TechSpot

Overrun by malware

By morphy201180
Jun 21, 2016
  1. Hi,

    I hope someone can help. I have recently been given a laptop from a friend who has now gone over to a Mac. One of the reasons was the laptop didnt seem to work properly (very slow internet, cd drive not playing etc.)

    I ran a few scans which should the presence of a lot of malware. The laptop runs a lot better now however it is still quite sluggish.

    Please can someone have a look to see if there is any residual malware and how to remove it. I have used Rogue killer, Junkware removal tool, adware cleaner , malwarebytes and avast. Please FRST scan results below. Please let me know if you want to see the results from the other scans as well.
     
  2. morphy201180

    morphy201180 TS Enthusiast Topic Starter Posts: 79

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-06-2016 01
    Ran by Shannon (administrator) on SHANNON-PC (21-06-2016 10:27:21)
    Running from C:\Users\Shannon\Desktop
    Loaded Profiles: Shannon (Available Profiles: Shannon)
    Platform: Windows 10 Home Version 1511 (X64) Language: English (United Kingdom)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
    (RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
    (Microsoft Corporation) C:\Windows\System32\MusNotification.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
    (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.424_none_767fbf7a263fc7d3\TiWorker.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-08-19] (IDT, Inc.)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-04-28] (Synaptics Incorporated)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-21] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
    HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491632 2012-09-10] (CyberLink Corp.)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7405752 2016-06-21] (AVAST Software)
    HKU\S-1-5-21-353090159-1504183216-3683736410-1002\...\Run: [Google Update] => C:\Users\Shannon\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2015-05-17] (Google Inc.)
    HKU\S-1-5-21-353090159-1504183216-3683736410-1002\...\Run: [Epson Stylus SX440] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHBE.EXE [232448 2011-01-20] (SEIKO EPSON CORPORATION)
    HKU\S-1-5-21-353090159-1504183216-3683736410-1002\...\RunOnce: [Uninstall C:\Users\Shannon\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Shannon\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
    HKU\S-1-5-21-353090159-1504183216-3683736410-1002\...\RunOnce: [Uninstall C:\Users\Shannon\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Shannon\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-06-21] (AVAST Software)
    Startup: C:\Users\Shannon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2016-06-21]
    ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: 0x2320436F707972696768742028632920313939332D32303039204D6963726F736F667420436F72702E0D0A230D0A23205468697320697320612073616D706C6520484F5354532066696C652075736564206279204D6963726F736F6674205443502F495020666F722057696E646F77732E0D0A230D0A2320546869732066696C6520636F6E7461696E7320746865206D617070696E6773206F662049502061646472657373657320746F20686F7374206E616D65732E20456163680D0A2320656E7472792073686F756C64206265206B657074206F6E20616E20696E646976696475616C206C696E652E2054686520495020616464726573732073686F756C640D0A2320626520706C6163656420696E2074686520666972737420636F6C756D6E20666F6C6C6F7765642062792074686520636F72726573706F6E64696E6720686F7374206E616D652E0D0A2320546865204950206164647265737320616E642074686520686F7374206E616D652073686F756C6420626520736570617261746564206279206174206C65617374206F6E650D0A232073706163652E0D0A230D0A23204164646974696F6E616C6C792C20636F6D6D656E747320287375636820617320746865736529206D617920626520696E736572746564206F6E20696E646976696475616C0D0A23206C696E6573206F7220666F6C6C6F77696E6720746865206D616368696E65206E616D652064656E6F7465642062792061202723272073796D626F6C2E0D0A230D0A2320466F72206578616D706C653A0D0A230D0A232020202020203130322E35342E39342E393720202020207268696E6F2E61636D652E636F6D202020202020202020202320736F75726365207365727665720D0A232020202020202033382E32352E36332E31302020202020782E61636D652E636F6D202020202020202020202020202023207820636C69656E7420686F73740D0A0D0A23206C6F63616C686F7374206E616D65207265736F6C7574696F6E2069732068616E646C65642077697468696E20444E5320697473656C662E0D0A23093132372E302E302E31202020202020206C6F63616C686F73740D0A23093A3A31202020202020202020202020206C6F63616C686F73740D0A0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000D0A0D0A2320756E636865636B795F626567696E0D0A232054686573652072756C657320776572652061646465642062792074686520556E636865636B792070726F6772616D20696E206F7264657220746F20626C6F636B206164766572746973696E6720736F667477617265206D6F64756C65730D0A302E302E302E3020302E302E302E3020232066697820666F72207472616365726F75746520616E64206E65747374617420646973706C617920616E6F6D616C790D0A302E302E302E3020747261636B696E672E6F70656E63616E64792E636F6D2E73332E616D617A6F6E6177732E636F6D0D0A302E302E302E30206D656469612E6F70656E63616E64792E636F6D0D0A302E302E302E302063646E2E6F70656E63616E64792E636F6D0D0A302E302E302E3020747261636B696E672E6F70656E63616E64792E636F6D0D0A302E302E302E30206170692E6F70656E63616E64792E636F6D0D0A302E302E302E30206170692E7265636F6D6D656E64656473772E636F6D0D0A302E302E302E3020696E7374616C6C65722E626574746572696E7374616C6C65722E636F6D0D0A302E302E302E3020696E7374616C6C65722E66696C6562756C6C646F672E636F6D0D0A302E302E302E302064336F78746E31783362386437692E636C6F756466726F6E742E6E65740D0A302E302E302E3020696E6E6F2E62697372762E636F6D0D0A302E302E302E30206E7369732E62697372762E636F6D0D0A302E302E302E302063646E2E66696C65326465736B746F702E636F6D0D0A302E302E302E302063646E2E676F617465617374636163682E75730D0A302E302E302E302063646E2E677574746173746174646B2E75730D0A302E302E302E302063646E2E696E736B696E6D656469612E636F6D0D0A302E302E302E302063646E2E696E7374612E6F6962756E646C6573322E636F6D0D0A302E302E302E302063646E2E696E7374612E706C617962727974652E636F6D0D0A302E302E302E302063646E2E6C6C6F67657466617374636163682E75730D0A302E302E302E302063646E2E6D6F6E74696572612E636F6D0D0A302E302E302E302063646E2E6D7364776E6C642E636F6D0D0A302E302E302E302063646E2E6D7970636261636B75702E636F6D0D0A302E302E302E302063646E2E7070646F776E6C6F61642E636F6D0D0A302E302E302E302063646E2E72696365617465617374636163682E75730D0A302E302E302E302063646E2E73687961706F7461746F2E75730D0A302E302E302E302063646E2E736F6C696D62612E636F6D0D0A302E302E302E302063646E2E7475746F3470632E636F6D0D0A302E302E302E302063646E2E617070726F756E642E62697A0D0A302E302E302E302063646E2E626967737065656470726F2E636F6D0D0A302E302E302E302063646E2E62697370642E636F6D0D0A302E302E302E302063646E2E62697372762E636F6D0D0A302E302E302E302063646E2E63646E64702E636F6D0D0A302E302E302E302063646E2E646F776E6C6F61642E73776565747061636B732E636F6D0D0A302E302E302E302063646E2E6470646F776E6C6F61642E636F6D0D0A302E302E302E302063646E2E76697375616C6265652E6E65740D0A2320756E636865636B795F656E640D0A
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{1465406f-4295-4548-9fc9-5d2fe5087c02}: [DhcpNameServer] 192.168.0.1

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    HKU\S-1-5-21-353090159-1504183216-3683736410-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    HKU\S-1-5-21-353090159-1504183216-3683736410-1002\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPNOT13/2
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {8E805679-AD2E-430A-8FEF-7F95E3F96A85} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-353090159-1504183216-3683736410-1002 -> DefaultScope {BA1BE292-1D15-488B-934D-008742212380} URL =
    SearchScopes: HKU\S-1-5-21-353090159-1504183216-3683736410-1002 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    SearchScopes: HKU\S-1-5-21-353090159-1504183216-3683736410-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
    BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
    Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)

    FireFox:
    ========
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll [2012-04-26] (Adobe Systems, Inc.)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin HKU\S-1-5-21-353090159-1504183216-3683736410-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Shannon\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
    FF Plugin HKU\S-1-5-21-353090159-1504183216-3683736410-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Shannon\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
    FF Plugin HKU\S-1-5-21-353090159-1504183216-3683736410-1002: hp.com/HPDetect -> C:\Users\Shannon\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll [2012-08-30] (HP)
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-06-21]
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.google.com
    CHR Profile: C:\Users\Shannon\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Shannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-17]
    CHR Extension: (Google Docs) - C:\Users\Shannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-17]
    CHR Extension: (Google Drive) - C:\Users\Shannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-11]
    CHR Extension: (YouTube) - C:\Users\Shannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-18]
    CHR Extension: (Google Search) - C:\Users\Shannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-04-11]
    CHR Extension: (Google Sheets) - C:\Users\Shannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-17]
    CHR Extension: (Avast Online Security) - C:\Users\Shannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-06-21]
    CHR Extension: (Love Smoke) - C:\Users\Shannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgibfhhccaknggplelmbaepoikkcnllb [2015-05-17]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Shannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-17]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Shannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-11]
    CHR Extension: (Gmail) - C:\Users\Shannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-17]
    CHR Profile: C:\Users\Shannon\AppData\Local\Google\Chrome\User Data\Profile 1
    CHR Extension: (Google Slides) - C:\Users\Shannon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-05]
    CHR Extension: (Google Docs) - C:\Users\Shannon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-05]
    CHR Extension: (Google Drive) - C:\Users\Shannon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-05]
    CHR Extension: (YouTube) - C:\Users\Shannon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-05]
    CHR Extension: (Google Search) - C:\Users\Shannon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-05]
    CHR Extension: (SafeSearch) - C:\Users\Shannon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dofpbgmibkabhhihnomcmmijlkhaeilm [2015-11-05]
    CHR Extension: (Google Sheets) - C:\Users\Shannon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-05]
    CHR Extension: (Norton Identity Safe) - C:\Users\Shannon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-11-05]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Shannon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-11-05]
    CHR Extension: (Norton Security Toolbar) - C:\Users\Shannon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2015-11-05]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Shannon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-05]
    CHR Extension: (Gmail) - C:\Users\Shannon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-05]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-06-21]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-21] (Advanced Micro Devices, Inc.) [File not signed]
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-06-21] (AVAST Software)
    R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
    S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
    R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
    R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [255928 2016-04-09] (RaMMicHaeL)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-06-21] (AVAST Software)
    R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-06-21] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-06-21] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-06-21] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-06-21] (AVAST Software)
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-06-21] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-06-21] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-06-21] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-06-21] (AVAST Software)
    R3 athr; C:\Windows\System32\drivers\athw10x.sys [4318760 2015-08-28] (Qualcomm Atheros Communications, Inc.)
    R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
    R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
    U5 iaStorA; C:\Windows\System32\Drivers\iaStorA.sys [645952 2012-07-31] (Intel Corporation)
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
    R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.)
    R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
    S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-11] (Synaptics Incorporated)
    S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-11] (Synaptics Incorporated)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-06-21] ()
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
    R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
    R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
  3. morphy201180

    morphy201180 TS Enthusiast Topic Starter Posts: 79

    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-06-21 10:27 - 2016-06-21 10:28 - 00027650 _____ C:\Users\Shannon\Desktop\FRST.txt
    2016-06-21 10:27 - 2016-06-21 10:27 - 00000000 ____D C:\FRST
    2016-06-21 10:25 - 2016-06-21 10:27 - 02387456 _____ (Farbar) C:\Users\Shannon\Desktop\FRST64.exe
    2016-06-21 06:24 - 2016-06-21 06:24 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
    2016-06-21 02:00 - 2016-06-21 02:01 - 05659224 _____ (Swearware) C:\Users\Shannon\Desktop\ComboFix.exe
    2016-06-21 01:50 - 2016-06-21 01:50 - 00006910 _____ C:\Users\Shannon\Desktop\AdwCleaner[C1].txt
    2016-06-21 01:37 - 2016-06-21 01:44 - 00000000 ____D C:\AdwCleaner
    2016-06-21 01:36 - 2016-06-21 01:37 - 03703360 _____ C:\Users\Shannon\Desktop\AdwCleaner.exe
    2016-06-21 01:34 - 2016-06-21 01:34 - 00003742 _____ C:\Users\Shannon\Desktop\JRT.txt
    2016-06-21 01:33 - 2016-05-28 06:06 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2016-06-21 01:33 - 2016-05-28 05:29 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2016-06-21 01:33 - 2016-05-28 05:19 - 24605696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2016-06-21 01:33 - 2016-05-28 05:16 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2016-06-21 01:33 - 2016-04-23 06:09 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2016-06-21 01:33 - 2016-04-23 06:09 - 05240960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
    2016-06-21 01:33 - 2016-04-23 06:08 - 06605504 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
    2016-06-21 01:33 - 2016-04-23 05:31 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2016-06-21 01:33 - 2016-04-23 05:28 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2016-06-21 01:33 - 2016-02-24 10:28 - 03449168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
    2016-06-21 01:33 - 2016-02-24 06:05 - 12586496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
    2016-06-21 01:33 - 2016-02-24 06:03 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
    2016-06-21 01:33 - 2016-02-23 11:32 - 08705672 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2016-06-21 01:33 - 2016-02-23 10:38 - 06952088 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2016-06-21 01:33 - 2016-02-23 07:35 - 07533568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
    2016-06-21 01:33 - 2016-02-23 07:28 - 06740992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
    2016-06-21 01:32 - 2016-05-28 07:13 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
    2016-06-21 01:32 - 2016-05-28 07:13 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2016-06-21 01:32 - 2016-05-28 07:13 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
    2016-06-21 01:32 - 2016-05-28 06:22 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2016-06-21 01:32 - 2016-05-28 06:07 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2016-06-21 01:32 - 2016-05-28 06:07 - 02921880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2016-06-21 01:32 - 2016-05-28 06:06 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
    2016-06-21 01:32 - 2016-05-28 06:05 - 04515264 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
    2016-06-21 01:32 - 2016-05-28 05:35 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
    2016-06-21 01:32 - 2016-05-28 05:18 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2016-06-21 01:32 - 2016-05-28 05:18 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
    2016-06-21 01:32 - 2016-05-28 05:17 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2016-06-21 01:32 - 2016-05-28 05:16 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
    2016-06-21 01:32 - 2016-05-28 05:14 - 18674176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2016-06-21 01:32 - 2016-05-28 05:13 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2016-06-21 01:32 - 2016-05-28 05:08 - 13385728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2016-06-21 01:32 - 2016-05-28 05:08 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
    2016-06-21 01:32 - 2016-05-28 05:06 - 12128256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2016-06-21 01:32 - 2016-05-28 05:06 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
    2016-06-21 01:32 - 2016-05-28 05:06 - 01339904 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
    2016-06-21 01:32 - 2016-05-28 05:05 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
    2016-06-21 01:32 - 2016-05-28 05:05 - 03664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2016-06-21 01:32 - 2016-05-28 05:05 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
    2016-06-21 01:32 - 2016-05-28 05:04 - 06973952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
    2016-06-21 01:32 - 2016-05-28 05:03 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
    2016-06-21 01:32 - 2016-05-28 05:03 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
    2016-06-21 01:32 - 2016-05-28 05:03 - 02609664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
    2016-06-21 01:32 - 2016-05-28 05:02 - 03590144 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2016-06-21 01:32 - 2016-05-28 05:02 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
    2016-06-21 01:32 - 2016-05-28 05:01 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
    2016-06-21 01:32 - 2016-05-28 05:01 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2016-06-21 01:32 - 2016-05-28 05:00 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2016-06-21 01:32 - 2016-05-28 05:00 - 03585536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
    2016-06-21 01:32 - 2016-05-28 05:00 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
    2016-06-21 01:32 - 2016-05-28 05:00 - 02230272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2016-06-21 01:32 - 2016-05-28 05:00 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2016-06-21 01:32 - 2016-05-28 05:00 - 01730560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2016-06-21 01:32 - 2016-05-28 04:58 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2016-06-21 01:32 - 2016-05-28 04:58 - 04896256 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2016-06-21 01:32 - 2016-05-28 04:58 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2016-06-21 01:32 - 2016-05-28 04:58 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
    2016-06-21 01:32 - 2016-05-28 04:57 - 02281472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2016-06-21 01:32 - 2016-05-28 04:55 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
    2016-06-21 01:32 - 2016-04-23 07:12 - 00713920 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
    2016-06-21 01:32 - 2016-04-23 07:12 - 00190144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
    2016-06-21 01:32 - 2016-04-23 06:28 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
    2016-06-21 01:32 - 2016-04-23 06:28 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2016-06-21 01:32 - 2016-04-23 06:24 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
    2016-06-21 01:32 - 2016-04-23 06:24 - 01819208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2016-06-21 01:32 - 2016-04-23 06:24 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
    2016-06-21 01:32 - 2016-04-23 06:12 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
    2016-06-21 01:32 - 2016-04-23 06:11 - 01092464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
    2016-06-21 01:32 - 2016-04-23 06:11 - 00498960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
    2016-06-21 01:32 - 2016-04-23 06:08 - 00725776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
    2016-06-21 01:32 - 2016-04-23 06:07 - 01848072 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
    2016-06-21 01:32 - 2016-04-23 06:00 - 01776768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
    2016-06-21 01:32 - 2016-04-23 05:25 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
    2016-06-21 01:32 - 2016-04-23 05:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
    2016-06-21 01:32 - 2016-04-23 05:19 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
    2016-06-21 01:32 - 2016-04-23 05:19 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
    2016-06-21 01:32 - 2016-04-23 05:18 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
    2016-06-21 01:32 - 2016-04-23 05:18 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
    2016-06-21 01:32 - 2016-04-23 05:18 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
    2016-06-21 01:32 - 2016-04-23 05:17 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
    2016-06-21 01:32 - 2016-04-23 05:17 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
    2016-06-21 01:32 - 2016-04-23 05:16 - 01319424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
    2016-06-21 01:32 - 2016-04-23 05:15 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
    2016-06-21 01:32 - 2016-04-23 05:15 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
    2016-06-21 01:32 - 2016-04-23 05:15 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
    2016-06-21 01:32 - 2016-04-23 05:14 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
    2016-06-21 01:32 - 2016-04-23 05:14 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
    2016-06-21 01:32 - 2016-04-23 05:14 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
    2016-06-21 01:32 - 2016-04-23 05:13 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
    2016-06-21 01:32 - 2016-04-23 05:13 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
    2016-06-21 01:32 - 2016-04-23 05:12 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
    2016-06-21 01:32 - 2016-04-23 05:10 - 00639488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
    2016-06-21 01:32 - 2016-04-23 05:05 - 05502976 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
    2016-06-21 01:32 - 2016-04-23 05:05 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
    2016-06-21 01:32 - 2016-04-23 05:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
    2016-06-21 01:32 - 2016-04-23 05:04 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
    2016-06-21 01:32 - 2016-04-23 05:03 - 02000896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
    2016-06-21 01:32 - 2016-04-23 05:03 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
    2016-06-21 01:32 - 2016-04-23 05:02 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
    2016-06-21 01:32 - 2016-04-23 05:01 - 04775424 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
    2016-06-21 01:32 - 2016-04-23 05:00 - 00984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
    2016-06-21 01:32 - 2016-04-02 04:19 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2016-06-21 01:32 - 2016-03-29 11:20 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
    2016-06-21 01:32 - 2016-03-29 10:56 - 01297752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
    2016-06-21 01:32 - 2016-03-29 08:20 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
    2016-06-21 01:32 - 2016-03-29 08:14 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
    2016-06-21 01:32 - 2016-03-29 08:02 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
    2016-06-21 01:32 - 2016-03-29 08:02 - 01211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
    2016-06-21 01:32 - 2016-03-29 07:36 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
    2016-06-21 01:32 - 2016-03-29 07:32 - 01098240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
    2016-06-21 01:32 - 2016-03-29 06:45 - 03078144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
    2016-06-21 01:32 - 2016-03-29 06:43 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
    2016-06-21 01:32 - 2016-03-29 06:36 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
    2016-06-21 01:32 - 2016-03-29 06:26 - 00958976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
    2016-06-21 01:32 - 2016-03-01 06:22 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
    2016-06-21 01:32 - 2016-02-24 10:34 - 01613664 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
    2016-06-21 01:32 - 2016-02-24 07:40 - 01224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
    2016-06-21 01:32 - 2016-02-24 07:34 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
    2016-06-21 01:32 - 2016-02-24 07:18 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
    2016-06-21 01:32 - 2016-02-24 07:07 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
    2016-06-21 01:32 - 2016-02-24 07:04 - 01497088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
    2016-06-21 01:32 - 2016-02-24 07:03 - 00769536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
    2016-06-21 01:32 - 2016-02-23 11:32 - 02544264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2016-06-21 01:32 - 2016-02-23 11:32 - 01152328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
    2016-06-21 01:32 - 2016-02-23 11:32 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
    2016-06-21 01:32 - 2016-02-23 11:31 - 01017032 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
    2016-06-21 01:32 - 2016-02-23 11:31 - 00819648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
    2016-06-21 01:32 - 2016-02-23 11:31 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
    2016-06-21 01:32 - 2016-02-23 10:45 - 02773096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
    2016-06-21 01:32 - 2016-02-23 10:38 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2016-06-21 01:32 - 2016-02-23 10:38 - 00980352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
    2016-06-21 01:32 - 2016-02-23 10:38 - 00895080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
    2016-06-21 01:32 - 2016-02-23 10:38 - 00882720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
    2016-06-21 01:32 - 2016-02-23 10:37 - 00713824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
    2016-06-21 01:32 - 2016-02-23 10:20 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSave.dll
    2016-06-21 01:32 - 2016-02-23 09:56 - 02186864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
    2016-06-21 01:32 - 2016-02-23 09:14 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
    2016-06-21 01:32 - 2016-02-23 09:10 - 00997376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
    2016-06-21 01:32 - 2016-02-23 09:04 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
    2016-06-21 01:32 - 2016-02-23 08:48 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
    2016-06-21 01:32 - 2016-02-23 08:37 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
    2016-06-21 01:32 - 2016-02-23 08:31 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
    2016-06-21 01:32 - 2016-02-23 08:24 - 04827136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
    2016-06-21 01:32 - 2016-02-23 08:24 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
    2016-06-21 01:32 - 2016-02-23 07:56 - 04412928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
    2016-06-21 01:32 - 2016-02-23 07:41 - 02912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
    2016-06-21 01:32 - 2016-02-23 07:33 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
    2016-06-21 01:32 - 2016-01-27 06:57 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
    2016-06-21 01:32 - 2016-01-27 06:46 - 02606824 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
    2016-06-21 01:32 - 2016-01-16 07:21 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
    2016-06-21 01:32 - 2016-01-16 07:12 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
    2016-06-21 01:32 - 2016-01-16 07:08 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
    2016-06-21 01:32 - 2016-01-16 06:29 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
    2016-06-21 01:32 - 2016-01-16 06:24 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
    2016-06-21 01:31 - 2016-05-28 07:13 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
    2016-06-21 01:31 - 2016-05-28 07:13 - 00290496 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
    2016-06-21 01:31 - 2016-05-28 07:13 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
    2016-06-21 01:31 - 2016-05-28 06:25 - 04268880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
    2016-06-21 01:31 - 2016-05-28 06:23 - 00388384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ws2_32.dll
    2016-06-21 01:31 - 2016-05-28 06:23 - 00312160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswsock.dll
    2016-06-21 01:31 - 2016-05-28 06:22 - 04387680 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
    2016-06-21 01:31 - 2016-05-28 06:22 - 00428896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
    2016-06-21 01:31 - 2016-05-28 06:20 - 00430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ws2_32.dll
    2016-06-21 01:31 - 2016-05-28 06:18 - 00357216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswsock.dll
    2016-06-21 01:31 - 2016-05-28 06:09 - 00501600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
    2016-06-21 01:31 - 2016-05-28 06:08 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
    2016-06-21 01:31 - 2016-05-28 06:08 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
    2016-06-21 01:31 - 2016-05-28 06:07 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
    2016-06-21 01:31 - 2016-05-28 06:07 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
    2016-06-21 01:31 - 2016-05-28 06:07 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
    2016-06-21 01:31 - 2016-05-28 06:07 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
    2016-06-21 01:31 - 2016-05-28 06:07 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
    2016-06-21 01:31 - 2016-05-28 06:06 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
    2016-06-21 01:31 - 2016-05-28 06:06 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
    2016-06-21 01:31 - 2016-05-28 06:06 - 00254656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
    2016-06-21 01:31 - 2016-05-28 06:04 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2016-06-21 01:31 - 2016-05-28 06:04 - 00431296 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
    2016-06-21 01:31 - 2016-05-28 06:04 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
    2016-06-21 01:31 - 2016-05-28 05:58 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2016-06-21 01:31 - 2016-05-28 05:58 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
    2016-06-21 01:31 - 2016-05-28 05:57 - 02548944 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
    2016-06-21 01:31 - 2016-05-28 05:57 - 02195632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
    2016-06-21 01:31 - 2016-05-28 05:57 - 01594416 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
    2016-06-21 01:31 - 2016-05-28 05:57 - 01372312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
    2016-06-21 01:31 - 2016-05-28 05:57 - 00649792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
    2016-06-21 01:31 - 2016-05-28 05:57 - 00636304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
    2016-06-21 01:31 - 2016-05-28 05:57 - 00577376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
    2016-06-21 01:31 - 2016-05-28 05:57 - 00546456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
    2016-06-21 01:31 - 2016-05-28 05:57 - 00521664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
    2016-06-21 01:31 - 2016-05-28 05:57 - 00316256 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
    2016-06-21 01:31 - 2016-05-28 05:35 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsdport.sys
    2016-06-21 01:31 - 2016-05-28 05:31 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
    2016-06-21 01:31 - 2016-05-28 05:31 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
    2016-06-21 01:31 - 2016-05-28 05:26 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
    2016-06-21 01:31 - 2016-05-28 05:26 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
    2016-06-21 01:31 - 2016-05-28 05:24 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
    2016-06-21 01:31 - 2016-05-28 05:22 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
    2016-06-21 01:31 - 2016-05-28 05:22 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
    2016-06-21 01:31 - 2016-05-28 05:22 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
    2016-06-21 01:31 - 2016-05-28 05:22 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
    2016-06-21 01:31 - 2016-05-28 05:22 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
    2016-06-21 01:31 - 2016-05-28 05:21 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
    2016-06-21 01:31 - 2016-05-28 05:21 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrokerLib.dll
    2016-06-21 01:31 - 2016-05-28 05:21 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
    2016-06-21 01:31 - 2016-05-28 05:21 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
    2016-06-21 01:31 - 2016-05-28 05:20 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
    2016-06-21 01:31 - 2016-05-28 05:19 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
    2016-06-21 01:31 - 2016-05-28 05:18 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
    2016-06-21 01:31 - 2016-05-28 05:18 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
    2016-06-21 01:31 - 2016-05-28 05:18 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
    2016-06-21 01:31 - 2016-05-28 05:18 - 00380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
    2016-06-21 01:31 - 2016-05-28 05:18 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
    2016-06-21 01:31 - 2016-05-28 05:17 - 00963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
    2016-06-21 01:31 - 2016-05-28 05:17 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
    2016-06-21 01:31 - 2016-05-28 05:17 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
    2016-06-21 01:31 - 2016-05-28 05:17 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
    2016-06-21 01:31 - 2016-05-28 05:16 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
    2016-06-21 01:31 - 2016-05-28 05:16 - 00684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
    2016-06-21 01:31 - 2016-05-28 05:16 - 00592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
    2016-06-21 01:31 - 2016-05-28 05:16 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
    2016-06-21 01:31 - 2016-05-28 05:15 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
    2016-06-21 01:31 - 2016-05-28 05:15 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
    2016-06-21 01:31 - 2016-05-28 05:15 - 00794624 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
    2016-06-21 01:31 - 2016-05-28 05:15 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
    2016-06-21 01:31 - 2016-05-28 05:14 - 01716736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
    2016-06-21 01:31 - 2016-05-28 05:14 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
    2016-06-21 01:31 - 2016-05-28 05:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
    2016-06-21 01:31 - 2016-05-28 05:14 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2016-06-21 01:31 - 2016-05-28 05:14 - 00606208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2016-06-21 01:31 - 2016-05-28 05:14 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
    2016-06-21 01:31 - 2016-05-28 05:13 - 00990208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
    2016-06-21 01:31 - 2016-05-28 05:13 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
    2016-06-21 01:31 - 2016-05-28 05:13 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
    2016-06-21 01:31 - 2016-05-28 05:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
    2016-06-21 01:31 - 2016-05-28 05:13 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
    2016-06-21 01:31 - 2016-05-28 05:12 - 00614400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
    2016-06-21 01:31 - 2016-05-28 05:12 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
    2016-06-21 01:31 - 2016-05-28 05:11 - 01445888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
    2016-06-21 01:31 - 2016-05-28 05:11 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
    2016-06-21 01:31 - 2016-05-28 05:11 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
    2016-06-21 01:31 - 2016-05-28 05:11 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
    2016-06-21 01:31 - 2016-05-28 05:11 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2016-06-21 01:31 - 2016-05-28 05:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2016-06-21 01:31 - 2016-05-28 05:09 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
    2016-06-21 01:31 - 2016-05-28 05:05 - 01797120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
    2016-06-21 01:31 - 2016-05-28 05:04 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
    2016-06-21 01:31 - 2016-05-28 05:03 - 01185280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationFramework.dll
    2016-06-21 01:31 - 2016-05-28 05:03 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
    2016-06-21 01:31 - 2016-05-28 05:02 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
    2016-06-21 01:31 - 2016-05-28 05:01 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
    2016-06-21 01:31 - 2016-05-28 05:00 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
    2016-06-21 01:31 - 2016-05-28 05:00 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
    2016-06-21 01:31 - 2016-05-28 04:59 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
    2016-06-21 01:31 - 2016-05-28 04:58 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
    2016-06-21 01:31 - 2016-05-28 04:53 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
    2016-06-21 01:31 - 2016-05-06 05:53 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdport.sys
    2016-06-21 01:31 - 2016-05-06 05:03 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
    2016-06-21 01:31 - 2016-05-06 04:53 - 00351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
    2016-06-21 01:31 - 2016-05-06 04:49 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
    2016-06-21 01:31 - 2016-05-06 04:44 - 00582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
    2016-06-21 01:31 - 2016-05-05 05:50 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
    2016-06-21 01:31 - 2016-04-23 06:26 - 00707608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
    2016-06-21 01:31 - 2016-04-23 06:24 - 00638816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
    2016-06-21 01:31 - 2016-04-23 06:24 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
    2016-06-21 01:31 - 2016-04-23 06:22 - 01161120 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
    2016-06-21 01:31 - 2016-04-23 06:13 - 00306832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
    2016-06-21 01:31 - 2016-04-23 06:12 - 00451928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
    2016-06-21 01:31 - 2016-04-23 06:12 - 00413536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
    2016-06-21 01:31 - 2016-04-23 06:11 - 00390496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
    2016-06-21 01:31 - 2016-04-23 06:11 - 00131424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufxsynopsys.sys
    2016-06-21 01:31 - 2016-04-23 06:09 - 00569744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
    2016-06-21 01:31 - 2016-04-23 06:09 - 00565600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
    2016-06-21 01:31 - 2016-04-23 06:09 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
    2016-06-21 01:31 - 2016-04-23 06:07 - 01536088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
    2016-06-21 01:31 - 2016-04-23 06:07 - 00204048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
    2016-06-21 01:31 - 2016-04-23 06:07 - 00183904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
    2016-06-21 01:31 - 2016-04-23 06:06 - 00291360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
    2016-06-21 01:31 - 2016-04-23 06:02 - 00188256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
    2016-06-21 01:31 - 2016-04-23 06:01 - 00619296 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
    2016-06-21 01:31 - 2016-04-23 06:01 - 00513368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
    2016-06-21 01:31 - 2016-04-23 06:01 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
    2016-06-21 01:31 - 2016-04-23 06:01 - 00217440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
    2016-06-21 01:31 - 2016-04-23 06:00 - 01522152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
    2016-06-21 01:31 - 2016-04-23 06:00 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
    2016-06-21 01:31 - 2016-04-23 06:00 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
    2016-06-21 01:31 - 2016-04-23 06:00 - 00550656 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
    2016-06-21 01:31 - 2016-04-23 06:00 - 00453472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
    2016-06-21 01:31 - 2016-04-23 05:56 - 00534872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
    2016-06-21 01:31 - 2016-04-23 05:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
    2016-06-21 01:31 - 2016-04-23 05:32 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
    2016-06-21 01:31 - 2016-04-23 05:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\filecrypt.sys
    2016-06-21 01:31 - 2016-04-23 05:29 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
    2016-06-21 01:31 - 2016-04-23 05:28 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
    2016-06-21 01:31 - 2016-04-23 05:28 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
    2016-06-21 01:31 - 2016-04-23 05:26 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
    2016-06-21 01:31 - 2016-04-23 05:25 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
    2016-06-21 01:31 - 2016-04-23 05:25 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
    2016-06-21 01:31 - 2016-04-23 05:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
    2016-06-21 01:31 - 2016-04-23 05:24 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
    2016-06-21 01:31 - 2016-04-23 05:24 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
    2016-06-21 01:31 - 2016-04-23 05:24 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
    2016-06-21 01:31 - 2016-04-23 05:24 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
    2016-06-21 01:31 - 2016-04-23 05:24 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
    2016-06-21 01:31 - 2016-04-23 05:23 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
    2016-06-21 01:31 - 2016-04-23 05:23 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
    2016-06-21 01:31 - 2016-04-23 05:21 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
    2016-06-21 01:31 - 2016-04-23 05:20 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
    2016-06-21 01:31 - 2016-04-23 05:20 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
    2016-06-21 01:31 - 2016-04-23 05:20 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
    2016-06-21 01:31 - 2016-04-23 05:20 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
    2016-06-21 01:31 - 2016-04-23 05:18 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2016-06-21 01:31 - 2016-04-23 05:18 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
    2016-06-21 01:31 - 2016-04-23 05:18 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
    2016-06-21 01:31 - 2016-04-23 05:17 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
    2016-06-21 01:31 - 2016-04-23 05:16 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
    2016-06-21 01:31 - 2016-04-23 05:15 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
    2016-06-21 01:31 - 2016-04-23 05:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
    2016-06-21 01:31 - 2016-04-23 05:14 - 00647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2016-06-21 01:31 - 2016-04-23 05:14 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
    2016-06-21 01:31 - 2016-04-23 05:13 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
    2016-06-21 01:31 - 2016-04-23 05:07 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
    2016-06-21 01:31 - 2016-04-23 05:05 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
    2016-06-21 01:31 - 2016-04-23 05:03 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
    2016-06-21 01:31 - 2016-04-23 05:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
    2016-06-21 01:31 - 2016-04-23 04:45 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
    2016-06-21 01:31 - 2016-04-02 05:13 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
    2016-06-21 01:31 - 2016-04-02 05:10 - 00374008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
    2016-06-21 01:31 - 2016-03-29 11:22 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2016-06-21 01:31 - 2016-03-29 11:22 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
    2016-06-21 01:31 - 2016-03-29 11:20 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2016-06-21 01:31 - 2016-03-29 11:20 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2016-06-21 01:31 - 2016-03-29 11:18 - 02152280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
    2016-06-21 01:31 - 2016-03-29 11:11 - 00686976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
    2016-06-21 01:31 - 2016-03-29 11:05 - 01152864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
    2016-06-21 01:31 - 2016-03-29 11:02 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
    2016-06-21 01:31 - 2016-03-29 11:02 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
    2016-06-21 01:31 - 2016-03-29 10:37 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
    2016-06-21 01:31 - 2016-03-29 10:28 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
    2016-06-21 01:31 - 2016-03-29 10:19 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
    2016-06-21 01:31 - 2016-03-29 10:13 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
    2016-06-21 01:31 - 2016-03-29 10:08 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
    2016-06-21 01:31 - 2016-03-29 10:08 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
    2016-06-21 01:31 - 2016-03-29 09:26 - 02403680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
    2016-06-21 01:31 - 2016-03-29 09:26 - 01089888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
    2016-06-21 01:31 - 2016-03-29 09:24 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
    2016-06-21 01:31 - 2016-03-29 09:21 - 00378208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
    2016-06-21 01:31 - 2016-03-29 08:51 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
    2016-06-21 01:31 - 2016-03-29 08:48 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
    2016-06-21 01:31 - 2016-03-29 08:36 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
    2016-06-21 01:31 - 2016-03-29 08:30 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
    2016-06-21 01:31 - 2016-03-29 08:27 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
    2016-06-21 01:31 - 2016-03-29 08:22 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
    2016-06-21 01:31 - 2016-03-29 08:20 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
    2016-06-21 01:31 - 2016-03-29 08:19 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
    2016-06-21 01:31 - 2016-03-29 08:17 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
    2016-06-21 01:31 - 2016-03-29 08:11 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
    2016-06-21 01:31 - 2016-03-29 08:09 - 01239552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
    2016-06-21 01:31 - 2016-03-29 08:07 - 01902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
    2016-06-21 01:31 - 2016-03-29 08:06 - 01575936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
    2016-06-21 01:31 - 2016-03-29 08:05 - 01395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
    2016-06-21 01:31 - 2016-03-29 08:03 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
    2016-06-21 01:31 - 2016-03-29 08:00 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
    2016-06-21 01:31 - 2016-03-29 07:55 - 01052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
    2016-06-21 01:31 - 2016-03-29 07:49 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
    2016-06-21 01:31 - 2016-03-29 07:43 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AccountsRt.dll
    2016-06-21 01:31 - 2016-03-29 07:42 - 01410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
    2016-06-21 01:31 - 2016-03-29 07:40 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
    2016-06-21 01:31 - 2016-03-29 07:36 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
    2016-06-21 01:31 - 2016-03-29 07:34 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
    2016-06-21 01:31 - 2016-03-29 07:32 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
    2016-06-21 01:31 - 2016-03-29 07:31 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
    2016-06-21 01:31 - 2016-03-29 07:30 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
    2016-06-21 01:31 - 2016-03-29 07:29 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
    2016-06-21 01:31 - 2016-03-29 07:28 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
    2016-06-21 01:31 - 2016-03-29 07:28 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
    2016-06-21 01:31 - 2016-03-29 07:27 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
    2016-06-21 01:31 - 2016-03-29 07:27 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
    2016-06-21 01:31 - 2016-03-29 07:23 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
    2016-06-21 01:31 - 2016-03-29 07:17 - 00765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
    2016-06-21 01:31 - 2016-03-29 07:14 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
    2016-06-21 01:31 - 2016-03-29 07:13 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
    2016-06-21 01:31 - 2016-03-29 07:10 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
    2016-06-21 01:31 - 2016-03-29 07:05 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2016-06-21 01:31 - 2016-03-29 07:05 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
    2016-06-21 01:31 - 2016-03-29 07:04 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
    2016-06-21 01:31 - 2016-03-29 06:45 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
    2016-06-21 01:31 - 2016-03-29 06:43 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
    2016-06-21 01:31 - 2016-03-29 06:38 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
    2016-06-21 01:31 - 2016-03-29 06:25 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
    2016-06-21 01:31 - 2016-03-01 06:31 - 00848168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
    2016-06-21 01:31 - 2016-02-24 09:58 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
    2016-06-21 01:31 - 2016-02-24 09:43 - 00625000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
    2016-06-21 01:31 - 2016-02-24 09:19 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
    2016-06-21 01:31 - 2016-02-24 09:11 - 00258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll
    2016-06-21 01:31 - 2016-02-24 09:09 - 00640472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
    2016-06-21 01:31 - 2016-02-24 08:35 - 00220064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqmapi.dll
    2016-06-21 01:31 - 2016-02-24 08:33 - 00538736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
    2016-06-21 01:31 - 2016-02-24 08:20 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
    2016-06-21 01:31 - 2016-02-24 08:02 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
    2016-06-21 01:31 - 2016-02-24 08:01 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
    2016-06-21 01:31 - 2016-02-24 07:59 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
    2016-06-21 01:31 - 2016-02-24 07:59 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
    2016-06-21 01:31 - 2016-02-24 07:59 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
    2016-06-21 01:31 - 2016-02-24 07:55 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
    2016-06-21 01:31 - 2016-02-24 07:55 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
    2016-06-21 01:31 - 2016-02-24 07:54 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
    2016-06-21 01:31 - 2016-02-24 07:52 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
    2016-06-21 01:31 - 2016-02-24 07:49 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
    2016-06-21 01:31 - 2016-02-24 07:44 - 00915456 _____ (Microsoft Corporation) C:\WINDOWS\system32\configurationclient.dll
    2016-06-21 01:31 - 2016-02-24 07:44 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
    2016-06-21 01:31 - 2016-02-24 07:43 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
    2016-06-21 01:31 - 2016-02-24 07:36 - 01847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
    2016-06-21 01:31 - 2016-02-24 07:32 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
    2016-06-21 01:31 - 2016-02-24 07:31 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cemapi.dll
    2016-06-21 01:31 - 2016-02-24 07:25 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll
    2016-06-21 01:31 - 2016-02-24 07:21 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
    2016-06-21 01:31 - 2016-02-24 07:18 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
    2016-06-21 01:31 - 2016-02-24 07:18 - 00184832 _____ (Microsoft Corporation)
     
  4. morphy201180

    morphy201180 TS Enthusiast Topic Starter Posts: 79

    C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
    2016-06-21 01:31 - 2016-02-24 07:17 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
    2016-06-21 01:31 - 2016-02-24 07:13 - 00540160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
    2016-06-21 01:31 - 2016-02-24 07:09 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
    2016-06-21 01:31 - 2016-02-24 07:09 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
    2016-06-21 01:31 - 2016-02-23 12:25 - 00563552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
    2016-06-21 01:31 - 2016-02-23 12:15 - 00779384 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
    2016-06-21 01:31 - 2016-02-23 11:31 - 00476728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
    2016-06-21 01:31 - 2016-02-23 11:31 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
    2016-06-21 01:31 - 2016-02-23 11:22 - 00572272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
    2016-06-21 01:31 - 2016-02-23 10:40 - 00430944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
    2016-06-21 01:31 - 2016-02-23 10:38 - 00420928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
    2016-06-21 01:31 - 2016-02-23 10:27 - 00376536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
    2016-06-21 01:31 - 2016-02-23 10:20 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
    2016-06-21 01:31 - 2016-02-23 10:06 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
    2016-06-21 01:31 - 2016-02-23 09:55 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
    2016-06-21 01:31 - 2016-02-23 09:53 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
    2016-06-21 01:31 - 2016-02-23 09:40 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
    2016-06-21 01:31 - 2016-02-23 09:39 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
    2016-06-21 01:31 - 2016-02-23 09:38 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
    2016-06-21 01:31 - 2016-02-23 09:38 - 00287712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
    2016-06-21 01:31 - 2016-02-23 09:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
    2016-06-21 01:31 - 2016-02-23 09:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuickActionsDataModel.dll
    2016-06-21 01:31 - 2016-02-23 09:34 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
    2016-06-21 01:31 - 2016-02-23 09:34 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
    2016-06-21 01:31 - 2016-02-23 09:31 - 00463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
    2016-06-21 01:31 - 2016-02-23 09:29 - 00591872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
    2016-06-21 01:31 - 2016-02-23 09:28 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2016-06-21 01:31 - 2016-02-23 09:27 - 00307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
    2016-06-21 01:31 - 2016-02-23 09:26 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
    2016-06-21 01:31 - 2016-02-23 09:22 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
    2016-06-21 01:31 - 2016-02-23 09:20 - 00847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
    2016-06-21 01:31 - 2016-02-23 09:20 - 00493568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
    2016-06-21 01:31 - 2016-02-23 09:19 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
    2016-06-21 01:31 - 2016-02-23 09:04 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
    2016-06-21 01:31 - 2016-02-23 09:02 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
    2016-06-21 01:31 - 2016-02-23 09:02 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
    2016-06-21 01:31 - 2016-02-23 08:58 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerServer.dll
    2016-06-21 01:31 - 2016-02-23 08:52 - 00456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
    2016-06-21 01:31 - 2016-02-23 08:50 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
    2016-06-21 01:31 - 2016-02-23 08:49 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
    2016-06-21 01:31 - 2016-02-23 08:47 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
    2016-06-21 01:31 - 2016-02-23 08:38 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
    2016-06-21 01:31 - 2016-02-23 08:36 - 00713728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
    2016-06-21 01:31 - 2016-02-23 08:36 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
    2016-06-21 01:31 - 2016-02-23 08:35 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
    2016-06-21 01:31 - 2016-02-23 08:01 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
    2016-06-21 01:31 - 2016-02-09 04:18 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
    2016-06-21 01:31 - 2016-02-09 04:18 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
    2016-06-21 01:31 - 2016-01-27 06:59 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
    2016-06-21 01:31 - 2016-01-27 06:57 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
    2016-06-21 01:31 - 2016-01-27 06:46 - 01270072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
    2016-06-21 01:31 - 2016-01-27 06:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
    2016-06-21 01:31 - 2016-01-27 05:59 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll
    2016-06-21 01:31 - 2016-01-27 05:50 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
    2016-06-21 01:31 - 2016-01-16 07:37 - 00202472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
    2016-06-21 01:31 - 2016-01-16 07:24 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
    2016-06-21 01:31 - 2016-01-16 07:20 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
    2016-06-21 01:31 - 2016-01-16 07:20 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
    2016-06-21 01:31 - 2016-01-16 07:19 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
    2016-06-21 01:31 - 2016-01-16 07:08 - 00440152 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
    2016-06-21 01:31 - 2016-01-16 06:38 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll
    2016-06-21 01:31 - 2016-01-16 06:36 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
    2016-06-21 01:31 - 2016-01-16 06:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2016-06-21 01:31 - 2016-01-16 06:36 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll
    2016-06-21 01:31 - 2016-01-16 06:35 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2016-06-21 01:31 - 2016-01-16 06:34 - 00477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
    2016-06-21 01:31 - 2016-01-16 06:33 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
    2016-06-21 01:31 - 2016-01-16 06:33 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
    2016-06-21 01:31 - 2016-01-16 06:32 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
    2016-06-21 01:31 - 2016-01-16 06:31 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
    2016-06-21 01:31 - 2016-01-16 06:30 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2016-06-21 01:31 - 2016-01-16 06:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll
    2016-06-21 01:31 - 2016-01-16 06:28 - 00884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
    2016-06-21 01:31 - 2016-01-16 06:28 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll
    2016-06-21 01:31 - 2016-01-16 06:27 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2016-06-21 01:31 - 2016-01-16 06:26 - 00260608 _____ C:\WINDOWS\system32\MTFServer.dll
    2016-06-21 01:31 - 2016-01-16 06:25 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
    2016-06-21 01:31 - 2016-01-16 06:24 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
    2016-06-21 01:31 - 2016-01-16 06:23 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2016-06-21 01:31 - 2016-01-16 06:20 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
    2016-06-21 01:31 - 2016-01-16 06:19 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
    2016-06-21 01:31 - 2016-01-16 06:18 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
    2016-06-21 01:31 - 2016-01-16 06:16 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
    2016-06-21 01:31 - 2016-01-16 06:11 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
    2016-06-21 01:30 - 2016-05-28 06:22 - 00211296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
    2016-06-21 01:30 - 2016-05-28 06:22 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
    2016-06-21 01:30 - 2016-05-28 06:16 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
    2016-06-21 01:30 - 2016-05-28 06:09 - 00170848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.exe
    2016-06-21 01:30 - 2016-05-28 06:09 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
    2016-06-21 01:30 - 2016-05-28 06:08 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
    2016-06-21 01:30 - 2016-05-28 06:04 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
    2016-06-21 01:30 - 2016-05-28 06:04 - 00111064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
    2016-06-21 01:30 - 2016-05-28 06:04 - 00097096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
    2016-06-21 01:30 - 2016-05-28 06:03 - 00131248 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
    2016-06-21 01:30 - 2016-05-28 05:35 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
    2016-06-21 01:30 - 2016-05-28 05:31 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
    2016-06-21 01:30 - 2016-05-28 05:29 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
    2016-06-21 01:30 - 2016-05-28 05:29 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
    2016-06-21 01:30 - 2016-05-28 05:29 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxp.dll
    2016-06-21 01:30 - 2016-05-28 05:28 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
    2016-06-21 01:30 - 2016-05-28 05:28 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
    2016-06-21 01:30 - 2016-05-28 05:28 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\FwRemoteSvr.dll
    2016-06-21 01:30 - 2016-05-28 05:27 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
    2016-06-21 01:30 - 2016-05-28 05:27 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
    2016-06-21 01:30 - 2016-05-28 05:26 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
    2016-06-21 01:30 - 2016-05-28 05:26 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
    2016-06-21 01:30 - 2016-05-28 05:26 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
    2016-06-21 01:30 - 2016-05-28 05:25 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
    2016-06-21 01:30 - 2016-05-28 05:24 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
    2016-06-21 01:30 - 2016-05-28 05:24 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Ndu.sys
    2016-06-21 01:30 - 2016-05-28 05:24 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
    2016-06-21 01:30 - 2016-05-28 05:24 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
    2016-06-21 01:30 - 2016-05-28 05:24 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
    2016-06-21 01:30 - 2016-05-28 05:24 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
    2016-06-21 01:30 - 2016-05-28 05:24 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FwRemoteSvr.dll
    2016-06-21 01:30 - 2016-05-28 05:23 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
    2016-06-21 01:30 - 2016-05-28 05:23 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
    2016-06-21 01:30 - 2016-05-28 05:22 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
    2016-06-21 01:30 - 2016-05-28 05:22 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
    2016-06-21 01:30 - 2016-05-28 05:22 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptsvc.dll
    2016-06-21 01:30 - 2016-05-28 05:22 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
    2016-06-21 01:30 - 2016-05-28 05:20 - 00511488 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll
    2016-06-21 01:30 - 2016-05-28 05:20 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\system32\polstore.dll
    2016-06-21 01:30 - 2016-05-28 05:20 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
    2016-06-21 01:30 - 2016-05-28 05:20 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GnssAdapter.dll
    2016-06-21 01:30 - 2016-05-28 05:20 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Privacy.dll
    2016-06-21 01:30 - 2016-05-28 05:20 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
    2016-06-21 01:30 - 2016-05-28 05:19 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2016-06-21 01:30 - 2016-05-28 05:19 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
    2016-06-21 01:30 - 2016-05-28 05:19 - 00355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
    2016-06-21 01:30 - 2016-05-28 05:19 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll
    2016-06-21 01:30 - 2016-05-28 05:18 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPSECSVC.DLL
    2016-06-21 01:30 - 2016-05-28 05:17 - 00485888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll
    2016-06-21 01:30 - 2016-05-28 05:17 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
    2016-06-21 01:30 - 2016-05-28 05:17 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
    2016-06-21 01:30 - 2016-05-28 05:16 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\polstore.dll
    2016-06-21 01:30 - 2016-05-28 05:16 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
    2016-06-21 01:30 - 2016-05-28 05:15 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
    2016-06-21 01:30 - 2016-05-28 05:15 - 00293888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
    2016-06-21 01:30 - 2016-05-28 05:15 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
    2016-06-21 01:30 - 2016-05-28 05:14 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
    2016-06-21 01:30 - 2016-05-28 05:14 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
    2016-06-21 01:30 - 2016-05-28 05:12 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
    2016-06-21 01:30 - 2016-05-28 05:11 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
    2016-06-21 01:30 - 2016-05-28 05:11 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
    2016-06-21 01:30 - 2016-05-28 05:04 - 00450560 _____ (Microsoft Corporation)
     
  5. morphy201180

    morphy201180 TS Enthusiast Topic Starter Posts: 79

    C:\WINDOWS\SysWOW64\SyncController.dll
    2016-06-21 01:30 - 2016-05-28 05:03 - 00693760 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
    2016-06-21 01:30 - 2016-05-28 05:02 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
    2016-06-21 01:30 - 2016-05-28 05:01 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
    2016-06-21 01:30 - 2016-05-28 05:00 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
    2016-06-21 01:30 - 2016-05-28 05:00 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
    2016-06-21 01:30 - 2016-05-06 05:05 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
    2016-06-21 01:30 - 2016-05-06 04:43 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
    2016-06-21 01:30 - 2016-04-23 06:24 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
    2016-06-21 01:30 - 2016-04-23 06:00 - 00058208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwminit.dll
    2016-06-21 01:30 - 2016-04-23 05:34 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
    2016-06-21 01:30 - 2016-04-23 05:34 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
    2016-06-21 01:30 - 2016-04-23 05:34 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
    2016-06-21 01:30 - 2016-04-23 05:33 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
    2016-06-21 01:30 - 2016-04-23 05:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
    2016-06-21 01:30 - 2016-04-23 05:33 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe
    2016-06-21 01:30 - 2016-04-23 05:32 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
    2016-06-21 01:30 - 2016-04-23 05:29 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
    2016-06-21 01:30 - 2016-04-23 05:29 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
    2016-06-21 01:30 - 2016-04-23 05:29 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
    2016-06-21 01:30 - 2016-04-23 05:29 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe
    2016-06-21 01:30 - 2016-04-23 05:29 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
    2016-06-21 01:30 - 2016-04-23 05:28 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
    2016-06-21 01:30 - 2016-04-23 05:28 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
    2016-06-21 01:30 - 2016-04-23 05:27 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
    2016-06-21 01:30 - 2016-04-23 05:23 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
    2016-06-21 01:30 - 2016-04-23 05:19 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlansec.dll
    2016-06-21 01:30 - 2016-04-23 05:19 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
    2016-06-21 01:30 - 2016-04-23 05:17 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
    2016-06-21 01:30 - 2016-04-23 03:10 - 00002186 _____ C:\WINDOWS\system32\AppxProvisioning.xml
    2016-06-21 01:30 - 2016-04-18 23:30 - 00002186 _____ C:\WINDOWS\SysWOW64\AppxProvisioning.xml
    2016-06-21 01:30 - 2016-04-02 05:10 - 00770640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
    2016-06-21 01:30 - 2016-04-02 04:25 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
    2016-06-21 01:30 - 2016-04-02 04:25 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
    2016-06-21 01:30 - 2016-03-29 11:23 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
    2016-06-21 01:30 - 2016-03-29 11:15 - 00100232 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
    2016-06-21 01:30 - 2016-03-29 10:25 - 00058400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
    2016-06-21 01:30 - 2016-03-29 10:18 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
    2016-06-21 01:30 - 2016-03-29 10:11 - 00074424 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
    2016-06-21 01:30 - 2016-03-29 10:10 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
    2016-06-21 01:30 - 2016-03-29 10:09 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
    2016-06-21 01:30 - 2016-03-29 10:07 - 00081144 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
    2016-06-21 01:30 - 2016-03-29 09:41 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
    2016-06-21 01:30 - 2016-03-29 09:26 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll
    2016-06-21 01:30 - 2016-03-29 09:25 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll
    2016-06-21 01:30 - 2016-03-29 09:23 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll
    2016-06-21 01:30 - 2016-03-29 09:16 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
    2016-06-21 01:30 - 2016-03-29 09:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
    2016-06-21 01:30 - 2016-03-29 09:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
    2016-06-21 01:30 - 2016-03-29 09:07 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
    2016-06-21 01:30 - 2016-03-29 09:07 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll
    2016-06-21 01:30 - 2016-03-29 09:06 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacchooks.dll
    2016-06-21 01:30 - 2016-03-29 09:00 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
    2016-06-21 01:30 - 2016-03-29 09:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
    2016-06-21 01:30 - 2016-03-29 08:59 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
    2016-06-21 01:30 - 2016-03-29 08:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
    2016-06-21 01:30 - 2016-03-29 08:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
    2016-06-21 01:30 - 2016-03-29 08:57 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
    2016-06-21 01:30 - 2016-03-29 08:57 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
    2016-06-21 01:30 - 2016-03-29 08:55 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
    2016-06-21 01:30 - 2016-03-29 08:55 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
    2016-06-21 01:30 - 2016-03-29 08:54 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
    2016-06-21 01:30 - 2016-03-29 08:53 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
    2016-06-21 01:30 - 2016-03-29 08:52 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
    2016-06-21 01:30 - 2016-03-29 08:51 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
    2016-06-21 01:30 - 2016-03-29 08:50 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
    2016-06-21 01:30 - 2016-03-29 08:50 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
    2016-06-21 01:30 - 2016-03-29 08:50 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
    2016-06-21 01:30 - 2016-03-29 08:50 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
    2016-06-21 01:30 - 2016-03-29 08:46 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
    2016-06-21 01:30 - 2016-03-29 08:44 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
    2016-06-21 01:30 - 2016-03-29 08:36 - 00530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
    2016-06-21 01:30 - 2016-03-29 08:35 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
    2016-06-21 01:30 - 2016-03-29 08:35 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
    2016-06-21 01:30 - 2016-03-29 08:34 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
    2016-06-21 01:30 - 2016-03-29 08:34 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
    2016-06-21 01:30 - 2016-03-29 08:33 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
    2016-06-21 01:30 - 2016-03-29 08:30 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
    2016-06-21 01:30 - 2016-03-29 08:23 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
    2016-06-21 01:30 - 2016-03-29 08:21 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
    2016-06-21 01:30 - 2016-03-29 08:20 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
    2016-06-21 01:30 - 2016-03-29 08:20 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsdchngr.dll
    2016-06-21 01:30 - 2016-03-29 08:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacchooks.dll
    2016-06-21 01:30 - 2016-03-29 08:18 - 00676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
    2016-06-21 01:30 - 2016-03-29 08:12 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
    2016-06-21 01:30 - 2016-03-29 08:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
    2016-06-21 01:30 - 2016-03-29 08:11 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
    2016-06-21 01:30 - 2016-03-29 08:11 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll
    2016-06-21 01:30 - 2016-03-29 08:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
    2016-06-21 01:30 - 2016-03-29 08:08 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
    2016-06-21 01:30 - 2016-03-29 08:08 - 00841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
    2016-06-21 01:30 - 2016-03-29 08:08 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
    2016-06-21 01:30 - 2016-03-29 08:06 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
    2016-06-21 01:30 - 2016-03-29 08:05 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
    2016-06-21 01:30 - 2016-03-29 08:04 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
    2016-06-21 01:30 - 2016-03-29 08:00 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
    2016-06-21 01:30 - 2016-03-29 08:00 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
    2016-06-21 01:30 - 2016-03-29 08:00 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
    2016-06-21 01:30 - 2016-03-29 07:59 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
    2016-06-21 01:30 - 2016-03-29 07:59 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
    2016-06-21 01:30 - 2016-03-29 07:59 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
    2016-06-21 01:30 - 2016-03-29 07:53 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
    2016-06-21 01:30 - 2016-03-29 07:53 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
    2016-06-21 01:30 - 2016-03-29 07:52 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
    2016-06-21 01:30 - 2016-03-29 07:42 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
    2016-06-21 01:30 - 2016-03-29 07:41 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
    2016-06-21 01:30 - 2016-03-29 07:39 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
    2016-06-21 01:30 - 2016-03-29 07:39 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
    2016-06-21 01:30 - 2016-03-29 07:32 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
    2016-06-21 01:30 - 2016-03-29 07:32 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
    2016-06-21 01:30 - 2016-03-29 07:32 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
    2016-06-21 01:30 - 2016-03-29 07:27 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
    2016-06-21 01:30 - 2016-03-29 07:27 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
    2016-06-21 01:30 - 2016-03-29 07:01 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
    2016-06-21 01:30 - 2016-03-29 06:35 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
    2016-06-21 01:30 - 2016-03-29 06:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
    2016-06-21 01:30 - 2016-03-29 06:27 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
    2016-06-21 01:30 - 2016-03-29 06:26 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
    2016-06-21 01:30 - 2016-03-29 06:25 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
    2016-06-21 01:30 - 2016-03-29 06:21 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
    2016-06-21 01:30 - 2016-02-24 09:54 - 00127840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
    2016-06-21 01:30 - 2016-02-24 09:39 - 00141560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
    2016-06-21 01:30 - 2016-02-24 09:09 - 00147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
    2016-06-21 01:30 - 2016-02-24 08:39 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTypeHelperUtil.dll
    2016-06-21 01:30 - 2016-02-24 08:39 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExtrasXmlParser.dll
    2016-06-21 01:30 - 2016-02-24 08:38 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
    2016-06-21 01:30 - 2016-02-24 08:37 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataLanguageUtil.dll
    2016-06-21 01:30 - 2016-02-24 08:36 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenanceClient.dll
    2016-06-21 01:30 - 2016-02-24 08:33 - 00141664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
    2016-06-21 01:30 - 2016-02-24 08:30 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp.dll
    2016-06-21 01:30 - 2016-02-24 08:28 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\POSyncServices.dll
    2016-06-21 01:30 - 2016-02-24 08:23 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
    2016-06-21 01:30 - 2016-02-24 08:23 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll
    2016-06-21 01:30 - 2016-02-24 08:22 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
    2016-06-21 01:30 - 2016-02-24 08:19 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
    2016-06-21 01:30 - 2016-02-24 08:19 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
    2016-06-21 01:30 - 2016-02-24 08:14 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll
    2016-06-21 01:30 - 2016-02-24 08:13 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
    2016-06-21 01:30 - 2016-02-24 08:12 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\cemapi.dll
    2016-06-21 01:30 - 2016-02-24 08:12 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
    2016-06-21 01:30 - 2016-02-24 08:10 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
    2016-06-21 01:30 - 2016-02-24 08:09 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
    2016-06-21 01:30 - 2016-02-24 08:09 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll
    2016-06-21 01:30 - 2016-02-24 08:07 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
    2016-06-21 01:30 - 2016-02-24 08:01 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
    2016-06-21 01:30 - 2016-02-24 08:00 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
    2016-06-21 01:30 - 2016-02-24 07:58 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\scapi.dll
    2016-06-21 01:30 - 2016-02-24 07:55 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll
    2016-06-21 01:30 - 2016-02-24 07:54 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
    2016-06-21 01:30 - 2016-02-24 07:54 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
    2016-06-21 01:30 - 2016-02-24 07:54 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll
    2016-06-21 01:30 - 2016-02-24 07:53 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
    2016-06-21 01:30 - 2016-02-24 07:53 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll
    2016-06-21 01:30 - 2016-02-24 07:52 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PimIndexMaintenanceClient.dll
    2016-06-21 01:30 - 2016-02-24 07:46 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfapigp.dll
    2016-06-21 01:30 - 2016-02-24 07:44 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\POSyncServices.dll
    2016-06-21 01:30 - 2016-02-24 07:40 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
    2016-06-21 01:30 - 2016-02-24 07:40 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll
    2016-06-21 01:30 - 2016-02-24 07:39 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
    2016-06-21 01:30 - 2016-02-24 07:38 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
    2016-06-21 01:30 - 2016-02-24 07:32 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
    2016-06-21 01:30 - 2016-02-24 07:31 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
    2016-06-21 01:30 - 2016-02-24 07:28 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
    2016-06-21 01:30 - 2016-02-24 07:28 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll
    2016-06-21 01:30 - 2016-02-24 07:23 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
    2016-06-21 01:30 - 2016-02-24 07:22 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
    2016-06-21 01:30 - 2016-02-24 07:21 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
    2016-06-21 01:30 - 2016-02-24 07:16 - 00394752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
    2016-06-21 01:30 - 2016-02-24 06:43 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwbase.dll
    2016-06-21 01:30 - 2016-02-24 06:22 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwbase.dll
    2016-06-21 01:30 - 2016-02-23 11:17 - 00146272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
    2016-06-21 01:30 - 2016-02-23 10:12 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\provpackageapidll.dll
    2016-06-21 01:30 - 2016-02-23 10:10 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
    2016-06-21 01:30 - 2016-02-23 10:07 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
    2016-06-21 01:30 - 2016-02-23 10:07 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
    2016-06-21 01:30 - 2016-02-23 10:01 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
    2016-06-21 01:30 - 2016-02-23 10:00 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
    2016-06-21 01:30 - 2016-02-23 09:58 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\irmon.dll
    2016-06-21 01:30 - 2016-02-23 09:53 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
    2016-06-21 01:30 - 2016-02-23 09:48 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerClient.dll
    2016-06-21 01:30 - 2016-02-23 09:23 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
    2016-06-21 01:30 - 2016-02-23 09:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
    2016-06-21 01:30 - 2016-02-23 08:57 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TimeBrokerClient.dll
    2016-06-21 01:30 - 2016-01-27 06:55 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe
    2016-06-21 01:30 - 2016-01-27 06:44 - 00085320 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
    2016-06-21 01:30 - 2016-01-27 06:15 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll
    2016-06-21 01:30 - 2016-01-27 06:10 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
    2016-06-21 01:30 - 2016-01-27 06:08 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
    2016-06-21 01:30 - 2016-01-27 06:07 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassam.dll
    2016-06-21 01:30 - 2016-01-27 06:02 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
    2016-06-21 01:30 - 2016-01-27 05:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll
    2016-06-21 01:30 - 2016-01-27 05:32 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
    2016-06-21 01:30 - 2016-01-27 05:31 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll
    2016-06-21 01:30 - 2016-01-16 07:23 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
    2016-06-21 01:30 - 2016-01-16 07:20 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
    2016-06-21 01:30 - 2016-01-16 06:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
    2016-06-21 01:30 - 2016-01-16 06:44 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
    2016-06-21 01:30 - 2016-01-16 06:43 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
    2016-06-21 01:30 - 2016-01-16 06:42 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll
    2016-06-21 01:30 - 2016-01-16 06:41 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
    2016-06-21 01:30 - 2016-01-16 06:40 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
    2016-06-21 01:30 - 2016-01-16 06:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
    2016-06-21 01:30 - 2016-01-16 06:40 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
    2016-06-21 01:30 - 2016-01-16 06:39 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
    2016-06-21 01:30 - 2016-01-16 06:38 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll
    2016-06-21 01:30 - 2016-01-16 06:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
    2016-06-21 01:30 - 2016-01-16 06:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll
    2016-06-21 01:30 - 2016-01-16 06:34 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
    2016-06-21 01:30 - 2016-01-16 06:32 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
    2016-06-21 01:30 - 2016-01-16 06:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe
    2016-06-21 01:30 - 2016-01-16 06:30 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbio.dll
    2016-06-21 01:22 - 2016-06-21 01:23 - 01610816 _____ (Malwarebytes) C:\Users\Shannon\Desktop\JRT.exe
    2016-06-21 01:21 - 2016-06-21 01:21 - 00019354 _____ C:\Users\Shannon\Desktop\rktext.txt
    2016-06-21 00:50 - 2016-06-21 10:15 - 00002640 _____ C:\Users\Public\Desktop\Skype.lnk
    2016-06-21 00:50 - 2016-06-21 00:50 - 00000000 ____D C:\Users\Shannon\Tracing
    2016-06-21 00:50 - 2016-06-21 00:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    2016-06-21 00:43 - 2016-06-21 00:43 - 00024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
    2016-06-21 00:42 - 2016-06-21 01:21 - 00000000 ____D C:\ProgramData\RogueKiller
    2016-06-21 00:38 - 2016-06-21 00:41 - 19936840 _____ C:\Users\Shannon\Desktop\RogueKiller.exe
    2016-06-21 00:24 - 2016-06-21 00:24 - 00000362 _____ C:\WINDOWS\Tasks\HPCeeScheduleForShannon.job
    2016-06-21 00:22 - 2016-06-21 10:16 - 00001222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
    2016-06-21 00:22 - 2016-06-21 10:15 - 00001210 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
    2016-06-21 00:22 - 2016-06-21 00:22 - 00004010 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1466464909
    2016-06-21 00:20 - 2016-06-21 00:20 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
    2016-06-21 00:14 - 2016-06-21 10:16 - 00002023 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
    2016-06-21 00:14 - 2016-06-21 10:15 - 00002011 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
    2016-06-21 00:14 - 2016-06-21 00:14 - 00000000 ____D C:\Users\Shannon\AppData\Roaming\AVAST Software
    2016-06-21 00:12 - 2016-06-21 00:12 - 00004006 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
    2016-06-21 00:12 - 2016-06-21 00:11 - 00465792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
    2016-06-21 00:12 - 2016-06-21 00:11 - 00287528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
    2016-06-21 00:12 - 2016-06-21 00:11 - 00166432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
    2016-06-21 00:12 - 2016-06-21 00:11 - 00107792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
    2016-06-21 00:12 - 2016-06-21 00:11 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
    2016-06-21 00:12 - 2016-06-21 00:11 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
    2016-06-21 00:12 - 2016-06-21 00:11 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
    2016-06-21 00:12 - 2016-06-21 00:10 - 01070904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
    2016-06-21 00:11 - 2016-06-21 00:11 - 00398152 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
    2016-06-21 00:10 - 2016-06-21 00:10 - 00052184 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
    2016-06-21 00:06 - 2016-06-21 00:20 - 00000000 ____D C:\ProgramData\AVAST Software
    2016-06-21 00:06 - 2016-06-21 00:20 - 00000000 ____D C:\Program Files\AVAST Software
    2016-06-21 00:05 - 2016-06-21 00:05 - 05066104 _____ (AVAST Software) C:\Users\Shannon\Downloads\avast_free_antivirus_setup_online.exe
    2016-06-16 13:24 - 2016-06-21 10:14 - 00001337 _____ C:\Users\Shannon\Desktop\Revo Uninstaller.lnk
    2016-06-16 13:24 - 2016-06-16 13:24 - 00000000 ____D C:\Users\Shannon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
    2016-06-16 13:24 - 2016-06-16 13:24 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
    2016-06-16 13:23 - 2016-06-16 13:23 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Shannon\Downloads\revosetup.exe

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-06-21 10:27 - 2016-01-21 02:22 - 00972104 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2016-06-21 10:27 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
    2016-06-21 10:20 - 2016-01-21 02:23 - 00000000 ____D C:\Users\Shannon
    2016-06-21 10:18 - 2016-01-21 02:49 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2016-06-21 10:17 - 2015-10-30 07:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
    2016-06-21 10:16 - 2016-01-21 02:36 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2016-06-21 10:16 - 2012-08-22 12:31 - 00001495 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Connected Music powered by Universal Music Group.lnk
    2016-06-21 10:16 - 2012-08-22 12:30 - 00001111 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Connected Music powered by Meridian.lnk
    2016-06-21 10:16 - 2012-08-22 12:26 - 00001305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
    2016-06-21 10:16 - 2012-08-22 12:25 - 00001374 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
    2016-06-21 10:15 - 2016-01-21 09:12 - 00001170 _____ C:\ProgramData\Microsoft\Windows\Start Menu\LG Bridge.Lnk
    2016-06-21 10:15 - 2016-01-21 08:42 - 00002409 _____ C:\Users\Shannon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2016-06-21 10:15 - 2016-01-19 22:08 - 00001164 _____ C:\Users\Public\Desktop\LG Bridge.Lnk
    2016-06-21 10:15 - 2015-04-24 09:36 - 00001114 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2016-06-21 10:15 - 2015-04-22 09:32 - 00002094 _____ C:\Users\Public\Desktop\Snapfish Photos.lnk
    2016-06-21 10:15 - 2015-04-22 09:32 - 00002084 _____ C:\Users\Public\Desktop\HP Games.lnk
    2016-06-21 10:15 - 2013-05-19 14:20 - 00001361 _____ C:\Users\Public\Desktop\CyberLink YouCam.lnk
    2016-06-21 10:15 - 2013-05-19 14:14 - 00002036 _____ C:\Users\Public\Desktop\CyberLink Media Suite.lnk
    2016-06-21 10:15 - 2012-08-22 12:31 - 00001483 _____ C:\Users\Public\Desktop\Connected Music powered by Universal Music Group.lnk
    2016-06-21 10:14 - 2016-01-21 08:33 - 00000258 __RSH C:\Users\Shannon\ntuser.pol
    2016-06-21 10:14 - 2016-01-19 17:10 - 00000843 _____ C:\Users\Shannon\Desktop\LGMobile Support Tool.lnk
    2016-06-21 10:14 - 2015-10-22 21:43 - 00000258 __RSH C:\ProgramData\ntuser.pol
    2016-06-21 10:14 - 2015-05-17 17:45 - 00002518 _____ C:\Users\Shannon\Desktop\Shannon - Chrome.lnk
    2016-06-21 10:14 - 2015-04-10 14:00 - 00000000 __RHD C:\Users\Public\AccountPictures
    2016-06-21 10:10 - 2016-01-21 02:12 - 00372600 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2016-06-21 10:09 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\vpnplugins
    2016-06-21 10:06 - 2015-10-30 08:24 - 00000000 ___SD C:\WINDOWS\system32\F12
    2016-06-21 10:06 - 2015-10-30 08:24 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
    2016-06-21 10:06 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
    2016-06-21 10:06 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2016-06-21 10:06 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
    2016-06-21 10:06 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\oobe
    2016-06-21 10:06 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\en-GB
    2016-06-21 10:06 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
    2016-06-21 10:06 - 2015-10-30 07:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
    2016-06-21 10:06 - 2015-10-30 07:28 - 00000000 ____D C:\WINDOWS\system32\Dism
    2016-06-21 10:05 - 2015-10-30 19:08 - 00000000 ____D C:\Program Files\Windows Journal
    2016-06-21 10:05 - 2015-10-30 08:24 - 00000000 __RSD C:\WINDOWS\Media
    2016-06-21 10:05 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
    2016-06-21 10:05 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2016-06-21 10:05 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\Provisioning
    2016-06-21 10:05 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
    2016-06-21 10:05 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\bcastdvr
    2016-06-21 10:05 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Windows Portable Devices
    2016-06-21 10:05 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
    2016-06-21 10:05 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
    2016-06-21 10:05 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
    2016-06-21 10:04 - 2015-10-30 08:24 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
    2016-06-21 09:45 - 2015-05-17 17:40 - 00000938 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-353090159-1504183216-3683736410-1002UA.job
    2016-06-21 09:33 - 2015-04-23 17:24 - 00004160 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{2E3C12B1-388A-4D64-89F1-ED6414A37158}
    2016-06-21 09:31 - 2015-04-24 09:36 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2016-06-21 05:20 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp
    2016-06-21 01:55 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
    2016-06-21 01:54 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-06-21 01:00 - 2015-04-23 11:08 - 00000000 ____D C:\Users\Shannon\AppData\Roaming\Skype
    2016-06-21 00:50 - 2015-04-23 11:08 - 00000000 ___RD C:\Program Files (x86)\Skype
    2016-06-21 00:50 - 2015-04-23 11:08 - 00000000 ____D C:\ProgramData\Skype
    2016-06-21 00:49 - 2015-04-23 11:08 - 00000000 ____D C:\Users\Shannon\AppData\Local\Skype
    2016-06-21 00:46 - 2015-04-22 17:39 - 00000000 ____D C:\WINDOWS\system32\MRT
    2016-06-21 00:31 - 2015-04-22 17:39 - 142482544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2016-06-21 00:01 - 2012-08-22 12:37 - 00000000 ____D C:\Program Files (x86)\HP Games
    2016-06-21 00:00 - 2012-08-22 12:37 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2016-06-20 23:58 - 2012-08-22 12:37 - 00000000 ____D C:\ProgramData\WildTangent
    2016-06-16 13:36 - 2015-12-24 11:32 - 00000000 ___HD C:\Users\Shannon\AppData\Local\12a2364037285142
    2016-06-16 10:45 - 2015-04-22 09:29 - 00000000 ____D C:\Users\Shannon\AppData\Local\Packages
    2016-06-16 10:32 - 2015-06-11 18:40 - 00000400 _____ C:\Users\Shannon\AppData\Roaming\WB.CFG
    2016-06-16 10:19 - 2015-04-28 16:09 - 00000000 ___RD C:\Users\Shannon\OneDrive
    2016-06-16 10:18 - 2013-05-19 14:40 - 00000000 ____D C:\ProgramData\Norton
    2016-06-15 21:40 - 2015-04-24 09:46 - 00484008 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
    2016-06-14 19:33 - 2015-10-30 08:26 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2016-06-14 19:33 - 2015-10-30 08:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2016-05-28 06:55 - 2016-01-21 02:14 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll

    ==================== Files in the root of some directories =======

    2015-06-11 18:40 - 2016-06-16 10:32 - 0000400 _____ () C:\Users\Shannon\AppData\Roaming\WB.CFG

    Some files in TEMP:
    ====================
    C:\Users\Shannon\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\Shannon\AppData\Local\Temp\libeay32.dll
    C:\Users\Shannon\AppData\Local\Temp\msvcr120.dll
    C:\Users\Shannon\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-06-15 12:27

    ==================== End of FRST.txt ============================
     
  6. morphy201180

    morphy201180 TS Enthusiast Topic Starter Posts: 79

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-06-2016 01
    Ran by Shannon (2016-06-21 10:30:13)
    Running from C:\Users\Shannon\Desktop
    Windows 10 Home Version 1511 (X64) (2016-01-21 07:32:32)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-353090159-1504183216-3683736410-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-353090159-1504183216-3683736410-503 - Limited - Disabled)
    Guest (S-1-5-21-353090159-1504183216-3683736410-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-353090159-1504183216-3683736410-1004 - Limited - Enabled)
    Shannon (S-1-5-21-353090159-1504183216-3683736410-1002 - Administrator - Enabled) => C:\Users\Shannon

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
    AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
    AMD Catalyst Install Manager (HKLM\...\{1F56414D-D7F6-2DBF-BF65-1AC1A8609C03}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
    AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
    Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.2.2262 - AVAST Software)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite)
    CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5407 - CyberLink Corp.)
    CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
    CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.)
    CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.2.2110 - CyberLink Corp.)
    CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
    CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
    CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
    EPSON SX440 Series Printer Uninstall (HKLM\...\EPSON SX440 Series) (Version: - SEIKO EPSON Corporation)
    Google Chrome (HKU\S-1-5-21-353090159-1504183216-3683736410-1002\...\Google Chrome) (Version: 42.0.2311.152 - Google Inc.)
    Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
    HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
    HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)
    HP Documentation (HKLM-x32\...\{1AC082E0-049D-4C5C-9ECF-9473AD5A949D}) (Version: 1.1.0.0 - Hewlett-Packard)
    HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
    HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
    HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
    HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
    HP Support Assistant (HKLM-x32\...\{B8019B54-F9BE-490A-9619-6D06F18F129F}) (Version: 7.0.32.44 - Hewlett-Packard Company)
    HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
    HP Utility Center (HKLM\...\{2AFEFC93-F0C7-4390-BB51-F914EC546B30}) (Version: 2.1.6 - Hewlett-Packard Company)
    HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)
    HPDetect (HKLM-x32\...\{CCCDD476-98F9-4B06-91DB-23F27CEC3BE1}) (Version: 1.0.0.0 - HP)
    IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)
    LG AirDrive (HKLM-x32\...\{E8E8426E-8374-453D-B5E1-1B8DAE3DEF00}) (Version: 1.0.50707.11 - LG Electronics)
    LG Bridge (HKLM-x32\...\LG Bridge) (Version: 1.1.22 - LG Electronics)
    LG Mobile Driver (HKLM-x32\...\{3F490D0E-3131-438C-BCF9-7549CB88DF41}) (Version: 4.0.4 - LG Electronics)
    Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
    Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
    Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
    Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    SafeZone Stable 1.48.2066.101 (x32 Version: 1.48.2066.101 - Avast Software) Hidden
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
    Skype™ 7.25 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.25.103 - Skype Technologies S.A.)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.98 - Synaptics Incorporated)
    Unchecky v0.4.3 (HKLM-x32\...\Unchecky) (Version: 0.4.3 - RaMMicHaeL)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-353090159-1504183216-3683736410-1002_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Shannon\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {049D9356-1E49-484A-962B-452A239EEE6A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
    Task: {0CB99377-11F1-4797-8D70-D167090DDB47} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {15FC38C6-1BDA-4A5E-ACB0-0B7AE56472F3} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {480B0213-3D85-458A-BDBA-044566C12016} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {59A3F0D9-B4DD-4D89-AED3-C7A0CAE11CE4} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
    Task: {671255D5-0CBD-49D2-8B1B-5FC5746A7CD7} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08] (CyberLink)
    Task: {6D27B0A2-B95F-470D-99C2-6B2903037936} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {75D38D66-69E0-4087-AB35-F948091E3A0A} - System32\Tasks\SafeZone scheduled Autoupdate 1466464909 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software)
    Task: {763916C2-DCCF-469F-8AEF-7E9098046DA7} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {7C0BBF3E-1149-4A02-8512-9A76EC5B58D3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-353090159-1504183216-3683736410-1002Core => C:\Users\Shannon\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-17] (Google Inc.)
    Task: {8399B32F-80F8-4BEC-8837-53A686352140} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2016-04-28] (Synaptics Incorporated)
    Task: {87FBCE4A-BC9F-4591-98E8-6DB442F0F4B4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {A2BCBF79-9C66-4BC3-9CDC-E8822374A878} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-353090159-1504183216-3683736410-1002UA => C:\Users\Shannon\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-17] (Google Inc.)
    Task: {A5BFAA92-2D0F-4C85-BAE0-F7C60017959E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFReport.exe [2016-02-18] (Hewlett-Packard)
    Task: {AC4FEF07-877D-478C-961A-0F7F81A4C527} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {B511C7BD-09F6-4A7F-BE34-9117622FCAA2} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {B671E527-9CB4-44F1-9C14-774FA8BBBCC3} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
    Task: {C3F05609-3B43-43A6-A278-D9D36C557763} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-06-21] (AVAST Software)
    Task: {C7F3028E-584A-41A3-89EE-85679EEAEC30} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
    Task: {CA06A93E-DE48-40CE-B0C0-82F327772DC9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2015-10-22] (Hewlett-Packard)
    Task: {CA084BF7-2013-4842-98C6-F82C0DF21F96} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-04-22] (HP Inc.)
    Task: {DD51E535-A04C-4457-A24B-E5E93D2F4D75} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {E1437FEE-ADF9-440F-BBD0-F6E3A6FC03C1} - \Microsoft\Windows\Setup\GWXTriggers\Logon-URT -> No File <==== ATTENTION
    Task: {F0D7D87F-EA66-4A97-884B-D2364889E30F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {F3150C7B-349A-4EA2-8987-609AF748B3CF} - System32\Tasks\{40196AED-ED93-470D-9F26-C1FA1340420B} => pcalua.exe -a "C:\Program Files (x86)\LG Electronics\LG Bridge\uninstall.exe"

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-353090159-1504183216-3683736410-1002Core.job => C:\Users\Shannon\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-353090159-1504183216-3683736410-1002UA.job => C:\Users\Shannon\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\HPCeeScheduleForShannon.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
    Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ShortcutWithArgument: C:\Users\Shannon\Desktop\Shannon - Chrome.lnk -> C:\Users\Shannon\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Default"

    ==================== Loaded Modules (Whitelisted) ==============

    2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
    2015-08-21 23:09 - 2015-08-21 23:09 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
    2016-06-21 01:32 - 2016-03-29 11:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2016-06-21 01:32 - 2016-03-29 11:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
    2016-06-16 10:18 - 2016-06-16 10:18 - 00959168 _____ () C:\Users\Shannon\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
    2016-06-16 10:38 - 2016-06-16 10:39 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    2016-01-21 01:59 - 2016-01-21 01:59 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
    2016-06-21 01:31 - 2016-04-23 05:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
    2016-06-21 01:31 - 2016-05-28 04:59 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2016-06-21 01:31 - 2016-05-28 04:53 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2016-06-21 01:32 - 2016-05-28 04:54 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2016-06-21 01:32 - 2016-05-28 04:56 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2015-08-21 23:09 - 2015-08-21 23:09 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
    2016-06-21 00:10 - 2016-06-21 00:10 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
    2016-06-21 00:10 - 2016-06-21 00:10 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2016-06-21 00:20 - 2016-06-21 00:20 - 02935808 _____ () C:\Program Files\AVAST Software\Avast\defs\16062002\algo.dll
    2016-06-21 00:10 - 2016-06-21 00:10 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
    2016-06-21 00:10 - 2016-06-21 00:10 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
    2016-06-16 10:38 - 2016-06-16 10:39 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
    2016-06-16 10:38 - 2016-06-16 10:39 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
    2015-04-23 17:18 - 2012-06-08 04:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
    2012-06-08 11:34 - 2012-06-08 11:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
    2016-06-16 10:18 - 2016-06-16 10:18 - 00679624 _____ () C:\Users\Shannon\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
    2016-06-21 00:11 - 2016-06-21 00:11 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 14:25 - 2016-06-21 10:19 - 00003226 ____A C:\WINDOWS\system32\Drivers\etc\hosts

    0x2320436F707972696768742028632920313939332D32303039204D6963726F736F667420436F72702E0D0A230D0A23205468697320697320612073616D706C6520484F5354532066696C652075736564206279204D6963726F736F6674205443502F495020666F722057696E646F77732E0D0A230D0A2320546869732066696C6520636F6E7461696E7320746865206D617070696E6773206F662049502061646472657373657320746F20686F7374206E616D65732E20456163680D0A2320656E7472792073686F756C64206265206B657074206F6E20616E20696E646976696475616C206C696E652E2054686520495020616464726573732073686F756C640D0A2320626520706C6163656420696E2074686520666972737420636F6C756D6E20666F6C6C6F7765642062792074686520636F72726573706F6E64696E6720686F7374206E616D652E0D0A2320546865204950206164647265737320616E642074686520686F7374206E616D652073686F756C6420626520736570617261746564206279206174206C65617374206F6E650D0A232073706163652E0D0A230D0A23204164646974696F6E616C6C792C20636F6D6D656E747320287375636820617320746865736529206D617920626520696E736572746564206F6E20696E646976696475616C0D0A23206C696E6573206F7220666F6C6C6F77696E6720746865206D616368696E65206E616D652064656E6F7465642062792061202723272073796D626F6C2E0D0A230D0A2320466F72206578616D706C653A0D0A230D0A232020202020203130322E35342E39342E393720202020207268696E6F2E61636D652E636F6D202020202020202020202320736F75726365207365727665720D0A232020202020202033382E32352E36332E31302020202020782E61636D652E636F6D202020202020202020202020202023207820636C69656E7420686F73740D0A0D0A23206C6F63616C686F7374206E616D65207265736F6C7574696F6E2069732068616E646C65642077697468696E20444E5320697473656C662E0D0A23093132372E302E302E31202020202020206C6F63616C686F73740D0A23093A3A31202020202020202020202020206C6F63616C686F73740D0A0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000D0A0D0A2320756E636865636B795F626567696E0D0A232054686573652072756C657320776572652061646465642062792074686520556E636865636B792070726F6772616D20696E206F7264657220746F20626C6F636B206164766572746973696E6720736F667477617265206D6F64756C65730D0A302E302E302E3020302E302E302E3020232066697820666F72207472616365726F75746520616E64206E65747374617420646973706C617920616E6F6D616C790D0A302E302E302E3020747261636B696E672E6F70656E63616E64792E636F6D2E73332E616D617A6F6E6177732E636F6D0D0A302E302E302E30206D656469612E6F70656E63616E64792E636F6D0D0A302E302E302E302063646E2E6F70656E63616E64792E636F6D0D0A302E302E302E3020747261636B696E672E6F70656E63616E64792E636F6D0D0A302E302E302E30206170692E6F70656E63616E64792E636F6D0D0A302E302E302E30206170692E7265636F6D6D656E64656473772E636F6D0D0A302E302E302E3020696E7374616C6C65722E626574746572696E7374616C6C65722E636F6D0D0A302E302E302E3020696E7374616C6C65722E66696C6562756C6C646F672E636F6D0D0A302E302E302E302064336F78746E31783362386437692E636C6F756466726F6E742E6E65740D0A302E302E302E3020696E6E6F2E62697372762E636F6D0D0A302E302E302E30206E7369732E62697372762E636F6D0D0A302E302E302E302063646E2E66696C65326465736B746F702E636F6D0D0A302E302E302E302063646E2E676F617465617374636163682E75730D0A302E302E302E302063646E2E677574746173746174646B2E75730D0A302E302E302E302063646E2E696E736B696E6D656469612E636F6D0D0A302E302E302E302063646E2E696E7374612E6F6962756E646C6573322E636F6D0D0A302E302E302E302063646E2E696E7374612E706C617962727974652E636F6D0D0A302E302E302E302063646E2E6C6C6F67657466617374636163682E75730D0A302E302E302E302063646E2E6D6F6E74696572612E636F6D0D0A302E302E302E302063646E2E6D7364776E6C642E636F6D0D0A302E302E302E302063646E2E6D7970636261636B75702E636F6D0D0A302E302E302E302063646E2E7070646F776E6C6F61642E636F6D0D0A302E302E302E302063646E2E72696365617465617374636163682E75730D0A302E302E302E302063646E2E73687961706F7461746F2E75730D0A302E302E302E302063646E2E736F6C696D62612E636F6D0D0A302E302E302E302063646E2E7475746F3470632E636F6D0D0A302E302E302E302063646E2E617070726F756E642E62697A0D0A302E302E302E302063646E2E626967737065656470726F2E636F6D0D0A302E302E302E302063646E2E62697370642E636F6D0D0A302E302E302E302063646E2E62697372762E636F6D0D0A302E302E302E302063646E2E63646E64702E636F6D0D0A302E302E302E302063646E2E646F776E6C6F61642E73776565747061636B732E636F6D0D0A302E302E302E302063646E2E6470646F776E6C6F61642E636F6D0D0A302E302E302E302063646E2E76697375616C6265652E6E65740D0A2320756E636865636B795F656E640D0A

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-353090159-1504183216-3683736410-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
    DNS Servers: 192.168.0.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [UDP Query User{423F7583-10E1-413B-B696-6BC85912912C}C:\program files (x86)\lg electronics\lg bridge\lgbridge.exe] => (Allow) C:\program files (x86)\lg electronics\lg bridge\lgbridge.exe
    FirewallRules: [TCP Query User{E7B6A8DD-234E-4355-92B0-5EFCA3B11B04}C:\program files (x86)\lg electronics\lg bridge\lgbridge.exe] => (Allow) C:\program files (x86)\lg electronics\lg bridge\lgbridge.exe
    FirewallRules: [{AEED0DE6-23FD-4362-9E7C-B47646285142}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
    FirewallRules: [{5D66132C-82B0-4903-90B3-552E3EF2A174}] => (Allow) C:\Users\Shannon\AppData\Local\Google\Chrome\Application\chrome.exe
    FirewallRules: [UDP Query User{E5900896-1343-4361-A481-1E7C0044F7CA}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [TCP Query User{AB73CC0E-AD3D-43C4-A631-EBC9B9551261}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [{B83CD32A-BCA5-4A12-8AE3-BDB7EC0922F3}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{0C36DD60-2DC5-4B6C-B512-2A7770910F1E}] => (Allow) LPort=2869
    FirewallRules: [{622FC95C-8FBA-4BA4-AB0E-18C67B4A0C70}] => (Allow) LPort=1900
    FirewallRules: [{44A72E25-6B6A-4522-97A0-E8CB31200783}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{5CD3887C-2CE1-42E4-A5C8-F690E4DE6B78}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{85A0C7A8-6700-4AC2-80CE-E01B65866BBA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{0C20228E-5634-4B86-BC79-70DEEF59D7BB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{0B355071-DA66-4B41-A8D3-B50C86C3E988}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
    FirewallRules: [{5D29BBA3-9365-4795-BE1B-43DE9FB2CBED}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE

    ==================== Restore Points =========================

    21-06-2016 06:25:17 Scheduled Checkpoint

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (06/21/2016 06:25:30 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .

    Error: (06/21/2016 01:23:51 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .

    Error: (06/21/2016 01:07:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 4188

    Error: (06/21/2016 01:07:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 4188

    Error: (06/21/2016 01:07:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (06/21/2016 12:28:18 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: HPSF.exe, version: 7.0.32.44, time stamp: 0x50254c77
    Faulting module name: wpfgfx_v0300.dll, version: 3.0.6920.8693, time stamp: 0x5615fecf
    Exception code: 0xc0000005
    Fault offset: 0x0000000000016cfc
    Faulting process ID: 0x2644
    Faulting application start time: 0xHPSF.exe0
    Faulting application path: HPSF.exe1
    Faulting module path: HPSF.exe2
    Report ID: HPSF.exe3
    Faulting package full name: HPSF.exe4
    Faulting package-relative application ID: HPSF.exe5

    Error: (06/21/2016 12:28:09 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: HPSF.exe, version: 7.0.32.44, time stamp: 0x50254c77
    Faulting module name: wpfgfx_v0300.dll, version: 3.0.6920.8693, time stamp: 0x5615fecf
    Exception code: 0xc0000005
    Fault offset: 0x0000000000016cfc
    Faulting process ID: 0x%9
    Faulting application start time: 0xHPSF.exe0
    Faulting application path: HPSF.exe1
    Faulting module path: HPSF.exe2
    Report ID: HPSF.exe3
    Faulting package full name: HPSF.exe4
    Faulting package-relative application ID: HPSF.exe5

    Error: (06/21/2016 12:21:29 AM) (Source: MsiInstaller) (EventID: 1041) (User: NT AUTHORITY)
    Description: Failed to begin a Windows Installer transaction ASU_MSI_TRAN. Error 1618 occurred while beginning the transaction.

    Error: (06/21/2016 12:17:34 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
    Description: Product: Microsoft Office Single Image 2010 - Update 'Update for Microsoft Outlook 2010 (KB3115127) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

    Error: (06/21/2016 12:17:34 AM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
    Description: Product: Microsoft Office Single Image 2010 -- Error 2761. An internal error has occurred. ( ) Contact Microsoft Product Support Services (PSS) for assistance. For information about how to contact PSS, see PSS10R.CHM.


    System errors:
    =============
    Error: (06/21/2016 10:24:05 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
    Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

    Error: (06/21/2016 10:22:15 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.

    Error: (06/21/2016 10:19:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The HPSupportSolutionsFrameworkService service failed to start due to the following error:
    %%1053 = The service did not respond to the start or control request in a timely fashion.


    Error: (06/21/2016 10:19:33 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the HPSupportSolutionsFrameworkService service to connect.

    Error: (06/21/2016 10:18:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The APXACC service failed to start due to the following error:
    %%31 = A device attached to the system is not functioning.


    Error: (06/21/2016 10:18:46 AM) (Source: APXACC) (EventID: 1003) (User: )
    Description: The NDIS6 LWF initialization has failed. (0xC0000001)

    Error: (06/21/2016 10:17:30 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Sync Host_fcb5c service to connect.

    Error: (06/21/2016 10:17:30 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the User Data Storage_fcb5c service to connect.

    Error: (06/21/2016 10:17:30 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
    Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Data Storage_fcb5c service, but this action failed with the following error:
    %%1056 = An instance of the service is already running.


    Error: (06/21/2016 10:17:24 AM) (Source: DCOM) (EventID: 10010) (User: SHANNON-PC)
    Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}


    CodeIntegrity:
    ===================================
    Date: 2016-06-21 10:13:15.348
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-06-21 01:25:53.350
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-06-21 00:13:01.352
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-06-21 00:13:01.317
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-06-21 00:13:01.209
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-06-16 09:50:59.970
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-06-16 09:50:59.566
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-06-15 12:49:15.208
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-06-15 12:49:08.243
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-06-15 12:48:22.438
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    ==================== Memory info ===========================

    Processor: AMD E2-1800 APU with Radeon(tm) HD Graphics
    Percentage of memory in use: 23%
    Total physical RAM: 5730.27 MB
    Available physical RAM: 4357.18 MB
    Total Virtual: 6690.27 MB
    Available Virtual: 5324.92 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:678.21 GB) (Free:637.82 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive d: (RECOVERY) (Fixed) (Total:18.85 GB) (Free:2.37 GB) NTFS ==>[system with boot components (obtained from drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 698.6 GB) (Disk ID: 32CCA4DF)

    Partition: GPT.

    ==================== End of Addition.txt ============================
     
  7. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.
    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    If you already have MBAM 2.0 installed:
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    How to get logs:
    (Export log to save as txt)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.
    (Copy to clipboard for pasting into forum replies or tickets)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.
    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  8. morphy201180

    morphy201180 TS Enthusiast Topic Starter Posts: 79

    Hi Broni,

    All of the scans came back clear. Please see logs below:-

    RogueKiller V12.3.3.0 [Jun 13 2016] (Free) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/software/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 10 (10.0.10586) 64 bits version
    Started in : Normal mode
    User : Shannon [Administrator]
    Started from : C:\Users\Shannon\Desktop\RogueKiller.exe
    Mode : Scan -- Date : 06/22/2016 01:29:00

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 0 ¤¤¤

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: ST750LM022 HN-M7 SATA Disk Device +++++
    --- User ---
    [MBR] bd5358e93f1a978913b17d0794d9e49a
    [BSP] 5a3f1f1770b0c56ab5fe080a4c8b0bb2 : Empty|VT.Unknown MBR Code
    Partition table:
    0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 400 MB
    1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 821248 | Size: 260 MB
    2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1353728 | Size: 128 MB
    3 - Basic data partition | Offset (sectors): 1615872 | Size: 694487 MB
    4 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 1423927296 | Size: 823 MB
    5 - [SYSTEM] Basic data partition | Offset (sectors): 1425612800 | Size: 19304 MB
    User = LL1 ... OK
    User = LL2 ... OK

    # AdwCleaner v5.200 - Logfile created 22/06/2016 at 01:58:11
    # Updated 14/06/2016 by ToolsLib
    # Database : 2016-06-21.2 [Server]
    # Operating system : Windows 10 Home (X64)
    # Username : Shannon - SHANNON-PC
    # Running from : C:\Users\Shannon\Desktop\adwcleaner_5.200.exe
    # Option : Clean
    # Support : https://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Folders ] *****


    ***** [ Files ] *****


    ***** [ DLLs ] *****


    ***** [ WMI ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****


    ***** [ Web browsers ] *****

    [-] [C:\Users\Shannon\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : uk.ask.com

    *************************

    :: "Tracing" keys deleted
    :: Winsock settings cleared

    *************************

    C:\AdwCleaner\AdwCleaner[C1].txt - [6910 bytes] - [21/06/2016 01:44:30]
    C:\AdwCleaner\AdwCleaner[C2].txt - [912 bytes] - [22/06/2016 01:58:11]
    C:\AdwCleaner\AdwCleaner[S1].txt - [7304 bytes] - [21/06/2016 01:38:09]
    C:\AdwCleaner\AdwCleaner[S2].txt - [1040 bytes] - [22/06/2016 01:54:40]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1130 bytes] ##########

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.6 (04.25.2016)
    Operating System: Windows 10 Home x64
    Ran by Shannon (Administrator) on 22/06/2016 at 2:03:33.14
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 0




    Registry: 0





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 22/06/2016 at 2:10:13.86
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  9. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double click to run it.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
  10. morphy201180

    morphy201180 TS Enthusiast Topic Starter Posts: 79

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-06-2016 01
    Ran by Shannon (administrator) on SHANNON-PC (22-06-2016 10:22:44)
    Running from C:\Users\Shannon\Desktop
    Loaded Profiles: Shannon (Available Profiles: Shannon)
    Platform: Windows 10 Home Version 1511 (X64) Language: English (United Kingdom)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
    (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    (RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
    () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11602.1.26.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe
    (Microsoft Corporation) C:\Windows\System32\LockAppHost.exe
    (Microsoft Corporation) C:\Windows\System32\wuapihost.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-08-19] (IDT, Inc.)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-04-28] (Synaptics Incorporated)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-21] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
    HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491632 2012-09-10] (CyberLink Corp.)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7405752 2016-06-21] (AVAST Software)
    HKU\S-1-5-21-353090159-1504183216-3683736410-1002\...\Run: [Google Update] => C:\Users\Shannon\AppData\Local\Google\Update\GoogleUpdate.exe [152216 2016-06-22] (Google Inc.)
    HKU\S-1-5-21-353090159-1504183216-3683736410-1002\...\Run: [Epson Stylus SX440] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHBE.EXE [232448 2011-01-20] (SEIKO EPSON CORPORATION)
    HKU\S-1-5-21-353090159-1504183216-3683736410-1002\...\RunOnce: [Uninstall C:\Users\Shannon\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Shannon\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
    HKU\S-1-5-21-353090159-1504183216-3683736410-1002\...\RunOnce: [Uninstall C:\Users\Shannon\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Shannon\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-06-21] (AVAST Software)
    Startup: C:\Users\Shannon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2016-06-21]
    ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: 0x2320436F707972696768742028632920313939332D32303039204D6963726F736F667420436F72702E0D0A230D0A23205468697320697320612073616D706C6520484F5354532066696C652075736564206279204D6963726F736F6674205443502F495020666F722057696E646F77732E0D0A230D0A2320546869732066696C6520636F6E7461696E7320746865206D617070696E6773206F662049502061646472657373657320746F20686F7374206E616D65732E20456163680D0A2320656E7472792073686F756C64206265206B657074206F6E20616E20696E646976696475616C206C696E652E2054686520495020616464726573732073686F756C640D0A2320626520706C6163656420696E2074686520666972737420636F6C756D6E20666F6C6C6F7765642062792074686520636F72726573706F6E64696E6720686F7374206E616D652E0D0A2320546865204950206164647265737320616E642074686520686F7374206E616D652073686F756C6420626520736570617261746564206279206174206C65617374206F6E650D0A232073706163652E0D0A230D0A23204164646974696F6E616C6C792C20636F6D6D656E747320287375636820617320746865736529206D617920626520696E736572746564206F6E20696E646976696475616C0D0A23206C696E6573206F7220666F6C6C6F77696E6720746865206D616368696E65206E616D652064656E6F7465642062792061202723272073796D626F6C2E0D0A230D0A2320466F72206578616D706C653A0D0A230D0A232020202020203130322E35342E39342E393720202020207268696E6F2E61636D652E636F6D202020202020202020202320736F75726365207365727665720D0A232020202020202033382E32352E36332E31302020202020782E61636D652E636F6D202020202020202020202020202023207820636C69656E7420686F73740D0A0D0A23206C6F63616C686F7374206E616D65207265736F6C7574696F6E2069732068616E646C65642077697468696E20444E5320697473656C662E0D0A23093132372E302E302E31202020202020206C6F63616C686F73740D0A23093A3A31202020202020202020202020206C6F63616C686F73740D0A0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000D0A0D0A2320756E636865636B795F626567696E0D0A232054686573652072756C657320776572652061646465642062792074686520556E636865636B792070726F6772616D20696E206F7264657220746F20626C6F636B206164766572746973696E6720736F667477617265206D6F64756C65730D0A302E302E302E3020302E302E302E3020232066697820666F72207472616365726F75746520616E64206E65747374617420646973706C617920616E6F6D616C790D0A302E302E302E3020747261636B696E672E6F70656E63616E64792E636F6D2E73332E616D617A6F6E6177732E636F6D0D0A302E302E302E30206D656469612E6F70656E63616E64792E636F6D0D0A302E302E302E302063646E2E6F70656E63616E64792E636F6D0D0A302E302E302E3020747261636B696E672E6F70656E63616E64792E636F6D0D0A302E302E302E30206170692E6F70656E63616E64792E636F6D0D0A302E302E302E30206170692E7265636F6D6D656E64656473772E636F6D0D0A302E302E302E3020696E7374616C6C65722E626574746572696E7374616C6C65722E636F6D0D0A302E302E302E3020696E7374616C6C65722E66696C6562756C6C646F672E636F6D0D0A302E302E302E302064336F78746E31783362386437692E636C6F756466726F6E742E6E65740D0A302E302E302E3020696E6E6F2E62697372762E636F6D0D0A302E302E302E30206E7369732E62697372762E636F6D0D0A302E302E302E302063646E2E66696C65326465736B746F702E636F6D0D0A302E302E302E302063646E2E676F617465617374636163682E75730D0A302E302E302E302063646E2E677574746173746174646B2E75730D0A302E302E302E302063646E2E696E736B696E6D656469612E636F6D0D0A302E302E302E302063646E2E696E7374612E6F6962756E646C6573322E636F6D0D0A302E302E302E302063646E2E696E7374612E706C617962727974652E636F6D0D0A302E302E302E302063646E2E6C6C6F67657466617374636163682E75730D0A302E302E302E302063646E2E6D6F6E74696572612E636F6D0D0A302E302E302E302063646E2E6D7364776E6C642E636F6D0D0A302E302E302E302063646E2E6D7970636261636B75702E636F6D0D0A302E302E302E302063646E2E7070646F776E6C6F61642E636F6D0D0A302E302E302E302063646E2E72696365617465617374636163682E75730D0A302E302E302E302063646E2E73687961706F7461746F2E75730D0A302E302E302E302063646E2E736F6C696D62612E636F6D0D0A302E302E302E302063646E2E7475746F3470632E636F6D0D0A302E302E302E302063646E2E617070726F756E642E62697A0D0A302E302E302E302063646E2E626967737065656470726F2E636F6D0D0A302E302E302E302063646E2E62697370642E636F6D0D0A302E302E302E302063646E2E62697372762E636F6D0D0A302E302E302E302063646E2E63646E64702E636F6D0D0A302E302E302E302063646E2E646F776E6C6F61642E73776565747061636B732E636F6D0D0A302E302E302E302063646E2E6470646F776E6C6F61642E636F6D0D0A302E302E302E302063646E2E76697375616C6265652E6E65740D0A2320756E636865636B795F656E640D0A
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{1465406f-4295-4548-9fc9-5d2fe5087c02}: [DhcpNameServer] 192.168.0.1

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    HKU\S-1-5-21-353090159-1504183216-3683736410-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    HKU\S-1-5-21-353090159-1504183216-3683736410-1002\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPNOT13/2
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {8E805679-AD2E-430A-8FEF-7F95E3F96A85} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-353090159-1504183216-3683736410-1002 -> DefaultScope {BA1BE292-1D15-488B-934D-008742212380} URL =
    SearchScopes: HKU\S-1-5-21-353090159-1504183216-3683736410-1002 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    SearchScopes: HKU\S-1-5-21-353090159-1504183216-3683736410-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
    BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
    Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)

    FireFox:
    ========
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll [2012-04-26] (Adobe Systems, Inc.)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin HKU\S-1-5-21-353090159-1504183216-3683736410-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Shannon\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-22] (Google Inc.)
    FF Plugin HKU\S-1-5-21-353090159-1504183216-3683736410-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Shannon\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-22] (Google Inc.)
    FF Plugin HKU\S-1-5-21-353090159-1504183216-3683736410-1002: hp.com/HPDetect -> C:\Users\Shannon\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll [2012-08-30] (HP)
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-06-21]
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.google.com
    CHR Profile: C:\Users\Shannon\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Shannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-17]
    CHR Extension: (Google Docs) - C:\Users\Shannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-17]
    CHR Extension: (Google Drive) - C:\Users\Shannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-11]
    CHR Extension: (YouTube) - C:\Users\Shannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-18]
    CHR Extension: (Google Search) - C:\Users\Shannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-04-11]
    CHR Extension: (Google Sheets) - C:\Users\Shannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-17]
    CHR Extension: (Google Docs Offline) - C:\Users\Shannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-22]
    CHR Extension: (Avast Online Security) - C:\Users\Shannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-06-21]
    CHR Extension: (Love Smoke) - C:\Users\Shannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgibfhhccaknggplelmbaepoikkcnllb [2015-05-17]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Shannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-11]
    CHR Extension: (Gmail) - C:\Users\Shannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-17]
    CHR Profile: C:\Users\Shannon\AppData\Local\Google\Chrome\User Data\Profile 1
    CHR Extension: (Google Slides) - C:\Users\Shannon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-05]
    CHR Extension: (Google Docs) - C:\Users\Shannon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-05]
    CHR Extension: (Google Drive) - C:\Users\Shannon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-05]
    CHR Extension: (YouTube) - C:\Users\Shannon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-05]
    CHR Extension: (Google Search) - C:\Users\Shannon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-05]
    CHR Extension: (SafeSearch) - C:\Users\Shannon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dofpbgmibkabhhihnomcmmijlkhaeilm [2015-11-05]
    CHR Extension: (Google Sheets) - C:\Users\Shannon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-05]
    CHR Extension: (Norton Identity Safe) - C:\Users\Shannon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-11-05]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Shannon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-11-05]
    CHR Extension: (Norton Security Toolbar) - C:\Users\Shannon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2015-11-05]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Shannon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-05]
    CHR Extension: (Gmail) - C:\Users\Shannon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-05]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-06-21]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-21] (Advanced Micro Devices, Inc.) [File not signed]
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-06-21] (AVAST Software)
    R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
    S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
    R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
    R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [255928 2016-04-09] (RaMMicHaeL)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-06-21] (AVAST Software)
    R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-06-21] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-06-21] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-06-21] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-06-21] (AVAST Software)
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-06-21] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-06-21] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-06-21] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-06-21] (AVAST Software)
    R3 athr; C:\Windows\System32\drivers\athw10x.sys [4318760 2015-08-28] (Qualcomm Atheros Communications, Inc.)
    R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
    R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
    U5 iaStorA; C:\Windows\System32\Drivers\iaStorA.sys [645952 2012-07-31] (Intel Corporation)
    R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.)
    R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
    S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-11] (Synaptics Incorporated)
    S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-11] (Synaptics Incorporated)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-06-22] ()
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
    R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
    R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
     
  11. morphy201180

    morphy201180 TS Enthusiast Topic Starter Posts: 79

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-06-22 10:22 - 2016-06-22 10:23 - 00026381 _____ C:\Users\Shannon\Desktop\FRST.txt
    2016-06-22 10:22 - 2016-06-22 10:22 - 00000000 ____D C:\Users\Shannon\Desktop\FRST-OlderVersion
    2016-06-22 02:03 - 2016-06-22 02:03 - 00001209 _____ C:\Users\Shannon\Desktop\AdwCleaner[C2].txt
    2016-06-22 01:53 - 2016-06-22 01:54 - 03703360 _____ C:\Users\Shannon\Desktop\adwcleaner_5.200.exe
    2016-06-22 01:31 - 2016-06-22 01:32 - 22851472 _____ (Malwarebytes ) C:\Users\Shannon\Downloads\mbam-setup-2.2.1.1043.exe
    2016-06-22 01:00 - 2016-06-22 01:02 - 19936840 _____ C:\Users\Shannon\Desktop\RogueKiller.exe
    2016-06-22 00:45 - 2016-06-22 00:45 - 00000000 ____D C:\Program Files (x86)\Google
    2016-06-22 00:43 - 2016-06-22 00:44 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Shannon\Downloads\mbar-1.09.3.1001.exe
    2016-06-21 10:27 - 2016-06-22 10:22 - 00000000 ____D C:\FRST
    2016-06-21 10:25 - 2016-06-22 10:22 - 02387456 _____ (Farbar) C:\Users\Shannon\Desktop\FRST64.exe
    2016-06-21 06:24 - 2016-06-21 06:24 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
    2016-06-21 02:00 - 2016-06-21 02:01 - 05659224 _____ (Swearware) C:\Users\Shannon\Desktop\ComboFix.exe
    2016-06-21 01:50 - 2016-06-21 01:50 - 00006910 _____ C:\Users\Shannon\Desktop\AdwCleaner[C1].txt
    2016-06-21 01:37 - 2016-06-22 01:58 - 00000000 ____D C:\AdwCleaner
    2016-06-21 01:34 - 2016-06-22 02:11 - 00000549 _____ C:\Users\Shannon\Desktop\JRT.txt
    2016-06-21 01:33 - 2016-05-28 06:06 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2016-06-21 01:33 - 2016-05-28 05:29 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2016-06-21 01:33 - 2016-05-28 05:19 - 24605696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2016-06-21 01:33 - 2016-05-28 05:16 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2016-06-21 01:33 - 2016-04-23 06:09 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2016-06-21 01:33 - 2016-04-23 06:09 - 05240960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
    2016-06-21 01:33 - 2016-04-23 06:08 - 06605504 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
    2016-06-21 01:33 - 2016-04-23 05:31 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2016-06-21 01:33 - 2016-04-23 05:28 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2016-06-21 01:33 - 2016-02-24 10:28 - 03449168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
    2016-06-21 01:33 - 2016-02-24 06:05 - 12586496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
    2016-06-21 01:33 - 2016-02-24 06:03 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
    2016-06-21 01:33 - 2016-02-23 11:32 - 08705672 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2016-06-21 01:33 - 2016-02-23 10:38 - 06952088 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2016-06-21 01:33 - 2016-02-23 07:35 - 07533568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
    2016-06-21 01:33 - 2016-02-23 07:28 - 06740992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
    2016-06-21 01:32 - 2016-05-28 07:13 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
    2016-06-21 01:32 - 2016-05-28 07:13 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2016-06-21 01:32 - 2016-05-28 07:13 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
    2016-06-21 01:32 - 2016-05-28 06:22 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2016-06-21 01:32 - 2016-05-28 06:07 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2016-06-21 01:32 - 2016-05-28 06:07 - 02921880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2016-06-21 01:32 - 2016-05-28 06:06 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
    2016-06-21 01:32 - 2016-05-28 06:05 - 04515264 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
    2016-06-21 01:32 - 2016-05-28 05:35 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
    2016-06-21 01:32 - 2016-05-28 05:18 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2016-06-21 01:32 - 2016-05-28 05:18 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
    2016-06-21 01:32 - 2016-05-28 05:17 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2016-06-21 01:32 - 2016-05-28 05:16 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
    2016-06-21 01:32 - 2016-05-28 05:14 - 18674176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2016-06-21 01:32 - 2016-05-28 05:13 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2016-06-21 01:32 - 2016-05-28 05:08 - 13385728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2016-06-21 01:32 - 2016-05-28 05:08 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
    2016-06-21 01:32 - 2016-05-28 05:06 - 12128256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2016-06-21 01:32 - 2016-05-28 05:06 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
    2016-06-21 01:32 - 2016-05-28 05:06 - 01339904 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
    2016-06-21 01:32 - 2016-05-28 05:05 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
    2016-06-21 01:32 - 2016-05-28 05:05 - 03664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2016-06-21 01:32 - 2016-05-28 05:05 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
    2016-06-21 01:32 - 2016-05-28 05:04 - 06973952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
    2016-06-21 01:32 - 2016-05-28 05:03 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
    2016-06-21 01:32 - 2016-05-28 05:03 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
    2016-06-21 01:32 - 2016-05-28 05:03 - 02609664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
    2016-06-21 01:32 - 2016-05-28 05:02 - 03590144 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2016-06-21 01:32 - 2016-05-28 05:02 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
    2016-06-21 01:32 - 2016-05-28 05:01 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
    2016-06-21 01:32 - 2016-05-28 05:01 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2016-06-21 01:32 - 2016-05-28 05:00 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2016-06-21 01:32 - 2016-05-28 05:00 - 03585536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
    2016-06-21 01:32 - 2016-05-28 05:00 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
    2016-06-21 01:32 - 2016-05-28 05:00 - 02230272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2016-06-21 01:32 - 2016-05-28 05:00 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2016-06-21 01:32 - 2016-05-28 05:00 - 01730560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2016-06-21 01:32 - 2016-05-28 04:58 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2016-06-21 01:32 - 2016-05-28 04:58 - 04896256 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2016-06-21 01:32 - 2016-05-28 04:58 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2016-06-21 01:32 - 2016-05-28 04:58 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
    2016-06-21 01:32 - 2016-05-28 04:57 - 02281472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2016-06-21 01:32 - 2016-05-28 04:55 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
    2016-06-21 01:32 - 2016-04-23 07:12 - 00713920 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
    2016-06-21 01:32 - 2016-04-23 07:12 - 00190144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
    2016-06-21 01:32 - 2016-04-23 06:28 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
    2016-06-21 01:32 - 2016-04-23 06:28 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2016-06-21 01:32 - 2016-04-23 06:24 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
    2016-06-21 01:32 - 2016-04-23 06:24 - 01819208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2016-06-21 01:32 - 2016-04-23 06:24 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
    2016-06-21 01:32 - 2016-04-23 06:12 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
    2016-06-21 01:32 - 2016-04-23 06:11 - 01092464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
    2016-06-21 01:32 - 2016-04-23 06:11 - 00498960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
    2016-06-21 01:32 - 2016-04-23 06:08 - 00725776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
    2016-06-21 01:32 - 2016-04-23 06:07 - 01848072 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
    2016-06-21 01:32 - 2016-04-23 06:00 - 01776768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
    2016-06-21 01:32 - 2016-04-23 05:25 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
    2016-06-21 01:32 - 2016-04-23 05:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
    2016-06-21 01:32 - 2016-04-23 05:19 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
    2016-06-21 01:32 - 2016-04-23 05:19 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
    2016-06-21 01:32 - 2016-04-23 05:18 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
    2016-06-21 01:32 - 2016-04-23 05:18 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
    2016-06-21 01:32 - 2016-04-23 05:18 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
    2016-06-21 01:32 - 2016-04-23 05:17 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
    2016-06-21 01:32 - 2016-04-23 05:17 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
    2016-06-21 01:32 - 2016-04-23 05:16 - 01319424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
    2016-06-21 01:32 - 2016-04-23 05:15 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
    2016-06-21 01:32 - 2016-04-23 05:15 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
    2016-06-21 01:32 - 2016-04-23 05:15 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
    2016-06-21 01:32 - 2016-04-23 05:14 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
    2016-06-21 01:32 - 2016-04-23 05:14 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
    2016-06-21 01:32 - 2016-04-23 05:14 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
    2016-06-21 01:32 - 2016-04-23 05:13 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
    2016-06-21 01:32 - 2016-04-23 05:13 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
    2016-06-21 01:32 - 2016-04-23 05:12 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
    2016-06-21 01:32 - 2016-04-23 05:10 - 00639488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
    2016-06-21 01:32 - 2016-04-23 05:05 - 05502976 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
    2016-06-21 01:32 - 2016-04-23 05:05 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
    2016-06-21 01:32 - 2016-04-23 05:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
    2016-06-21 01:32 - 2016-04-23 05:04 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
    2016-06-21 01:32 - 2016-04-23 05:03 - 02000896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
    2016-06-21 01:32 - 2016-04-23 05:03 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
    2016-06-21 01:32 - 2016-04-23 05:02 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
    2016-06-21 01:32 - 2016-04-23 05:01 - 04775424 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
    2016-06-21 01:32 - 2016-04-23 05:00 - 00984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
    2016-06-21 01:32 - 2016-04-02 04:19 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2016-06-21 01:32 - 2016-03-29 11:20 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
    2016-06-21 01:32 - 2016-03-29 10:56 - 01297752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
    2016-06-21 01:32 - 2016-03-29 08:20 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
    2016-06-21 01:32 - 2016-03-29 08:14 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
    2016-06-21 01:32 - 2016-03-29 08:02 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
    2016-06-21 01:32 - 2016-03-29 08:02 - 01211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
    2016-06-21 01:32 - 2016-03-29 07:36 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
    2016-06-21 01:32 - 2016-03-29 07:32 - 01098240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
    2016-06-21 01:32 - 2016-03-29 06:45 - 03078144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
    2016-06-21 01:32 - 2016-03-29 06:43 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
    2016-06-21 01:32 - 2016-03-29 06:36 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
    2016-06-21 01:32 - 2016-03-29 06:26 - 00958976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
    2016-06-21 01:32 - 2016-03-01 06:22 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
    2016-06-21 01:32 - 2016-02-24 10:34 - 01613664 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
    2016-06-21 01:32 - 2016-02-24 07:40 - 01224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
    2016-06-21 01:32 - 2016-02-24 07:34 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
    2016-06-21 01:32 - 2016-02-24 07:18 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
    2016-06-21 01:32 - 2016-02-24 07:07 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
    2016-06-21 01:32 - 2016-02-24 07:04 - 01497088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
    2016-06-21 01:32 - 2016-02-24 07:03 - 00769536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
    2016-06-21 01:32 - 2016-02-23 11:32 - 02544264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2016-06-21 01:32 - 2016-02-23 11:32 - 01152328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
    2016-06-21 01:32 - 2016-02-23 11:32 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
    2016-06-21 01:32 - 2016-02-23 11:31 - 01017032 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
    2016-06-21 01:32 - 2016-02-23 11:31 - 00819648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
    2016-06-21 01:32 - 2016-02-23 11:31 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
    2016-06-21 01:32 - 2016-02-23 10:45 - 02773096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
    2016-06-21 01:32 - 2016-02-23 10:38 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2016-06-21 01:32 - 2016-02-23 10:38 - 00980352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
    2016-06-21 01:32 - 2016-02-23 10:38 - 00895080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
    2016-06-21 01:32 - 2016-02-23 10:38 - 00882720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
    2016-06-21 01:32 - 2016-02-23 10:37 - 00713824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
    2016-06-21 01:32 - 2016-02-23 10:20 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSave.dll
    2016-06-21 01:32 - 2016-02-23 09:56 - 02186864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
    2016-06-21 01:32 - 2016-02-23 09:14 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
    2016-06-21 01:32 - 2016-02-23 09:10 - 00997376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
    2016-06-21 01:32 - 2016-02-23 09:04 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
    2016-06-21 01:32 - 2016-02-23 08:48 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
    2016-06-21 01:32 - 2016-02-23 08:37 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
    2016-06-21 01:32 - 2016-02-23 08:31 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
    2016-06-21 01:32 - 2016-02-23 08:24 - 04827136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
    2016-06-21 01:32 - 2016-02-23 08:24 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
    2016-06-21 01:32 - 2016-02-23 07:56 - 04412928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
    2016-06-21 01:32 - 2016-02-23 07:41 - 02912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
    2016-06-21 01:32 - 2016-02-23 07:33 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
    2016-06-21 01:32 - 2016-01-27 06:57 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
    2016-06-21 01:32 - 2016-01-27 06:46 - 02606824 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
    2016-06-21 01:32 - 2016-01-16 07:21 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
    2016-06-21 01:32 - 2016-01-16 07:12 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
    2016-06-21 01:32 - 2016-01-16 07:08 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
    2016-06-21 01:32 - 2016-01-16 06:29 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
    2016-06-21 01:32 - 2016-01-16 06:24 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
    2016-06-21 01:31 - 2016-05-28 07:13 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
    2016-06-21 01:31 - 2016-05-28 07:13 - 00290496 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
    2016-06-21 01:31 - 2016-05-28 07:13 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
    2016-06-21 01:31 - 2016-05-28 06:25 - 04268880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
    2016-06-21 01:31 - 2016-05-28 06:23 - 00388384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ws2_32.dll
    2016-06-21 01:31 - 2016-05-28 06:23 - 00312160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswsock.dll
    2016-06-21 01:31 - 2016-05-28 06:22 - 04387680 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
    2016-06-21 01:31 - 2016-05-28 06:22 - 00428896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
    2016-06-21 01:31 - 2016-05-28 06:20 - 00430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ws2_32.dll
    2016-06-21 01:31 - 2016-05-28 06:18 - 00357216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswsock.dll
    2016-06-21 01:31 - 2016-05-28 06:09 - 00501600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
    2016-06-21 01:31 - 2016-05-28 06:08 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
    2016-06-21 01:31 - 2016-05-28 06:08 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
    2016-06-21 01:31 - 2016-05-28 06:07 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
    2016-06-21 01:31 - 2016-05-28 06:07 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
    2016-06-21 01:31 - 2016-05-28 06:07 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
    2016-06-21 01:31 - 2016-05-28 06:07 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
    2016-06-21 01:31 - 2016-05-28 06:07 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
    2016-06-21 01:31 - 2016-05-28 06:06 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
    2016-06-21 01:31 - 2016-05-28 06:06 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
    2016-06-21 01:31 - 2016-05-28 06:06 - 00254656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
    2016-06-21 01:31 - 2016-05-28 06:04 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2016-06-21 01:31 - 2016-05-28 06:04 - 00431296 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
    2016-06-21 01:31 - 2016-05-28 06:04 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
    2016-06-21 01:31 - 2016-05-28 05:58 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2016-06-21 01:31 - 2016-05-28 05:58 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
    2016-06-21 01:31 - 2016-05-28 05:57 - 02548944 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
    2016-06-21 01:31 - 2016-05-28 05:57 - 02195632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
    2016-06-21 01:31 - 2016-05-28 05:57 - 01594416 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
    2016-06-21 01:31 - 2016-05-28 05:57 - 01372312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
    2016-06-21 01:31 - 2016-05-28 05:57 - 00649792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
    2016-06-21 01:31 - 2016-05-28 05:57 - 00636304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
    2016-06-21 01:31 - 2016-05-28 05:57 - 00577376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
    2016-06-21 01:31 - 2016-05-28 05:57 - 00546456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
    2016-06-21 01:31 - 2016-05-28 05:57 - 00521664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
    2016-06-21 01:31 - 2016-05-28 05:57 - 00316256 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
    2016-06-21 01:31 - 2016-05-28 05:35 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsdport.sys
    2016-06-21 01:31 - 2016-05-28 05:31 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
    2016-06-21 01:31 - 2016-05-28 05:31 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
    2016-06-21 01:31 - 2016-05-28 05:26 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
    2016-06-21 01:31 - 2016-05-28 05:26 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
    2016-06-21 01:31 - 2016-05-28 05:24 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
    2016-06-21 01:31 - 2016-05-28 05:22 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
    2016-06-21 01:31 - 2016-05-28 05:22 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
    2016-06-21 01:31 - 2016-05-28 05:22 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
    2016-06-21 01:31 - 2016-05-28 05:22 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
    2016-06-21 01:31 - 2016-05-28 05:22 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
    2016-06-21 01:31 - 2016-05-28 05:21 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
    2016-06-21 01:31 - 2016-05-28 05:21 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrokerLib.dll
    2016-06-21 01:31 - 2016-05-28 05:21 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
    2016-06-21 01:31 - 2016-05-28 05:21 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
    2016-06-21 01:31 - 2016-05-28 05:20 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
    2016-06-21 01:31 - 2016-05-28 05:19 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
    2016-06-21 01:31 - 2016-05-28 05:18 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
    2016-06-21 01:31 - 2016-05-28 05:18 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
    2016-06-21 01:31 - 2016-05-28 05:18 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
    2016-06-21 01:31 - 2016-05-28 05:18 - 00380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
    2016-06-21 01:31 - 2016-05-28 05:18 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
    2016-06-21 01:31 - 2016-05-28 05:17 - 00963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
    2016-06-21 01:31 - 2016-05-28 05:17 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
    2016-06-21 01:31 - 2016-05-28 05:17 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
    2016-06-21 01:31 - 2016-05-28 05:17 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
    2016-06-21 01:31 - 2016-05-28 05:16 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
    2016-06-21 01:31 - 2016-05-28 05:16 - 00684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
    2016-06-21 01:31 - 2016-05-28 05:16 - 00592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
    2016-06-21 01:31 - 2016-05-28 05:16 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
    2016-06-21 01:31 - 2016-05-28 05:15 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
    2016-06-21 01:31 - 2016-05-28 05:15 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
    2016-06-21 01:31 - 2016-05-28 05:15 - 00794624 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
    2016-06-21 01:31 - 2016-05-28 05:15 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
    2016-06-21 01:31 - 2016-05-28 05:14 - 01716736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
    2016-06-21 01:31 - 2016-05-28 05:14 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
    2016-06-21 01:31 - 2016-05-28 05:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
    2016-06-21 01:31 - 2016-05-28 05:14 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2016-06-21 01:31 - 2016-05-28 05:14 - 00606208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2016-06-21 01:31 - 2016-05-28 05:14 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
    2016-06-21 01:31 - 2016-05-28 05:13 - 00990208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
    2016-06-21 01:31 - 2016-05-28 05:13 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
    2016-06-21 01:31 - 2016-05-28 05:13 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
    2016-06-21 01:31 - 2016-05-28 05:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
    2016-06-21 01:31 - 2016-05-28 05:13 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
    2016-06-21 01:31 - 2016-05-28 05:12 - 00614400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
    2016-06-21 01:31 - 2016-05-28 05:12 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
    2016-06-21 01:31 - 2016-05-28 05:11 - 01445888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
    2016-06-21 01:31 - 2016-05-28 05:11 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
    2016-06-21 01:31 - 2016-05-28 05:11 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
    2016-06-21 01:31 - 2016-05-28 05:11 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
    2016-06-21 01:31 - 2016-05-28 05:11 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2016-06-21 01:31 - 2016-05-28 05:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2016-06-21 01:31 - 2016-05-28 05:09 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
    2016-06-21 01:31 - 2016-05-28 05:05 - 01797120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
    2016-06-21 01:31 - 2016-05-28 05:04 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
    2016-06-21 01:31 - 2016-05-28 05:03 - 01185280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationFramework.dll
    2016-06-21 01:31 - 2016-05-28 05:03 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
    2016-06-21 01:31 - 2016-05-28 05:02 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
    2016-06-21 01:31 - 2016-05-28 05:01 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
    2016-06-21 01:31 - 2016-05-28 05:00 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
    2016-06-21 01:31 - 2016-05-28 05:00 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
    2016-06-21 01:31 - 2016-05-28 04:59 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
    2016-06-21 01:31 - 2016-05-28 04:58 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
    2016-06-21 01:31 - 2016-05-28 04:53 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
    2016-06-21 01:31 - 2016-05-06 05:53 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdport.sys
    2016-06-21 01:31 - 2016-05-06 05:03 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
    2016-06-21 01:31 - 2016-05-06 04:53 - 00351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
    2016-06-21 01:31 - 2016-05-06 04:49 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
    2016-06-21 01:31 - 2016-05-06 04:44 - 00582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
    2016-06-21 01:31 - 2016-05-05 05:50 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
    2016-06-21 01:31 - 2016-04-23 06:26 - 00707608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
    2016-06-21 01:31 - 2016-04-23 06:24 - 00638816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
    2016-06-21 01:31 - 2016-04-23 06:24 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
    2016-06-21 01:31 - 2016-04-23 06:22 - 01161120 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
    2016-06-21 01:31 - 2016-04-23 06:13 - 00306832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
    2016-06-21 01:31 - 2016-04-23 06:12 - 00451928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
    2016-06-21 01:31 - 2016-04-23 06:12 - 00413536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
    2016-06-21 01:31 - 2016-04-23 06:11 - 00390496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
    2016-06-21 01:31 - 2016-04-23 06:11 - 00131424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufxsynopsys.sys
    2016-06-21 01:31 - 2016-04-23 06:09 - 00569744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
    2016-06-21 01:31 - 2016-04-23 06:09 - 00565600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
    2016-06-21 01:31 - 2016-04-23 06:09 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
    2016-06-21 01:31 - 2016-04-23 06:07 - 01536088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
    2016-06-21 01:31 - 2016-04-23 06:07 - 00204048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
    2016-06-21 01:31 - 2016-04-23 06:07 - 00183904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
    2016-06-21 01:31 - 2016-04-23 06:06 - 00291360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
    2016-06-21 01:31 - 2016-04-23 06:02 - 00188256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
    2016-06-21 01:31 - 2016-04-23 06:01 - 00619296 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
    2016-06-21 01:31 - 2016-04-23 06:01 - 00513368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
    2016-06-21 01:31 - 2016-04-23 06:01 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
    2016-06-21 01:31 - 2016-04-23 06:01 - 00217440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
    2016-06-21 01:31 - 2016-04-23 06:00 - 01522152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
    2016-06-21 01:31 - 2016-04-23 06:00 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
    2016-06-21 01:31 - 2016-04-23 06:00 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
    2016-06-21 01:31 - 2016-04-23 06:00 - 00550656 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
    2016-06-21 01:31 - 2016-04-23 06:00 - 00453472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
    2016-06-21 01:31 - 2016-04-23 05:56 - 00534872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
    2016-06-21 01:31 - 2016-04-23 05:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
    2016-06-21 01:31 - 2016-04-23 05:32 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
    2016-06-21 01:31 - 2016-04-23 05:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\filecrypt.sys
    2016-06-21 01:31 - 2016-04-23 05:29 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
    2016-06-21 01:31 - 2016-04-23 05:28 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
    2016-06-21 01:31 - 2016-04-23 05:28 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
    2016-06-21 01:31 - 2016-04-23 05:26 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
    2016-06-21 01:31 - 2016-04-23 05:25 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
    2016-06-21 01:31 - 2016-04-23 05:25 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
    2016-06-21 01:31 - 2016-04-23 05:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
    2016-06-21 01:31 - 2016-04-23 05:24 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
    2016-06-21 01:31 - 2016-04-23 05:24 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
    2016-06-21 01:31 - 2016-04-23 05:24 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
    2016-06-21 01:31 - 2016-04-23 05:24 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
    2016-06-21 01:31 - 2016-04-23 05:24 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
    2016-06-21 01:31 - 2016-04-23 05:23 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
    2016-06-21 01:31 - 2016-04-23 05:23 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
    2016-06-21 01:31 - 2016-04-23 05:21 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
    2016-06-21 01:31 - 2016-04-23 05:20 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
    2016-06-21 01:31 - 2016-04-23 05:20 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
    2016-06-21 01:31 - 2016-04-23 05:20 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
    2016-06-21 01:31 - 2016-04-23 05:20 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
    2016-06-21 01:31 - 2016-04-23 05:18 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2016-06-21 01:31 - 2016-04-23 05:18 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
    2016-06-21 01:31 - 2016-04-23 05:18 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
    2016-06-21 01:31 - 2016-04-23 05:17 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
    2016-06-21 01:31 - 2016-04-23 05:16 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
    2016-06-21 01:31 - 2016-04-23 05:15 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
    2016-06-21 01:31 - 2016-04-23 05:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
    2016-06-21 01:31 - 2016-04-23 05:14 - 00647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2016-06-21 01:31 - 2016-04-23 05:14 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
    2016-06-21 01:31 - 2016-04-23 05:13 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
    2016-06-21 01:31 - 2016-04-23 05:07 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
    2016-06-21 01:31 - 2016-04-23 05:05 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
    2016-06-21 01:31 - 2016-04-23 05:03 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
    2016-06-21 01:31 - 2016-04-23 05:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
    2016-06-21 01:31 - 2016-04-23 04:45 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
    2016-06-21 01:31 - 2016-04-02 05:13 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
    2016-06-21 01:31 - 2016-04-02 05:10 - 00374008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
    2016-06-21 01:31 - 2016-03-29 11:22 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2016-06-21 01:31 - 2016-03-29 11:22 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
    2016-06-21 01:31 - 2016-03-29 11:20 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2016-06-21 01:31 - 2016-03-29 11:20 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2016-06-21 01:31 - 2016-03-29 11:18 - 02152280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
    2016-06-21 01:31 - 2016-03-29 11:11 - 00686976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
    2016-06-21 01:31 - 2016-03-29 11:05 - 01152864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
    2016-06-21 01:31 - 2016-03-29 11:02 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
    2016-06-21 01:31 - 2016-03-29 11:02 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
    2016-06-21 01:31 - 2016-03-29 10:37 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
    2016-06-21 01:31 - 2016-03-29 10:28 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
    2016-06-21 01:31 - 2016-03-29 10:19 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
    2016-06-21 01:31 - 2016-03-29 10:13 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
    2016-06-21 01:31 - 2016-03-29 10:08 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
    2016-06-21 01:31 - 2016-03-29 10:08 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
    2016-06-21 01:31 - 2016-03-29 09:26 - 02403680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
    2016-06-21 01:31 - 2016-03-29 09:26 - 01089888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
    2016-06-21 01:31 - 2016-03-29 09:24 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
    2016-06-21 01:31 - 2016-03-29 09:21 - 00378208 _____ (Microsoft Corporation)
     
  12. morphy201180

    morphy201180 TS Enthusiast Topic Starter Posts: 79

    C:\WINDOWS\system32\Drivers\USBXHCI.SYS

    2016-06-21 01:31 - 2016-03-29 08:51 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll

    2016-06-21 01:31 - 2016-03-29 08:48 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll

    2016-06-21 01:31 - 2016-03-29 08:36 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll

    2016-06-21 01:31 - 2016-03-29 08:30 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll

    2016-06-21 01:31 - 2016-03-29 08:27 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll

    2016-06-21 01:31 - 2016-03-29 08:22 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll

    2016-06-21 01:31 - 2016-03-29 08:20 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll

    2016-06-21 01:31 - 2016-03-29 08:19 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll

    2016-06-21 01:31 - 2016-03-29 08:17 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll

    2016-06-21 01:31 - 2016-03-29 08:11 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll

    2016-06-21 01:31 - 2016-03-29 08:09 - 01239552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll

    2016-06-21 01:31 - 2016-03-29 08:07 - 01902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll

    2016-06-21 01:31 - 2016-03-29 08:06 - 01575936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll

    2016-06-21 01:31 - 2016-03-29 08:05 - 01395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll

    2016-06-21 01:31 - 2016-03-29 08:03 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys

    2016-06-21 01:31 - 2016-03-29 08:00 - 00235008 _____ C:\WINDOWS\system32\MTF.dll

    2016-06-21 01:31 - 2016-03-29 07:55 - 01052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll

    2016-06-21 01:31 - 2016-03-29 07:49 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll

    2016-06-21 01:31 - 2016-03-29 07:43 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AccountsRt.dll

    2016-06-21 01:31 - 2016-03-29 07:42 - 01410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll

    2016-06-21 01:31 - 2016-03-29 07:40 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll

    2016-06-21 01:31 - 2016-03-29 07:36 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll

    2016-06-21 01:31 - 2016-03-29 07:34 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll

    2016-06-21 01:31 - 2016-03-29 07:32 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll

    2016-06-21 01:31 - 2016-03-29 07:31 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll

    2016-06-21 01:31 - 2016-03-29 07:30 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll

    2016-06-21 01:31 - 2016-03-29 07:29 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll

    2016-06-21 01:31 - 2016-03-29 07:28 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll

    2016-06-21 01:31 - 2016-03-29 07:28 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll

    2016-06-21 01:31 - 2016-03-29 07:27 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll

    2016-06-21 01:31 - 2016-03-29 07:27 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll

    2016-06-21 01:31 - 2016-03-29 07:23 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll

    2016-06-21 01:31 - 2016-03-29 07:17 - 00765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll

    2016-06-21 01:31 - 2016-03-29 07:14 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll

    2016-06-21 01:31 - 2016-03-29 07:13 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll

    2016-06-21 01:31 - 2016-03-29 07:10 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll

    2016-06-21 01:31 - 2016-03-29 07:05 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll

    2016-06-21 01:31 - 2016-03-29 07:05 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll

    2016-06-21 01:31 - 2016-03-29 07:04 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll

    2016-06-21 01:31 - 2016-03-29 06:45 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll

    2016-06-21 01:31 - 2016-03-29 06:43 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll

    2016-06-21 01:31 - 2016-03-29 06:38 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll

    2016-06-21 01:31 - 2016-03-29 06:25 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll

    2016-06-21 01:31 - 2016-03-01 06:31 - 00848168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll

    2016-06-21 01:31 - 2016-02-24 09:58 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll

    2016-06-21 01:31 - 2016-02-24 09:43 - 00625000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll

    2016-06-21 01:31 - 2016-02-24 09:19 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll

    2016-06-21 01:31 - 2016-02-24 09:11 - 00258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll

    2016-06-21 01:31 - 2016-02-24 09:09 - 00640472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll

    2016-06-21 01:31 - 2016-02-24 08:35 - 00220064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqmapi.dll

    2016-06-21 01:31 - 2016-02-24 08:33 - 00538736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll

    2016-06-21 01:31 - 2016-02-24 08:20 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll

    2016-06-21 01:31 - 2016-02-24 08:02 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll

    2016-06-21 01:31 - 2016-02-24 08:01 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll

    2016-06-21 01:31 - 2016-02-24 07:59 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll

    2016-06-21 01:31 - 2016-02-24 07:59 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll

    2016-06-21 01:31 - 2016-02-24 07:59 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll

    2016-06-21 01:31 - 2016-02-24 07:55 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll

    2016-06-21 01:31 - 2016-02-24 07:55 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll

    2016-06-21 01:31 - 2016-02-24 07:54 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll

    2016-06-21 01:31 - 2016-02-24 07:52 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll

    2016-06-21 01:31 - 2016-02-24 07:49 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll

    2016-06-21 01:31 - 2016-02-24 07:44 - 00915456 _____ (Microsoft Corporation) C:\WINDOWS\system32\configurationclient.dll

    2016-06-21 01:31 - 2016-02-24 07:44 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll

    2016-06-21 01:31 - 2016-02-24 07:43 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll

    2016-06-21 01:31 - 2016-02-24 07:36 - 01847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe

    2016-06-21 01:31 - 2016-02-24 07:32 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll

    2016-06-21 01:31 - 2016-02-24 07:31 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cemapi.dll

    2016-06-21 01:31 - 2016-02-24 07:25 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll

    2016-06-21 01:31 - 2016-02-24 07:21 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll

    2016-06-21 01:31 - 2016-02-24 07:18 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll

    2016-06-21 01:31 - 2016-02-24 07:18 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll

    2016-06-21 01:31 - 2016-02-24 07:17 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll

    2016-06-21 01:31 - 2016-02-24 07:13 - 00540160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll

    2016-06-21 01:31 - 2016-02-24 07:09 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll

    2016-06-21 01:31 - 2016-02-24 07:09 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll

    2016-06-21 01:31 - 2016-02-23 12:25 - 00563552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys

    2016-06-21 01:31 - 2016-02-23 12:15 - 00779384 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll

    2016-06-21 01:31 - 2016-02-23 11:31 - 00476728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll

    2016-06-21 01:31 - 2016-02-23 11:31 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll

    2016-06-21 01:31 - 2016-02-23 11:22 - 00572272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll

    2016-06-21 01:31 - 2016-02-23 10:40 - 00430944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys

    2016-06-21 01:31 - 2016-02-23 10:38 - 00420928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll

    2016-06-21 01:31 - 2016-02-23 10:27 - 00376536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll

    2016-06-21 01:31 - 2016-02-23 10:20 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys

    2016-06-21 01:31 - 2016-02-23 10:06 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll

    2016-06-21 01:31 - 2016-02-23 09:55 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys

    2016-06-21 01:31 - 2016-02-23 09:53 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll

    2016-06-21 01:31 - 2016-02-23 09:40 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll

    2016-06-21 01:31 - 2016-02-23 09:39 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll

    2016-06-21 01:31 - 2016-02-23 09:38 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll

    2016-06-21 01:31 - 2016-02-23 09:38 - 00287712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll

    2016-06-21 01:31 - 2016-02-23 09:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll

    2016-06-21 01:31 - 2016-02-23 09:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuickActionsDataModel.dll

    2016-06-21 01:31 - 2016-02-23 09:34 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll

    2016-06-21 01:31 - 2016-02-23 09:34 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll

    2016-06-21 01:31 - 2016-02-23 09:31 - 00463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll

    2016-06-21 01:31 - 2016-02-23 09:29 - 00591872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll

    2016-06-21 01:31 - 2016-02-23 09:28 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll

    2016-06-21 01:31 - 2016-02-23 09:27 - 00307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll

    2016-06-21 01:31 - 2016-02-23 09:26 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe

    2016-06-21 01:31 - 2016-02-23 09:22 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll

    2016-06-21 01:31 - 2016-02-23 09:20 - 00847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll

    2016-06-21 01:31 - 2016-02-23 09:20 - 00493568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll

    2016-06-21 01:31 - 2016-02-23 09:19 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv

    2016-06-21 01:31 - 2016-02-23 09:04 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll

    2016-06-21 01:31 - 2016-02-23 09:02 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe

    2016-06-21 01:31 - 2016-02-23 09:02 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys

    2016-06-21 01:31 - 2016-02-23 08:58 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerServer.dll

    2016-06-21 01:31 - 2016-02-23 08:52 - 00456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll

    2016-06-21 01:31 - 2016-02-23 08:50 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll

    2016-06-21 01:31 - 2016-02-23 08:49 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll

    2016-06-21 01:31 - 2016-02-23 08:47 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll

    2016-06-21 01:31 - 2016-02-23 08:38 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll

    2016-06-21 01:31 - 2016-02-23 08:36 - 00713728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll

    2016-06-21 01:31 - 2016-02-23 08:36 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll

    2016-06-21 01:31 - 2016-02-23 08:35 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv

    2016-06-21 01:31 - 2016-02-23 08:01 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll

    2016-06-21 01:31 - 2016-02-09 04:18 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll

    2016-06-21 01:31 - 2016-02-09 04:18 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll

    2016-06-21 01:31 - 2016-01-27 06:59 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe

    2016-06-21 01:31 - 2016-01-27 06:57 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll

    2016-06-21 01:31 - 2016-01-27 06:46 - 01270072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll

    2016-06-21 01:31 - 2016-01-27 06:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll

    2016-06-21 01:31 - 2016-01-27 05:59 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll

    2016-06-21 01:31 - 2016-01-27 05:50 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys

    2016-06-21 01:31 - 2016-01-16 07:37 - 00202472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll

    2016-06-21 01:31 - 2016-01-16 07:24 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll

    2016-06-21 01:31 - 2016-01-16 07:20 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll

    2016-06-21 01:31 - 2016-01-16 07:20 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll

    2016-06-21 01:31 - 2016-01-16 07:19 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll

    2016-06-21 01:31 - 2016-01-16 07:08 - 00440152 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe

    2016-06-21 01:31 - 2016-01-16 06:38 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll

    2016-06-21 01:31 - 2016-01-16 06:36 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll

    2016-06-21 01:31 - 2016-01-16 06:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe

    2016-06-21 01:31 - 2016-01-16 06:36 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll

    2016-06-21 01:31 - 2016-01-16 06:35 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll

    2016-06-21 01:31 - 2016-01-16 06:34 - 00477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll

    2016-06-21 01:31 - 2016-01-16 06:33 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll

    2016-06-21 01:31 - 2016-01-16 06:33 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll

    2016-06-21 01:31 - 2016-01-16 06:32 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll

    2016-06-21 01:31 - 2016-01-16 06:31 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll

    2016-06-21 01:31 - 2016-01-16 06:30 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl

    2016-06-21 01:31 - 2016-01-16 06:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll

    2016-06-21 01:31 - 2016-01-16 06:28 - 00884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll

    2016-06-21 01:31 - 2016-01-16 06:28 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll

    2016-06-21 01:31 - 2016-01-16 06:27 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll

    2016-06-21 01:31 - 2016-01-16 06:26 - 00260608 _____ C:\WINDOWS\system32\MTFServer.dll

    2016-06-21 01:31 - 2016-01-16 06:25 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll

    2016-06-21 01:31 - 2016-01-16 06:24 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll

    2016-06-21 01:31 - 2016-01-16 06:23 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl

    2016-06-21 01:31 - 2016-01-16 06:20 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll

    2016-06-21 01:31 - 2016-01-16 06:19 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll

    2016-06-21 01:31 - 2016-01-16 06:18 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll

    2016-06-21 01:31 - 2016-01-16 06:16 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll

    2016-06-21 01:31 - 2016-01-16 06:11 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll

    2016-06-21 01:30 - 2016-05-28 06:22 - 00211296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys

    2016-06-21 01:30 - 2016-05-28 06:22 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys

    2016-06-21 01:30 - 2016-05-28 06:16 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

    2016-06-21 01:30 - 2016-05-28 06:09 - 00170848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.exe

    2016-06-21 01:30 - 2016-05-28 06:09 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll

    2016-06-21 01:30 - 2016-05-28 06:08 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll

    2016-06-21 01:30 - 2016-05-28 06:04 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll

    2016-06-21 01:30 - 2016-05-28 06:04 - 00111064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll

    2016-06-21 01:30 - 2016-05-28 06:04 - 00097096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll

    2016-06-21 01:30 - 2016-05-28 06:03 - 00131248 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll

    2016-06-21 01:30 - 2016-05-28 05:35 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll

    2016-06-21 01:30 - 2016-05-28 05:31 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll

    2016-06-21 01:30 - 2016-05-28 05:29 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll

    2016-06-21 01:30 - 2016-05-28 05:29 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll

    2016-06-21 01:30 - 2016-05-28 05:29 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxp.dll

    2016-06-21 01:30 - 2016-05-28 05:28 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe

    2016-06-21 01:30 - 2016-05-28 05:28 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll

    2016-06-21 01:30 - 2016-05-28 05:28 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\FwRemoteSvr.dll

    2016-06-21 01:30 - 2016-05-28 05:27 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll

    2016-06-21 01:30 - 2016-05-28 05:27 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll

    2016-06-21 01:30 - 2016-05-28 05:26 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe

    2016-06-21 01:30 - 2016-05-28 05:26 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe

    2016-06-21 01:30 - 2016-05-28 05:26 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll

    2016-06-21 01:30 - 2016-05-28 05:25 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll

    2016-06-21 01:30 - 2016-05-28 05:24 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll

    2016-06-21 01:30 - 2016-05-28 05:24 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Ndu.sys

    2016-06-21 01:30 - 2016-05-28 05:24 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll

    2016-06-21 01:30 - 2016-05-28 05:24 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll

    2016-06-21 01:30 - 2016-05-28 05:24 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll

    2016-06-21 01:30 - 2016-05-28 05:24 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll

    2016-06-21 01:30 - 2016-05-28 05:24 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FwRemoteSvr.dll

    2016-06-21 01:30 - 2016-05-28 05:23 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys

    2016-06-21 01:30 - 2016-05-28 05:23 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll

    2016-06-21 01:30 - 2016-05-28 05:22 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe

    2016-06-21 01:30 - 2016-05-28 05:22 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll

    2016-06-21 01:30 - 2016-05-28 05:22 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptsvc.dll

    2016-06-21 01:30 - 2016-05-28 05:22 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll

    2016-06-21 01:30 - 2016-05-28 05:20 - 00511488 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll

    2016-06-21 01:30 - 2016-05-28 05:20 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\system32\polstore.dll

    2016-06-21 01:30 - 2016-05-28 05:20 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll

    2016-06-21 01:30 - 2016-05-28 05:20 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GnssAdapter.dll

    2016-06-21 01:30 - 2016-05-28 05:20 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Privacy.dll

    2016-06-21 01:30 - 2016-05-28 05:20 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll

    2016-06-21 01:30 - 2016-05-28 05:19 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll

    2016-06-21 01:30 - 2016-05-28 05:19 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe

    2016-06-21 01:30 - 2016-05-28 05:19 - 00355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll

    2016-06-21 01:30 - 2016-05-28 05:19 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll

    2016-06-21 01:30 - 2016-05-28 05:18 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPSECSVC.DLL

    2016-06-21 01:30 - 2016-05-28 05:17 - 00485888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll

    2016-06-21 01:30 - 2016-05-28 05:17 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll

    2016-06-21 01:30 - 2016-05-28 05:17 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll

    2016-06-21 01:30 - 2016-05-28 05:16 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\polstore.dll

    2016-06-21 01:30 - 2016-05-28 05:16 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll

    2016-06-21 01:30 - 2016-05-28 05:15 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll

    2016-06-21 01:30 - 2016-05-28 05:15 - 00293888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll

    2016-06-21 01:30 - 2016-05-28 05:15 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys

    2016-06-21 01:30 - 2016-05-28 05:14 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll

    2016-06-21 01:30 - 2016-05-28 05:14 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll

    2016-06-21 01:30 - 2016-05-28 05:12 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll

    2016-06-21 01:30 - 2016-05-28 05:11 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll

    2016-06-21 01:30 - 2016-05-28 05:11 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll

    2016-06-21 01:30 - 2016-05-28 05:04 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll

    2016-06-21 01:30 - 2016-05-28 05:03 - 00693760 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll

    2016-06-21 01:30 - 2016-05-28 05:02 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll

    2016-06-21 01:30 - 2016-05-28 05:01 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll

    2016-06-21 01:30 - 2016-05-28 05:00 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll

    2016-06-21 01:30 - 2016-05-28 05:00 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll

    2016-06-21 01:30 - 2016-05-06 05:05 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll

    2016-06-21 01:30 - 2016-05-06 04:43 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll

    2016-06-21 01:30 - 2016-04-23 06:24 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys

    2016-06-21 01:30 - 2016-04-23 06:00 - 00058208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwminit.dll

    2016-06-21 01:30 - 2016-04-23 05:34 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys

    2016-06-21 01:30 - 2016-04-23 05:34 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll

    2016-06-21 01:30 - 2016-04-23 05:34 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll

    2016-06-21 01:30 - 2016-04-23 05:33 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll

    2016-06-21 01:30 - 2016-04-23 05:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll

    2016-06-21 01:30 - 2016-04-23 05:33 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe

    2016-06-21 01:30 - 2016-04-23 05:32 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll

    2016-06-21 01:30 - 2016-04-23 05:29 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll

    2016-06-21 01:30 - 2016-04-23 05:29 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll

    2016-06-21 01:30 - 2016-04-23 05:29 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll

    2016-06-21 01:30 - 2016-04-23 05:29 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe

    2016-06-21 01:30 - 2016-04-23 05:29 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll

    2016-06-21 01:30 - 2016-04-23 05:28 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll

    2016-06-21 01:30 - 2016-04-23 05:28 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll

    2016-06-21 01:30 - 2016-04-23 05:27 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll

    2016-06-21 01:30 - 2016-04-23 05:23 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll

    2016-06-21 01:30 - 2016-04-23 05:19 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlansec.dll

    2016-06-21 01:30 - 2016-04-23 05:19 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll

    2016-06-21 01:30 - 2016-04-23 05:17 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll

    2016-06-21 01:30 - 2016-04-23 03:10 - 00002186 _____ C:\WINDOWS\system32\AppxProvisioning.xml

    2016-06-21 01:30 - 2016-04-18 23:30 - 00002186 _____ C:\WINDOWS\SysWOW64\AppxProvisioning.xml

    2016-06-21 01:30 - 2016-04-02 05:10 - 00770640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll

    2016-06-21 01:30 - 2016-04-02 04:25 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll

    2016-06-21 01:30 - 2016-04-02 04:25 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll

    2016-06-21 01:30 - 2016-03-29 11:23 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys

    2016-06-21 01:30 - 2016-03-29 11:15 - 00100232 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll

    2016-06-21 01:30 - 2016-03-29 10:25 - 00058400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll

    2016-06-21 01:30 - 2016-03-29 10:18 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys

    2016-06-21 01:30 - 2016-03-29 10:11 - 00074424 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe

    2016-06-21 01:30 - 2016-03-29 10:10 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll

    2016-06-21 01:30 - 2016-03-29 10:09 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll

    2016-06-21 01:30 - 2016-03-29 10:07 - 00081144 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll

    2016-06-21 01:30 - 2016-03-29 09:41 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll

    2016-06-21 01:30 - 2016-03-29 09:26 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll

    2016-06-21 01:30 - 2016-03-29 09:25 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll

    2016-06-21 01:30 - 2016-03-29 09:23 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll

    2016-06-21 01:30 - 2016-03-29 09:16 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys

    2016-06-21 01:30 - 2016-03-29 09:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll

    2016-06-21 01:30 - 2016-03-29 09:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll

    2016-06-21 01:30 - 2016-03-29 09:07 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll

    2016-06-21 01:30 - 2016-03-29 09:07 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll

    2016-06-21 01:30 - 2016-03-29 09:06 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacchooks.dll

    2016-06-21 01:30 - 2016-03-29 09:00 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe

    2016-06-21 01:30 - 2016-03-29 09:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll

    2016-06-21 01:30 - 2016-03-29 08:59 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe

    2016-06-21 01:30 - 2016-03-29 08:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll

    2016-06-21 01:30 - 2016-03-29 08:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll

    2016-06-21 01:30 - 2016-03-29 08:57 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll

    2016-06-21 01:30 - 2016-03-29 08:57 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll

    2016-06-21 01:30 - 2016-03-29 08:55 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys

    2016-06-21 01:30 - 2016-03-29 08:55 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll

    2016-06-21 01:30 - 2016-03-29 08:54 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll

    2016-06-21 01:30 - 2016-03-29 08:53 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
     
  13. morphy201180

    morphy201180 TS Enthusiast Topic Starter Posts: 79

    2016-06-21 01:30 - 2016-03-29 08:52 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe

    2016-06-21 01:30 - 2016-03-29 08:51 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll

    2016-06-21 01:30 - 2016-03-29 08:50 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll

    2016-06-21 01:30 - 2016-03-29 08:50 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll

    2016-06-21 01:30 - 2016-03-29 08:50 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll

    2016-06-21 01:30 - 2016-03-29 08:50 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll

    2016-06-21 01:30 - 2016-03-29 08:46 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll

    2016-06-21 01:30 - 2016-03-29 08:44 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll

    2016-06-21 01:30 - 2016-03-29 08:36 - 00530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys

    2016-06-21 01:30 - 2016-03-29 08:35 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll

    2016-06-21 01:30 - 2016-03-29 08:35 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll

    2016-06-21 01:30 - 2016-03-29 08:34 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys

    2016-06-21 01:30 - 2016-03-29 08:34 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll

    2016-06-21 01:30 - 2016-03-29 08:33 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll

    2016-06-21 01:30 - 2016-03-29 08:30 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll

    2016-06-21 01:30 - 2016-03-29 08:23 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys

    2016-06-21 01:30 - 2016-03-29 08:21 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll

    2016-06-21 01:30 - 2016-03-29 08:20 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll

    2016-06-21 01:30 - 2016-03-29 08:20 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsdchngr.dll

    2016-06-21 01:30 - 2016-03-29 08:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacchooks.dll

    2016-06-21 01:30 - 2016-03-29 08:18 - 00676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll

    2016-06-21 01:30 - 2016-03-29 08:12 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll

    2016-06-21 01:30 - 2016-03-29 08:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll

    2016-06-21 01:30 - 2016-03-29 08:11 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll

    2016-06-21 01:30 - 2016-03-29 08:11 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll

    2016-06-21 01:30 - 2016-03-29 08:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll

    2016-06-21 01:30 - 2016-03-29 08:08 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll

    2016-06-21 01:30 - 2016-03-29 08:08 - 00841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll

    2016-06-21 01:30 - 2016-03-29 08:08 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll

    2016-06-21 01:30 - 2016-03-29 08:06 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe

    2016-06-21 01:30 - 2016-03-29 08:05 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll

    2016-06-21 01:30 - 2016-03-29 08:04 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll

    2016-06-21 01:30 - 2016-03-29 08:00 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll

    2016-06-21 01:30 - 2016-03-29 08:00 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll

    2016-06-21 01:30 - 2016-03-29 08:00 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll

    2016-06-21 01:30 - 2016-03-29 07:59 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll

    2016-06-21 01:30 - 2016-03-29 07:59 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe

    2016-06-21 01:30 - 2016-03-29 07:59 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll

    2016-06-21 01:30 - 2016-03-29 07:53 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll

    2016-06-21 01:30 - 2016-03-29 07:53 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll

    2016-06-21 01:30 - 2016-03-29 07:52 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll

    2016-06-21 01:30 - 2016-03-29 07:42 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

    2016-06-21 01:30 - 2016-03-29 07:41 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll

    2016-06-21 01:30 - 2016-03-29 07:39 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll

    2016-06-21 01:30 - 2016-03-29 07:39 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll

    2016-06-21 01:30 - 2016-03-29 07:32 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll

    2016-06-21 01:30 - 2016-03-29 07:32 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll

    2016-06-21 01:30 - 2016-03-29 07:32 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll

    2016-06-21 01:30 - 2016-03-29 07:27 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll

    2016-06-21 01:30 - 2016-03-29 07:27 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll

    2016-06-21 01:30 - 2016-03-29 07:01 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL

    2016-06-21 01:30 - 2016-03-29 06:35 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll

    2016-06-21 01:30 - 2016-03-29 06:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll

    2016-06-21 01:30 - 2016-03-29 06:27 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL

    2016-06-21 01:30 - 2016-03-29 06:26 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL

    2016-06-21 01:30 - 2016-03-29 06:25 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL

    2016-06-21 01:30 - 2016-03-29 06:21 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll

    2016-06-21 01:30 - 2016-02-24 09:54 - 00127840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS

    2016-06-21 01:30 - 2016-02-24 09:39 - 00141560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe

    2016-06-21 01:30 - 2016-02-24 09:09 - 00147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe

    2016-06-21 01:30 - 2016-02-24 08:39 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTypeHelperUtil.dll

    2016-06-21 01:30 - 2016-02-24 08:39 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExtrasXmlParser.dll

    2016-06-21 01:30 - 2016-02-24 08:38 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll

    2016-06-21 01:30 - 2016-02-24 08:37 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataLanguageUtil.dll

    2016-06-21 01:30 - 2016-02-24 08:36 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenanceClient.dll

    2016-06-21 01:30 - 2016-02-24 08:33 - 00141664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe

    2016-06-21 01:30 - 2016-02-24 08:30 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp.dll

    2016-06-21 01:30 - 2016-02-24 08:28 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\POSyncServices.dll

    2016-06-21 01:30 - 2016-02-24 08:23 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll

    2016-06-21 01:30 - 2016-02-24 08:23 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll

    2016-06-21 01:30 - 2016-02-24 08:22 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll

    2016-06-21 01:30 - 2016-02-24 08:19 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll

    2016-06-21 01:30 - 2016-02-24 08:19 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll

    2016-06-21 01:30 - 2016-02-24 08:14 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll

    2016-06-21 01:30 - 2016-02-24 08:13 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll

    2016-06-21 01:30 - 2016-02-24 08:12 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\cemapi.dll

    2016-06-21 01:30 - 2016-02-24 08:12 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll

    2016-06-21 01:30 - 2016-02-24 08:10 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll

    2016-06-21 01:30 - 2016-02-24 08:09 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll

    2016-06-21 01:30 - 2016-02-24 08:09 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll

    2016-06-21 01:30 - 2016-02-24 08:07 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll

    2016-06-21 01:30 - 2016-02-24 08:01 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll

    2016-06-21 01:30 - 2016-02-24 08:00 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll

    2016-06-21 01:30 - 2016-02-24 07:58 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\scapi.dll

    2016-06-21 01:30 - 2016-02-24 07:55 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll

    2016-06-21 01:30 - 2016-02-24 07:54 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll

    2016-06-21 01:30 - 2016-02-24 07:54 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe

    2016-06-21 01:30 - 2016-02-24 07:54 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll

    2016-06-21 01:30 - 2016-02-24 07:53 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll

    2016-06-21 01:30 - 2016-02-24 07:53 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll

    2016-06-21 01:30 - 2016-02-24 07:52 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PimIndexMaintenanceClient.dll

    2016-06-21 01:30 - 2016-02-24 07:46 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfapigp.dll

    2016-06-21 01:30 - 2016-02-24 07:44 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\POSyncServices.dll

    2016-06-21 01:30 - 2016-02-24 07:40 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll

    2016-06-21 01:30 - 2016-02-24 07:40 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll

    2016-06-21 01:30 - 2016-02-24 07:39 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll

    2016-06-21 01:30 - 2016-02-24 07:38 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll

    2016-06-21 01:30 - 2016-02-24 07:32 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll

    2016-06-21 01:30 - 2016-02-24 07:31 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll

    2016-06-21 01:30 - 2016-02-24 07:28 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll

    2016-06-21 01:30 - 2016-02-24 07:28 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll

    2016-06-21 01:30 - 2016-02-24 07:23 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll

    2016-06-21 01:30 - 2016-02-24 07:22 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll

    2016-06-21 01:30 - 2016-02-24 07:21 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll

    2016-06-21 01:30 - 2016-02-24 07:16 - 00394752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll

    2016-06-21 01:30 - 2016-02-24 06:43 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwbase.dll

    2016-06-21 01:30 - 2016-02-24 06:22 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwbase.dll

    2016-06-21 01:30 - 2016-02-23 11:17 - 00146272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys

    2016-06-21 01:30 - 2016-02-23 10:12 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\provpackageapidll.dll

    2016-06-21 01:30 - 2016-02-23 10:10 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll

    2016-06-21 01:30 - 2016-02-23 10:07 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe

    2016-06-21 01:30 - 2016-02-23 10:07 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll

    2016-06-21 01:30 - 2016-02-23 10:01 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys

    2016-06-21 01:30 - 2016-02-23 10:00 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll

    2016-06-21 01:30 - 2016-02-23 09:58 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\irmon.dll

    2016-06-21 01:30 - 2016-02-23 09:53 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll

    2016-06-21 01:30 - 2016-02-23 09:48 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerClient.dll

    2016-06-21 01:30 - 2016-02-23 09:23 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll

    2016-06-21 01:30 - 2016-02-23 09:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe

    2016-06-21 01:30 - 2016-02-23 08:57 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TimeBrokerClient.dll

    2016-06-21 01:30 - 2016-01-27 06:55 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe

    2016-06-21 01:30 - 2016-01-27 06:44 - 00085320 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe

    2016-06-21 01:30 - 2016-01-27 06:15 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll

    2016-06-21 01:30 - 2016-01-27 06:10 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll

    2016-06-21 01:30 - 2016-01-27 06:08 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll

    2016-06-21 01:30 - 2016-01-27 06:07 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassam.dll

    2016-06-21 01:30 - 2016-01-27 06:02 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll

    2016-06-21 01:30 - 2016-01-27 05:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll

    2016-06-21 01:30 - 2016-01-27 05:32 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll

    2016-06-21 01:30 - 2016-01-27 05:31 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll

    2016-06-21 01:30 - 2016-01-16 07:23 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll

    2016-06-21 01:30 - 2016-01-16 07:20 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll

    2016-06-21 01:30 - 2016-01-16 06:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll

    2016-06-21 01:30 - 2016-01-16 06:44 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll

    2016-06-21 01:30 - 2016-01-16 06:43 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll

    2016-06-21 01:30 - 2016-01-16 06:42 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll

    2016-06-21 01:30 - 2016-01-16 06:41 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe

    2016-06-21 01:30 - 2016-01-16 06:40 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll

    2016-06-21 01:30 - 2016-01-16 06:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe

    2016-06-21 01:30 - 2016-01-16 06:40 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe

    2016-06-21 01:30 - 2016-01-16 06:39 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll

    2016-06-21 01:30 - 2016-01-16 06:38 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll

    2016-06-21 01:30 - 2016-01-16 06:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll

    2016-06-21 01:30 - 2016-01-16 06:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll

    2016-06-21 01:30 - 2016-01-16 06:34 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll

    2016-06-21 01:30 - 2016-01-16 06:32 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe

    2016-06-21 01:30 - 2016-01-16 06:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe

    2016-06-21 01:30 - 2016-01-16 06:30 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbio.dll

    2016-06-21 01:22 - 2016-06-21 01:23 - 01610816 _____ (Malwarebytes) C:\Users\Shannon\Desktop\JRT.exe

    2016-06-21 01:21 - 2016-06-22 01:30 - 00002796 _____ C:\Users\Shannon\Desktop\rktext.txt

    2016-06-21 00:50 - 2016-06-21 10:15 - 00002640 _____ C:\Users\Public\Desktop\Skype.lnk

    2016-06-21 00:50 - 2016-06-21 00:50 - 00000000 ____D C:\Users\Shannon\Tracing

    2016-06-21 00:50 - 2016-06-21 00:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

    2016-06-21 00:43 - 2016-06-22 01:04 - 00024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys

    2016-06-21 00:42 - 2016-06-21 01:21 - 00000000 ____D C:\ProgramData\RogueKiller

    2016-06-21 00:24 - 2016-06-21 00:24 - 00000362 _____ C:\WINDOWS\Tasks\HPCeeScheduleForShannon.job

    2016-06-21 00:22 - 2016-06-21 10:16 - 00001222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk

    2016-06-21 00:22 - 2016-06-21 10:15 - 00001210 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk

    2016-06-21 00:22 - 2016-06-21 00:22 - 00004010 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1466464909

    2016-06-21 00:20 - 2016-06-21 00:20 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys

    2016-06-21 00:14 - 2016-06-21 10:16 - 00002023 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk

    2016-06-21 00:14 - 2016-06-21 10:15 - 00002011 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk

    2016-06-21 00:14 - 2016-06-21 00:14 - 00000000 ____D C:\Users\Shannon\AppData\Roaming\AVAST Software

    2016-06-21 00:12 - 2016-06-21 00:12 - 00004006 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update

    2016-06-21 00:12 - 2016-06-21 00:11 - 00465792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys

    2016-06-21 00:12 - 2016-06-21 00:11 - 00287528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys

    2016-06-21 00:12 - 2016-06-21 00:11 - 00166432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys

    2016-06-21 00:12 - 2016-06-21 00:11 - 00107792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys

    2016-06-21 00:12 - 2016-06-21 00:11 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys

    2016-06-21 00:12 - 2016-06-21 00:11 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys

    2016-06-21 00:12 - 2016-06-21 00:11 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys

    2016-06-21 00:12 - 2016-06-21 00:10 - 01070904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys

    2016-06-21 00:11 - 2016-06-21 00:11 - 00398152 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe

    2016-06-21 00:10 - 2016-06-21 00:10 - 00052184 _____ (AVAST Software) C:\WINDOWS\avastSS.scr

    2016-06-21 00:06 - 2016-06-21 00:20 - 00000000 ____D C:\ProgramData\AVAST Software

    2016-06-21 00:06 - 2016-06-21 00:20 - 00000000 ____D C:\Program Files\AVAST Software

    2016-06-21 00:05 - 2016-06-21 00:05 - 05066104 _____ (AVAST Software) C:\Users\Shannon\Downloads\avast_free_antivirus_setup_online.exe

    2016-06-16 13:24 - 2016-06-21 10:14 - 00001337 _____ C:\Users\Shannon\Desktop\Revo Uninstaller.lnk

    2016-06-16 13:24 - 2016-06-16 13:24 - 00000000 ____D C:\Users\Shannon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller

    2016-06-16 13:24 - 2016-06-16 13:24 - 00000000 ____D C:\Program Files (x86)\VS Revo Group

    2016-06-16 13:23 - 2016-06-16 13:23 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Shannon\Downloads\revosetup.exe


    ==================== One Month Modified files and folders ========


    (If an entry is included in the fixlist, the file/folder will be moved.)


    2016-06-22 10:25 - 2015-04-23 17:24 - 00004160 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{2E3C12B1-388A-4D64-89F1-ED6414A37158}

    2016-06-22 02:50 - 2015-05-17 17:40 - 00000938 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-353090159-1504183216-3683736410-1002UA.job

    2016-06-22 02:06 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness

    2016-06-22 02:05 - 2015-10-22 21:42 - 00000000 ____D C:\Users\Shannon\AppData\Local\CrashDumps

    2016-06-22 01:59 - 2016-01-21 02:49 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

    2016-06-22 01:58 - 2016-01-21 02:23 - 00000000 ____D C:\Users\Shannon

    2016-06-22 01:58 - 2015-10-30 07:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI

    2016-06-22 01:35 - 2015-04-24 09:36 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

    2016-06-22 01:33 - 2015-04-24 09:36 - 00001131 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

    2016-06-22 01:33 - 2015-04-24 09:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

    2016-06-22 01:33 - 2015-04-24 09:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

    2016-06-22 01:04 - 2015-05-17 17:45 - 00002503 _____ C:\Users\Shannon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

    2016-06-22 00:59 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps

    2016-06-22 00:50 - 2015-05-17 17:40 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-353090159-1504183216-3683736410-1002Core.job

    2016-06-22 00:45 - 2015-05-17 17:40 - 00004062 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-353090159-1504183216-3683736410-1002UA

    2016-06-22 00:45 - 2015-05-17 17:40 - 00003686 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-353090159-1504183216-3683736410-1002Core

    2016-06-21 10:56 - 2016-01-19 21:24 - 00000000 ____D C:\Users\Shannon\AppData\Local\ElevatedDiagnostics

    2016-06-21 10:27 - 2016-01-21 02:22 - 00972104 _____ C:\WINDOWS\system32\PerfStringBackup.INI

    2016-06-21 10:27 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF

    2016-06-21 10:16 - 2016-01-21 02:36 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

    2016-06-21 10:16 - 2012-08-22 12:31 - 00001495 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Connected Music powered by Universal Music Group.lnk

    2016-06-21 10:16 - 2012-08-22 12:30 - 00001111 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Connected Music powered by Meridian.lnk

    2016-06-21 10:16 - 2012-08-22 12:26 - 00001305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk

    2016-06-21 10:16 - 2012-08-22 12:25 - 00001374 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk

    2016-06-21 10:15 - 2016-01-21 09:12 - 00001170 _____ C:\ProgramData\Microsoft\Windows\Start Menu\LG Bridge.Lnk

    2016-06-21 10:15 - 2016-01-21 08:42 - 00002409 _____ C:\Users\Shannon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

    2016-06-21 10:15 - 2016-01-19 22:08 - 00001164 _____ C:\Users\Public\Desktop\LG Bridge.Lnk

    2016-06-21 10:15 - 2015-04-22 09:32 - 00002094 _____ C:\Users\Public\Desktop\Snapfish Photos.lnk

    2016-06-21 10:15 - 2015-04-22 09:32 - 00002084 _____ C:\Users\Public\Desktop\HP Games.lnk

    2016-06-21 10:15 - 2013-05-19 14:20 - 00001361 _____ C:\Users\Public\Desktop\CyberLink YouCam.lnk

    2016-06-21 10:15 - 2013-05-19 14:14 - 00002036 _____ C:\Users\Public\Desktop\CyberLink Media Suite.lnk

    2016-06-21 10:15 - 2012-08-22 12:31 - 00001483 _____ C:\Users\Public\Desktop\Connected Music powered by Universal Music Group.lnk

    2016-06-21 10:14 - 2016-01-21 08:33 - 00000258 __RSH C:\Users\Shannon\ntuser.pol

    2016-06-21 10:14 - 2016-01-19 17:10 - 00000843 _____ C:\Users\Shannon\Desktop\LGMobile Support Tool.lnk

    2016-06-21 10:14 - 2015-10-22 21:43 - 00000258 __RSH C:\ProgramData\ntuser.pol

    2016-06-21 10:14 - 2015-05-17 17:45 - 00002518 _____ C:\Users\Shannon\Desktop\Shannon - Chrome.lnk

    2016-06-21 10:14 - 2015-04-10 14:00 - 00000000 __RHD C:\Users\Public\AccountPictures

    2016-06-21 10:10 - 2016-01-21 02:12 - 00372600 _____ C:\WINDOWS\system32\FNTCACHE.DAT

    2016-06-21 10:09 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\vpnplugins

    2016-06-21 10:06 - 2015-10-30 08:24 - 00000000 ___SD C:\WINDOWS\system32\F12

    2016-06-21 10:06 - 2015-10-30 08:24 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs

    2016-06-21 10:06 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB

    2016-06-21 10:06 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns

    2016-06-21 10:06 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform

    2016-06-21 10:06 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\oobe

    2016-06-21 10:06 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\en-GB

    2016-06-21 10:06 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\appraiser

    2016-06-21 10:06 - 2015-10-30 07:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism

    2016-06-21 10:06 - 2015-10-30 07:28 - 00000000 ____D C:\WINDOWS\system32\Dism

    2016-06-21 10:05 - 2015-10-30 19:08 - 00000000 ____D C:\Program Files\Windows Journal

    2016-06-21 10:05 - 2015-10-30 08:24 - 00000000 __RSD C:\WINDOWS\Media

    2016-06-21 10:05 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog

    2016-06-21 10:05 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel

    2016-06-21 10:05 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\Provisioning

    2016-06-21 10:05 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions

    2016-06-21 10:05 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\bcastdvr

    2016-06-21 10:05 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Windows Portable Devices

    2016-06-21 10:05 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Windows Multimedia Platform

    2016-06-21 10:05 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices

    2016-06-21 10:05 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform

    2016-06-21 10:04 - 2015-10-30 08:24 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml

    2016-06-21 05:20 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp

    2016-06-21 01:00 - 2015-04-23 11:08 - 00000000 ____D C:\Users\Shannon\AppData\Roaming\Skype

    2016-06-21 00:50 - 2015-04-23 11:08 - 00000000 ___RD C:\Program Files (x86)\Skype

    2016-06-21 00:50 - 2015-04-23 11:08 - 00000000 ____D C:\ProgramData\Skype

    2016-06-21 00:49 - 2015-04-23 11:08 - 00000000 ____D C:\Users\Shannon\AppData\Local\Skype

    2016-06-21 00:46 - 2015-04-22 17:39 - 00000000 ____D C:\WINDOWS\system32\MRT

    2016-06-21 00:31 - 2015-04-22 17:39 - 142482544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

    2016-06-21 00:01 - 2012-08-22 12:37 - 00000000 ____D C:\Program Files (x86)\HP Games

    2016-06-21 00:00 - 2012-08-22 12:37 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

    2016-06-20 23:58 - 2012-08-22 12:37 - 00000000 ____D C:\ProgramData\WildTangent

    2016-06-16 13:36 - 2015-12-24 11:32 - 00000000 ___HD C:\Users\Shannon\AppData\Local\12a2364037285142

    2016-06-16 10:45 - 2015-04-22 09:29 - 00000000 ____D C:\Users\Shannon\AppData\Local\Packages

    2016-06-16 10:32 - 2015-06-11 18:40 - 00000400 _____ C:\Users\Shannon\AppData\Roaming\WB.CFG

    2016-06-16 10:19 - 2015-04-28 16:09 - 00000000 ___RD C:\Users\Shannon\OneDrive

    2016-06-16 10:18 - 2013-05-19 14:40 - 00000000 ____D C:\ProgramData\Norton

    2016-06-15 21:40 - 2015-04-24 09:46 - 00484008 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

    2016-06-14 19:33 - 2015-10-30 08:26 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

    2016-06-14 19:33 - 2015-10-30 08:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

    2016-05-28 06:55 - 2016-01-21 02:14 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll


    ==================== Files in the root of some directories =======


    2015-06-11 18:40 - 2016-06-16 10:32 - 0000400 _____ () C:\Users\Shannon\AppData\Roaming\WB.CFG


    Some files in TEMP:

    ====================

    C:\Users\Shannon\AppData\Local\Temp\dllnt_dump.dll

    C:\Users\Shannon\AppData\Local\Temp\libeay32.dll

    C:\Users\Shannon\AppData\Local\Temp\msvcr120.dll

    C:\Users\Shannon\AppData\Local\Temp\sqlite3.dll



    ==================== Bamital & volsnap =================


    (There is no automatic fix for files that do not pass verification.)


    C:\WINDOWS\system32\winlogon.exe => File is digitally signed

    C:\WINDOWS\system32\wininit.exe => File is digitally signed

    C:\WINDOWS\explorer.exe => File is digitally signed

    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed

    C:\WINDOWS\system32\svchost.exe => File is digitally signed

    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed

    C:\WINDOWS\system32\services.exe => File is digitally signed

    C:\WINDOWS\system32\User32.dll => File is digitally signed

    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed

    C:\WINDOWS\system32\userinit.exe => File is digitally signed

    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed

    C:\WINDOWS\system32\rpcss.dll => File is digitally signed

    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed

    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed



    LastRegBack: 2016-06-15 12:27


    ==================== End of FRST.txt ============================
     
  14. morphy201180

    morphy201180 TS Enthusiast Topic Starter Posts: 79

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-06-2016 01
    Ran by Shannon (2016-06-22 10:25:36)
    Running from C:\Users\Shannon\Desktop
    Windows 10 Home Version 1511 (X64) (2016-01-21 07:32:32)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-353090159-1504183216-3683736410-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-353090159-1504183216-3683736410-503 - Limited - Disabled)
    Guest (S-1-5-21-353090159-1504183216-3683736410-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-353090159-1504183216-3683736410-1004 - Limited - Enabled)
    Shannon (S-1-5-21-353090159-1504183216-3683736410-1002 - Administrator - Enabled) => C:\Users\Shannon

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
    AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
    AMD Catalyst Install Manager (HKLM\...\{1F56414D-D7F6-2DBF-BF65-1AC1A8609C03}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
    AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
    Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.2.2262 - AVAST Software)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite)
    CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5407 - CyberLink Corp.)
    CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
    CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.)
    CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.2.2110 - CyberLink Corp.)
    CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
    CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
    CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
    EPSON SX440 Series Printer Uninstall (HKLM\...\EPSON SX440 Series) (Version: - SEIKO EPSON Corporation)
    Google Chrome (HKU\S-1-5-21-353090159-1504183216-3683736410-1002\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
    Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
    HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
    HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)
    HP Documentation (HKLM-x32\...\{1AC082E0-049D-4C5C-9ECF-9473AD5A949D}) (Version: 1.1.0.0 - Hewlett-Packard)
    HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
    HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
    HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
    HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
    HP Support Assistant (HKLM-x32\...\{B8019B54-F9BE-490A-9619-6D06F18F129F}) (Version: 7.0.32.44 - Hewlett-Packard Company)
    HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
    HP Utility Center (HKLM\...\{2AFEFC93-F0C7-4390-BB51-F914EC546B30}) (Version: 2.1.6 - Hewlett-Packard Company)
    HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)
    HPDetect (HKLM-x32\...\{CCCDD476-98F9-4B06-91DB-23F27CEC3BE1}) (Version: 1.0.0.0 - HP)
    IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)
    LG AirDrive (HKLM-x32\...\{E8E8426E-8374-453D-B5E1-1B8DAE3DEF00}) (Version: 1.0.50707.11 - LG Electronics)
    LG Bridge (HKLM-x32\...\LG Bridge) (Version: 1.1.22 - LG Electronics)
    LG Mobile Driver (HKLM-x32\...\{3F490D0E-3131-438C-BCF9-7549CB88DF41}) (Version: 4.0.4 - LG Electronics)
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
    Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
    Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    SafeZone Stable 1.48.2066.101 (x32 Version: 1.48.2066.101 - Avast Software) Hidden
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
    Skype™ 7.25 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.25.103 - Skype Technologies S.A.)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.98 - Synaptics Incorporated)
    Unchecky v0.4.3 (HKLM-x32\...\Unchecky) (Version: 0.4.3 - RaMMicHaeL)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-353090159-1504183216-3683736410-1002_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Shannon\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-353090159-1504183216-3683736410-1002_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Shannon\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-353090159-1504183216-3683736410-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Shannon\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {049D9356-1E49-484A-962B-452A239EEE6A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
    Task: {0CB99377-11F1-4797-8D70-D167090DDB47} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {15FC38C6-1BDA-4A5E-ACB0-0B7AE56472F3} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {480B0213-3D85-458A-BDBA-044566C12016} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {59A3F0D9-B4DD-4D89-AED3-C7A0CAE11CE4} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
    Task: {671255D5-0CBD-49D2-8B1B-5FC5746A7CD7} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08] (CyberLink)
    Task: {6D27B0A2-B95F-470D-99C2-6B2903037936} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {75D38D66-69E0-4087-AB35-F948091E3A0A} - System32\Tasks\SafeZone scheduled Autoupdate 1466464909 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software)
    Task: {763916C2-DCCF-469F-8AEF-7E9098046DA7} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {7C0BBF3E-1149-4A02-8512-9A76EC5B58D3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-353090159-1504183216-3683736410-1002Core => C:\Users\Shannon\AppData\Local\Google\Update\GoogleUpdate.exe [2016-06-22] (Google Inc.)
    Task: {8399B32F-80F8-4BEC-8837-53A686352140} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2016-04-28] (Synaptics Incorporated)
    Task: {87FBCE4A-BC9F-4591-98E8-6DB442F0F4B4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {A2BCBF79-9C66-4BC3-9CDC-E8822374A878} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-353090159-1504183216-3683736410-1002UA => C:\Users\Shannon\AppData\Local\Google\Update\GoogleUpdate.exe [2016-06-22] (Google Inc.)
    Task: {A5BFAA92-2D0F-4C85-BAE0-F7C60017959E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFReport.exe [2016-02-18] (Hewlett-Packard)
    Task: {AC4FEF07-877D-478C-961A-0F7F81A4C527} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {B511C7BD-09F6-4A7F-BE34-9117622FCAA2} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {B671E527-9CB4-44F1-9C14-774FA8BBBCC3} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
    Task: {C3F05609-3B43-43A6-A278-D9D36C557763} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-06-21] (AVAST Software)
    Task: {C7F3028E-584A-41A3-89EE-85679EEAEC30} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
    Task: {CA06A93E-DE48-40CE-B0C0-82F327772DC9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2015-10-22] (Hewlett-Packard)
    Task: {CA084BF7-2013-4842-98C6-F82C0DF21F96} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-04-22] (HP Inc.)
    Task: {DD51E535-A04C-4457-A24B-E5E93D2F4D75} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {E1437FEE-ADF9-440F-BBD0-F6E3A6FC03C1} - \Microsoft\Windows\Setup\GWXTriggers\Logon-URT -> No File <==== ATTENTION
    Task: {F0D7D87F-EA66-4A97-884B-D2364889E30F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {F3150C7B-349A-4EA2-8987-609AF748B3CF} - System32\Tasks\{40196AED-ED93-470D-9F26-C1FA1340420B} => pcalua.exe -a "C:\Program Files (x86)\LG Electronics\LG Bridge\uninstall.exe"

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-353090159-1504183216-3683736410-1002Core.job => C:\Users\Shannon\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-353090159-1504183216-3683736410-1002UA.job => C:\Users\Shannon\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\HPCeeScheduleForShannon.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
    Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ShortcutWithArgument: C:\Users\Shannon\Desktop\Shannon - Chrome.lnk -> C:\Users\Shannon\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Default"

    ==================== Loaded Modules (Whitelisted) ==============

    2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
    2015-08-21 23:09 - 2015-08-21 23:09 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
    2016-06-21 01:32 - 2016-03-29 11:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2016-06-21 01:32 - 2016-03-29 11:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
    2016-06-16 10:18 - 2016-06-16 10:18 - 00959168 _____ () C:\Users\Shannon\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
    2016-01-21 01:59 - 2016-01-21 01:59 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
    2016-06-21 01:31 - 2016-04-23 05:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
    2016-06-21 01:31 - 2016-05-28 04:59 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2016-06-21 01:31 - 2016-05-28 04:53 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2016-06-21 01:32 - 2016-05-28 04:54 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2016-06-21 01:32 - 2016-05-28 04:56 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2016-06-16 10:38 - 2016-06-16 10:39 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    2016-06-16 10:49 - 2016-06-16 10:51 - 10256384 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11602.1.26.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
    2016-01-21 01:59 - 2016-01-21 01:59 - 03081568 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
    2016-01-21 01:59 - 2016-01-21 01:59 - 02394976 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll
    2016-06-21 00:10 - 2016-06-21 00:10 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
    2016-06-21 00:10 - 2016-06-21 00:10 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2016-06-22 00:39 - 2016-06-22 00:39 - 02939392 _____ () C:\Program Files\AVAST Software\Avast\defs\16062101\algo.dll
    2016-06-21 00:10 - 2016-06-21 00:10 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
    2016-06-21 00:10 - 2016-06-21 00:10 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
    2016-06-22 10:22 - 2016-06-22 10:22 - 02939392 _____ () C:\Program Files\AVAST Software\Avast\defs\16062200\algo.dll
    2016-06-21 00:11 - 2016-06-21 00:11 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2016-06-16 10:38 - 2016-06-16 10:39 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
    2016-06-16 10:38 - 2016-06-16 10:39 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 14:25 - 2016-06-22 01:59 - 00003226 ____A C:\WINDOWS\system32\Drivers\etc\hosts

    0x2320436F707972696768742028632920313939332D32303039204D6963726F736F667420436F72702E0D0A230D0A23205468697320697320612073616D706C6520484F5354532066696C652075736564206279204D6963726F736F6674205443502F495020666F722057696E646F77732E0D0A230D0A2320546869732066696C6520636F6E7461696E7320746865206D617070696E6773206F662049502061646472657373657320746F20686F7374206E616D65732E20456163680D0A2320656E7472792073686F756C64206265206B657074206F6E20616E20696E646976696475616C206C696E652E2054686520495020616464726573732073686F756C640D0A2320626520706C6163656420696E2074686520666972737420636F6C756D6E20666F6C6C6F7765642062792074686520636F72726573706F6E64696E6720686F7374206E616D652E0D0A2320546865204950206164647265737320616E642074686520686F7374206E616D652073686F756C6420626520736570617261746564206279206174206C65617374206F6E650D0A232073706163652E0D0A230D0A23204164646974696F6E616C6C792C20636F6D6D656E747320287375636820617320746865736529206D617920626520696E736572746564206F6E20696E646976696475616C0D0A23206C696E6573206F7220666F6C6C6F77696E6720746865206D616368696E65206E616D652064656E6F7465642062792061202723272073796D626F6C2E0D0A230D0A2320466F72206578616D706C653A0D0A230D0A232020202020203130322E35342E39342E393720202020207268696E6F2E61636D652E636F6D202020202020202020202320736F75726365207365727665720D0A232020202020202033382E32352E36332E31302020202020782E61636D652E636F6D202020202020202020202020202023207820636C69656E7420686F73740D0A0D0A23206C6F63616C686F7374206E616D65207265736F6C7574696F6E2069732068616E646C65642077697468696E20444E5320697473656C662E0D0A23093132372E302E302E31202020202020206C6F63616C686F73740D0A23093A3A31202020202020202020202020206C6F63616C686F73740D0A0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000D0A0D0A2320756E636865636B795F626567696E0D0A232054686573652072756C657320776572652061646465642062792074686520556E636865636B792070726F6772616D20696E206F7264657220746F20626C6F636B206164766572746973696E6720736F667477617265206D6F64756C65730D0A302E302E302E3020302E302E302E3020232066697820666F72207472616365726F75746520616E64206E65747374617420646973706C617920616E6F6D616C790D0A302E302E302E3020747261636B696E672E6F70656E63616E64792E636F6D2E73332E616D617A6F6E6177732E636F6D0D0A302E302E302E30206D656469612E6F70656E63616E64792E636F6D0D0A302E302E302E302063646E2E6F70656E63616E64792E636F6D0D0A302E302E302E3020747261636B696E672E6F70656E63616E64792E636F6D0D0A302E302E302E30206170692E6F70656E63616E64792E636F6D0D0A302E302E302E30206170692E7265636F6D6D656E64656473772E636F6D0D0A302E302E302E3020696E7374616C6C65722E626574746572696E7374616C6C65722E636F6D0D0A302E302E302E3020696E7374616C6C65722E66696C6562756C6C646F672E636F6D0D0A302E302E302E302064336F78746E31783362386437692E636C6F756466726F6E742E6E65740D0A302E302E302E3020696E6E6F2E62697372762E636F6D0D0A302E302E302E30206E7369732E62697372762E636F6D0D0A302E302E302E302063646E2E66696C65326465736B746F702E636F6D0D0A302E302E302E302063646E2E676F617465617374636163682E75730D0A302E302E302E302063646E2E677574746173746174646B2E75730D0A302E302E302E302063646E2E696E736B696E6D656469612E636F6D0D0A302E302E302E302063646E2E696E7374612E6F6962756E646C6573322E636F6D0D0A302E302E302E302063646E2E696E7374612E706C617962727974652E636F6D0D0A302E302E302E302063646E2E6C6C6F67657466617374636163682E75730D0A302E302E302E302063646E2E6D6F6E74696572612E636F6D0D0A302E302E302E302063646E2E6D7364776E6C642E636F6D0D0A302E302E302E302063646E2E6D7970636261636B75702E636F6D0D0A302E302E302E302063646E2E7070646F776E6C6F61642E636F6D0D0A302E302E302E302063646E2E72696365617465617374636163682E75730D0A302E302E302E302063646E2E73687961706F7461746F2E75730D0A302E302E302E302063646E2E736F6C696D62612E636F6D0D0A302E302E302E302063646E2E7475746F3470632E636F6D0D0A302E302E302E302063646E2E617070726F756E642E62697A0D0A302E302E302E302063646E2E626967737065656470726F2E636F6D0D0A302E302E302E302063646E2E62697370642E636F6D0D0A302E302E302E302063646E2E62697372762E636F6D0D0A302E302E302E302063646E2E63646E64702E636F6D0D0A302E302E302E302063646E2E646F776E6C6F61642E73776565747061636B732E636F6D0D0A302E302E302E302063646E2E6470646F776E6C6F61642E636F6D0D0A302E302E302E302063646E2E76697375616C6265652E6E65740D0A2320756E636865636B795F656E640D0A

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-353090159-1504183216-3683736410-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
    DNS Servers: 192.168.0.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [UDP Query User{423F7583-10E1-413B-B696-6BC85912912C}C:\program files (x86)\lg electronics\lg bridge\lgbridge.exe] => (Allow) C:\program files (x86)\lg electronics\lg bridge\lgbridge.exe
    FirewallRules: [TCP Query User{E7B6A8DD-234E-4355-92B0-5EFCA3B11B04}C:\program files (x86)\lg electronics\lg bridge\lgbridge.exe] => (Allow) C:\program files (x86)\lg electronics\lg bridge\lgbridge.exe
    FirewallRules: [UDP Query User{E5900896-1343-4361-A481-1E7C0044F7CA}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [TCP Query User{AB73CC0E-AD3D-43C4-A631-EBC9B9551261}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [{B83CD32A-BCA5-4A12-8AE3-BDB7EC0922F3}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{0C36DD60-2DC5-4B6C-B512-2A7770910F1E}] => (Allow) LPort=2869
    FirewallRules: [{622FC95C-8FBA-4BA4-AB0E-18C67B4A0C70}] => (Allow) LPort=1900
    FirewallRules: [{44A72E25-6B6A-4522-97A0-E8CB31200783}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{5CD3887C-2CE1-42E4-A5C8-F690E4DE6B78}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{85A0C7A8-6700-4AC2-80CE-E01B65866BBA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{0C20228E-5634-4B86-BC79-70DEEF59D7BB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{0B355071-DA66-4B41-A8D3-B50C86C3E988}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
    FirewallRules: [{5D29BBA3-9365-4795-BE1B-43DE9FB2CBED}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
    FirewallRules: [{60A27000-EA20-4B02-B4D7-53D35ED2CE42}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
    FirewallRules: [{7C891C47-2A38-4BF3-A3BD-FDAE952333CE}] => (Allow) C:\Users\Shannon\AppData\Local\Google\Chrome\Application\chrome.exe

    ==================== Restore Points =========================

    21-06-2016 06:25:17 Scheduled Checkpoint
    22-06-2016 00:55:08 Clean
    22-06-2016 02:03:36 JRT Pre-Junkware Removal

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (06/22/2016 03:26:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 4485

    Error: (06/22/2016 03:26:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 4485

    Error: (06/22/2016 03:26:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (06/22/2016 02:05:13 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SHANNON-PC)
    Description: Activation of application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (06/22/2016 02:05:01 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: SkypeHost.exe, version: 10.1.2123.36, time stamp: 0x56eb679c
    Faulting module name: KERNELBASE.dll, version: 10.0.10586.306, time stamp: 0x571afb9a
    Exception code: 0xe06d7363
    Fault offset: 0x000bdae8
    Faulting process ID: 0x5d4
    Faulting application start time: 0xSkypeHost.exe0
    Faulting application path: SkypeHost.exe1
    Faulting module path: SkypeHost.exe2
    Report ID: SkypeHost.exe3
    Faulting package full name: SkypeHost.exe4
    Faulting package-relative application ID: SkypeHost.exe5

    Error: (06/22/2016 02:03:59 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .

    Error: (06/22/2016 12:59:58 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SHANNON-PC)
    Description: Activation of application Microsoft.WindowsMaps_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (06/22/2016 12:55:28 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .

    Error: (06/22/2016 12:39:22 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SHANNON-PC)
    Description: Activation of application Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (06/22/2016 12:39:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 38543657


    System errors:
    =============
    Error: (06/22/2016 10:25:17 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
    Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

    Error: (06/22/2016 03:31:24 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
    Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

    Error: (06/22/2016 03:26:05 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

    Error: (06/22/2016 02:04:07 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
    Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

    Error: (06/22/2016 02:00:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The HPSupportSolutionsFrameworkService service failed to start due to the following error:
    %%1053 = The service did not respond to the start or control request in a timely fashion.


    Error: (06/22/2016 02:00:23 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the HPSupportSolutionsFrameworkService service to connect.

    Error: (06/22/2016 01:59:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The APXACC service failed to start due to the following error:
    %%31 = A device attached to the system is not functioning.


    Error: (06/22/2016 01:59:31 AM) (Source: APXACC) (EventID: 1003) (User: )
    Description: The NDIS6 LWF initialization has failed. (0xC0000001)

    Error: (06/22/2016 01:58:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Windows Search service failed to start due to the following error:
    %%3 = The system cannot find the path specified.


    Error: (06/22/2016 01:58:21 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the User Data Storage_513d6 service to connect.


    CodeIntegrity:
    ===================================
    Date: 2016-06-22 01:09:56.460
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-06-21 10:13:15.348
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-06-21 01:25:53.350
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-06-21 00:13:01.352
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-06-21 00:13:01.317
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-06-21 00:13:01.209
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-06-16 09:50:59.970
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-06-16 09:50:59.566
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-06-15 12:49:15.208
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-06-15 12:49:08.243
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    ==================== Memory info ===========================

    Processor: AMD E2-1800 APU with Radeon(tm) HD Graphics
    Percentage of memory in use: 26%
    Total physical RAM: 5730.27 MB
    Available physical RAM: 4227.11 MB
    Total Virtual: 6690.27 MB
    Available Virtual: 5215.02 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:678.21 GB) (Free:636.63 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive d: (RECOVERY) (Fixed) (Total:18.85 GB) (Free:2.37 GB) NTFS ==>[system with boot components (obtained from drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 698.6 GB) (Disk ID: 32CCA4DF)

    Partition: GPT.

    ==================== End of Addition.txt ============================
     
  15. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  16. morphy201180

    morphy201180 TS Enthusiast Topic Starter Posts: 79

    Fix result of Farbar Recovery Scan Tool (x64) Version: 20-06-2016 01
    Ran by Shannon (2016-06-23 01:57:51) Run:1
    Running from C:\Users\Shannon\Desktop
    Loaded Profiles: Shannon (Available Profiles: Shannon)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    SearchScopes: HKU\S-1-5-21-353090159-1504183216-3683736410-1002 -> DefaultScope {BA1BE292-1D15-488B-934D-008742212380} URL =
    2015-06-11 18:40 - 2016-06-16 10:32 - 0000400 _____ () C:\Users\Shannon\AppData\Roaming\WB.CFG
    C:\Users\Shannon\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\Shannon\AppData\Local\Temp\libeay32.dll
    C:\Users\Shannon\AppData\Local\Temp\msvcr120.dll
    C:\Users\Shannon\AppData\Local\Temp\sqlite3.dll
    Task: {049D9356-1E49-484A-962B-452A239EEE6A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
    Task: {0CB99377-11F1-4797-8D70-D167090DDB47} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {15FC38C6-1BDA-4A5E-ACB0-0B7AE56472F3} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {480B0213-3D85-458A-BDBA-044566C12016} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {59A3F0D9-B4DD-4D89-AED3-C7A0CAE11CE4} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
    Task: {6D27B0A2-B95F-470D-99C2-6B2903037936} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {763916C2-DCCF-469F-8AEF-7E9098046DA7} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {87FBCE4A-BC9F-4591-98E8-6DB442F0F4B4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {AC4FEF07-877D-478C-961A-0F7F81A4C527} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {B511C7BD-09F6-4A7F-BE34-9117622FCAA2} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {DD51E535-A04C-4457-A24B-E5E93D2F4D75} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {E1437FEE-ADF9-440F-BBD0-F6E3A6FC03C1} - \Microsoft\Windows\Setup\GWXTriggers\Logon-URT -> No File <==== ATTENTION
    Task: {F0D7D87F-EA66-4A97-884B-D2364889E30F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION

    *****************

    "HKLM\SOFTWARE\Policies\Google" => key removed successfully
    HKU\S-1-5-21-353090159-1504183216-3683736410-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
    C:\Users\Shannon\AppData\Roaming\WB.CFG => moved successfully
    C:\Users\Shannon\AppData\Local\Temp\dllnt_dump.dll => moved successfully
    C:\Users\Shannon\AppData\Local\Temp\libeay32.dll => moved successfully
    C:\Users\Shannon\AppData\Local\Temp\msvcr120.dll => moved successfully
    C:\Users\Shannon\AppData\Local\Temp\sqlite3.dll => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{049D9356-1E49-484A-962B-452A239EEE6A}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{049D9356-1E49-484A-962B-452A239EEE6A}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0CB99377-11F1-4797-8D70-D167090DDB47}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0CB99377-11F1-4797-8D70-D167090DDB47}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{15FC38C6-1BDA-4A5E-ACB0-0B7AE56472F3}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{15FC38C6-1BDA-4A5E-ACB0-0B7AE56472F3}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{480B0213-3D85-458A-BDBA-044566C12016}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{480B0213-3D85-458A-BDBA-044566C12016}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{59A3F0D9-B4DD-4D89-AED3-C7A0CAE11CE4}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59A3F0D9-B4DD-4D89-AED3-C7A0CAE11CE4}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6D27B0A2-B95F-470D-99C2-6B2903037936}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D27B0A2-B95F-470D-99C2-6B2903037936}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{763916C2-DCCF-469F-8AEF-7E9098046DA7}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{763916C2-DCCF-469F-8AEF-7E9098046DA7}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{87FBCE4A-BC9F-4591-98E8-6DB442F0F4B4}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{87FBCE4A-BC9F-4591-98E8-6DB442F0F4B4}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC4FEF07-877D-478C-961A-0F7F81A4C527}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC4FEF07-877D-478C-961A-0F7F81A4C527}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B511C7BD-09F6-4A7F-BE34-9117622FCAA2}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B511C7BD-09F6-4A7F-BE34-9117622FCAA2}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DD51E535-A04C-4457-A24B-E5E93D2F4D75}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD51E535-A04C-4457-A24B-E5E93D2F4D75}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E1437FEE-ADF9-440F-BBD0-F6E3A6FC03C1}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1437FEE-ADF9-440F-BBD0-F6E3A6FC03C1}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-URT" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F0D7D87F-EA66-4A97-884B-D2364889E30F}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F0D7D87F-EA66-4A97-884B-D2364889E30F}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully

    ==== End of Fixlog 01:57:53 ====
     
  17. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services

    Press "Scan".
    It will create a log (FSS.txt) in the same directory the tool is run.
    Please copy and paste the log to your reply.


    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
  18. morphy201180

    morphy201180 TS Enthusiast Topic Starter Posts: 79

    Please see logs below. The Sophos scan came back clear as well.

    Results of screen317's Security Check version 1.014 --- 12/23/15
    x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Windows Defender
    avast! Antivirus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Google Chrome 42.0.2311.152 Google Chrome out of date!
    ````````Process Check: objlist.exe by Laurent````````
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast avastui.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: %
    ````````````````````End of Log``````````````````````

    Farbar Service Scanner Version: 27-01-2016
    Ran by Shannon (administrator) on 23-06-2016 at 02:09:47
    Running from "C:\Users\Shannon\Desktop"
    Microsoft Windows 10 Home (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Policy:
    ========================


    Security Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\SDRSVC.dll => File is digitally signed
    C:\Windows\System32\vssvc.exe => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed


    **** End of log ****
     
  19. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Your computer is clean [​IMG]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    11. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

    12. Please, let me know, how your computer is doing.
     
  20. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    The issue seems to be resolved.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...