12:36 - 2016-03-24 12:36 - 00526856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00523616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2016-03-24 12:36 - 2016-03-24 12:36 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2016-03-24 12:36 - 2016-03-24 12:36 - 00516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00515584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00511320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00499432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00493568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00476728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00462760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00454056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00450912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00440152 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-03-24 12:36 - 2016-03-24 12:36 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00430944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-03-24 12:36 - 2016-03-24 12:36 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00420928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-03-24 12:36 - 2016-03-24 12:36 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00412512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-03-24 12:36 - 2016-03-24 12:36 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2016-03-24 12:36 - 2016-03-24 12:36 - 00389992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00376536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2016-03-24 12:36 - 2016-03-24 12:36 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-03-24 12:36 - 2016-03-24 12:36 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00337840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-03-24 12:36 - 2016-03-24 12:36 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-03-24 12:36 - 2016-03-24 12:36 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-03-24 12:36 - 2016-03-24 12:36 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00292352 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00289248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00287712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-03-24 12:36 - 2016-03-24 12:36 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-03-24 12:36 - 2016-03-24 12:36 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00264544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00264192 _____ (Nokia) C:\WINDOWS\system32\NmaDirect.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00260608 _____ C:\WINDOWS\system32\MTFServer.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64
 
FRST Part 3:

\Windows.Management.Provisioning.ProxyStub.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.proxy.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-03-24 12:36 - 2016-03-24 12:36 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\irmon.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
2016-03-24 12:36 - 2016-03-24 12:36 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshrm.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe
2016-03-24 12:36 - 2016-03-24 12:36 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\IcsEntitlementHost.exe
2016-03-24 12:36 - 2016-03-24 12:36 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosTrace.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosHost.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\readingviewresources.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlStringsRes.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlStringsRes.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2016-03-24 12:33 - 2016-03-24 12:33 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-03-24 12:32 - 2013-09-25 09:00 - 00303104 _____ (CANON INC.) C:\WINDOWS\system32\CNCALC2.DLL
2016-03-24 12:31 - 2016-03-24 12:31 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2016-03-24 12:31 - 2016-03-24 12:31 - 00000000 ____D C:\WINDOWS\system32\msmq
2016-03-24 12:31 - 2016-03-24 12:31 - 00000000 ____D C:\WINDOWS\system32\BestPractices
2016-03-24 12:31 - 2016-03-24 12:31 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-03-24 12:31 - 2016-03-24 12:31 - 00000000 ____D C:\Program Files\MSBuild
2016-03-24 12:31 - 2016-03-24 12:31 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-03-24 12:31 - 2016-03-24 12:31 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-03-24 12:31 - 2016-03-24 12:31 - 00000000 ____D C:\inetpub
2016-03-24 12:31 - 2015-10-23 21:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2016-03-24 12:31 - 2015-10-23 21:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-03-24 12:31 - 2015-10-23 21:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2016-03-24 12:31 - 2015-10-23 21:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2016-03-24 12:31 - 2015-10-23 21:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2016-03-24 12:31 - 2015-10-23 21:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-03-24 11:05 - 2016-03-01 01:31 - 00848168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-03-24 11:05 - 2016-03-01 01:22 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-03-24 11:05 - 2016-02-24 05:52 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-03-24 11:05 - 2016-02-24 05:51 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-03-24 11:05 - 2016-02-24 05:48 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-03-24 11:05 - 2016-02-24 05:47 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-03-24 11:05 - 2016-02-24 05:40 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-03-24 11:05 - 2016-02-24 05:34 - 01613664 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-03-24 11:05 - 2016-02-24 05:28 - 03449168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2016-03-24 11:05 - 2016-02-24 05:15 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-03-24 11:05 - 2016-02-24 04:58 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-03-24 11:05 - 2016-02-24 04:54 - 00127840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2016-03-24 11:05 - 2016-02-24 04:51 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-03-24 11:05 - 2016-02-24 04:50 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-03-24 11:05 - 2016-02-24 04:46 - 06607080 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-03-24 11:05 - 2016-02-24 04:43 - 00625000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2016-03-24 11:05 - 2016-02-24 04:39 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-03-24 11:05 - 2016-02-24 04:39 - 00141560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2016-03-24 11:05 - 2016-02-24 04:19 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-03-24 11:05 - 2016-02-24 04:14 - 00216416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-03-24 11:05 - 2016-02-24 04:11 - 01997152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-03-24 11:05 - 2016-02-24 04:11 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-03-24 11:05 - 2016-02-24 04:11 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-03-24 11:05 - 2016-02-24 04:11 - 00652392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-03-24 11:05 - 2016-02-24 04:11 - 00394080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-03-24 11:05 - 2016-02-24 04:11 - 00258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll
2016-03-24 11:05 - 2016-02-24 04:10 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-03-24 11:05 - 2016-02-24 04:10 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-03-24 11:05 - 2016-02-24 04:09 - 00640472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-03-24 11:05 - 2016-02-24 04:09 - 00147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2016-03-24 11:05 - 2016-02-24 04:06 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-03-24 11:05 - 2016-02-24 03:59 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-03-24 11:05 - 2016-02-24 03:39 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTypeHelperUtil.dll
2016-03-24 11:05 - 2016-02-24 03:39 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExtrasXmlParser.dll
2016-03-24 11:05 - 2016-02-24 03:38 - 00187744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-03-24 11:05 - 2016-02-24 03:38 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2016-03-24 11:05 - 2016-02-24 03:37 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataLanguageUtil.dll
2016-03-24 11:05 - 2016-02-24 03:36 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenanceClient.dll
2016-03-24 11:05 - 2016-02-24 03:35 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-03-24 11:05 - 2016-02-24 03:35 - 00523752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-03-24 11:05 - 2016-02-24 03:35 - 00220064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqmapi.dll
2016-03-24 11:05 - 2016-02-24 03:35 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-03-24 11:05 - 2016-02-24 03:33 - 00538736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-03-24 11:05 - 2016-02-24 03:33 - 00141664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2016-03-24 11:05 - 2016-02-24 03:31 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-03-24 11:05 - 2016-02-24 03:30 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp.dll
2016-03-24 11:05 - 2016-02-24 03:28 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\POSyncServices.dll
2016-03-24 11:05 - 2016-02-24 03:23 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-03-24 11:05 - 2016-02-24 03:23 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll
2016-03-24 11:05 - 2016-02-24 03:22 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2016-03-24 11:05 - 2016-02-24 03:20 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2016-03-24 11:05 - 2016-02-24 03:20 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-03-24 11:05 - 2016-02-24 03:20 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-03-24 11:05 - 2016-02-24 03:19 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2016-03-24 11:05 - 2016-02-24 03:19 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2016-03-24 11:05 - 2016-02-24 03:15 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-03-24 11:05 - 2016-02-24 03:14 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll
2016-03-24 11:05 - 2016-02-24 03:13 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2016-03-24 11:05 - 2016-02-24 03:12 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\cemapi.dll
2016-03-24 11:05 - 2016-02-24 03:12 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2016-03-24 11:05 - 2016-02-24 03:10 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2016-03-24 11:05 - 2016-02-24 03:09 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2016-03-24 11:05 - 2016-02-24 03:09 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll
2016-03-24 11:05 - 2016-02-24 03:07 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2016-03-24 11:05 - 2016-02-24 03:05 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-03-24 11:05 - 2016-02-24 03:03 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-03-24 11:05 - 2016-02-24 03:02 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2016-03-24 11:05 - 2016-02-24 03:01 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-03-24 11:05 - 2016-02-24 03:01 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2016-03-24 11:05 - 2016-02-24 03:01 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2016-03-24 11:05 - 2016-02-24 03:00 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2016-03-24 11:05 - 2016-02-24 02:59 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2016-03-24 11:05 - 2016-02-24 02:59 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2016-03-24 11:05 - 2016-02-24 02:59 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-03-24 11:05 - 2016-02-24 02:58 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\scapi.dll
2016-03-24 11:05 - 2016-02-24 02:55 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2016-03-24 11:05 - 2016-02-24 02:55 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2016-03-24 11:05 - 2016-02-24 02:55 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll
2016-03-24 11:05 - 2016-02-24 02:54 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2016-03-24 11:05 - 2016-02-24 02:54 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2016-03-24 11:05 - 2016-02-24 02:54 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2016-03-24 11:05 - 2016-02-24 02:54 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll
2016-03-24 11:05 - 2016-02-24 02:53 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2016-03-24 11:05 - 2016-02-24 02:53 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll
2016-03-24 11:05 - 2016-02-24 02:52 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2016-03-24 11:05 - 2016-02-24 02:52 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PimIndexMaintenanceClient.dll
2016-03-24 11:05 - 2016-02-24 02:51 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-03-24 11:05 - 2016-02-24 02:49 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2016-03-24 11:05 - 2016-02-24 02:47 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-03-24 11:05 - 2016-02-24 02:46 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfapigp.dll
2016-03-24 11:05 - 2016-02-24 02:44 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-03-24 11:05 - 2016-02-24 02:44 - 00915456 _____ (Microsoft Corporation) C:\WINDOWS\system32\configurationclient.dll
2016-03-24 11:05 - 2016-02-24 02:44 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2016-03-24 11:05 - 2016-02-24 02:44 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\POSyncServices.dll
2016-03-24 11:05 - 2016-02-24 02:43 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-03-24 11:05 - 2016-02-24 02:43 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2016-03-24 11:05 - 2016-02-24 02:41 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-03-24 11:05 - 2016-02-24 02:41 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-03-24 11:05 - 2016-02-24 02:40 - 01224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2016-03-24 11:05 - 2016-02-24 02:40 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-03-24 11:05 - 2016-02-24 02:40 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll
2016-03-24 11:05 - 2016-02-24 02:39 - 01390592 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-03-24 11:05 - 2016-02-24 02:39 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2016-03-24 11:05 - 2016-02-24 02:38 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2016-03-24 11:05 - 2016-02-24 02:36 - 01847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2016-03-24 11:05 - 2016-02-24 02:34 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2016-03-24 11:05 - 2016-02-24 02:34 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-03-24 11:05 - 2016-02-24 02:32 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2016-03-24 11:05 - 2016-02-24 02:32 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2016-03-24 11:05 - 2016-02-24 02:31 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cemapi.dll
2016-03-24 11:05 - 2016-02-24 02:31 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2016-03-24 11:05 - 2016-02-24 02:28 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-03-24 11:05 - 2016-02-24 02:28 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2016-03-24 11:05 - 2016-02-24 02:28 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll
2016-03-24 11:05 - 2016-02-24 02:25 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll
2016-03-24 11:05 - 2016-02-24 02:23 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2016-03-24 11:05 - 2016-02-24 02:22 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2016-03-24 11:05 - 2016-02-24 02:21 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2016-03-24 11:05 - 2016-02-24 02:21 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2016-03-24 11:05 - 2016-02-24 02:18 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2016-03-24 11:05 - 2016-02-24 02:18 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2016-03-24 11:05 - 2016-02-24 02:18 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2016-03-24 11:05 - 2016-02-24 02:17 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2016-03-24 11:05 - 2016-02-24 02:16 - 00394752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2016-03-24 11:05 - 2016-02-24 02:13 - 00540160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2016-03-24 11:05 - 2016-02-24 02:11 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-03-24 11:05 - 2016-02-24 02:09 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-03-24 11:05 - 2016-02-24 02:09 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-03-24 11:05 - 2016-02-24 02:09 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2016-03-24 11:05 - 2016-02-24 02:09 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2016-03-24 11:05 - 2016-02-24 02:07 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2016-03-24 11:05 - 2016-02-24 02:07 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-03-24 11:05 - 2016-02-24 02:07 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-03-24 11:05 - 2016-02-24 02:04 - 01497088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2016-03-24 11:05 - 2016-02-24 02:03 - 00769536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2016-03-24 11:05 - 2016-02-24 02:01 - 01831936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-03-24 11:05 - 2016-02-24 02:00 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-03-24 11:05 - 2016-02-24 02:00 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-03-24 11:05 - 2016-02-24 01:57 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-03-24 11:05 - 2016-02-24 01:55 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-03-24 11:05 - 2016-02-24 01:43 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwbase.dll
2016-03-24 11:05 - 2016-02-24 01:34 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-03-24 11:05 - 2016-02-24 01:22 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwbase.dll
2016-03-24 11:05 - 2016-02-24 01:20 - 22376960 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-03-24 11:05 - 2016-02-24 01:18 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-03-24 11:05 - 2016-02-24 01:12 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-03-24 11:05 - 2016-02-24 01:12 - 05321728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-03-24 11:05 - 2016-02-24 01:10 - 24600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-03-24 11:05 - 2016-02-24 01:09 - 06972416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-03-24 11:05 - 2016-02-24 01:05 - 12586496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-03-24 11:05 - 2016-02-24 01:03 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-03-24 11:05 - 2016-02-24 00:59 - 05661696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-03-24 11:05 - 2016-02-24 00:55 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-03-24 10:27 - 2016-03-24 10:27 - 00000000 ____D C:\Users\Mike Work\AppData\Local\MicrosoftEdge
2016-03-24 09:20 - 2016-03-24 17:31 - 00000000 ____D C:\Users\Mike Work\AppData\Local\Comms
2016-03-24 09:04 - 2016-03-24 09:04 - 00002387 _____ C:\Users\Mike Work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-03-24 09:02 - 2016-03-24 09:02 - 00000000 ____D C:\Users\Mike Work\AppData\Local\ActiveSync
2016-03-24 09:01 - 2016-03-24 09:01 - 00000000 ____D C:\Users\Mike Work\AppData\Local\Publishers
2016-03-24 09:00 - 2016-03-31 10:36 - 00000000 ____D C:\Users\Mike Work\AppData\Local\Packages
2016-03-24 09:00 - 2016-03-30 12:09 - 00000000 __SHD C:\Users\Mike Work\IntelGraphicsProfiles
2016-03-24 09:00 - 2016-03-24 09:00 - 00000020 ___SH C:\Users\Mike Work\ntuser.ini
2016-03-24 09:00 - 2016-03-24 09:00 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-03-24 09:00 - 2016-03-24 09:00 - 00000000 ____D C:\Users\Mike Work\AppData\Local\TileDataLayer
2016-03-24 08:57 - 2016-03-24 08:57 - 00000000 ____D C:\ProgramData\USOShared
2016-03-24 08:56 - 2016-03-24 08:56 - 00000000 _SHDL C:\Users\Default\My Documents
2016-03-24 08:56 - 2016-03-24 08:56 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2016-03-24 08:56 - 2016-03-24 08:56 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2016-03-24 08:56 - 2016-03-24 08:56 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2016-03-24 08:56 - 2016-03-24 08:56 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2016-03-24 08:56 - 2016-03-24 08:56 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2016-03-24 08:56 - 2016-03-24 08:56 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2016-03-24 08:55 - 2016-03-30 12:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-24 08:55 - 2016-03-24 08:55 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2016-03-24 08:49 - 2016-03-24 08:49 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-03-24 08:49 - 2016-03-24 08:49 - 00000000 ____D C:\Users\Default\Documents\hp.system.package.metadata
2016-03-24 08:49 - 2016-03-24 08:49 - 00000000 ____D C:\Users\Default\Documents\hp.applications.package.appdata
2016-03-24 08:49 - 2016-03-24 08:49 - 00000000 ____D C:\Users\Default\AppData\Roaming\Media Center Programs
2016-03-24 08:49 - 2016-03-24 08:49 - 00000000 ____D C:\Users\Default User\Documents\hp.system.package.metadata
2016-03-24 08:49 - 2016-03-24 08:49 - 00000000 ____D C:\Users\Default User\Documents\hp.applications.package.appdata
2016-03-24 08:49 - 2016-03-24 08:49 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Media Center Programs
2016-03-24 08:47 - 2016-03-24 08:47 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2016-03-24 08:45 - 2016-03-30 12:12 - 01009628 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-24 08:45 - 2016-03-30 12:07 - 00000000 ____D C:\Users\Mike Work
2016-03-24 08:45 - 2016-03-24 08:45 - 00965390 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2016-03-24 08:45 - 2016-03-24 08:45 - 00000000 _SHDL C:\Users\Mike Work\My Documents
2016-03-24 08:45 - 2016-03-24 08:45 - 00000000 _SHDL C:\Users\Mike Work\Documents\My Videos
2016-03-24 08:45 - 2016-03-24 08:45 - 00000000 _SHDL C:\Users\Mike Work\Documents\My Pictures
2016-03-24 08:45 - 2016-03-24 08:45 - 00000000 _SHDL C:\Users\Mike Work\Documents\My Music
2016-03-24 08:43 - 2016-03-30 12:09 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-03-24 08:43 - 2016-03-24 09:00 - 00000000 ____D C:\Intel
2016-03-24 08:43 - 2016-03-24 08:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2016-03-24 08:43 - 2016-03-24 08:43 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2016-03-24 08:43 - 2016-03-24 08:43 - 00000000 ___HD C:\ProgramData\CanonIJFAX
2016-03-24 08:43 - 2016-03-24 08:43 - 00000000 ___HD C:\ProgramData\CanonBJ
2016-03-24 08:43 - 2016-03-24 08:43 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-03-24 08:43 - 2016-03-24 08:43 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2016-03-24 08:43 - 2016-03-24 08:43 - 00000000 ____D C:\Program Files\Realtek
2016-03-24 08:43 - 2015-12-19 02:08 - 00099848 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2016-03-24 08:42 - 2016-03-24 08:47 - 00000000 ____D C:\Program Files\Intel
2016-03-24 08:42 - 2016-03-24 08:42 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2016-03-24 08:42 - 2015-10-30 03:17 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2016-03-24 08:39 - 2016-03-25 03:32 - 00227128 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-03-24 08:22 - 2016-03-24 08:56 - 00010449 _____ C:\WINDOWS\diagerr.xml
2016-03-24 08:22 - 2016-03-24 08:56 - 00009528 _____ C:\WINDOWS\diagwrn.xml
2016-03-24 08:20 - 2016-03-24 08:20 - 00001133 _____ C:\Users\Mike Work\Documents\bookmark.htm
2016-03-24 08:18 - 2016-03-24 08:18 - 00010372 _____ C:\Users\Mike Work\Documents\bookmarks_3_24_16.html
2016-03-20 11:32 - 2016-03-20 11:32 - 00350936 _____ (Spotify Ltd) C:\Users\Mike Work\Downloads\SpotifySetup.exe
2016-03-19 18:58 - 2016-03-20 07:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-19 12:32 - 2016-03-19 12:32 - 00011358 _____ C:\Users\Mike Work\Documents\2015 taxes breakdown.xlsx
2016-03-19 12:30 - 2016-03-19 12:30 - 00009087 _____ C:\Users\Mike Work\Documents\2015 Taxes.xlsx
2016-03-17 13:15 - 2015-09-14 01:09 - 02073600 _____ C:\WINDOWS\SysWOW64\DlgSearchEngine.dll
2016-03-17 13:15 - 2015-03-11 22:43 - 00158016 _____ C:\WINDOWS\system32\us003ci.exe
2016-03-17 13:15 - 2015-03-11 22:43 - 00089600 _____ (SS) C:\WINDOWS\system32\us003ci.dll
2016-03-17 13:15 - 2015-03-11 22:43 - 00022528 _____ () C:\WINDOWS\system32\us003lm.dll
2016-03-17 13:03 - 2016-03-17 13:03 - 25121584 _____ C:\Users\Mike Work\Downloads\SamsungUniversalPrintDriver3.exe
2016-03-17 12:56 - 2016-03-17 12:56 - 00000000 ____D C:\Program Files\Common Files\Common Desktop Agent
2016-03-17 12:55 - 2016-03-17 12:56 - 41859288 _____ (Samsung Electronics Co., Ltd.) C:\Users\Mike Work\Downloads\EPM_V1.06.00.04_CDV1.17.exe
2016-03-15 14:09 - 2016-03-15 14:09 - 02958243 _____ C:\Users\Mike Work\Downloads\QIRT-Health-Dental-Vision Insurance Changes 2016.pdf
2016-03-11 10:40 - 2016-03-26 08:41 - 00003504 _____ C:\WINDOWS\System32\Tasks\Apple Diagnostics
2016-03-11 10:32 - 2016-03-24 08:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-03-11 10:32 - 2016-03-11 10:32 - 00001853 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2016-03-11 10:32 - 2016-03-11 10:32 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2016-03-11 10:32 - 2016-03-11 10:32 - 00000000 ____D C:\Users\Mike Work\AppData\LocalLow\Apple Computer
2016-03-11 10:32 - 2016-03-11 10:32 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-03-11 10:32 - 2016-03-11 10:32 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-03-11 10:31 - 2016-03-24 08:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2016-03-09 05:54 - 2016-02-12 14:18 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2016-03-09 05:54 - 2016-02-08 16:01 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmlmedia.dll
2016-03-09 05:54 - 2016-02-08 14:06 - 00968704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.exe
2016-03-09 05:54 - 2016-02-08 13:33 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmlmedia.dll
2016-03-09 05:54 - 2015-11-19 10:07 - 00063840 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll
2016-03-09 05:54 - 2015-11-19 10:07 - 00020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll
2016-03-09 05:54 - 2015-11-19 10:07 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-09 05:54 - 2015-11-19 10:07 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll
2016-03-09 05:54 - 2015-11-19 10:07 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-09 05:54 - 2015-11-19 10:07 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-09 05:54 - 2015-11-19 10:07 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-03-09 05:54 - 2015-11-19 10:07 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll
2016-03-09 05:54 - 2015-11-19 10:07 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-localization-l1-2-0.dll
2016-03-09 05:54 - 2015-11-19 10:07 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-09 05:54 - 2015-11-19 10:07 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll
2016-03-09 05:54 - 2015-11-19 10:07 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-03-09 05:54 - 2015-11-19 10:07 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-03-09 05:54 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-03-09 05:54 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-03-09 05:54 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-03-09 05:54 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-synch-l1-2-0.dll
2016-03-09 05:54 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-03-09 05:54 - 2015-11-19 10:07 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-03-09 05:54 - 2015-11-19 10:07 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-03-09 05:54 - 2015-11-19 10:07 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-file-l2-1-0.dll
2016-03-09 05:54 - 2015-11-19 10:07 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-file-l1-2-0.dll
2016-03-09 05:54 - 2015-11-19 10:06 - 00066400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-03-09 05:54 - 2015-11-19 10:06 - 00022368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-03-09 05:54 - 2015-11-19 10:06 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-09 05:54 - 2015-11-19 10:06 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-03-09 05:54 - 2015-11-19 10:06 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-09 05:54 - 2015-11-19 10:06 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-09 05:54 - 2015-11-19 10:06 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-03-09 05:54 - 2015-11-19 10:06 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-03-09 05:54 - 2015-11-19 10:06 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-03-09 05:54 - 2015-11-19 10:06 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-09 05:54 - 2015-11-19 10:06 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-03-09 05:54 - 2015-11-19 10:06 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-03-09 05:54 - 2015-11-19 10:06 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-03-09 05:54 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-03-09 05:54 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-03-09 05:54 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-03-09 05:54 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-03-09 05:54 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-03-09 05:54 - 2015-11-19 10:06 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-03-09 05:54 - 2015-11-19 10:06 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-03-09 05:54 - 2015-11-19 10:06 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-03-09 05:54 - 2015-11-19 10:06 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-file-l1-2-0.dll
 
FRST Part 4:

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-01 11:15 - 2015-11-21 06:41 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-04-01 11:10 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2016-04-01 10:38 - 2015-11-19 14:54 - 00000610 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1950372069-2512553761-2839990813-1001.job
2016-04-01 10:33 - 2015-10-26 22:33 - 00004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4C0E8383-0FCF-48B5-A13E-5ED49340E3DB}
2016-04-01 10:20 - 2015-10-29 08:50 - 00000898 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-01 09:40 - 2015-11-19 14:54 - 00000706 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1950372069-2512553761-2839990813-1001.job
2016-04-01 09:14 - 2015-10-28 12:47 - 00000000 ____D C:\Users\Mike Work\Documents\QIRT
2016-04-01 09:06 - 2016-02-03 12:56 - 00000000 ____D C:\Users\Mike Work\AppData\Roaming\2XClient
2016-04-01 06:52 - 2015-10-26 18:52 - 00000000 ____D C:\Program Files (x86)\Steam
2016-04-01 06:20 - 2015-10-29 08:50 - 00000894 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-01 03:57 - 2015-10-30 03:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-04-01 03:55 - 2015-08-08 22:37 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-03-31 10:39 - 2015-12-26 18:07 - 00000000 ___RD C:\Users\Mike Work\Documents\Scanned Documents
2016-03-31 10:36 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-31 10:36 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-03-31 10:35 - 2015-12-11 21:39 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-03-31 10:35 - 2015-12-11 21:39 - 00000000 ____D C:\Users\Mike Work\.oracle_jre_usage
2016-03-31 10:35 - 2015-12-11 21:39 - 00000000 ____D C:\ProgramData\Oracle
2016-03-31 10:35 - 2015-12-11 21:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-03-31 10:35 - 2015-12-11 21:39 - 00000000 ____D C:\Program Files (x86)\Java
2016-03-31 08:57 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-30 16:21 - 2015-10-29 08:50 - 00002280 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-30 12:10 - 2015-10-28 12:44 - 00000000 ___RD C:\Users\Mike Work\OneDrive
2016-03-30 12:08 - 2015-10-30 02:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-03-29 23:18 - 2015-11-19 14:54 - 00003876 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-1950372069-2512553761-2839990813-1001
2016-03-29 23:18 - 2015-11-19 14:54 - 00003780 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-1950372069-2512553761-2839990813-1001
2016-03-29 18:36 - 2015-12-18 18:41 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-03-25 03:30 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-03-25 03:30 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-03-25 03:30 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-03-25 03:30 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-03-25 03:18 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\appcompat
2016-03-24 12:38 - 2015-10-30 03:24 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-03-24 12:36 - 2015-10-30 05:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-03-24 12:36 - 2015-10-30 03:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-03-24 12:36 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-03-24 12:36 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-03-24 12:36 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-03-24 12:36 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-03-24 12:36 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-03-24 12:36 - 2015-10-30 02:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-03-24 12:36 - 2015-10-30 02:28 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-03-24 12:31 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2016-03-24 12:31 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2016-03-24 12:31 - 2015-10-30 03:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll
2016-03-24 12:31 - 2015-10-30 03:19 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqutil.dll
2016-03-24 12:31 - 2015-10-30 03:19 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.dll
2016-03-24 12:31 - 2015-10-30 03:19 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2016-03-24 12:31 - 2015-10-30 03:19 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqrt.dll
2016-03-24 12:31 - 2015-10-30 03:19 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.tlb
2016-03-24 12:31 - 2015-10-30 03:19 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa30.tlb
2016-03-24 12:31 - 2015-10-30 03:19 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa20.tlb
2016-03-24 12:31 - 2015-10-30 03:19 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2016-03-24 12:31 - 2015-10-30 03:19 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa10.tlb
2016-03-24 12:31 - 2015-10-30 03:19 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2016-03-24 12:31 - 2015-10-30 03:19 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2016-03-24 12:31 - 2015-10-30 03:19 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll
2016-03-24 12:31 - 2015-10-30 03:19 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2016-03-24 12:31 - 2015-10-30 03:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2016-03-24 12:31 - 2015-10-30 03:19 - 00009096 _____ C:\WINDOWS\SysWOW64\msmqtrc.mof
2016-03-24 12:31 - 2015-10-30 03:18 - 01417728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
2016-03-24 12:31 - 2015-10-30 03:18 - 00813056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll
2016-03-24 12:31 - 2015-10-30 03:18 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll
2016-03-24 12:31 - 2015-10-30 03:18 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.dll
2016-03-24 12:31 - 2015-10-30 03:18 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll
2016-03-24 12:31 - 2015-10-30 03:18 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2016-03-24 12:31 - 2015-10-30 03:18 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys
2016-03-24 12:31 - 2015-10-30 03:18 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll
2016-03-24 12:31 - 2015-10-30 03:18 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb
2016-03-24 12:31 - 2015-10-30 03:18 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb
2016-03-24 12:31 - 2015-10-30 03:18 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2016-03-24 12:31 - 2015-10-30 03:18 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb
2016-03-24 12:31 - 2015-10-30 03:18 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2016-03-24 12:31 - 2015-10-30 03:18 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe
2016-03-24 12:31 - 2015-10-30 03:18 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb
2016-03-24 12:31 - 2015-10-30 03:18 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
2016-03-24 12:31 - 2015-10-30 03:18 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2016-03-24 12:31 - 2015-10-30 03:18 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll
2016-03-24 12:31 - 2015-10-30 03:18 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2016-03-24 12:31 - 2015-10-30 03:18 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2016-03-24 12:31 - 2015-10-30 03:18 - 00009096 _____ C:\WINDOWS\system32\msmqtrc.mof
2016-03-24 09:18 - 2015-10-30 03:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2016-03-24 09:01 - 2015-10-30 03:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-03-24 09:01 - 2015-10-30 03:24 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-03-24 09:01 - 2015-10-30 03:24 - 00000000 ___RD C:\WINDOWS\MiracastView
2016-03-24 09:00 - 2015-10-30 03:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-03-24 08:58 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\rescache
2016-03-24 08:57 - 2015-10-30 03:24 - 00000000 ____D C:\ProgramData\USOPrivate
2016-03-24 08:56 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-03-24 08:56 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\Registration
2016-03-24 08:56 - 2015-10-30 02:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-03-24 08:55 - 2015-11-24 13:05 - 00000000 ____D C:\Program Files (x86)\SamsungPrinterLiveUpdateInstaller
2016-03-24 08:55 - 2015-11-21 06:41 - 00003878 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-03-24 08:55 - 2015-10-29 08:50 - 00004004 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-03-24 08:55 - 2015-10-29 08:50 - 00003752 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-03-24 08:55 - 2015-08-08 22:55 - 00003974 _____ C:\WINDOWS\System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2
2016-03-24 08:55 - 2015-08-08 22:55 - 00003726 _____ C:\WINDOWS\System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon
2016-03-24 08:54 - 2015-10-30 03:24 - 00000000 __RSD C:\WINDOWS\Media
2016-03-24 08:54 - 2015-10-30 03:24 - 00000000 __RHD C:\Users\Public\Libraries
2016-03-24 08:54 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\spool
2016-03-24 08:51 - 2016-01-06 20:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Killer Bee Software
2016-03-24 08:51 - 2015-11-24 13:05 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers
2016-03-24 08:51 - 2015-11-16 17:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX470 series
2016-03-24 08:51 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2016-03-24 08:51 - 2015-10-28 12:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2016-03-24 08:51 - 2015-10-26 19:02 - 00000000 ____D C:\Users\Mike Work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-03-24 08:51 - 2015-10-26 18:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-03-24 08:51 - 2015-10-26 15:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-03-24 08:51 - 2015-08-08 22:46 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2016-03-24 08:51 - 2015-08-08 22:43 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2016-03-24 08:51 - 2015-08-08 22:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2016-03-24 08:51 - 2015-08-08 22:34 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2016-03-24 08:51 - 2015-08-08 22:34 - 00000000 ____D C:\WINDOWS\SysWOW64\zh-Hant
2016-03-24 08:51 - 2015-08-08 22:34 - 00000000 ____D C:\WINDOWS\SysWOW64\zh-Hans
2016-03-24 08:51 - 2015-08-08 22:34 - 00000000 ____D C:\WINDOWS\SysWOW64\tr
2016-03-24 08:51 - 2015-08-08 22:34 - 00000000 ____D C:\WINDOWS\SysWOW64\th
2016-03-24 08:51 - 2015-08-08 22:34 - 00000000 ____D C:\WINDOWS\SysWOW64\sv
2016-03-24 08:51 - 2015-08-08 22:34 - 00000000 ____D C:\WINDOWS\SysWOW64\sr
2016-03-24 08:51 - 2015-08-08 22:34 - 00000000 ____D C:\WINDOWS\SysWOW64\sl
2016-03-24 08:51 - 2015-08-08 22:34 - 00000000 ____D C:\WINDOWS\SysWOW64\sk
2016-03-24 08:51 - 2015-08-08 22:34 - 00000000 ____D C:\WINDOWS\SysWOW64\ru
2016-03-24 08:51 - 2015-08-08 22:34 - 00000000 ____D C:\WINDOWS\SysWOW64\ro
2016-03-24 08:51 - 2015-08-08 22:34 - 00000000 ____D C:\WINDOWS\SysWOW64\pl
2016-03-24 08:51 - 2015-08-08 22:34 - 00000000 ____D C:\WINDOWS\SysWOW64\no
2016-03-24 08:51 - 2015-08-08 22:34 - 00000000 ____D C:\WINDOWS\SysWOW64\nl
2016-03-24 08:51 - 2015-08-08 22:34 - 00000000 ____D C:\WINDOWS\SysWOW64\lv
2016-03-24 08:51 - 2015-08-08 22:34 - 00000000 ____D C:\WINDOWS\SysWOW64\lt
2016-03-24 08:51 - 2015-08-08 22:34 - 00000000 ____D C:\WINDOWS\SysWOW64\ko
2016-03-24 08:51 - 2015-08-08 22:34 - 00000000 ____D C:\WINDOWS\SysWOW64\ja
2016-03-24 08:51 - 2015-08-08 22:34 - 00000000 ____D C:\WINDOWS\SysWOW64\it
2016-03-24 08:51 - 2015-08-08 22:34 - 00000000 ____D C:\WINDOWS\SysWOW64\hu
2016-03-24 08:51 - 2015-08-08 22:34 - 00000000 ____D C:\WINDOWS\SysWOW64\hr
2016-03-24 08:51 - 2015-08-08 22:34 - 00000000 ____D C:\WINDOWS\SysWOW64\he
2016-03-24 08:51 - 2015-08-08 22:34 - 00000000 ____D C:\WINDOWS\SysWOW64\fr
2016-03-24 08:51 - 2015-08-08 22:34 - 00000000 ____D C:\WINDOWS\SysWOW64\fi
2016-03-24 08:51 - 2015-08-08 22:34 - 00000000 ____D C:\WINDOWS\SysWOW64\et
2016-03-24 08:51 - 2015-08-08 22:34 - 00000000 ____D C:\WINDOWS\SysWOW64\es
2016-03-24 08:51 - 2015-08-08 22:34 - 00000000 ____D C:\WINDOWS\SysWOW64\el
2016-03-24 08:51 - 2015-08-08 22:34 - 00000000 ____D C:\WINDOWS\SysWOW64\de
2016-03-24 08:51 - 2015-08-08 22:34 - 00000000 ____D C:\WINDOWS\SysWOW64\da
2016-03-24 08:51 - 2015-08-08 22:34 - 00000000 ____D C:\WINDOWS\SysWOW64\cs
2016-03-24 08:51 - 2015-08-08 22:34 - 00000000 ____D C:\WINDOWS\SysWOW64\bg
2016-03-24 08:51 - 2015-08-08 22:34 - 00000000 ____D C:\WINDOWS\SysWOW64\ar
2016-03-24 08:51 - 2015-08-08 22:34 - 00000000 ____D C:\WINDOWS\system32\zh-Hant
2016-03-24 08:51 - 2015-08-08 22:34 - 00000000 ____D C:\WINDOWS\system32\zh-Hans
2016-03-24 08:51 - 2015-08-08 22:34 - 00000000 ____D C:\WINDOWS\system32\tr
2016-03-24 08:51 - 2015-08-08 22:34 - 00000000 ____D C:\WINDOWS\system32\th
2016-03-24 08:51 - 2015-08-08 22:34 - 00000000 ____D C:\WINDOWS\system32\sv
2016-03-24 08:51 - 2015-08-08 22:34 - 00000000 ____D C:\WINDOWS\system32\sr
2016-03-24 08:51 - 2015-08-08 22:34 - 00000000 ____D C:\WINDOWS\system32\sl
2016-03-24 08:51 - 2015-08-08 22:34 - 00000000 ____D C:\WINDOWS\system32\sk
2016-03-24 08:51 - 2015-08-08 22:34 - 00000000 ____D C:\WINDOWS\system32\ru
2016-03-24 08:51 - 2015-08-08 22:34 - 00000000 ____D C:\WINDOWS\system32\ro
2016-03-24 08:51 - 2015-08-08 22:34 - 00000000 ____D C:\WINDOWS\system32\pl
2016-03-24 08:51 - 2015-08-08 22:34 - 00000000 ____D C:\WINDOWS\system32\no
2016-03-24 08:51 - 2015-08-08 22:34 - 00000000 ____D C:\WINDOWS\system32\nl
2016-03-24 08:51 - 2015-08-08 22:34 - 00000000 ____D C:\WINDOWS\system32\lv
2016-03-24 08:51 - 2015-08-08 22:34 - 00000000 ____D C:\WINDOWS\system32\lt
2016-03-24 08:51 - 2015-08-08 22:34 - 00000000 ____D C:\WINDOWS\system32\ko
2016-03-24 08:51 - 2015-08-08 22:34 - 00000000 ____D C:\WINDOWS\system32\ja
2016-03-24 08:51 - 2015-08-08 22:34 - 00000000 ____D C:\WINDOWS\system32\it
2016-03-24 08:51 - 2015-08-08 22:34 - 00000000 ____D C:\WINDOWS\system32\hu
2016-03-24 08:51 - 2015-08-08 22:34 - 00000000 ____D C:\WINDOWS\system32\hr
2016-03-24 08:51 - 2015-08-08 22:34 - 00000000 ____D C:\WINDOWS\system32\he
2016-03-24 08:51 - 2015-08-08 22:34 - 00000000 ____D C:\WINDOWS\system32\fr
2016-03-24 08:51 - 2015-08-08 22:34 - 00000000 ____D C:\WINDOWS\system32\fi
2016-03-24 08:51 - 2015-08-08 22:34 - 00000000 ____D C:\WINDOWS\system32\et
2016-03-24 08:51 - 2015-08-08 22:34 - 00000000 ____D C:\WINDOWS\system32\es
2016-03-24 08:51 - 2015-08-08 22:34 - 00000000 ____D C:\WINDOWS\system32\el
2016-03-24 08:51 - 2015-08-08 22:34 - 00000000 ____D C:\WINDOWS\system32\de
2016-03-24 08:51 - 2015-08-08 22:34 - 00000000 ____D C:\WINDOWS\system32\da
2016-03-24 08:51 - 2015-08-08 22:34 - 00000000 ____D C:\WINDOWS\system32\cs
2016-03-24 08:51 - 2015-08-08 22:34 - 00000000 ____D C:\WINDOWS\system32\bg
2016-03-24 08:51 - 2015-08-08 22:34 - 00000000 ____D C:\WINDOWS\system32\ar
2016-03-24 08:49 - 2009-07-13 23:20 - 00000000 ____D C:\Users\Default.migrated
2016-03-24 08:47 - 2016-02-03 12:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2X
2016-03-24 08:47 - 2015-12-08 19:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Slitherine
2016-03-24 08:47 - 2015-11-16 17:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2016-03-24 08:47 - 2015-11-16 13:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2016-03-24 08:47 - 2015-10-30 03:24 - 00000000 __SHD C:\Program Files\Windows Sidebar
2016-03-24 08:47 - 2015-10-30 03:24 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2016-03-24 08:47 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2016-03-24 08:47 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2016-03-24 08:47 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-03-24 08:47 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-03-24 08:47 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\IME
2016-03-24 08:47 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\schemas
2016-03-24 08:47 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-03-24 08:47 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-03-24 08:47 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-03-24 08:47 - 2015-10-26 15:10 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2016-03-24 08:47 - 2015-08-08 22:53 - 00000000 ____D C:\Program Files\Intel Corporation
2016-03-24 08:47 - 2015-08-08 22:43 - 00000000 ___HD C:\WINDOWS\system32\WLANProfiles
2016-03-24 08:47 - 2015-08-08 22:38 - 00000000 ____D C:\Program Files (x86)\Intel
2016-03-24 08:47 - 2015-08-08 22:33 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2016-03-24 08:47 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\DVD Maker
2016-03-24 08:44 - 2015-10-30 02:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-03-24 08:39 - 2015-10-30 05:14 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2016-03-24 08:26 - 2009-07-14 00:45 - 00016976 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-24 08:26 - 2009-07-14 00:45 - 00016976 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-24 08:22 - 2015-10-30 05:42 - 00000000 ___HD C:\$WINDOWS.~BT
2016-03-20 07:18 - 2015-10-26 15:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-03-17 13:16 - 2015-11-24 13:05 - 00000000 ____D C:\Users\Mike Work\AppData\Roaming\Samsung
2016-03-17 13:16 - 2015-11-24 13:05 - 00000000 ____D C:\ProgramData\Samsung
2016-03-17 13:15 - 2015-11-24 13:04 - 00000000 ____D C:\Program Files (x86)\Samsung
2016-03-14 11:27 - 2015-11-16 13:27 - 00000000 ____D C:\Users\Mike Work\AppData\Local\ElevatedDiagnostics
2016-03-12 09:40 - 2015-12-18 18:42 - 00000000 ____D C:\Users\Mike Work\AppData\Roaming\Apple Computer
2016-03-11 10:32 - 2015-12-18 18:42 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-03-11 10:31 - 2015-12-18 18:42 - 00000000 ____D C:\Users\Mike Work\AppData\Local\Apple Computer
2016-03-10 18:22 - 2015-10-26 14:35 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-03-10 18:18 - 2015-10-26 14:35 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-03-08 03:12 - 2015-10-30 03:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-03-08 03:12 - 2015-10-30 03:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2015-08-08 22:33 - 2015-08-08 22:35 - 8867862 _____ () C:\ProgramData\hpcsmmsilogs.log
2015-08-08 22:47 - 2015-08-08 22:47 - 1279600 _____ () C:\ProgramData\hpdam_install_log.txt
2015-08-08 22:47 - 2015-08-08 22:47 - 0544124 _____ () C:\ProgramData\HPFileSanitizer_Install_Log.txt

Some files in TEMP:
====================
C:\Users\Mike Work\AppData\Local\Temp\jre-8u77-windows-au.exe
C:\Users\Mike Work\AppData\Local\Temp\libeay32.dll
C:\Users\Mike Work\AppData\Local\Temp\msvcr120.dll
C:\Users\Mike Work\AppData\Local\Temp\sqlite3.dll
 
Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Mike Work (2016-04-01 11:19:41)
Running from C:\Users\Mike Work\Desktop
Windows 10 Pro Version 1511 (X64) (2016-03-24 13:00:00)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1950372069-2512553761-2839990813-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1950372069-2512553761-2839990813-503 - Limited - Disabled)
Guest (S-1-5-21-1950372069-2512553761-2839990813-501 - Limited - Disabled)
Mike Work (S-1-5-21-1950372069-2512553761-2839990813-1001 - Administrator - Enabled) => C:\Users\Mike Work

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.197 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.2.2257 - AVAST Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.5.14 - Canon Inc.)
Canon MX470 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX470_series) (Version: 1.00 - Canon Inc.)
Citrix Online Launcher (HKLM-x32\...\{678753E6-E526-4AE5-A144-00240772543A}) (Version: 1.0.393 - Citrix)
Citrix online plug-in - web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 11.2.0.31560 - Citrix Systems, Inc.)
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Empire Deluxe Internet Edition Demostration (HKLM-x32\...\Empire Deluxe Internet Edition Demostration) (Version: - )
Foxit PhantomPDF (HKLM-x32\...\{5F3E0897-97AA-4FC2-A0A9-130A39D0FDFB}) (Version: 6.0.16.324 - Foxit Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.110 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
GoToMeeting 7.15.0.4732 (HKU\S-1-5-21-1950372069-2512553761-2839990813-1001\...\GoToMeeting) (Version: 7.15.0.4732 - CitrixOnline)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HL-2270DW (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.0.7.0 - Brother Industries, Ltd.)
HP Client Security Manager (HKLM\...\HPProtectTools) (Version: 8.3.4.1811 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{A4DA13A9-5086-4581-AE32-A05EFB815A54}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15453.4066 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
HP Wireless Keyboard and Mouse Applet (HKLM-x32\...\{C2A98780-3B82-4056-A1FB-7377B3C80AF7}) (Version: 1.0.0.1 - Hewlett-Packard)
iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.27.1012 - Intel Corporation)
Intel(R) Update Manager (x32 Version: 1.6.3.70 - Intel Corporation) Hidden
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{201B03D6-FDDA-4C70-8A15-887F5B3CE365}) (Version: 4.2.19.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{51015b63-d62c-4ca9-af93-9c3c601cef0b}) (Version: 17.12.0 - Intel Corporation)
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Men of War - Demo (HKLM-x32\...\Steam App 7890) (Version: - Best Way)
Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.6741.2021 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Mozilla Firefox 45.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 en-US)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1.5918 - Mozilla)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6701.1013 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6701.1013 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6701.1013 - Microsoft Corporation) Hidden
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Panzer Corps (HKLM-x32\...\Panzer Corps1.00) (Version: 1.00 - Slitherine)
Parallels 2X RDP-64 bit (HKLM\...\{B6C89EC0-E417-4D09-8452-A45631EDF8A9}) (Version: 14.1.3470 - Parallels 2X Software Ltd.)
Perfect General Internet Edition & WWII Battle Set (HKLM-x32\...\Perfect General Internet Edition & WWII Battle Set) (Version: - )
Perfect General Internet Edition Demo (HKLM-x32\...\Perfect General Internet Edition Demo) (Version: - )
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.85.423.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7548 - Realtek Semiconductor Corp.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.06.00.04(1/29/2016) - Samsung Electronics Co., Ltd.)
Samsung M283x Series (HKLM-x32\...\Samsung M283x Series) (Version: 1.13 (12/16/2014) - Samsung Electronics Co., Ltd.)
Samsung Printer Diagnostics (HKLM-x32\...\Samsung Printer Diagnostics) (Version: 1.0.1.6.02 - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Uninstall Samsung Printer Software (HKLM-x32\...\TotalUninstaller) (Version: 4.0.0.13 - Samsung Electronics CO., LTD.)
View User's Guide (HKLM-x32\...\View User Guide) (Version: 3.60.45.0 - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1950372069-2512553761-2839990813-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Mike Work\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1950372069-2512553761-2839990813-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Mike Work\AppData\Local\Citrix\GoToMeeting\4628\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01CFA9D4-B38F-4C1E-BE24-DF7D79D4A2F0} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-03-20] (Microsoft Corporation)
Task: {0B576CD8-F2CC-4DA2-9A92-1C61A96EB1D8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {103ECC2C-B769-4C11-8333-E2961367A093} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {1331F41C-EA7C-4C80-AD8D-FF3EAB8A45CE} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {1C856E2C-B57A-484D-A767-E420A88A0817} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-24] (Adobe Systems Incorporated)
Task: {1D08C7D0-BCFE-453D-A8FC-9D200FF5908D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {21018EF1-AB94-4394-8C70-B6E13F5EE371} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {27B57458-D4FE-46A4-931F-5E11173ECB41} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {30A015B3-ED6A-403B-8E9F-DEA942D8006F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-04-01] (AVAST Software)
Task: {39C72344-527F-4774-AE2E-335DBF321A52} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {40DD55EF-C741-4FC9-9979-FDC1686591A7} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-03-20] (Microsoft Corporation)
Task: {459CAD1D-20D4-4181-8FCD-9C135ABD8959} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {4E0992E2-F34A-4A91-8F0C-8F36C375EB08} - System32\Tasks\G2MUpdateTask-S-1-5-21-1950372069-2512553761-2839990813-1001 => C:\Users\Mike Work\AppData\Local\Citrix\GoToMeeting\4732\g2mupdate.exe [2016-03-29] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {4FC092FD-40E5-407F-B8E5-EECF5F9A607B} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {569A4714-9E0B-482B-BCA7-74DB2745C451} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-29] (Google Inc.)
Task: {582C5B26-3F35-4792-90BB-151BA5E8CE6B} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {5C67AB8A-2064-4873-A8AA-0694C4CDFB67} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {5FE87118-83CF-471A-ABC7-CA6568D4308A} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {67011637-0578-4EDF-A5EC-9486C1A3C3A0} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {6C635FBF-1750-4123-85F8-E50B99016146} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2015-12-01] (Apple Inc.)
Task: {6D25906E-A62C-40DF-AB71-C52B82B99C8F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {74198A68-0ABC-4B8F-89C2-4B00D1854411} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {75DF48FC-D870-4D5A-B10C-927B79665EA1} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {783F39BF-86D9-4AC2-90C5-1B2494AE3742} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {7AD228B5-9954-4E49-8A2F-A9E998F7CEFC} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {7F4971E1-20E6-4173-B4E7-574286033069} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {85E16749-1413-4DFC-93B0-8139ABF555CB} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-07-18] (Intel Corporation)
Task: {8DA6E151-2B4F-498C-9630-D0EBF793846B} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {A3CCA2B1-44E2-45E4-9164-8DF2786CD052} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {B3BE4725-8890-4D4B-A8CB-CF3CFE3FB450} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {B3E16941-25B7-4113-9215-5B234173CACD} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {B7BA3421-B541-4D59-A2F0-C5175B2C4E97} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {C3A37C1C-E126-4D19-B1CC-7F97F09CB942} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {C6DCA586-E19B-4F92-B541-3A11237BCF20} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {CB0FDA7A-57F9-4199-B175-570D7FD48013} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {CC62C06A-5A5B-4AC9-8DA3-745EF113D71D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {CE899445-5BEB-47FF-BBA5-C686F53AF19F} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {D043F5B9-557E-498B-B54E-1AF3DA3E2BD1} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-07-18] (Intel Corporation)
Task: {D215BA27-5492-4792-AD31-9ADEF70EB364} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {D61CCA2C-2371-4638-8B75-9FB7C34F2983} - System32\Tasks\G2MUploadTask-S-1-5-21-1950372069-2512553761-2839990813-1001 => C:\Users\Mike Work\AppData\Local\Citrix\GoToMeeting\4732\g2mupload.exe [2016-03-29] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {DAB88C09-DA16-4EBF-B1C9-0F4DF6A57B61} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {DC648C5C-6761-42BF-BC40-A4AA4D42D41B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {E2ACC2A3-DFD1-4656-989C-DB6F5ED67109} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {E8E8FD32-213B-4F32-A3B6-A441C92AF058} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {EA956834-7F5C-46A5-A959-4E063FB069FC} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {EDDA35DC-B7DA-4323-B86E-202A735E40F7} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {FD1179B3-2609-4E3F-8D37-A4642AB7DBB5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-29] (Google Inc.)
Task: {FFB18CC3-3E76-4733-A13E-DB295597589E} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1950372069-2512553761-2839990813-1001.job => C:\Users\Mike Work\AppData\Local\Citrix\GoToMeeting\4732\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1950372069-2512553761-2839990813-1001.job => C:\Users\Mike Work\AppData\Local\Citrix\GoToMeeting\4732\g2mupload.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-11-24 13:04 - 2014-10-30 08:36 - 00029184 _____ () C:\WINDOWS\System32\ssk5mlm.dll
2016-03-17 13:15 - 2015-03-11 22:43 - 00022528 _____ () C:\WINDOWS\System32\us003lm.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 02654872 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-03-15 05:43 - 2016-03-20 16:12 - 08919240 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 02654872 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-19 02:08 - 2015-12-19 02:08 - 00402344 _____ () C:\WINDOWS\system32\igfxTray.exe
2015-08-08 22:39 - 2012-08-14 13:10 - 00802816 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Keyboard and Mouse Applet\KBDOSD.exe
2014-09-08 13:39 - 2014-09-08 13:39 - 00464608 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2014-09-08 13:38 - 2014-09-08 13:38 - 00051200 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2016-03-24 09:40 - 2016-03-24 09:40 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-03-24 12:36 - 2016-03-24 12:36 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-03-24 12:36 - 2016-03-24 12:36 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-03-29 01:31 - 2016-03-29 01:31 - 00016896 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-03-29 01:31 - 2016-03-29 01:31 - 17535488 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-03-24 09:40 - 2016-03-24 09:40 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2015-10-28 12:37 - 2016-03-20 13:10 - 00173256 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 01040656 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00237328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2015-11-16 13:31 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-08-13 13:54 - 2014-08-13 13:54 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-03-24 09:40 - 2016-03-24 09:40 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-03-24 09:40 - 2016-03-24 09:40 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-10-26 19:00 - 2016-03-10 20:56 - 00783360 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-10-26 19:00 - 2015-07-03 12:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-10-26 19:00 - 2016-03-31 16:55 - 02549840 _____ () C:\Program Files (x86)\Steam\video.dll
2015-10-26 19:00 - 2015-07-03 12:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-10-26 19:00 - 2015-07-03 12:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-10-26 19:00 - 2016-02-08 19:14 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-10-26 19:00 - 2016-02-08 19:14 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-10-26 19:00 - 2016-02-08 19:14 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-10-26 19:00 - 2016-02-08 19:14 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-10-26 19:00 - 2016-02-08 19:14 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-10-26 19:00 - 2016-03-31 16:55 - 00829008 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-10 18:31 - 2016-02-17 18:25 - 00281088 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2015-10-26 19:00 - 2016-02-08 21:33 - 48400672 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-10-26 19:00 - 2015-09-24 19:56 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2009-09-12 23:08 - 2009-09-12 23:08 - 00028496 _____ () C:\Program Files (x86)\Citrix\ICA Client\vdtuin.dll
2016-04-01 11:10 - 2016-04-01 11:10 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-04-01 11:10 - 2016-04-01 11:10 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-04-01 11:10 - 2016-04-01 11:10 - 02857472 _____ () C:\Program Files\AVAST Software\Avast\defs\16032402\algo.dll
2016-04-01 11:10 - 2016-04-01 11:10 - 00476544 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-04-01 11:10 - 2016-04-01 11:10 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2016-04-01 11:11 - 2016-04-01 11:11 - 02846208 _____ () C:\Program Files\AVAST Software\Avast\defs\16033102\algo.dll
2016-04-01 11:10 - 2016-04-01 11:10 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1950372069-2512553761-2839990813-1001\...\sharepoint.com -> hxxps://lakeorionk12mi-files.sharepoint.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1950372069-2512553761-2839990813-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Mike Work\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 75.75.76.76 - 75.75.75.75
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{2FB9C6F5-07D4-469D-86DA-C7AD363DAF07}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe
FirewallRules: [{AD7530EA-64FE-4A76-906B-6B10AB9B658C}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe
FirewallRules: [{E6304D23-BB0F-4E4A-B4B4-008CD6931583}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{E05A8DFF-17B0-485E-8F96-BCEFB070CABA}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{40D2F520-2F5F-49F8-B000-270D4C41FECC}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{A632309B-9B3A-4029-AFB3-2E36D3B0A23A}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{71803AB6-B503-4546-95E3-646DE638FB3C}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{C829345B-5C93-4356-8F5B-7608C145FE8C}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{7BE21373-A15B-4307-BC8D-D1A09044614C}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [UDP Query User{B539BCB5-B119-4F95-9CF7-5606C5BB45F0}C:\program files\2x\client\tsclient.exe] => (Allow) C:\program files\2x\client\tsclient.exe
FirewallRules: [TCP Query User{0E180D25-CB88-47DB-97FD-51EE75557250}C:\program files\2x\client\tsclient.exe] => (Allow) C:\program files\2x\client\tsclient.exe
FirewallRules: [{97CBDFAF-53DD-4670-87D3-2645F50624A9}] => (Allow) C:\Program Files\2X\Client\\TSClient.exe
FirewallRules: [{DA3C9418-C882-438A-935D-B81AD6A543E2}] => (Allow) C:\Program Files\2X\Client\\APPServerClient.exe
FirewallRules: [{DF4C73E1-A3C9-42D5-91D0-5D896FFC1439}] => (Allow) LPort=50005
FirewallRules: [{190BD737-0FD7-4BC2-8948-F40024B252B2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4B637BA7-3008-47C2-A7F0-0E0E2A21CEB7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D0A7AA9A-CA1B-4B99-B7E4-77A499F054DD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8AF20804-04E3-4F0D-A22E-E2B7AD04E17C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{D5C0BA08-4BBB-4A52-BE16-0AA858F62884}C:\program files (x86)\slitherine\panzer corps\update.exe] => (Allow) C:\program files (x86)\slitherine\panzer corps\update.exe
FirewallRules: [TCP Query User{B8B2A18D-55F0-4849-A802-FCF371A77916}C:\program files (x86)\slitherine\panzer corps\update.exe] => (Allow) C:\program files (x86)\slitherine\panzer corps\update.exe
FirewallRules: [{B6C3CD13-7613-4B79-9E7D-DD772FF86E5A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Men of War - Demo\mow_demo.exe
FirewallRules: [{2531EB0F-57AE-469F-87B7-41D7E69BEF77}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Men of War - Demo\mow_demo.exe
FirewallRules: [{82C1C0B9-DC8C-4712-9D7A-E5F0B3B64931}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0D0470B4-07D8-4525-9DA3-878D3E06C3A6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BD2FA226-4C15-4085-9F52-717CDCC8B53E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{3BFB4663-F96C-43B7-AFCF-4B5A44F74F38}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{A42AE464-FA3C-4A7C-858C-16FD48672D22}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{63B5D7A7-76AF-4AFD-845E-7BD60E9E80EB}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{9A3B6BFF-A1E2-47C4-BD34-15BD3C582399}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4679F343-0E16-46F6-8EB9-BE132F6A4D36}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5EA40384-CCBC-4EA6-B123-5A7F8A33C9D7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{01B9C3A9-40DF-49B7-9877-81F2C8BFFB06}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D73B07AB-E653-4D08-99E9-5D536B54282D}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{556D6A8A-FE88-4148-815F-F0A82940E814}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4F781F3A-C031-4DCA-9040-F6B271A89A47}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6285585A-5498-4204-8F9F-46E961243B3D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0945EF83-7C7A-46DD-A867-40E9CEDEC254}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A2EB5F9F-307B-40E2-90F3-CF36E46A6314}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{0AE999A3-1541-4705-9747-988CBE60CD18}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{ECA8F2E0-84F9-4EB0-A165-855C6ADAF65C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

24-03-2016 11:06:33 Windows Update
30-03-2016 10:35:46 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/01/2016 03:55:45 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: MIKEWORK-HP)
Description: Application or service 'Microsoft Office Document Cache Sync Client Interface' could not be shut down.

Error: (03/31/2016 05:59:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dwm.exe, version: 10.0.10586.0, time stamp: 0x5632d756
Faulting module name: d2d1.dll, version: 10.0.10586.71, time stamp: 0x5699d253
Exception code: 0xc0000005
Fault offset: 0x0000000000148094
Faulting process id: 0x3e0
Faulting application start time: 0xdwm.exe0
Faulting application path: dwm.exe1
Faulting module path: dwm.exe2
Report Id: dwm.exe3
Faulting package full name: dwm.exe4
Faulting package-relative application ID: dwm.exe5

Error: (03/31/2016 11:29:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SP_Connector.exe, version: 3.0.1.1, time stamp: 0x4e291877
Faulting module name: SP_Connector.exe, version: 3.0.1.1, time stamp: 0x4e291877
Exception code: 0xc0000409
Fault offset: 0x0001daf2
Faulting process id: 0x2444
Faulting application start time: 0xSP_Connector.exe0
Faulting application path: SP_Connector.exe1
Faulting module path: SP_Connector.exe2
Report Id: SP_Connector.exe3
Faulting package full name: SP_Connector.exe4
Faulting package-relative application ID: SP_Connector.exe5

Error: (03/30/2016 12:38:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SkypeHost.exe, version: 10.1.2123.10, time stamp: 0x569054dc
Faulting module name: SkyWrap.dll, version: 10.1.2123.10, time stamp: 0x569054c9
Exception code: 0xc0000005
Fault offset: 0x00ac6197
Faulting process id: 0x12d0
Faulting application start time: 0xSkypeHost.exe0
Faulting application path: SkypeHost.exe1
Faulting module path: SkypeHost.exe2
Report Id: SkypeHost.exe3
Faulting package full name: SkypeHost.exe4
Faulting package-relative application ID: SkypeHost.exe5

Error: (03/30/2016 12:09:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_stisvc, version: 10.0.10586.0, time stamp: 0x5632d7ba
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x8c4
Faulting application start time: 0xsvchost.exe_stisvc0
Faulting application path: svchost.exe_stisvc1
Faulting module path: svchost.exe_stisvc2
Report Id: svchost.exe_stisvc3
Faulting package full name: svchost.exe_stisvc4
Faulting package-relative application ID: svchost.exe_stisvc5

Error: (03/30/2016 11:01:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SkypeHost.exe, version: 10.1.2123.10, time stamp: 0x569054dc
Faulting module name: SkyWrap.dll, version: 10.1.2123.10, time stamp: 0x569054c9
Exception code: 0xc0000005
Fault offset: 0x00ac6197
Faulting process id: 0x12b0
Faulting application start time: 0xSkypeHost.exe0
Faulting application path: SkypeHost.exe1
Faulting module path: SkypeHost.exe2
Report Id: SkypeHost.exe3
Faulting package full name: SkypeHost.exe4
Faulting package-relative application ID: SkypeHost.exe5

Error: (03/30/2016 10:35:57 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (03/30/2016 10:31:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_stisvc, version: 10.0.10586.0, time stamp: 0x5632d7ba
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x9a8
Faulting application start time: 0xsvchost.exe_stisvc0
Faulting application path: svchost.exe_stisvc1
Faulting module path: svchost.exe_stisvc2
Report Id: svchost.exe_stisvc3
Faulting package full name: svchost.exe_stisvc4
Faulting package-relative application ID: svchost.exe_stisvc5

Error: (03/30/2016 01:00:29 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MIKEWORK-HP)
Description: Activation of app Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009280 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/25/2016 03:32:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_stisvc, version: 10.0.10586.0, time stamp: 0x5632d7ba
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0xa4c
Faulting application start time: 0xsvchost.exe_stisvc0
Faulting application path: svchost.exe_stisvc1
Faulting module path: svchost.exe_stisvc2
Report Id: svchost.exe_stisvc3
Faulting package full name: svchost.exe_stisvc4
Faulting package-relative application ID: svchost.exe_stisvc5


System errors:
=============
Error: (03/31/2016 07:29:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053

Error: (03/31/2016 07:29:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (03/30/2016 12:09:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Image Acquisition (WIA) service terminated unexpectedly. It has done this 1 time(s).

Error: (03/30/2016 12:08:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
%%1058

Error: (03/30/2016 12:07:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_39c65 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (03/30/2016 12:07:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_39c65 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (03/30/2016 12:07:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_39c65 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (03/30/2016 12:07:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_39c65 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (03/30/2016 10:31:48 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Image Acquisition (WIA) service terminated unexpectedly. It has done this 1 time(s).

Error: (03/30/2016 10:31:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
%%1058


CodeIntegrity:
===================================
Date: 2016-04-01 10:32:48.485
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-04-01 10:32:48.461
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-04-01 09:29:43.113
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-04-01 09:29:43.108
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-04-01 09:29:43.102
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-04-01 09:29:43.086
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-04-01 09:29:43.081
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-04-01 09:29:43.075
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-04-01 09:29:42.923
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-04-01 09:29:42.918
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz
Percentage of memory in use: 36%
Total physical RAM: 8114.98 MB
Available physical RAM: 5127.52 MB
Total Virtual: 16306.98 MB
Available Virtual: 12604.1 MB

==================== Drives ================================

Drive c: (Windows ) (Fixed) (Total:915.66 GB) (Free:818.15 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:14.75 GB) (Free:1.62 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:0.09 GB) (Free:0.05 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: A3A921FA)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=915.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=100 MB) - (Type=0C)

==================== End of Addition.txt ============================
 
I recently upgraded from Windows 7 to 10. I downloaded a free calculator and now my browsers are very slow and I get pop up ads in Chrome from Quiz Scope. I ran ADWcleaner, JRT and Malware Bytes. They found some things in my browser and cleaned them but it comes right back. Also, MalwareBytes will not update, I keep getting error Host Not Found.
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
797
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back