TechSpot

Speedtest.com virus

By Robert Beaver
Jan 30, 2016
  1. Computer says its been compromised. Google even stopped me from looking stuff up. Any help would be appreciated as I'm not buying into the screens that popped up saying call microsoft.
     
  2. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    It's definitely fake message.
    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. Robert Beaver

    Robert Beaver TS Rookie Topic Starter Posts: 17

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
    Ran by William_2 (ATTENTION: The user is not administrator) on WILLIAM (30-01-2016 21:36:49)
    Running from C:\Users\William_2\Downloads
    Loaded Profiles: William & William_2 (Available Profiles: William & William_2)
    Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Edge)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    Failed to access process -> smss.exe
    Failed to access process -> csrss.exe
    Failed to access process -> wininit.exe
    Failed to access process -> services.exe
    Failed to access process -> lsass.exe
    Failed to access process -> svchost.exe
    Failed to access process -> svchost.exe
    Failed to access process -> svchost.exe
    Failed to access process -> svchost.exe
    Failed to access process -> svchost.exe
    Failed to access process -> svchost.exe
    Failed to access process -> svchost.exe
    Failed to access process -> dasHost.exe
    Failed to access process -> svchost.exe
    Failed to access process -> igfxCUIService.exe
    Failed to access process -> svchost.exe
    Failed to access process -> FBAgent.exe
    Failed to access process -> spoolsv.exe
    Failed to access process -> IntelCpHeciSvc.exe
    Failed to access process -> svchost.exe
    Failed to access process -> armsvc.exe
    Failed to access process -> CxAudMsg64.exe
    Failed to access process -> svchost.exe
    Failed to access process -> svchost.exe
    Failed to access process -> MsMpEng.exe
    Failed to access process -> SASrv.exe
    Failed to access process -> svchost.exe
    Failed to access process -> NisSrv.exe
    Failed to access process -> PresentationFontCache.exe
    Failed to access process -> SearchIndexer.exe
    Failed to access process -> CouponPrinterService.exe
    Failed to access process -> AsLdrSrv.exe
    Failed to access process -> InsOnSrv.exe
    Failed to access process -> AsusWSWinService.exe
    Failed to access process -> GFNEXSrv.exe
    Failed to access process -> HeciServer.exe
    Failed to access process -> IntelMeFWService.exe
    Failed to access process -> Jhi_service.exe
    Failed to access process -> LMS.exe
    Failed to access process -> UNS.exe
    Failed to access process -> csrss.exe
    Failed to access process -> winlogon.exe
    Failed to access process -> dwm.exe
    Failed to access process -> HControl.exe
    Failed to access process -> InsOnWMI.exe
    Failed to access process -> KBFiltr.exe
    Failed to access process -> WmiPrvSE.exe
    () C:\Program Files\NETGEAR\ReadySHARE Vault\GenieTimeLineAgent.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    (Intel Corporation) C:\Windows\System32\igfxTray.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
    (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
    (Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    Failed to access process -> GenieTimelineService.exe
    Failed to access process -> svchost.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    Failed to access process -> MpCmdRun.exe
    (SlimWare Utilities, Inc.) C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
    Failed to access process -> dllhost.exe
    Failed to access process -> SlimServiceFactory.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    Failed to access process -> SearchProtocolHost.exe
    Failed to access process -> SearchFilterHost.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [111120 2012-05-25] (CyberLink)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
    HKLM-x32\...\RunOnce: [SlimCleaner Plus] => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe [26186944 2016-01-20] (Slimware Utilities Holdings, Inc.)
    ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\William_2\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2016-01-30] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\William_2\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2016-01-30] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\William_2\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2016-01-30] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
    ShellIconOverlayIdentifiers: [0GenieTimeLine-BackedUp] -> {88A8B1ED-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2013-08-29] ()
    ShellIconOverlayIdentifiers: [0GenieTimeLine-Excluded] -> {B77E8651-93B1-40CD-8ECF-6F33DAC805A0} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2013-08-29] ()
    ShellIconOverlayIdentifiers: [0GenieTimeLine-Folder] -> {CEAF16CE-C11C-4081-BE29-DDE7F45A59DB} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2013-08-29] ()
    ShellIconOverlayIdentifiers: [0GenieTimeLine-NotBackedUp] -> {88A8B1EE-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2013-08-29] ()
    ShellIconOverlayIdentifiers: [0GenieTimeLine-Pending ] -> {88A8B1EF-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2013-08-29] ()
    ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\William_2\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2016-01-30] (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\William_2\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2016-01-30] (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\William_2\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2016-01-30] (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-BackedUp] -> {88A8B1ED-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\x86\GSTimelineIconOverlay.gtl [2013-08-29] ()
    ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-Excluded] -> {B77E8651-93B1-40CD-8ECF-6F33DAC805A0} => C:\Program Files\NETGEAR\ReadySHARE Vault\x86\GSTimelineIconOverlay.gtl [2013-08-29] ()
    ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-Folder] -> {CEAF16CE-C11C-4081-BE29-DDE7F45A59DB} => C:\Program Files\NETGEAR\ReadySHARE Vault\x86\GSTimelineIconOverlay.gtl [2013-08-29] ()
    ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-NotBackedUp] -> {88A8B1EE-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\x86\GSTimelineIconOverlay.gtl [2013-08-29] ()
    ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-Pending ] -> {88A8B1EF-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\x86\GSTimelineIconOverlay.gtl [2013-08-29] ()
    GroupPolicyUsers\S-1-5-21-1987870432-1314437653-830200918-1006\User: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{0e861b0f-33f8-4c63-aa95-e6216852069a}: [DhcpNameServer] 75.75.75.75 75.75.76.76
    Tcpip\..\Interfaces\{9bd6d357-5b30-496c-8dd6-cf2e477d9b09}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-1987870432-1314437653-830200918-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com
    HKU\S-1-5-21-1987870432-1314437653-830200918-1006\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
    URLSearchHook: [S-1-5-21-1987870432-1314437653-830200918-1001] ATTENTION => Default URLSearchHook is missing
    SearchScopes: HKU\S-1-5-21-1987870432-1314437653-830200918-1006 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1987870432-1314437653-830200918-1006 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-10] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-10] (Oracle Corporation)
    BHO-x32: TBSB07898 Class -> {FCBCCB87-9224-4B8D-B117-F56D924BEB18} -> C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll [2013-07-15] ()
    Toolbar: HKLM-x32 - Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll [2013-07-15] ()
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll [2012-10-23] (Skype Technologies)

    FireFox:
    ========
    FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
    FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-10] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-10] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
    FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found

    Chrome:
    =======
    CHR Profile: C:\Users\William_2\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\William_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-30]
    CHR Extension: (Google Drive) - C:\Users\William_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-30]
    CHR Extension: (YouTube) - C:\Users\William_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-30]
    CHR Extension: (Google Search) - C:\Users\William_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-30]
    CHR Extension: (Google Docs Offline) - C:\Users\William_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-30]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\William_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-30]
    CHR Extension: (Gmail) - C:\Users\William_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-30]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-06-19] (ASUS)
    R3 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed]
    R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [1414128 2015-05-18] (Coupons.com Inc.)
    S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [777744 2015-10-29] (Garmin Ltd. or its subsidiaries)
    R2 GenieTimelineService; C:\Program Files\NETGEAR\ReadySHARE Vault\GenieTimelineService.exe [673856 2014-06-18] (Genie9)
    R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
    R3 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
    R3 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
    R3 lmhosts; C:\Windows\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
    R3 lmhosts; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
    S3 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2015-08-26] (NETGEAR)
    R2 NlaSvc; C:\Windows\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
    R2 NlaSvc; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
    R2 nsi; C:\Windows\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
    R2 nsi; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
    R2 SlimService; C:\Program Files\SlimService\SlimServiceFactory.exe [252096 2016-01-20] (SlimWare Utilities, Inc.)
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [100776 2015-08-23] (ASUS Corporation)
    R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
    S3 libusb0; C:\Windows\system32\DRIVERS\libusb0.sys [44480 2011-05-17] (hxxp://libusb-win32.sourceforge.net)
    R3 netr28x; C:\Windows\system32\DRIVERS\netr28x.sys [2554528 2015-06-12] (MediaTek Inc.)
    R2 NPF; C:\WINDOWS\system32\drivers\npf.sys [35344 2016-01-30] (CACE Technologies, Inc.)
    R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1219200 2015-06-03] (Ralink Technology, Corp.)
    S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [13920 2016-01-30] ()
    S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
    R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
    R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-01-30 21:36 - 2016-01-30 21:37 - 00017896 _____ C:\Users\William_2\Downloads\FRST.txt
    2016-01-30 21:36 - 2016-01-30 21:36 - 00000000 ____D C:\FRST
    2016-01-30 21:35 - 2016-01-30 21:35 - 02370560 _____ (Farbar) C:\Users\William_2\Downloads\FRST64 (1).exe
    2016-01-30 21:31 - 2016-01-30 21:36 - 02370560 _____ (Farbar) C:\Users\William_2\Downloads\FRST64.exe
    2016-01-30 21:29 - 2016-01-30 21:29 - 00002259 _____ C:\WINDOWS\epplauncher.mif
    2016-01-30 21:23 - 2016-01-30 21:23 - 00013920 _____ C:\WINDOWS\system32\Drivers\SWDUMon.sys
    2016-01-30 21:23 - 2016-01-30 21:23 - 00002501 _____ C:\Users\Public\Desktop\DriverUpdate.lnk
    2016-01-30 21:23 - 2016-01-30 21:23 - 00002481 _____ C:\Users\Public\Desktop\SlimCleaner Plus.lnk
    2016-01-30 21:23 - 2016-01-30 21:23 - 00000492 _____ C:\WINDOWS\Tasks\DriverUpdate Scan.job
    2016-01-30 21:23 - 2016-01-30 21:23 - 00000438 _____ C:\WINDOWS\Tasks\DriverUpdate Startup.job
    2016-01-30 21:23 - 2016-01-30 21:23 - 00000000 ____D C:\ProgramData\SlimWare Utilities Inc
    2016-01-30 21:23 - 2016-01-30 21:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimCleaner Plus
    2016-01-30 21:23 - 2016-01-30 21:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate
    2016-01-30 21:23 - 2016-01-30 21:23 - 00000000 ____D C:\Program Files\SlimService
    2016-01-30 21:23 - 2016-01-30 21:23 - 00000000 ____D C:\Program Files\SlimCleaner Plus
    2016-01-30 21:23 - 2016-01-30 21:23 - 00000000 ____D C:\Program Files (x86)\DriverUpdate
    2016-01-30 21:22 - 2016-01-30 21:22 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers
    2016-01-30 21:21 - 2016-01-30 21:28 - 14243008 _____ (Microsoft Corporation) C:\Users\William_2\Downloads\mseinstall64.exe
    2016-01-30 21:21 - 2016-01-30 21:21 - 00961736 _____ (Slimware Utilities, Inc.) C:\Users\William_2\Downloads\DriverUpdate-setup.exe
    2016-01-30 21:16 - 2016-01-30 21:16 - 00000000 ____D C:\Users\William_2\AppData\Local\NetworkTiles
    2016-01-30 19:46 - 2016-01-30 19:47 - 00002416 _____ C:\Users\William_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2016-01-30 19:46 - 2016-01-30 19:47 - 00000000 ___RD C:\Users\William_2\OneDrive
    2016-01-30 19:45 - 2016-01-30 19:45 - 00000000 ____D C:\Users\William_2\AppData\Local\Publishers
    2016-01-30 19:45 - 2016-01-30 19:45 - 00000000 ____D C:\Users\William_2\AppData\Local\ActiveSync
    2016-01-30 19:44 - 2016-01-30 19:44 - 00000000 ____D C:\Users\William_2\AppData\Local\Comms
    2016-01-30 19:43 - 2016-01-30 19:43 - 00000616 __RSH C:\Users\William_2\ntuser.pol
    2016-01-30 19:43 - 2016-01-30 19:43 - 00000020 ___SH C:\Users\William_2\ntuser.ini
    2016-01-30 19:43 - 2016-01-30 19:43 - 00000000 __SHD C:\Users\William_2\IntelGraphicsProfiles
    2016-01-30 19:43 - 2016-01-30 19:43 - 00000000 ____D C:\Users\William_2\AppData\Roaming\Genie9
    2016-01-30 19:43 - 2016-01-30 19:43 - 00000000 ____D C:\Users\William_2\AppData\Local\TileDataLayer
    2016-01-30 19:22 - 2016-01-30 19:22 - 00000000 ____D C:\Users\Default\AppData\Roaming\Genie9
    2016-01-30 19:22 - 2016-01-30 19:22 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Genie9
    2016-01-30 14:10 - 2016-01-30 14:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR
    2016-01-30 14:09 - 2016-01-30 14:09 - 00000000 ____D C:\Program Files\NETGEAR
    2016-01-30 14:08 - 2016-01-30 14:08 - 00369168 _____ (CACE Technologies, Inc.) C:\WINDOWS\system32\wpcap.dll
    2016-01-30 14:08 - 2016-01-30 14:08 - 00281104 _____ (CACE Technologies, Inc.) C:\WINDOWS\SysWOW64\wpcap.dll
    2016-01-30 14:08 - 2016-01-30 14:08 - 00106000 _____ (CACE Technologies, Inc.) C:\WINDOWS\system32\packet.dll
    2016-01-30 14:08 - 2016-01-30 14:08 - 00096784 _____ (CACE Technologies, Inc.) C:\WINDOWS\SysWOW64\packet.dll
    2016-01-30 14:08 - 2016-01-30 14:08 - 00035344 _____ (CACE Technologies, Inc.) C:\WINDOWS\system32\Drivers\npf.sys
    2016-01-30 14:08 - 2016-01-30 14:08 - 00002137 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR Genie.lnk
    2016-01-30 14:08 - 2016-01-30 14:08 - 00002125 _____ C:\Users\Public\Desktop\NETGEAR Genie.lnk
    2016-01-30 14:07 - 2016-01-30 14:08 - 00000000 ____D C:\Program Files (x86)\NETGEAR Genie
    2016-01-24 18:03 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_7.dll
    2016-01-24 18:03 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll
    2016-01-24 18:03 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll
    2016-01-24 18:03 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll
    2016-01-24 18:03 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll
    2016-01-24 18:03 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_43.dll
    2016-01-24 18:03 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll
    2016-01-24 18:03 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll
    2016-01-24 18:03 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_6.dll
    2016-01-24 18:03 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_6.dll
    2016-01-24 18:03 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_6.dll
    2016-01-24 18:03 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_6.dll
    2016-01-24 18:03 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_4.dll
    2016-01-24 18:03 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_4.dll
    2016-01-24 18:03 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll
    2016-01-24 18:03 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_7.dll
    2016-01-24 18:03 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_5.dll
    2016-01-24 18:03 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_5.dll
    2016-01-24 18:03 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_5.dll
    2016-01-24 18:03 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_5.dll
    2016-01-24 18:03 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_3.dll
    2016-01-24 18:03 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_3.dll
    2016-01-24 18:03 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_42.dll
    2016-01-24 18:03 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_42.dll
    2016-01-24 18:03 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_42.dll
    2016-01-24 18:03 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_42.dll
    2016-01-24 18:03 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_42.dll
    2016-01-24 18:03 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_42.dll
    2016-01-24 18:03 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_42.dll
    2016-01-24 18:03 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_42.dll
    2016-01-24 18:03 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_4.dll
    2016-01-24 18:03 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_4.dll
    2016-01-24 18:03 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_4.dll
    2016-01-24 18:03 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_4.dll
    2016-01-24 18:03 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_6.dll
    2016-01-24 18:03 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_6.dll
    2016-01-24 18:03 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_41.dll
    2016-01-24 18:03 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_41.dll
    2016-01-24 18:03 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_41.dll
    2016-01-24 18:03 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_41.dll
    2016-01-24 18:03 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_3.dll
    2016-01-24 18:03 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_3.dll
    2016-01-24 18:03 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_3.dll
    2016-01-24 18:03 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_3.dll
    2016-01-24 18:03 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_2.dll
    2016-01-24 18:03 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_2.dll
    2016-01-24 18:03 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_5.dll
    2016-01-24 18:03 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_5.dll
    2016-01-24 18:03 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_40.dll
    2016-01-24 18:03 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_40.dll
    2016-01-24 18:03 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_40.dll
    2016-01-24 18:03 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_40.dll
    2016-01-24 18:03 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_40.dll
    2016-01-24 18:03 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_40.dll
    2016-01-24 18:03 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_2.dll
    2016-01-24 18:03 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_2.dll
    2016-01-24 18:03 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_1.dll
    2016-01-24 18:03 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll
    2016-01-24 18:03 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_2.dll
    2016-01-24 18:03 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll
    2016-01-24 18:03 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
    2016-01-24 18:03 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_39.dll
    2016-01-24 18:03 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
    2016-01-24 18:03 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll
    2016-01-24 18:03 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
    2016-01-24 18:03 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll
    2016-01-24 18:03 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_1.dll
    2016-01-24 18:03 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_1.dll
    2016-01-24 18:03 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_1.dll
    2016-01-24 18:03 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_1.dll
    2016-01-24 18:03 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_0.dll
    2016-01-24 18:03 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_0.dll
    2016-01-24 18:03 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_4.dll
    2016-01-24 18:03 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_4.dll
    2016-01-24 18:03 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_38.dll
    2016-01-24 18:03 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_38.dll
    2016-01-24 18:03 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_38.dll
    2016-01-24 18:03 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_38.dll
    2016-01-24 18:03 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_38.dll
    2016-01-24 18:03 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_38.dll
    2016-01-24 18:03 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_0.dll
    2016-01-24 18:03 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_0.dll
    2016-01-24 18:03 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_0.dll
    2016-01-24 18:03 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_0.dll
    2016-01-24 18:03 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_3.dll
    2016-01-24 18:03 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_3.dll
    2016-01-24 18:02 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_37.dll
    2016-01-24 18:02 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_37.dll
    2016-01-24 18:02 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_37.dll
    2016-01-24 18:02 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_37.dll
    2016-01-24 18:02 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_10.dll
    2016-01-24 18:02 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_10.dll
    2016-01-24 18:02 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_2.dll
    2016-01-24 18:02 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_2.dll
    2016-01-24 18:02 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_36.dll
    2016-01-24 18:02 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_36.dll
    2016-01-24 18:02 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_36.dll
    2016-01-24 18:02 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_36.dll
    2016-01-24 18:02 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_36.dll
    2016-01-24 18:02 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_36.dll
    2016-01-24 18:02 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_9.dll
    2016-01-24 18:02 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_9.dll
    2016-01-24 18:02 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_35.dll
    2016-01-24 18:02 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_35.dll
    2016-01-24 18:02 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_35.dll
    2016-01-24 18:02 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_35.dll
    2016-01-24 18:02 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_35.dll
    2016-01-24 18:02 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_35.dll
    2016-01-24 18:02 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_8.dll
    2016-01-24 18:02 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_8.dll
    2016-01-24 18:02 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_34.dll
    2016-01-24 18:02 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_34.dll
    2016-01-24 18:02 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_34.dll
    2016-01-24 18:02 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_34.dll
    2016-01-24 18:02 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_34.dll
    2016-01-24 18:02 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_34.dll
    2016-01-24 18:02 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_7.dll
    2016-01-24 18:02 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_7.dll
    2016-01-24 18:02 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_3.dll
    2016-01-24 18:02 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_3.dll
    2016-01-24 18:02 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_33.dll
    2016-01-24 18:02 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_33.dll
    2016-01-24 18:02 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_33.dll
    2016-01-24 18:02 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_33.dll
    2016-01-24 18:02 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_33.dll
    2016-01-24 18:02 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_33.dll
    2016-01-24 18:02 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_1.dll
    2016-01-24 18:02 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_1.dll
    2016-01-24 18:02 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_6.dll
    2016-01-24 18:02 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_6.dll
    2016-01-24 18:02 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_5.dll
    2016-01-24 18:02 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_5.dll
    2016-01-24 18:02 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10.dll
    2016-01-24 18:02 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10.dll
    2016-01-24 18:02 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_31.dll
    2016-01-24 18:02 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_31.dll
    2016-01-24 18:02 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_4.dll
    2016-01-24 18:02 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_4.dll
    2016-01-24 18:02 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_2.dll
    2016-01-24 18:02 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_3.dll
    2016-01-24 18:02 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_3.dll
    2016-01-24 18:02 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_2.dll
    2016-01-24 18:02 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_2.dll
    2016-01-24 18:02 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_2.dll
    2016-01-24 18:02 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_30.dll
    2016-01-24 18:02 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_30.dll
    2016-01-24 18:02 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_1.dll
    2016-01-24 18:02 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_1.dll
    2016-01-24 18:02 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_1.dll
     
  4. Robert Beaver

    Robert Beaver TS Rookie Topic Starter Posts: 17

    2016-01-24 18:02 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_1.dll
    2016-01-24 18:02 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_29.dll
    2016-01-24 18:02 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_29.dll
    2016-01-24 18:02 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_0.dll
    2016-01-24 18:02 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_0.dll
    2016-01-24 18:02 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_0.dll
    2016-01-24 18:02 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_0.dll
    2016-01-24 18:02 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_28.dll
    2016-01-24 18:02 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_28.dll
    2016-01-24 18:02 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_27.dll
    2016-01-24 18:02 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_27.dll
    2016-01-24 18:02 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_26.dll
    2016-01-24 18:02 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_26.dll
    2016-01-24 18:02 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_25.dll
    2016-01-24 18:02 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_25.dll
    2016-01-24 18:02 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_24.dll
    2016-01-24 18:02 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_24.dll
    2016-01-24 12:02 - 2016-01-24 12:02 - 00001161 _____ C:\Users\Public\Desktop\LogixPro.lnk
    2016-01-24 12:02 - 2016-01-24 12:02 - 00000000 ____D C:\WINDOWS\msagent
    2016-01-24 12:02 - 2016-01-24 12:02 - 00000000 ____D C:\WINDOWS\lhsp
    2016-01-24 12:02 - 2016-01-24 12:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TheLearningPit
    2016-01-24 12:01 - 2016-01-24 12:01 - 00000000 ____D C:\Program Files (x86)\TheLearningPit
    2016-01-24 11:56 - 2016-01-24 15:41 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
    2016-01-24 11:55 - 2016-01-24 11:55 - 00000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    2016-01-13 19:04 - 2016-01-13 19:04 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
    2016-01-13 16:54 - 2016-01-04 21:51 - 07477600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2016-01-13 16:54 - 2016-01-04 21:50 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
    2016-01-13 16:54 - 2016-01-04 21:50 - 00671472 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
    2016-01-13 16:54 - 2016-01-04 21:49 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
    2016-01-13 16:54 - 2016-01-04 21:48 - 00499432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
    2016-01-13 16:54 - 2016-01-04 21:45 - 02587696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
    2016-01-13 16:54 - 2016-01-04 21:42 - 02026736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
    2016-01-13 16:54 - 2016-01-04 21:37 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2016-01-13 16:54 - 2016-01-04 21:37 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
    2016-01-13 16:54 - 2016-01-04 21:37 - 00858952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
    2016-01-13 16:54 - 2016-01-04 21:37 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
    2016-01-13 16:54 - 2016-01-04 21:37 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
    2016-01-13 16:54 - 2016-01-04 21:37 - 00245840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
    2016-01-13 16:54 - 2016-01-04 21:37 - 00234504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
    2016-01-13 16:54 - 2016-01-04 21:36 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
    2016-01-13 16:54 - 2016-01-04 21:33 - 02180128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2016-01-13 16:54 - 2016-01-04 21:33 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
    2016-01-13 16:54 - 2016-01-04 21:33 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
    2016-01-13 16:54 - 2016-01-04 21:33 - 00701384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
    2016-01-13 16:54 - 2016-01-04 21:33 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
    2016-01-13 16:54 - 2016-01-04 21:33 - 00208176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
    2016-01-13 16:54 - 2016-01-04 21:33 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
    2016-01-13 16:54 - 2016-01-04 21:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
    2016-01-13 16:54 - 2016-01-04 21:27 - 01594408 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
    2016-01-13 16:54 - 2016-01-04 21:24 - 00796352 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
    2016-01-13 16:54 - 2016-01-04 21:23 - 01309376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
    2016-01-13 16:54 - 2016-01-04 21:23 - 00786696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
    2016-01-13 16:54 - 2016-01-04 21:21 - 01371792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
    2016-01-13 16:54 - 2016-01-04 21:17 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
    2016-01-13 16:54 - 2016-01-04 20:59 - 22393856 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2016-01-13 16:54 - 2016-01-04 20:57 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2016-01-13 16:54 - 2016-01-04 20:54 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
    2016-01-13 16:54 - 2016-01-04 20:50 - 00644096 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
    2016-01-13 16:54 - 2016-01-04 20:50 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
    2016-01-13 16:54 - 2016-01-04 20:49 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2016-01-13 16:54 - 2016-01-04 20:49 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
    2016-01-13 16:54 - 2016-01-04 20:48 - 01009152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
    2016-01-13 16:54 - 2016-01-04 20:48 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
    2016-01-13 16:54 - 2016-01-04 20:47 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
    2016-01-13 16:54 - 2016-01-04 20:47 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
    2016-01-13 16:54 - 2016-01-04 20:45 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
    2016-01-13 16:54 - 2016-01-04 20:43 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
    2016-01-13 16:54 - 2016-01-04 20:43 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
    2016-01-13 16:54 - 2016-01-04 20:41 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2016-01-13 16:54 - 2016-01-04 20:40 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
    2016-01-13 16:54 - 2016-01-04 20:39 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
    2016-01-13 16:54 - 2016-01-04 20:39 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
    2016-01-13 16:54 - 2016-01-04 20:39 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
    2016-01-13 16:54 - 2016-01-04 20:38 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
    2016-01-13 16:54 - 2016-01-04 20:33 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
    2016-01-13 16:54 - 2016-01-04 20:30 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
    2016-01-13 16:54 - 2016-01-04 20:30 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2016-01-13 16:54 - 2016-01-04 20:29 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2016-01-13 16:54 - 2016-01-04 20:28 - 07826432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2016-01-13 16:54 - 2016-01-04 20:28 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2016-01-13 16:54 - 2016-01-04 20:28 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
    2016-01-13 16:54 - 2016-01-04 20:25 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2016-01-13 16:53 - 2016-01-04 21:51 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2016-01-13 16:53 - 2016-01-04 21:51 - 01141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2016-01-13 16:53 - 2016-01-04 21:50 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2016-01-13 16:53 - 2016-01-04 21:23 - 00119320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
    2016-01-13 16:53 - 2016-01-04 21:16 - 00100160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
    2016-01-13 16:53 - 2016-01-04 20:57 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMSRoamingSecurity.dll
    2016-01-13 16:53 - 2016-01-04 20:57 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll
    2016-01-13 16:53 - 2016-01-04 20:56 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
    2016-01-13 16:53 - 2016-01-04 20:54 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthLEEnum.sys
    2016-01-13 16:53 - 2016-01-04 20:53 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
    2016-01-13 16:53 - 2016-01-04 20:52 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
    2016-01-13 16:53 - 2016-01-04 20:51 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
    2016-01-13 16:53 - 2016-01-04 20:51 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
    2016-01-13 16:53 - 2016-01-04 20:50 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
    2016-01-13 16:53 - 2016-01-04 20:49 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
    2016-01-13 16:53 - 2016-01-04 20:49 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
    2016-01-13 16:53 - 2016-01-04 20:49 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2016-01-13 16:53 - 2016-01-04 20:49 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityCommon.dll
    2016-01-13 16:53 - 2016-01-04 20:48 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll
    2016-01-13 16:53 - 2016-01-04 20:47 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
    2016-01-13 16:53 - 2016-01-04 20:45 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
    2016-01-13 16:53 - 2016-01-04 20:44 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
    2016-01-13 16:53 - 2016-01-04 20:43 - 00953856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
    2016-01-13 16:53 - 2016-01-04 20:43 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2016-01-13 16:53 - 2016-01-04 20:42 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
    2016-01-13 16:53 - 2016-01-04 20:41 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
    2016-01-13 16:53 - 2016-01-04 20:41 - 00558592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
    2016-01-13 16:53 - 2016-01-04 20:40 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ProximityCommon.dll
    2016-01-13 16:53 - 2016-01-04 20:39 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
    2016-01-13 16:53 - 2016-01-04 20:36 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
    2016-01-13 16:53 - 2016-01-04 20:36 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2016-01-04 20:03 - 2016-01-24 11:51 - 00000000 ____D C:\ProgramData\SetupTPDriver
    2016-01-04 19:54 - 2016-01-04 19:54 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
    2016-01-04 19:50 - 2016-01-14 18:10 - 00000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
    2016-01-04 04:34 - 2016-01-04 17:15 - 00000000 ___DC C:\WINDOWS\Panther
    2016-01-04 04:28 - 2016-01-04 04:28 - 00000000 ____D C:\Windows.old
    2016-01-04 04:26 - 2016-01-04 04:26 - 24601600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 22572632 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 21125408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 19339264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 13381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 03993600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2016-01-04 04:26 - 2016-01-04 04:26 - 03355136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 02843136 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 02772584 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
    2016-01-04 04:26 - 2016-01-04 04:26 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
    2016-01-04 04:26 - 2016-01-04 04:26 - 02680320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 02653816 _____ C:\WINDOWS\system32\CoreUIComponents.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 02647552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 02598400 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 02185840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 02155008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 02152800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
    2016-01-04 04:26 - 2016-01-04 04:26 - 02126848 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2016-01-04 04:26 - 2016-01-04 04:26 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 02049024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2016-01-04 04:26 - 2016-01-04 04:26 - 02001408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01995776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01860096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01859448 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01817160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01814528 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01648640 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01540768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01505280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2016-01-04 04:26 - 2016-01-04 04:26 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01281376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01223168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01155944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01092456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01065080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01042432 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01035776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01020096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00983464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00973664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00969728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00931328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
    2016-01-04 04:26 - 2016-01-04 04:26 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00911648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00900608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00898184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00884256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00871936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
    2016-01-04 04:26 - 2016-01-04 04:26 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00823264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00803840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00791552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00716928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00698208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00683008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00675064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
    2016-01-04 04:26 - 2016-01-04 04:26 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00618496 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2016-01-04 04:26 - 2016-01-04 04:26 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00586208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00586080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00578912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
    2016-01-04 04:26 - 2016-01-04 04:26 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
    2016-01-04 04:26 - 2016-01-04 04:26 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00526856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00523616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
    2016-01-04 04:26 - 2016-01-04 04:26 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
    2016-01-04 04:26 - 2016-01-04 04:26 - 00516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00515584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00511320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00462760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00454056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00450904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00440160 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
    2016-01-04 04:26 - 2016-01-04 04:26 - 00431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
    2016-01-04 04:26 - 2016-01-04 04:26 - 00412512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
    2016-01-04 04:26 - 2016-01-04 04:26 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00408128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00405048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
    2016-01-04 04:26 - 2016-01-04 04:26 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
    2016-01-04 04:26 - 2016-01-04 04:26 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
    2016-01-04 04:26 - 2016-01-04 04:26 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00337840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
    2016-01-04 04:26 - 2016-01-04 04:26 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00292352 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00289248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00264544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00264192 _____ (Nokia) C:\WINDOWS\system32\NmaDirect.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2016-01-04 04:26 - 2016-01-04 04:26 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00205824 _____ (Nokia) C:\WINDOWS\SysWOW64\NmaDirect.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-
     
  5. Robert Beaver

    Robert Beaver TS Rookie Topic Starter Posts: 17

    AppModelExecEvents.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
    2016-01-04 04:26 - 2016-01-04 04:26 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
    2016-01-04 04:26 - 2016-01-04 04:26 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
    2016-01-04 04:26 - 2016-01-04 04:26 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
    2016-01-04 04:26 - 2016-01-04 04:26 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
    2016-01-04 04:26 - 2016-01-04 04:26 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ETWCoreUIComponentsResources.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ETWCoreUIComponentsResources.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
    2016-01-04 04:26 - 2016-01-04 04:26 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys
    2016-01-04 04:26 - 2016-01-04 04:26 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
    2016-01-04 04:26 - 2016-01-04 04:26 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MapControls.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00110032 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
    2016-01-04 04:26 - 2016-01-04 04:26 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00088392 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00080600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwapi.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.XboxLive.ProxyStub.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssign32.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00073360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManagerProxy.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ihvrilproxy.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00063528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wwapi.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssign32.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosResource.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosResource.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
    2016-01-04 04:26 - 2016-01-04 04:26 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\rilproxy.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wwanpref.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00051680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsUtilsV2.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsplib.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.proxy.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
    2016-01-04 04:26 - 2016-01-04 04:26 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\BackgroundTransferHost.exe
    2016-01-04 04:26 - 2016-01-04 04:26 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCoreRes.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCoreRes.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00035680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wimmount.sys
    2016-01-04 04:26 - 2016-01-04 04:26 - 00035656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
    2016-01-04 04:26 - 2016-01-04 04:26 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe
    2016-01-04 04:26 - 2016-01-04 04:26 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00032040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe
    2016-01-04 04:26 - 2016-01-04 04:26 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringconfigsp.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
    2016-01-04 04:26 - 2016-01-04 04:26 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.proxy.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
    2016-01-04 04:26 - 2016-01-04 04:26 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshrm.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\IcsEntitlementHost.exe
    2016-01-04 04:26 - 2016-01-04 04:26 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosTrace.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosHost.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\readingviewresources.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlStringsRes.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlStringsRes.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
    2016-01-04 04:19 - 2016-01-04 04:19 - 00000000 ____D C:\Program Files\Reference Assemblies
    2016-01-04 04:19 - 2016-01-04 04:19 - 00000000 ____D C:\Program Files\MSBuild
    2016-01-04 04:19 - 2016-01-04 04:19 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
    2016-01-04 04:19 - 2016-01-04 04:19 - 00000000 ____D C:\Program Files (x86)\MSBuild
    2016-01-04 04:18 - 2015-10-23 20:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
    2016-01-04 04:18 - 2015-10-23 20:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
    2016-01-04 04:18 - 2015-10-23 20:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
    2016-01-04 04:18 - 2015-10-23 20:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
    2016-01-04 04:18 - 2015-10-23 20:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
    2016-01-04 04:18 - 2015-10-23 20:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
    2016-01-04 02:13 - 2016-01-04 02:13 - 00000000 _SHDL C:\Users\Default\My Documents
    2016-01-04 02:13 - 2016-01-04 02:13 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
    2016-01-04 02:13 - 2016-01-04 02:13 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
    2016-01-04 02:13 - 2016-01-04 02:13 - 00000000 _SHDL C:\Users\Default\Documents\My Music
    2016-01-04 02:13 - 2016-01-04 02:13 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
    2016-01-04 02:13 - 2016-01-04 02:13 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
    2016-01-04 02:13 - 2016-01-04 02:13 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
    2016-01-04 02:13 - 2016-01-04 02:13 - 00000000 ____D C:\ProgramData\USOShared
    2016-01-04 02:07 - 2016-01-24 11:54 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2016-01-04 02:04 - 2016-01-24 12:01 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2016-01-04 01:54 - 2016-01-04 01:54 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2016-01-04 01:54 - 2016-01-04 01:54 - 00000000 ____D C:\Users\Default\AppData\Roaming\Garmin
    2016-01-04 01:54 - 2016-01-04 01:54 - 00000000 ____D C:\Users\Default\AppData\Roaming\ASUS WebStorage
    2016-01-04 01:54 - 2016-01-04 01:54 - 00000000 ____D C:\Users\Default\AppData\Local\Conexant
    2016-01-04 01:54 - 2016-01-04 01:54 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Garmin
    2016-01-04 01:54 - 2016-01-04 01:54 - 00000000 ____D C:\Users\Default User\AppData\Roaming\ASUS WebStorage
    2016-01-04 01:54 - 2016-01-04 01:54 - 00000000 ____D C:\Users\Default User\AppData\Local\Conexant
    2016-01-04 01:46 - 2016-01-30 19:46 - 00000000 ____D C:\Users\William_2
    2016-01-04 01:46 - 2016-01-04 19:59 - 00000000 ____D C:\Users\beavs_000
    2016-01-04 01:46 - 2016-01-04 01:46 - 00000000 _SHDL C:\Users\William_2\My Documents
    2016-01-04 01:46 - 2016-01-04 01:46 - 00000000 _SHDL C:\Users\William_2\Documents\My Videos
    2016-01-04 01:46 - 2016-01-04 01:46 - 00000000 _SHDL C:\Users\William_2\Documents\My Pictures
    2016-01-04 01:46 - 2016-01-04 01:46 - 00000000 _SHDL C:\Users\William_2\Documents\My Music
    2016-01-04 01:42 - 2016-01-04 01:42 - 00001963 _____ C:\ProgramData\Microsoft\Windows\Start Menu\SmartAudio.lnk
    2016-01-04 01:42 - 2016-01-04 01:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Conexant
    2016-01-04 01:42 - 2011-09-01 00:23 - 00447104 _____ (Conexant Systems, Inc.) C:\WINDOWS\SysWOW64\SASrv.exe
    2016-01-04 01:41 - 2016-01-04 01:41 - 00002168 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudioWizard.lnk
    2016-01-04 01:41 - 2016-01-04 01:41 - 00002156 _____ C:\Users\Public\Desktop\AudioWizard.lnk
    2016-01-04 01:41 - 2014-10-20 14:54 - 00207576 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CxAudMsg64.exe
    2016-01-04 01:41 - 2014-01-27 10:56 - 00006786 _____ C:\WINDOWS\system32\Maxx_Render_EFX_Asus.mps
    2016-01-04 01:41 - 2014-01-27 10:53 - 00002626 _____ C:\WINDOWS\system32\Maxx_Render_MFX_Asus.mps
    2016-01-04 01:41 - 2013-06-07 13:36 - 00171084 _____ C:\WINDOWS\system32\MA4Preset.mps
    2016-01-04 01:40 - 2016-01-04 01:49 - 00000000 ____D C:\ProgramData\Conexant
    2016-01-04 01:40 - 2016-01-04 01:49 - 00000000 ____D C:\Program Files\Intel
    2016-01-04 01:40 - 2016-01-04 01:49 - 00000000 ____D C:\Program Files\CONEXANT
    2016-01-04 01:40 - 2015-08-27 18:20 - 00072704 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
    2016-01-04 01:40 - 2015-08-27 18:20 - 00069120 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
    2016-01-04 01:39 - 2015-10-30 02:17 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
    2016-01-04 01:35 - 2016-01-04 01:57 - 00268360 _____ C:\WINDOWS\system32\FNTCACHE.DAT

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-01-30 21:37 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
    2016-01-30 21:28 - 2014-04-15 15:35 - 00000000 ____D C:\Users\William_2\AppData\Local\Packages
    2016-01-30 19:51 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
    2016-01-30 19:49 - 2014-04-15 15:41 - 00000074 _____ C:\Users\William_2\AppData\Roaming\sp_data.sys
    2016-01-30 19:44 - 2013-12-29 04:30 - 00000000 __RHD C:\Users\Public\AccountPictures
    2016-01-30 19:43 - 2014-02-09 03:19 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2016-01-30 19:13 - 2014-02-09 03:19 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2016-01-30 15:41 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-01-30 12:15 - 2014-02-09 03:20 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-01-30 12:15 - 2014-02-09 03:20 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2016-01-24 18:03 - 2015-10-24 15:35 - 00000000 ____D C:\Program Files (x86)\Steam
    2016-01-24 18:02 - 2014-08-23 20:32 - 00000000 ____D C:\ProgramData\Package Cache
    2016-01-24 12:02 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\Help
    2016-01-24 12:02 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
    2016-01-24 11:52 - 2013-08-24 03:53 - 00000000 ____D C:\Program Files\DIFX
    2016-01-24 11:52 - 2013-04-26 07:43 - 00000000 ____D C:\Program Files (x86)\ASUS
    2016-01-16 13:01 - 2014-02-27 22:57 - 00000000 ____D C:\WINDOWS\system32\MRT
    2016-01-16 12:55 - 2014-02-27 22:57 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2016-01-13 22:00 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
    2016-01-06 22:48 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\appcompat
    2016-01-04 20:08 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
    2016-01-04 19:51 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
    2016-01-04 19:51 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\PrintDialog
    2016-01-04 19:51 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\MiracastView
    2016-01-04 19:50 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2016-01-04 04:27 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
    2016-01-04 04:27 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\Provisioning
    2016-01-04 04:27 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\bcastdvr
    2016-01-04 04:27 - 2015-10-30 01:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
    2016-01-04 04:27 - 2015-10-30 01:28 - 00000000 ____D C:\WINDOWS\system32\Dism
    2016-01-04 02:16 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\rescache
    2016-01-04 02:13 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
    2016-01-04 02:13 - 2015-10-30 02:24 - 00000000 ____D C:\ProgramData\USOPrivate
    2016-01-04 02:12 - 2014-02-28 17:00 - 00034293 _____ C:\WINDOWS\diagwrn.xml
    2016-01-04 02:12 - 2014-02-28 17:00 - 00034293 _____ C:\WINDOWS\diagerr.xml
    2016-01-04 02:08 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\Registration
    2016-01-04 02:07 - 2014-02-28 17:11 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
    2016-01-04 02:07 - 2013-08-22 10:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicyUsers
    2016-01-04 02:01 - 2015-10-30 02:24 - 00000000 __RHD C:\Users\Public\Libraries
    2016-01-04 01:55 - 2015-11-06 10:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
    2016-01-04 01:55 - 2015-10-30 02:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2016-01-04 01:55 - 2015-10-24 15:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
    2016-01-04 01:55 - 2014-10-03 11:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
    2016-01-04 01:55 - 2014-09-16 15:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.3
    2016-01-04 01:55 - 2014-06-02 16:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2016-01-04 01:55 - 2014-02-09 02:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX410 series
    2016-01-04 01:55 - 2013-08-24 03:38 - 00000000 ____D C:\WINDOWS\SysWOW64\Atheros_L1e
    2016-01-04 01:55 - 2013-04-26 07:47 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2016-01-04 01:55 - 2013-04-26 07:44 - 00000000 ____D C:\WINDOWS\fr
    2016-01-04 01:55 - 2013-04-26 07:44 - 00000000 ____D C:\WINDOWS\es
    2016-01-04 01:55 - 2013-04-26 07:44 - 00000000 ____D C:\WINDOWS\en
    2016-01-04 01:55 - 2013-04-26 07:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
    2016-01-04 01:54 - 2013-08-22 08:36 - 00000000 ____D C:\Users\Default.migrated
    2016-01-04 01:52 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
    2016-01-04 01:51 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
    2016-01-04 01:51 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2016-01-04 01:51 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\spool
    2016-01-04 01:51 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\oobe
    2016-01-04 01:51 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\NDF
    2016-01-04 01:51 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\MUI
    2016-01-04 01:51 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\InputMethod
    2016-01-04 01:51 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\IME
    2016-01-04 01:51 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
    2016-01-04 01:51 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
    2016-01-04 01:49 - 2015-10-30 04:02 - 00000000 ____D C:\WINDOWS\DigitalLocker
    2016-01-04 01:49 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
    2016-01-04 01:49 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
    2016-01-04 01:49 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\InputMethod
    2016-01-04 01:49 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\IME
    2016-01-04 01:49 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files\Common Files\System
    2016-01-04 01:49 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
    2016-01-04 01:49 - 2014-02-09 03:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Media Suite
    2016-01-04 01:49 - 2014-02-09 02:59 - 00000000 ___HD C:\WINDOWS\system32\CanonIJ Uninstaller Information
    2016-01-04 01:49 - 2013-08-24 03:44 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
    2016-01-04 01:49 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\MediaViewer
    2016-01-04 01:49 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\ADFS
    2016-01-04 01:49 - 2012-08-01 20:24 - 00000000 ____D C:\ProgramData\PRICache
    2016-01-04 01:44 - 2015-10-30 01:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
    2016-01-04 01:36 - 2015-10-30 04:13 - 00000000 ____D C:\WINDOWS\ServiceProfiles
    2016-01-04 01:02 - 2015-10-30 04:42 - 00000000 ___HD C:\$WINDOWS.~BT
    2016-01-04 01:00 - 2013-08-24 03:51 - 00004268 _____ C:\WINDOWS\SysWOW64\LOCALSERVICE.INI
    2016-01-03 22:45 - 2013-08-24 03:51 - 00000043 _____ C:\WINDOWS\SysWOW64\LOCALDEVICE.INI
    2016-01-02 20:40 - 2015-10-30 02:26 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2016-01-02 20:40 - 2015-10-30 02:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

    ==================== Files in the root of some directories =======

    2014-04-15 15:41 - 2016-01-30 19:49 - 0000074 _____ () C:\Users\William_2\AppData\Roaming\sp_data.sys
    2013-04-26 07:42 - 2012-09-07 06:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
    2013-04-26 07:42 - 2009-07-22 05:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
    2013-04-26 07:42 - 2012-09-07 06:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
    2014-02-09 03:03 - 2014-02-09 03:06 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
    2014-02-09 03:02 - 2014-02-09 03:03 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


    ATTENTION: ==> Could not access BCD. The user is not administrator

    ==================== End of FRST.txt ===========================
     
  6. Robert Beaver

    Robert Beaver TS Rookie Topic Starter Posts: 17

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
    Ran by William_2 (2016-01-30 21:38:31)
    Running from C:\Users\William_2\Downloads
    Windows 10 Home (X64) (2016-01-04 22:12:57)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1987870432-1314437653-830200918-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-1987870432-1314437653-830200918-503 - Limited - Disabled)
    Guest (S-1-5-21-1987870432-1314437653-830200918-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1987870432-1314437653-830200918-1005 - Limited - Enabled)
    William (S-1-5-21-1987870432-1314437653-830200918-1001 - Administrator - Enabled) => C:\Users\beavs_000
    William_2 (S-1-5-21-1987870432-1314437653-830200918-1006 - Limited - Enabled) => C:\Users\William_2

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
    Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.9.145.62246 - Alcor Micro Corp.)
    Alcor Micro USB Card Reader (x32 Version: 3.9.145.62246 - Alcor Micro Corp.) Hidden
    ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
    ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS)
    ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.4 - ASUS)
    ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS)
    ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.5 - ASUS)
    ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0005 - ASUS)
    ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
    ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)
    AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.309 - ASUSTEK)
    ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0028 - ASUS)
    Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Besiege (HKLM-x32\...\Steam App 346010) (Version: - Spiderling Studios)
    Canon MX410 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series) (Version: - )
    Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.4.60 - Conexant)
    Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.6) (Version: 5.0.1.6 - Coupons.com Incorporated)
    CouponBar (HKLM-x32\...\CouponBar5.0.0.4) (Version: 5.0.0.4 - Coupons.com Incorporated) <==== ATTENTION
    Cut the Rope (x32 Version: 3.0.2.38 - WildTangent) Hidden
    CyberLink LabelPrint 2.5 (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5415 - CyberLink Corp.)
    CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.3625 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    DriverUpdate (HKLM-x32\...\{44E388BE-45EC-4DE3-B837-E2BEF5F9FA5C}) (Version: 2.5.4 - Slimware Utilities Holdings, Inc.)
    Elevated Installer (x32 Version: 4.1.10.0 - Garmin Ltd or its subsidiaries) Hidden
    Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
    Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
    Garmin Express (HKLM-x32\...\{b292f4e5-60ca-4bb8-8810-e5f908c3c1ff}) (Version: 4.1.10.0 - Garmin Ltd or its subsidiaries)
    Garmin Express (x32 Version: 4.1.10.0 - Garmin Ltd or its subsidiaries) Hidden
    Garmin Express Tray (x32 Version: 4.1.10.0 - Garmin Ltd or its subsidiaries) Hidden
    Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.97 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
    Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
    Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
    LEGO® Worlds (HKLM-x32\...\Steam App 332310) (Version: - TT Games)
    Lernout & Hauspie TruVoice American English TTS Engine (HKLM-x32\...\tv_enua) (Version: - )
    LibreOffice 4.3.1.2 (HKLM-x32\...\{303C2B0D-03AF-4C25-A443-E62DE8AA36A8}) (Version: 4.3.1.2 - The Document Foundation)
    LogixPro Simulator -- Trial CD Edition (HKLM-x32\...\LogixPro PLC Simulator -- Trial CD Edition_is1) (Version: - )
    Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
    Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS)
    NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.4.18.00 - NETGEAR Inc.)
    Peggle (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
    PLC Technician (HKLM-x32\...\{5C750DE2-B502-4B04-9DE0-66B7EA5C4E37}) (Version: 3.01.0005 - Logic Design)
    Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.16 - Qualcomm Atheros Communications Inc.)
    Ralink Bluetooth Stack64 (HKLM\...\{F790713B-8265-35DA-4820-4ECF0290ADC4}) (Version: 9.0.727.4 - Ralink Corporation)
    Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 1.2.0.41 - Ralink)
    ReadySHARE Vault (HKLM-x32\...\ReadySHARE Vault) (Version: 3.0 - Genie9)
    Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
    SlimCleaner Plus (HKLM\...\{D9EBF625-7464-4700-B27B-145728CE1BEA}) (Version: 2.5.2 - Slimware Utilities Holdings, Inc.)
    Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
    Subnautica (HKLM-x32\...\Steam App 264710) (Version: - Unknown Worlds Entertainment)
    Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.0.0 - WildTangent)
    WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden
    Windows Driver Package - ASUS (ATP) Mouse (06/17/2015 1.0.0.262) (HKLM\...\14588A15B66655338DBCC021FFA81E31DC281859) (Version: 06/17/2015 1.0.0.262 - ASUS)
    Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
    Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
    WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\DriverUpdate Scan.job =>
    Task: C:\WINDOWS\Tasks\DriverUpdate Startup.job =>
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job =>
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job =>

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2016-01-04 04:26 - 2016-01-04 04:26 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2014-06-18 03:46 - 2014-06-18 03:46 - 01358912 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GenieTimelineAgent.exe
    2013-08-29 02:08 - 2013-08-29 02:08 - 00063488 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\XBalloonMsgDll.dll
    2013-08-29 02:08 - 2013-08-29 02:08 - 00087040 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\QueueManager.dll
    2013-08-29 02:08 - 2013-08-29 02:08 - 00209920 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\Settings.dll
    2013-08-29 02:08 - 2013-08-29 02:08 - 00490496 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSIndexDB.dll
    2013-08-01 04:36 - 2013-08-01 04:36 - 00045568 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSLogging.dll
    2013-08-01 04:36 - 2013-08-01 04:36 - 00058368 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSLibrariesManager.dll
    2013-08-29 02:08 - 2013-08-29 02:08 - 00332800 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\OnlineHandler.dll
    2012-02-02 04:16 - 2012-02-02 04:16 - 00740864 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\sqlite3.dll
    2013-08-01 04:36 - 2013-08-01 04:36 - 00089600 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSEncryption.dll
    2013-02-03 06:40 - 2013-02-03 06:40 - 00011264 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\RWLock.dll
    2013-08-01 04:36 - 2013-08-01 04:36 - 00093696 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSCurl.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
    2016-01-30 14:10 - 2013-08-29 02:08 - 00163328 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl
    2016-01-30 14:10 - 2013-08-29 02:08 - 00209920 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\Settings.gtl
    2016-01-30 14:10 - 2013-08-01 04:36 - 00045568 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSLogging.gtl
    2016-01-30 14:10 - 2013-08-01 04:36 - 00089600 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSEncryption.gtl
    2016-01-04 04:26 - 2016-01-04 04:26 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
    2016-01-13 16:54 - 2016-01-04 20:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2016-01-13 16:54 - 2016-01-04 20:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2016-01-13 16:54 - 2016-01-04 20:24 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2016-01-13 16:54 - 2016-01-04 20:26 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1987870432-1314437653-830200918-1006\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    MSCONFIG\startupreg: ASUSPRP => "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
    MSCONFIG\startupreg: ASUSWebStorage => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe /S
    MSCONFIG\startupreg: BtTray => "C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"
    MSCONFIG\startupreg: cAudioFilterAgent => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
    MSCONFIG\startupreg: DisableS3S4 => c:\windows\temp\DisableS3S464\sethigh.cmd
    MSCONFIG\startupreg: HotKeysCmds => "C:\WINDOWS\system32\hkcmd.exe"
    MSCONFIG\startupreg: IgfxTray => "C:\WINDOWS\system32\igfxtray.exe"
    MSCONFIG\startupreg: mcpltui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    MSCONFIG\startupreg: SmartAudio => C:\Program Files\CONEXANT\SAII\SACpl.exe /c /delay:30
    HKLM\...\StartupApproved\Run32: => "CLMLServer"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{8B61DF16-3570-431B-8683-B2A958109DCD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Besiege\Besiege.exe
    FirewallRules: [{BCF5E31F-0B15-4AD6-A3DC-B7123290D1E8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Besiege\Besiege.exe
    FirewallRules: [{5E60EBFD-ECBA-465B-92FA-BFAB055EE4D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Subnautica\Subnautica.exe
    FirewallRules: [{FB50BB31-CB58-4AE4-9B2D-A330E546112C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Subnautica\Subnautica.exe
    FirewallRules: [{E2D153F6-E6D7-44A7-BEBD-B84270EB3C7D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{1B300A60-5D71-4C1B-9EEA-F3EAA7BFC4B8}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{2A2B95F4-C309-4097-BA3A-0D76DECDB1EE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{7A82B8CD-0C31-4D3D-849B-84F7E620FB17}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [UDP Query User{D9E31728-F2F9-460F-B262-34F4A470744F}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Block) C:\program files (x86)\libreoffice 4\program\soffice.bin
    FirewallRules: [TCP Query User{C424DBAA-1FB2-455A-8C6E-A8D98895EB9A}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Block) C:\program files (x86)\libreoffice 4\program\soffice.bin
    FirewallRules: [UDP Query User{90E2334B-7052-4E79-A994-3E266C048839}C:\users\beavs_000\appdata\local\apps\2.0\bkj4lb9q.b0k\9p2x5159.p19\cast..tion_18b0662c5b8109ff_0001.0007_c786eb4b5c855ea6\castleminerz.exe] => (Block) C:\users\beavs_000\appdata\local\apps\2.0\bkj4lb9q.b0k\9p2x5159.p19\cast..tion_18b0662c5b8109ff_0001.0007_c786eb4b5c855ea6\castleminerz.exe
    FirewallRules: [TCP Query User{1E319E0B-66CB-42D7-8AE5-751B068109D8}C:\users\beavs_000\appdata\local\apps\2.0\bkj4lb9q.b0k\9p2x5159.p19\cast..tion_18b0662c5b8109ff_0001.0007_c786eb4b5c855ea6\castleminerz.exe] => (Block) C:\users\beavs_000\appdata\local\apps\2.0\bkj4lb9q.b0k\9p2x5159.p19\cast..tion_18b0662c5b8109ff_0001.0007_c786eb4b5c855ea6\castleminerz.exe
    FirewallRules: [{7DDB678C-AD17-4EE6-8C24-64C1BF85C773}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{DB976C7D-0F91-4268-89D9-93C9888B22BF}] => (Allow) LPort=2869
    FirewallRules: [{9E835905-E224-44C0-A818-B972D817FB78}] => (Allow) LPort=1900
    FirewallRules: [{E6D5A438-3BBD-44DB-BD0C-545AE350CCD5}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
    FirewallRules: [{EC0905EE-F270-4C3F-836F-B46229F1208B}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
    FirewallRules: [{1CCC3160-A725-4E6C-85CD-D8808A1C4B28}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
    FirewallRules: [{E37C575F-1AC4-4461-B6DB-6569C2DC5942}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
    FirewallRules: [{DA8461D5-5CE9-4741-86C6-21DC9652EE62}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
    FirewallRules: [{C2FBB5B2-6EBE-48BD-A2A0-D4B30413DC78}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
    FirewallRules: [{33DFED3E-4E78-42B6-B536-1F370D9306C6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [TCP Query User{8A124ED9-90A0-48CB-9A31-96BFB1B10A5D}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
    FirewallRules: [UDP Query User{367FA02D-886A-4B89-A2D8-8439700D32DB}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe

    ==================== Restore Points =========================

    ATTENTION: System Restore is disabled
    Check "winmgmt" service or repair WMI.


    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/30/2016 09:38:00 PM) (Source: ESENT) (EventID: 447) (User: )
    Description: svchost (1364) SRUJet: A bad page link (error -338) has been detected in a B-Tree (ObjectId: 15, PgnoRoot: 57) of database C:\WINDOWS\system32\SRU\SRUDB.dat (1240 => 1317, svchost0).

    Error: (01/30/2016 09:37:00 PM) (Source: ESENT) (EventID: 447) (User: )
    Description: svchost (1364) SRUJet: A bad page link (error -338) has been detected in a B-Tree (ObjectId: 15, PgnoRoot: 57) of database C:\WINDOWS\system32\SRU\SRUDB.dat (1240 => 1317, svchost0).

    Error: (01/30/2016 09:36:00 PM) (Source: ESENT) (EventID: 447) (User: )
    Description: svchost (1364) SRUJet: A bad page link (error -338) has been detected in a B-Tree (ObjectId: 15, PgnoRoot: 57) of database C:\WINDOWS\system32\SRU\SRUDB.dat (1240 => 1317, svchost0).

    Error: (01/30/2016 09:35:00 PM) (Source: ESENT) (EventID: 447) (User: )
    Description: svchost (1364) SRUJet: A bad page link (error -338) has been detected in a B-Tree (ObjectId: 15, PgnoRoot: 57) of database C:\WINDOWS\system32\SRU\SRUDB.dat (1240 => 1317, svchost0).

    Error: (01/30/2016 09:34:00 PM) (Source: ESENT) (EventID: 447) (User: )
    Description: svchost (1364) SRUJet: A bad page link (error -338) has been detected in a B-Tree (ObjectId: 15, PgnoRoot: 57) of database C:\WINDOWS\system32\SRU\SRUDB.dat (1240 => 1317, svchost0).

    Error: (01/30/2016 09:33:00 PM) (Source: ESENT) (EventID: 447) (User: )
    Description: svchost (1364) SRUJet: A bad page link (error -338) has been detected in a B-Tree (ObjectId: 15, PgnoRoot: 57) of database C:\WINDOWS\system32\SRU\SRUDB.dat (1240 => 1317, svchost0).

    Error: (01/30/2016 09:32:00 PM) (Source: ESENT) (EventID: 447) (User: )
    Description: svchost (1364) SRUJet: A bad page link (error -338) has been detected in a B-Tree (ObjectId: 15, PgnoRoot: 57) of database C:\WINDOWS\system32\SRU\SRUDB.dat (1240 => 1317, svchost0).

    Error: (01/30/2016 09:31:00 PM) (Source: ESENT) (EventID: 447) (User: )
    Description: svchost (1364) SRUJet: A bad page link (error -338) has been detected in a B-Tree (ObjectId: 15, PgnoRoot: 57) of database C:\WINDOWS\system32\SRU\SRUDB.dat (1240 => 1317, svchost0).

    Error: (01/30/2016 09:30:00 PM) (Source: ESENT) (EventID: 447) (User: )
    Description: svchost (1364) SRUJet: A bad page link (error -338) has been detected in a B-Tree (ObjectId: 15, PgnoRoot: 57) of database C:\WINDOWS\system32\SRU\SRUDB.dat (1240 => 1317, svchost0).

    Error: (01/30/2016 09:29:46 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: William)
    Description: HRESULT:0x8004FF6F
    Description:You don’t need to install Microsoft Security Essentials. Your version of Windows includes an updated version of Windows Defender that provides the same level of protection as Microsoft Security Essentials, along with other significant improvements. <a>For more information on the differences and improvements, see online Help</a>. Error code:0x8004FF6F.


    System errors:
    =============
    Error: (01/30/2016 09:16:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{3185A766-B338-11E4-A71E-12E3F512A338}{7006698D-2974-4091-A424-85DD0B909E23}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

    Error: (01/30/2016 09:16:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Genie Timeline Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

    Error: (01/30/2016 07:46:38 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
    Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

    Error: (01/30/2016 07:38:08 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the GenieTimelineService service.

    Error: (01/30/2016 07:37:38 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the GenieTimelineService service.

    Error: (01/30/2016 07:37:08 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the GenieTimelineService service.

    Error: (01/30/2016 07:36:38 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the GenieTimelineService service.

    Error: (01/30/2016 07:36:08 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the GenieTimelineService service.

    Error: (01/30/2016 07:35:38 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the GenieTimelineService service.

    Error: (01/30/2016 07:22:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The User Data Access_7afe12 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.


    CodeIntegrity:
    ===================================
    Date: 2016-01-13 22:05:44.392
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-01-11 07:51:39.111
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-01-06 22:55:50.606
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-01-04 02:02:05.092
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-01-04 01:59:53.871
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-01-04 01:42:19.188
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe because the set of per-page image hashes could not be found on the system.

    Date: 2016-01-04 01:37:24.693
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Celeron(R) CPU 1007U @ 1.50GHz
    Percentage of memory in use: 52%
    Total physical RAM: 3981.86 MB
    Available physical RAM: 1903.65 MB
    Total Virtual: 5389.86 MB
    Available Virtual: 3199.26 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:276.34 GB) (Free:196.79 GB) NTFS ==>[system with boot components (obtained from drive)]

    ==================== MBR & Partition Table ==================

    ==================== End of Addition.txt ============================
     
  7. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    You need to re-run FRST from administrator account:
     
  8. Robert Beaver

    Robert Beaver TS Rookie Topic Starter Posts: 17

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
    Ran by William (administrator) on WILLIAM (30-01-2016 22:03:09)
    Running from C:\Users\beavs_000\Downloads
    Loaded Profiles: William & William_2 (Available Profiles: William & William_2)
    Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
    (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
    (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
    (ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe
    () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    (Intel Corporation) C:\Windows\System32\igfxTray.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
    (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    (Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    (Genie9) C:\Program Files\NETGEAR\ReadySHARE Vault\GenieTimelineService.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
    (SlimWare Utilities, Inc.) C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (SlimWare Utilities, Inc.) C:\Program Files\SlimService\SlimServiceFactory.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    (Intel Corporation) C:\Windows\System32\igfxTray.exe
    () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    (Slimware Utilities Holdings, Inc.) C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    (ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe
    () C:\Program Files\NETGEAR\ReadySHARE Vault\GenieTimeLineAgent.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
    (SlimWare Utilities, Inc.) C:\Program Files\SlimService\SlimService.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
    (ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe
    (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
    (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
    (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
    (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
    (Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    (Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [111120 2012-05-25] (CyberLink)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
    HKU\S-1-5-21-1987870432-1314437653-830200918-1001\...\Run: [Power2GoExpress] => 0
    HKU\S-1-5-21-1987870432-1314437653-830200918-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2015-10-29] (Garmin Ltd. or its subsidiaries)
    HKU\S-1-5-21-1987870432-1314437653-830200918-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3013712 2015-12-14] (Valve Corporation)
    HKU\S-1-5-21-1987870432-1314437653-830200918-1001\...\Run: [GoogleChromeAutoLaunch_139963DF28A221890B85EF537AAC43DC] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [748872 2016-01-27] (Google Inc.)
    HKU\S-1-5-21-1987870432-1314437653-830200918-1001\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [603392 2015-08-26] (NETGEAR Inc.)
    HKU\S-1-5-21-1987870432-1314437653-830200918-1001\...\Run: [SlimCleaner Plus] => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe [26186944 2016-01-20] (Slimware Utilities Holdings, Inc.)
    HKU\S-1-5-21-1987870432-1314437653-830200918-1001\...\RunOnce: [Uninstall C:\Users\beavs_000\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\beavs_000\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
    HKU\S-1-5-21-1987870432-1314437653-830200918-1001\...\MountPoints2: {25504de8-ba6b-11e5-beb9-0c84dc9cb160} - "D:\setup.exe"
    ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\beavs_000\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2016-01-04] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\beavs_000\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2016-01-04] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\beavs_000\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2016-01-04] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
    ShellIconOverlayIdentifiers: [0GenieTimeLine-BackedUp] -> {88A8B1ED-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2013-08-29] ()
    ShellIconOverlayIdentifiers: [0GenieTimeLine-Excluded] -> {B77E8651-93B1-40CD-8ECF-6F33DAC805A0} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2013-08-29] ()
    ShellIconOverlayIdentifiers: [0GenieTimeLine-Folder] -> {CEAF16CE-C11C-4081-BE29-DDE7F45A59DB} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2013-08-29] ()
    ShellIconOverlayIdentifiers: [0GenieTimeLine-NotBackedUp] -> {88A8B1EE-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2013-08-29] ()
    ShellIconOverlayIdentifiers: [0GenieTimeLine-Pending ] -> {88A8B1EF-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2013-08-29] ()
    ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\beavs_000\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2016-01-04] (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\beavs_000\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2016-01-04] (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\beavs_000\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2016-01-04] (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-BackedUp] -> {88A8B1ED-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\x86\GSTimelineIconOverlay.gtl [2013-08-29] ()
    ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-Excluded] -> {B77E8651-93B1-40CD-8ECF-6F33DAC805A0} => C:\Program Files\NETGEAR\ReadySHARE Vault\x86\GSTimelineIconOverlay.gtl [2013-08-29] ()
    ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-Folder] -> {CEAF16CE-C11C-4081-BE29-DDE7F45A59DB} => C:\Program Files\NETGEAR\ReadySHARE Vault\x86\GSTimelineIconOverlay.gtl [2013-08-29] ()
    ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-NotBackedUp] -> {88A8B1EE-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\x86\GSTimelineIconOverlay.gtl [2013-08-29] ()
    ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-Pending ] -> {88A8B1EF-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\x86\GSTimelineIconOverlay.gtl [2013-08-29] ()
    GroupPolicyUsers\S-1-5-21-1987870432-1314437653-830200918-1006\User: Restriction <======= ATTENTION
    GroupPolicyUsers\S-1-5-21-1987870432-1314437653-830200918-1001\User: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{0e861b0f-33f8-4c63-aa95-e6216852069a}: [DhcpNameServer] 75.75.75.75 75.75.76.76
    Tcpip\..\Interfaces\{9bd6d357-5b30-496c-8dd6-cf2e477d9b09}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-1987870432-1314437653-830200918-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.coupons.com/
    HKU\S-1-5-21-1987870432-1314437653-830200918-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
    HKU\S-1-5-21-1987870432-1314437653-830200918-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com
    HKU\S-1-5-21-1987870432-1314437653-830200918-1006\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
    SearchScopes: HKU\S-1-5-21-1987870432-1314437653-830200918-1001 -> {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = hxxp://search.coupons.com/search.asp?p=df&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1987870432-1314437653-830200918-1006 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1987870432-1314437653-830200918-1006 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-10] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-10] (Oracle Corporation)
    BHO-x32: TBSB07898 Class -> {FCBCCB87-9224-4B8D-B117-F56D924BEB18} -> C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll [2013-07-15] ()
    Toolbar: HKLM-x32 - Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll [2013-07-15] ()
    Toolbar: HKU\S-1-5-21-1987870432-1314437653-830200918-1001 -> No Name - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - No File
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll [2012-10-23] (Skype Technologies)

    FireFox:
    ========
    FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
    FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-10] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-10] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
    FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found

    Chrome:
    =======
    CHR Profile: C:\Users\beavs_000\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\beavs_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-10]
    CHR Extension: (Google Drive) - C:\Users\beavs_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
    CHR Extension: (YouTube) - C:\Users\beavs_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-14]
    CHR Extension: (Google Search) - C:\Users\beavs_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
    CHR Extension: (Google Docs Offline) - C:\Users\beavs_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
    CHR Extension: (My Scrap Nook) - C:\Users\beavs_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf [2015-02-15]
    CHR Extension: (Pin It Button) - C:\Users\beavs_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-10-14]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\beavs_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-31]
    CHR Extension: (Gmail) - C:\Users\beavs_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-06-19] (ASUS)
    R3 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed]
    R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [1414128 2015-05-18] (Coupons.com Inc.)
    S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [777744 2015-10-29] (Garmin Ltd. or its subsidiaries)
    R2 GenieTimelineService; C:\Program Files\NETGEAR\ReadySHARE Vault\GenieTimelineService.exe [673856 2014-06-18] (Genie9)
    R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
    R3 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
    R3 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
    S3 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2015-08-26] (NETGEAR)
    R2 SlimService; C:\Program Files\SlimService\SlimServiceFactory.exe [252096 2016-01-20] (SlimWare Utilities, Inc.)
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [100776 2015-08-23] (ASUS Corporation)
    R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
    S3 libusb0; C:\Windows\system32\DRIVERS\libusb0.sys [44480 2011-05-17] (hxxp://libusb-win32.sourceforge.net)
    R3 netr28x; C:\Windows\system32\DRIVERS\netr28x.sys [2554528 2015-06-12] (MediaTek Inc.)
    R2 NPF; C:\WINDOWS\system32\drivers\npf.sys [35344 2016-01-30] (CACE Technologies, Inc.)
    R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1219200 2015-06-03] (Ralink Technology, Corp.)
    S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [13920 2016-01-30] ()
    S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
    R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
    R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-01-30 22:03 - 2016-01-30 22:03 - 00020514 _____ C:\Users\beavs_000\Downloads\FRST.txt
    2016-01-30 22:02 - 2016-01-30 22:02 - 02370560 _____ (Farbar) C:\Users\beavs_000\Downloads\FRST64.exe
    2016-01-30 21:54 - 2016-01-30 21:54 - 00000370 _____ C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - William).job
    2016-01-30 21:54 - 2016-01-30 21:54 - 00000000 ___HD C:\OneDriveTemp
    2016-01-30 21:38 - 2016-01-30 21:38 - 00028729 _____ C:\Users\William_2\Downloads\Addition.txt
    2016-01-30 21:36 - 2016-01-30 22:03 - 00000000 ____D C:\FRST
    2016-01-30 21:36 - 2016-01-30 21:39 - 00103198 _____ C:\Users\William_2\Downloads\FRST.txt
    2016-01-30 21:35 - 2016-01-30 21:35 - 02370560 _____ (Farbar) C:\Users\William_2\Downloads\FRST64 (1).exe
    2016-01-30 21:31 - 2016-01-30 21:36 - 02370560 _____ (Farbar) C:\Users\William_2\Downloads\FRST64.exe
    2016-01-30 21:29 - 2016-01-30 21:29 - 00002259 _____ C:\WINDOWS\epplauncher.mif
    2016-01-30 21:23 - 2016-01-30 21:54 - 00000000 ____D C:\Users\beavs_000\AppData\Local\SlimWare Utilities Inc
    2016-01-30 21:23 - 2016-01-30 21:23 - 00013920 _____ C:\WINDOWS\system32\Drivers\SWDUMon.sys
    2016-01-30 21:23 - 2016-01-30 21:23 - 00002501 _____ C:\Users\Public\Desktop\DriverUpdate.lnk
    2016-01-30 21:23 - 2016-01-30 21:23 - 00002481 _____ C:\Users\Public\Desktop\SlimCleaner Plus.lnk
    2016-01-30 21:23 - 2016-01-30 21:23 - 00000492 _____ C:\WINDOWS\Tasks\DriverUpdate Scan.job
    2016-01-30 21:23 - 2016-01-30 21:23 - 00000438 _____ C:\WINDOWS\Tasks\DriverUpdate Startup.job
    2016-01-30 21:23 - 2016-01-30 21:23 - 00000000 ____D C:\Users\beavs_000\AppData\Local\Downloaded Installers
    2016-01-30 21:23 - 2016-01-30 21:23 - 00000000 ____D C:\ProgramData\SlimWare Utilities Inc
    2016-01-30 21:23 - 2016-01-30 21:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimCleaner Plus
    2016-01-30 21:23 - 2016-01-30 21:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate
    2016-01-30 21:23 - 2016-01-30 21:23 - 00000000 ____D C:\Program Files\SlimService
    2016-01-30 21:23 - 2016-01-30 21:23 - 00000000 ____D C:\Program Files\SlimCleaner Plus
    2016-01-30 21:23 - 2016-01-30 21:23 - 00000000 ____D C:\Program Files (x86)\DriverUpdate
    2016-01-30 21:22 - 2016-01-30 21:22 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers
    2016-01-30 21:21 - 2016-01-30 21:28 - 14243008 _____ (Microsoft Corporation) C:\Users\William_2\Downloads\mseinstall64.exe
    2016-01-30 21:21 - 2016-01-30 21:21 - 00961736 _____ (Slimware Utilities, Inc.) C:\Users\William_2\Downloads\DriverUpdate-setup.exe
    2016-01-30 21:16 - 2016-01-30 21:16 - 00000000 ____D C:\Users\William_2\AppData\Local\NetworkTiles
    2016-01-30 19:46 - 2016-01-30 19:47 - 00002416 _____ C:\Users\William_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2016-01-30 19:46 - 2016-01-30 19:47 - 00000000 ___RD C:\Users\William_2\OneDrive
    2016-01-30 19:45 - 2016-01-30 19:45 - 00000000 ____D C:\Users\William_2\AppData\Local\Publishers
    2016-01-30 19:45 - 2016-01-30 19:45 - 00000000 ____D C:\Users\William_2\AppData\Local\ActiveSync
    2016-01-30 19:44 - 2016-01-30 19:44 - 00000000 ____D C:\Users\William_2\AppData\Local\Comms
    2016-01-30 19:43 - 2016-01-30 19:43 - 00000616 __RSH C:\Users\William_2\ntuser.pol
    2016-01-30 19:43 - 2016-01-30 19:43 - 00000020 ___SH C:\Users\William_2\ntuser.ini
    2016-01-30 19:43 - 2016-01-30 19:43 - 00000000 __SHD C:\Users\William_2\IntelGraphicsProfiles
    2016-01-30 19:43 - 2016-01-30 19:43 - 00000000 ____D C:\Users\William_2\AppData\Roaming\Genie9
    2016-01-30 19:43 - 2016-01-30 19:43 - 00000000 ____D C:\Users\William_2\AppData\Local\TileDataLayer
    2016-01-30 19:22 - 2016-01-30 19:22 - 00000000 ____D C:\Users\Default\AppData\Roaming\Genie9
    2016-01-30 19:22 - 2016-01-30 19:22 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Genie9
    2016-01-30 18:46 - 2016-01-30 18:48 - 00000000 ____D C:\Users\beavs_000\AppData\Local\MicrosoftEdge
    2016-01-30 14:54 - 2016-01-30 16:36 - 00000000 ____D C:\Users\beavs_000\AppData\Local\NETGEARGenie
    2016-01-30 14:10 - 2016-01-30 14:10 - 00000000 ___RD C:\Users\beavs_000\Desktop\No-Backup Zone
    2016-01-30 14:10 - 2016-01-30 14:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR
    2016-01-30 14:09 - 2016-01-30 14:09 - 00000000 ____D C:\Users\beavs_000\AppData\Roaming\Genie9
    2016-01-30 14:09 - 2016-01-30 14:09 - 00000000 ____D C:\Program Files\NETGEAR
    2016-01-30 14:08 - 2016-01-30 14:08 - 00369168 _____ (CACE Technologies, Inc.) C:\WINDOWS\system32\wpcap.dll
    2016-01-30 14:08 - 2016-01-30 14:08 - 00281104 _____ (CACE Technologies, Inc.) C:\WINDOWS\SysWOW64\wpcap.dll
    2016-01-30 14:08 - 2016-01-30 14:08 - 00106000 _____ (CACE Technologies, Inc.) C:\WINDOWS\system32\packet.dll
    2016-01-30 14:08 - 2016-01-30 14:08 - 00096784 _____ (CACE Technologies, Inc.) C:\WINDOWS\SysWOW64\packet.dll
    2016-01-30 14:08 - 2016-01-30 14:08 - 00035344 _____ (CACE Technologies, Inc.) C:\WINDOWS\system32\Drivers\npf.sys
    2016-01-30 14:08 - 2016-01-30 14:08 - 00002137 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR Genie.lnk
    2016-01-30 14:08 - 2016-01-30 14:08 - 00002125 _____ C:\Users\Public\Desktop\NETGEAR Genie.lnk
    2016-01-30 14:07 - 2016-01-30 14:08 - 00000000 ____D C:\Program Files (x86)\NETGEAR Genie
    2016-01-30 14:03 - 2016-01-30 14:08 - 20750360 _____ (NETGEAR) C:\Users\beavs_000\Downloads\ReadySHAREVault-install.exe
    2016-01-30 14:03 - 2016-01-30 14:05 - 42794200 _____ (NETGEAR Inc.) C:\Users\beavs_000\Downloads\NETGEARGenie-install.exe
    2016-01-30 13:32 - 2016-01-30 13:32 - 00105553 _____ C:\Users\beavs_000\Documents\XFINITY Chat.pdf
    2016-01-24 18:03 - 2016-01-24 18:03 - 00000000 ____D C:\Users\beavs_000\AppData\Roaming\Warner Bros. Interactive Entertainment
    2016-01-24 18:03 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_7.dll
    2016-01-24 18:03 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll
    2016-01-24 18:03 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll
    2016-01-24 18:03 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll
    2016-01-24 18:03 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll
    2016-01-24 18:03 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_43.dll
    2016-01-24 18:03 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll
    2016-01-24 18:03 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll
    2016-01-24 18:03 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_6.dll
    2016-01-24 18:03 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_6.dll
    2016-01-24 18:03 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_6.dll
    2016-01-24 18:03 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_6.dll
    2016-01-24 18:03 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_4.dll
    2016-01-24 18:03 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_4.dll
    2016-01-24 18:03 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll
    2016-01-24 18:03 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_7.dll
    2016-01-24 18:03 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_5.dll
    2016-01-24 18:03 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_5.dll
    2016-01-24 18:03 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_5.dll
    2016-01-24 18:03 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_5.dll
    2016-01-24 18:03 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_3.dll
    2016-01-24 18:03 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_3.dll
    2016-01-24 18:03 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_42.dll
    2016-01-24 18:03 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_42.dll
    2016-01-24 18:03 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_42.dll
    2016-01-24 18:03 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_42.dll
    2016-01-24 18:03 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_42.dll
    2016-01-24 18:03 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_42.dll
    2016-01-24 18:03 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_42.dll
    2016-01-24 18:03 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_42.dll
    2016-01-24 18:03 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_4.dll
    2016-01-24 18:03 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_4.dll
    2016-01-24 18:03 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_4.dll
    2016-01-24 18:03 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_4.dll
    2016-01-24 18:03 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_6.dll
    2016-01-24 18:03 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_6.dll
    2016-01-24 18:03 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_41.dll
    2016-01-24 18:03 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_41.dll
    2016-01-24 18:03 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_41.dll
    2016-01-24 18:03 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_41.dll
    2016-01-24 18:03 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_3.dll
    2016-01-24 18:03 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_3.dll
    2016-01-24 18:03 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_3.dll
    2016-01-24 18:03 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_3.dll
    2016-01-24 18:03 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_2.dll
    2016-01-24 18:03 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_2.dll
    2016-01-24 18:03 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_5.dll
    2016-01-24 18:03 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_5.dll
    2016-01-24 18:03 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_40.dll
    2016-01-24 18:03 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_40.dll
    2016-01-24 18:03 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_40.dll
    2016-01-24 18:03 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_40.dll
    2016-01-24 18:03 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_40.dll
    2016-01-24 18:03 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_40.dll
    2016-01-24 18:03 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_2.dll
    2016-01-24 18:03 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_2.dll
    2016-01-24 18:03 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_1.dll
    2016-01-24 18:03 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll
    2016-01-24 18:03 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_2.dll
    2016-01-24 18:03 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll
    2016-01-24 18:03 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
    2016-01-24 18:03 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_39.dll
    2016-01-24 18:03 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
    2016-01-24 18:03 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll
    2016-01-24 18:03 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
    2016-01-24 18:03 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll
    2016-01-24 18:03 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_1.dll
    2016-01-24 18:03 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_1.dll
    2016-01-24 18:03 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_1.dll
    2016-01-24 18:03 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_1.dll
    2016-01-24 18:03 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_0.dll
    2016-01-24 18:03 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_0.dll
    2016-01-24 18:03 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_4.dll
    2016-01-24 18:03 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_4.dll
    2016-01-24 18:03 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_38.dll
    2016-01-24 18:03 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_38.dll
    2016-01-24 18:03 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_38.dll
    2016-01-24 18:03 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_38.dll
    2016-01-24 18:03 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_38.dll
    2016-01-24 18:03 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_38.dll
    2016-01-24 18:03 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_0.dll
    2016-01-24 18:03 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_0.dll
    2016-01-24 18:03 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_0.dll
    2016-01-24 18:03 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_0.dll
    2016-01-24 18:03 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_3.dll
    2016-01-24 18:03 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_3.dll
    2016-01-24 18:02 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_37.dll
    2016-01-24 18:02 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_37.dll
    2016-01-24 18:02 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_37.dll
    2016-01-24 18:02 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_37.dll
    2016-01-24 18:02 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_10.dll
    2016-01-24 18:02 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_10.dll
    2016-01-24 18:02 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_2.dll
    2016-01-24 18:02 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_2.dll
    2016-01-24 18:02 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_36.dll
    2016-01-24 18:02 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_36.dll
    2016-01-24 18:02 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_36.dll
    2016-01-24 18:02 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_36.dll
    2016-01-24 18:02 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_36.dll
    2016-01-24 18:02 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_36.dll
    2016-01-24 18:02 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_9.dll
    2016-01-24 18:02 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_9.dll
    2016-01-24 18:02 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_35.dll
    2016-01-24 18:02 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_35.dll
    2016-01-24 18:02 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_35.dll
    2016-01-24 18:02 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_35.dll
    2016-01-24 18:02 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_35.dll
    2016-01-24 18:02 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_35.dll
    2016-01-24 18:02 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_8.dll
    2016-01-24 18:02 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_8.dll
    2016-01-24 18:02 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_34.dll
    2016-01-24 18:02 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_34.dll
    2016-01-24 18:02 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_34.dll
    2016-01-24 18:02 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_34.dll
    2016-01-24 18:02 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_34.dll
    2016-01-24 18:02 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_34.dll
    2016-01-24 18:02 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_7.dll
    2016-01-24 18:02 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_7.dll
    2016-01-24 18:02 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_3.dll
    2016-01-24 18:02 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_3.dll
    2016-01-24 18:02 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_33.dll
    2016-01-24 18:02 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_33.dll
    2016-01-24 18:02 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_33.dll
    2016-01-24 18:02 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_33.dll
    2016-01-24 18:02 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_33.dll
    2016-01-24 18:02 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_33.dll
    2016-01-24 18:02 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_1.dll
    2016-01-24 18:02 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_1.dll
    2016-01-24 18:02 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_6.dll
    2016-01-24 18:02 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_6.dll
    2016-01-24 18:02 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_5.dll
    2016-01-24 18:02 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_5.dll
    2016-01-24 18:02 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10.dll
    2016-01-24 18:02 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10.dll
    2016-01-24 18:02 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_31.dll
    2016-01-24 18:02 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_31.dll
    2016-01-24 18:02 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_4.dll
    2016-01-24 18:02 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_4.dll
    2016-01-24 18:02 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_2.dll
    2016-01-24 18:02 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_3.dll
    2016-01-24 18:02 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_3.dll
    2016-01-24 18:02 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_2.dll
    2016-01-24 18:02 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_2.dll
    2016-01-24 18:02 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_2.dll
    2016-01-24 18:02 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_30.dll
    2016-01-24 18:02 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_30.dll
    2016-01-24 18:02 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_1.dll
    2016-01-24 18:02 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_1.dll
    2016-01-24 18:02 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_1.dll
    2016-01-24 18:02 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_1.dll
    2016-01-24 18:02 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_29.dll
    2016-01-24 18:02 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_29.dll
    2016-01-24 18:02 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_0.dll
    2016-01-24 18:02 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_0.dll
    2016-01-24 18:02 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_0.dll
    2016-01-24 18:02 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_0.dll
    2016-01-24 18:02 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_28.dll
    2016-01-24 18:02 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_28.dll
    2016-01-24 18:02 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_27.dll
    2016-01-24 18:02 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_27.dll
    2016-01-24 18:02 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_26.dll
    2016-01-24 18:02 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_26.dll
    2016-01-24 18:02 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_25.dll
    2016-01-24 18:02 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_25.dll
    2016-01-24 18:02 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_24.dll
    2016-01-24 18:02 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_24.dll
    2016-01-24 12:02 - 2016-01-24 12:02 - 00001161 _____ C:\Users\Public\Desktop\LogixPro.lnk
    2016-01-24 12:02 - 2016-01-24 12:02 - 00000612 _____ C:\Users\beavs_000\Desktop\PLC Technician.lnk
    2016-01-24 12:02 - 2016-01-24 12:02 - 00000612 _____ C:\Users\beavs_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PLC Technician.lnk
     
  9. Robert Beaver

    Robert Beaver TS Rookie Topic Starter Posts: 17

    2016-01-24 12:02 - 2016-01-24 12:02 - 00000000 ____D C:\WINDOWS\msagent
    2016-01-24 12:02 - 2016-01-24 12:02 - 00000000 ____D C:\WINDOWS\lhsp
    2016-01-24 12:02 - 2016-01-24 12:02 - 00000000 ____D C:\Users\beavs_000\AppData\Roaming\PLCTech
    2016-01-24 12:02 - 2016-01-24 12:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TheLearningPit
    2016-01-24 12:01 - 2016-01-24 12:01 - 00000000 ____D C:\Program Files (x86)\TheLearningPit
    2016-01-24 11:56 - 2016-01-30 21:57 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
    2016-01-24 11:55 - 2016-01-24 11:55 - 00000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    2016-01-24 11:52 - 2016-01-30 21:57 - 00002922 _____ C:\WINDOWS\System32\Tasks\ASUS Smart Gesture Launcher
    2016-01-13 19:04 - 2016-01-13 19:04 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
    2016-01-13 16:54 - 2016-01-04 21:51 - 07477600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2016-01-13 16:54 - 2016-01-04 21:50 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
    2016-01-13 16:54 - 2016-01-04 21:50 - 00671472 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
    2016-01-13 16:54 - 2016-01-04 21:49 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
    2016-01-13 16:54 - 2016-01-04 21:48 - 00499432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
    2016-01-13 16:54 - 2016-01-04 21:45 - 02587696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
    2016-01-13 16:54 - 2016-01-04 21:42 - 02026736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
    2016-01-13 16:54 - 2016-01-04 21:37 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2016-01-13 16:54 - 2016-01-04 21:37 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
    2016-01-13 16:54 - 2016-01-04 21:37 - 00858952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
    2016-01-13 16:54 - 2016-01-04 21:37 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
    2016-01-13 16:54 - 2016-01-04 21:37 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
    2016-01-13 16:54 - 2016-01-04 21:37 - 00245840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
    2016-01-13 16:54 - 2016-01-04 21:37 - 00234504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
    2016-01-13 16:54 - 2016-01-04 21:36 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
    2016-01-13 16:54 - 2016-01-04 21:33 - 02180128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2016-01-13 16:54 - 2016-01-04 21:33 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
    2016-01-13 16:54 - 2016-01-04 21:33 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
    2016-01-13 16:54 - 2016-01-04 21:33 - 00701384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
    2016-01-13 16:54 - 2016-01-04 21:33 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
    2016-01-13 16:54 - 2016-01-04 21:33 - 00208176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
    2016-01-13 16:54 - 2016-01-04 21:33 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
    2016-01-13 16:54 - 2016-01-04 21:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
    2016-01-13 16:54 - 2016-01-04 21:27 - 01594408 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
    2016-01-13 16:54 - 2016-01-04 21:24 - 00796352 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
    2016-01-13 16:54 - 2016-01-04 21:23 - 01309376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
    2016-01-13 16:54 - 2016-01-04 21:23 - 00786696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
    2016-01-13 16:54 - 2016-01-04 21:21 - 01371792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
    2016-01-13 16:54 - 2016-01-04 21:17 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
    2016-01-13 16:54 - 2016-01-04 20:59 - 22393856 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2016-01-13 16:54 - 2016-01-04 20:57 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2016-01-13 16:54 - 2016-01-04 20:54 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
    2016-01-13 16:54 - 2016-01-04 20:50 - 00644096 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
    2016-01-13 16:54 - 2016-01-04 20:50 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
    2016-01-13 16:54 - 2016-01-04 20:49 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2016-01-13 16:54 - 2016-01-04 20:49 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
    2016-01-13 16:54 - 2016-01-04 20:48 - 01009152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
    2016-01-13 16:54 - 2016-01-04 20:48 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
    2016-01-13 16:54 - 2016-01-04 20:47 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
    2016-01-13 16:54 - 2016-01-04 20:47 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
    2016-01-13 16:54 - 2016-01-04 20:45 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
    2016-01-13 16:54 - 2016-01-04 20:43 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
    2016-01-13 16:54 - 2016-01-04 20:43 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
    2016-01-13 16:54 - 2016-01-04 20:41 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2016-01-13 16:54 - 2016-01-04 20:40 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
    2016-01-13 16:54 - 2016-01-04 20:39 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
    2016-01-13 16:54 - 2016-01-04 20:39 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
    2016-01-13 16:54 - 2016-01-04 20:39 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
    2016-01-13 16:54 - 2016-01-04 20:38 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
    2016-01-13 16:54 - 2016-01-04 20:33 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
    2016-01-13 16:54 - 2016-01-04 20:30 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
    2016-01-13 16:54 - 2016-01-04 20:30 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2016-01-13 16:54 - 2016-01-04 20:29 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2016-01-13 16:54 - 2016-01-04 20:28 - 07826432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2016-01-13 16:54 - 2016-01-04 20:28 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2016-01-13 16:54 - 2016-01-04 20:28 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
    2016-01-13 16:54 - 2016-01-04 20:25 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2016-01-13 16:53 - 2016-01-04 21:51 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2016-01-13 16:53 - 2016-01-04 21:51 - 01141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2016-01-13 16:53 - 2016-01-04 21:50 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2016-01-13 16:53 - 2016-01-04 21:23 - 00119320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
    2016-01-13 16:53 - 2016-01-04 21:16 - 00100160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
    2016-01-13 16:53 - 2016-01-04 20:57 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMSRoamingSecurity.dll
    2016-01-13 16:53 - 2016-01-04 20:57 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll
    2016-01-13 16:53 - 2016-01-04 20:56 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
    2016-01-13 16:53 - 2016-01-04 20:54 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthLEEnum.sys
    2016-01-13 16:53 - 2016-01-04 20:53 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
    2016-01-13 16:53 - 2016-01-04 20:52 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
    2016-01-13 16:53 - 2016-01-04 20:51 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
    2016-01-13 16:53 - 2016-01-04 20:51 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
    2016-01-13 16:53 - 2016-01-04 20:50 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
    2016-01-13 16:53 - 2016-01-04 20:49 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
    2016-01-13 16:53 - 2016-01-04 20:49 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
    2016-01-13 16:53 - 2016-01-04 20:49 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2016-01-13 16:53 - 2016-01-04 20:49 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityCommon.dll
    2016-01-13 16:53 - 2016-01-04 20:48 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll
    2016-01-13 16:53 - 2016-01-04 20:47 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
    2016-01-13 16:53 - 2016-01-04 20:45 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
    2016-01-13 16:53 - 2016-01-04 20:44 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
    2016-01-13 16:53 - 2016-01-04 20:43 - 00953856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
    2016-01-13 16:53 - 2016-01-04 20:43 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2016-01-13 16:53 - 2016-01-04 20:42 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
    2016-01-13 16:53 - 2016-01-04 20:41 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
    2016-01-13 16:53 - 2016-01-04 20:41 - 00558592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
    2016-01-13 16:53 - 2016-01-04 20:40 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ProximityCommon.dll
    2016-01-13 16:53 - 2016-01-04 20:39 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
    2016-01-13 16:53 - 2016-01-04 20:36 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
    2016-01-13 16:53 - 2016-01-04 20:36 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2016-01-04 20:32 - 2016-01-04 20:32 - 00000000 ____D C:\Users\beavs_000\AppData\Local\NetworkTiles
    2016-01-04 20:03 - 2016-01-24 11:51 - 00000000 ____D C:\ProgramData\SetupTPDriver
    2016-01-04 19:59 - 2016-01-04 20:00 - 00002416 _____ C:\Users\beavs_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2016-01-04 19:59 - 2016-01-04 20:00 - 00000000 ___RD C:\Users\beavs_000\OneDrive
    2016-01-04 19:54 - 2016-01-04 19:54 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
    2016-01-04 19:52 - 2016-01-04 19:52 - 00000000 ____D C:\Users\beavs_000\AppData\Local\ActiveSync
    2016-01-04 19:51 - 2016-01-04 19:51 - 00000000 ____D C:\Users\beavs_000\AppData\Local\Publishers
    2016-01-04 19:50 - 2016-01-14 18:10 - 00000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
    2016-01-04 19:50 - 2016-01-04 19:50 - 00000000 ____D C:\Users\beavs_000\AppData\Local\Comms
    2016-01-04 19:49 - 2016-01-04 19:49 - 00000612 __RSH C:\Users\beavs_000\ntuser.pol
    2016-01-04 19:49 - 2016-01-04 19:49 - 00000020 ___SH C:\Users\beavs_000\ntuser.ini
    2016-01-04 19:49 - 2016-01-04 19:49 - 00000000 ____D C:\Users\beavs_000\AppData\Local\TileDataLayer
    2016-01-04 04:34 - 2016-01-04 17:15 - 00000000 ___DC C:\WINDOWS\Panther
    2016-01-04 04:28 - 2016-01-04 04:28 - 00000000 ____D C:\Windows.old
    2016-01-04 04:26 - 2016-01-04 04:26 - 24601600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 22572632 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 21125408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 19339264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 13381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 03993600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2016-01-04 04:26 - 2016-01-04 04:26 - 03355136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 02843136 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 02772584 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
    2016-01-04 04:26 - 2016-01-04 04:26 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
    2016-01-04 04:26 - 2016-01-04 04:26 - 02680320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 02653816 _____ C:\WINDOWS\system32\CoreUIComponents.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 02647552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 02598400 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 02185840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 02155008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 02152800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
    2016-01-04 04:26 - 2016-01-04 04:26 - 02126848 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2016-01-04 04:26 - 2016-01-04 04:26 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 02049024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2016-01-04 04:26 - 2016-01-04 04:26 - 02001408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01995776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01860096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01859448 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01817160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01814528 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01648640 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01540768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01505280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2016-01-04 04:26 - 2016-01-04 04:26 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01281376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01223168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01155944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01092456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01065080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01042432 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01035776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 01020096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00983464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00973664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00969728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00931328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
    2016-01-04 04:26 - 2016-01-04 04:26 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00911648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00900608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00898184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00884256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00871936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
    2016-01-04 04:26 - 2016-01-04 04:26 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00823264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00803840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00791552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00716928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00698208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00683008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00675064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
    2016-01-04 04:26 - 2016-01-04 04:26 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00618496 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2016-01-04 04:26 - 2016-01-04 04:26 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00586208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00586080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00578912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
    2016-01-04 04:26 - 2016-01-04 04:26 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
    2016-01-04 04:26 - 2016-01-04 04:26 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00526856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00523616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
    2016-01-04 04:26 - 2016-01-04 04:26 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
    2016-01-04 04:26 - 2016-01-04 04:26 - 00516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00515584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00511320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00462760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00454056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00450904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00440160 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
    2016-01-04 04:26 - 2016-01-04 04:26 - 00431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
    2016-01-04 04:26 - 2016-01-04 04:26 - 00412512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
    2016-01-04 04:26 - 2016-01-04 04:26 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00408128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00405048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
    2016-01-04 04:26 - 2016-01-04 04:26 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
    2016-01-04 04:26 - 2016-01-04 04:26 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
    2016-01-04 04:26 - 2016-01-04 04:26 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00337840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
    2016-01-04 04:26 - 2016-01-04 04:26 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00292352 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00289248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00264544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00264192 _____ (Nokia) C:\WINDOWS\system32\NmaDirect.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2016-01-04 04:26 - 2016-01-04 04:26 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00205824 _____ (Nokia) C:\WINDOWS\SysWOW64\NmaDirect.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-AppModelExecEvents.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
    2016-01-04 04:26 - 2016-01-04 04:26 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
    2016-01-04 04:26 - 2016-01-04 04:26 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
    2016-01-04 04:26 - 2016-01-04 04:26 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
    2016-01-04 04:26 - 2016-01-04 04:26 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
    2016-01-04 04:26 - 2016-01-04 04:26 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ETWCoreUIComponentsResources.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00138240 _____ (Microsoft Corporation)
     
  10. Robert Beaver

    Robert Beaver TS Rookie Topic Starter Posts: 17

    C:\WINDOWS\system32\ETWCoreUIComponentsResources.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
    2016-01-04 04:26 - 2016-01-04 04:26 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys
    2016-01-04 04:26 - 2016-01-04 04:26 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
    2016-01-04 04:26 - 2016-01-04 04:26 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MapControls.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00110032 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
    2016-01-04 04:26 - 2016-01-04 04:26 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00088392 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00080600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwapi.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.XboxLive.ProxyStub.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssign32.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00073360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManagerProxy.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ihvrilproxy.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00063528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wwapi.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssign32.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosResource.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosResource.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
    2016-01-04 04:26 - 2016-01-04 04:26 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\rilproxy.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wwanpref.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00051680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsUtilsV2.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsplib.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.proxy.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
    2016-01-04 04:26 - 2016-01-04 04:26 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\BackgroundTransferHost.exe
    2016-01-04 04:26 - 2016-01-04 04:26 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCoreRes.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCoreRes.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00035680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wimmount.sys
    2016-01-04 04:26 - 2016-01-04 04:26 - 00035656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
    2016-01-04 04:26 - 2016-01-04 04:26 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe
    2016-01-04 04:26 - 2016-01-04 04:26 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00032040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe
    2016-01-04 04:26 - 2016-01-04 04:26 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringconfigsp.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
    2016-01-04 04:26 - 2016-01-04 04:26 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.proxy.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
    2016-01-04 04:26 - 2016-01-04 04:26 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshrm.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\IcsEntitlementHost.exe
    2016-01-04 04:26 - 2016-01-04 04:26 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosTrace.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosHost.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\readingviewresources.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlStringsRes.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlStringsRes.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
    2016-01-04 04:22 - 2016-01-04 04:22 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
    2016-01-04 04:19 - 2016-01-04 04:19 - 00000000 ____D C:\Program Files\Reference Assemblies
    2016-01-04 04:19 - 2016-01-04 04:19 - 00000000 ____D C:\Program Files\MSBuild
    2016-01-04 04:19 - 2016-01-04 04:19 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
    2016-01-04 04:19 - 2016-01-04 04:19 - 00000000 ____D C:\Program Files (x86)\MSBuild
    2016-01-04 04:18 - 2015-10-23 20:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
    2016-01-04 04:18 - 2015-10-23 20:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
    2016-01-04 04:18 - 2015-10-23 20:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
    2016-01-04 04:18 - 2015-10-23 20:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
    2016-01-04 04:18 - 2015-10-23 20:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
    2016-01-04 04:18 - 2015-10-23 20:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
    2016-01-04 02:13 - 2016-01-04 02:13 - 00000000 _SHDL C:\Users\Default\My Documents
    2016-01-04 02:13 - 2016-01-04 02:13 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
    2016-01-04 02:13 - 2016-01-04 02:13 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
    2016-01-04 02:13 - 2016-01-04 02:13 - 00000000 _SHDL C:\Users\Default\Documents\My Music
    2016-01-04 02:13 - 2016-01-04 02:13 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
    2016-01-04 02:13 - 2016-01-04 02:13 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
    2016-01-04 02:13 - 2016-01-04 02:13 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
    2016-01-04 02:13 - 2016-01-04 02:13 - 00000000 ____D C:\ProgramData\USOShared
    2016-01-04 02:07 - 2016-01-24 11:54 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2016-01-04 02:04 - 2016-01-24 12:01 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2016-01-04 01:54 - 2016-01-04 01:54 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2016-01-04 01:54 - 2016-01-04 01:54 - 00000000 ____D C:\Users\Default\AppData\Roaming\Garmin
    2016-01-04 01:54 - 2016-01-04 01:54 - 00000000 ____D C:\Users\Default\AppData\Roaming\ASUS WebStorage
    2016-01-04 01:54 - 2016-01-04 01:54 - 00000000 ____D C:\Users\Default\AppData\Local\Conexant
    2016-01-04 01:54 - 2016-01-04 01:54 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Garmin
    2016-01-04 01:54 - 2016-01-04 01:54 - 00000000 ____D C:\Users\Default User\AppData\Roaming\ASUS WebStorage
    2016-01-04 01:54 - 2016-01-04 01:54 - 00000000 ____D C:\Users\Default User\AppData\Local\Conexant
    2016-01-04 01:48 - 2016-01-04 01:48 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
    2016-01-04 01:46 - 2016-01-30 19:46 - 00000000 ____D C:\Users\William_2
    2016-01-04 01:46 - 2016-01-04 19:59 - 00000000 ____D C:\Users\beavs_000
    2016-01-04 01:46 - 2016-01-04 01:46 - 00000000 _SHDL C:\Users\William_2\My Documents
    2016-01-04 01:46 - 2016-01-04 01:46 - 00000000 _SHDL C:\Users\William_2\Documents\My Videos
    2016-01-04 01:46 - 2016-01-04 01:46 - 00000000 _SHDL C:\Users\William_2\Documents\My Pictures
    2016-01-04 01:46 - 2016-01-04 01:46 - 00000000 _SHDL C:\Users\William_2\Documents\My Music
    2016-01-04 01:46 - 2016-01-04 01:46 - 00000000 _SHDL C:\Users\beavs_000\My Documents
    2016-01-04 01:46 - 2016-01-04 01:46 - 00000000 _SHDL C:\Users\beavs_000\Documents\My Videos
    2016-01-04 01:46 - 2016-01-04 01:46 - 00000000 _SHDL C:\Users\beavs_000\Documents\My Pictures
    2016-01-04 01:46 - 2016-01-04 01:46 - 00000000 _SHDL C:\Users\beavs_000\Documents\My Music
    2016-01-04 01:42 - 2016-01-04 01:42 - 00001963 _____ C:\ProgramData\Microsoft\Windows\Start Menu\SmartAudio.lnk
    2016-01-04 01:42 - 2016-01-04 01:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Conexant
    2016-01-04 01:42 - 2011-09-01 00:23 - 00447104 _____ (Conexant Systems, Inc.) C:\WINDOWS\SysWOW64\SASrv.exe
    2016-01-04 01:41 - 2016-01-04 01:41 - 00002168 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudioWizard.lnk
    2016-01-04 01:41 - 2016-01-04 01:41 - 00002156 _____ C:\Users\Public\Desktop\AudioWizard.lnk
    2016-01-04 01:41 - 2014-10-20 14:54 - 00207576 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CxAudMsg64.exe
    2016-01-04 01:41 - 2014-01-27 10:56 - 00006786 _____ C:\WINDOWS\system32\Maxx_Render_EFX_Asus.mps
    2016-01-04 01:41 - 2014-01-27 10:53 - 00002626 _____ C:\WINDOWS\system32\Maxx_Render_MFX_Asus.mps
    2016-01-04 01:41 - 2013-06-07 13:36 - 00171084 _____ C:\WINDOWS\system32\MA4Preset.mps
    2016-01-04 01:40 - 2016-01-04 01:49 - 00000000 ____D C:\ProgramData\Conexant
    2016-01-04 01:40 - 2016-01-04 01:49 - 00000000 ____D C:\Program Files\Intel
    2016-01-04 01:40 - 2016-01-04 01:49 - 00000000 ____D C:\Program Files\CONEXANT
    2016-01-04 01:40 - 2015-08-27 18:20 - 00072704 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
    2016-01-04 01:40 - 2015-08-27 18:20 - 00069120 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
    2016-01-04 01:39 - 2015-10-30 02:17 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
    2016-01-04 01:35 - 2016-01-04 01:57 - 00268360 _____ C:\WINDOWS\system32\FNTCACHE.DAT

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-01-30 21:57 - 2014-02-09 02:53 - 00000074 _____ C:\Users\beavs_000\AppData\Roaming\sp_data.sys
    2016-01-30 21:57 - 2013-08-24 04:03 - 00002540 _____ C:\WINDOWS\System32\Tasks\ASUS Patch for Touch Panel
    2016-01-30 21:57 - 2013-08-24 03:55 - 00002258 _____ C:\WINDOWS\System32\Tasks\AsusVibeSchedule
    2016-01-30 21:57 - 2013-08-24 03:55 - 00002130 _____ C:\WINDOWS\System32\Tasks\ASUS Splendid ColorU
    2016-01-30 21:57 - 2013-08-24 03:55 - 00002114 _____ C:\WINDOWS\System32\Tasks\ASUS Splendid ACMON
    2016-01-30 21:57 - 2013-08-24 03:52 - 00002332 _____ C:\WINDOWS\System32\Tasks\ASUS P4G
    2016-01-30 21:57 - 2013-08-24 03:52 - 00002248 _____ C:\WINDOWS\System32\Tasks\ASUS USB Charger Plus
    2016-01-30 21:57 - 2013-08-24 03:52 - 00002034 _____ C:\WINDOWS\System32\Tasks\ASUS InstantOn Config
    2016-01-30 21:55 - 2015-10-24 15:35 - 00000000 ____D C:\Program Files (x86)\Steam
    2016-01-30 21:55 - 2014-02-09 03:19 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2016-01-30 21:54 - 2014-04-09 15:58 - 00000000 __RDO C:\Users\beavs_000\SkyDrive
    2016-01-30 21:37 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
    2016-01-30 21:28 - 2014-04-15 15:35 - 00000000 ____D C:\Users\William_2\AppData\Local\Packages
    2016-01-30 19:51 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
    2016-01-30 19:49 - 2014-04-15 15:41 - 00000074 _____ C:\Users\William_2\AppData\Roaming\sp_data.sys
    2016-01-30 19:44 - 2013-12-29 04:30 - 00000000 __RHD C:\Users\Public\AccountPictures
    2016-01-30 19:13 - 2014-03-04 08:45 - 00004154 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E2B8C71F-DD34-48B5-99FD-DDB765C9DCBD}
    2016-01-30 19:13 - 2014-02-09 03:19 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2016-01-30 15:41 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-01-30 12:15 - 2014-02-09 03:20 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-01-30 12:15 - 2014-02-09 03:20 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2016-01-24 18:02 - 2014-08-23 20:32 - 00000000 ____D C:\ProgramData\Package Cache
    2016-01-24 18:00 - 2014-02-09 03:27 - 00000000 ____D C:\Users\beavs_000\AppData\Roaming\.minecraft
    2016-01-24 12:02 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\Help
    2016-01-24 12:02 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
    2016-01-24 11:53 - 2015-10-30 01:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
    2016-01-24 11:52 - 2013-08-24 03:53 - 00000000 ____D C:\Program Files\DIFX
    2016-01-24 11:52 - 2013-04-26 07:43 - 00000000 ____D C:\Program Files (x86)\ASUS
    2016-01-16 13:01 - 2014-02-27 22:57 - 00000000 ____D C:\WINDOWS\system32\MRT
    2016-01-16 12:55 - 2014-02-27 22:57 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2016-01-13 22:00 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
    2016-01-06 23:12 - 2014-02-09 02:46 - 00000000 ____D C:\Users\beavs_000\AppData\Local\Packages
    2016-01-06 22:48 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\appcompat
    2016-01-04 20:08 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
    2016-01-04 19:51 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
    2016-01-04 19:51 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\PrintDialog
    2016-01-04 19:51 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\MiracastView
    2016-01-04 19:50 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2016-01-04 04:34 - 2015-10-30 02:24 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
    2016-01-04 04:27 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
    2016-01-04 04:27 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\Provisioning
    2016-01-04 04:27 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\bcastdvr
    2016-01-04 04:27 - 2015-10-30 01:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
    2016-01-04 04:27 - 2015-10-30 01:28 - 00000000 ____D C:\WINDOWS\system32\Dism
    2016-01-04 02:16 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\rescache
    2016-01-04 02:13 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
    2016-01-04 02:13 - 2015-10-30 02:24 - 00000000 ____D C:\ProgramData\USOPrivate
    2016-01-04 02:12 - 2015-10-30 01:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
    2016-01-04 02:12 - 2014-02-28 17:00 - 00034293 _____ C:\WINDOWS\diagwrn.xml
    2016-01-04 02:12 - 2014-02-28 17:00 - 00034293 _____ C:\WINDOWS\diagerr.xml
    2016-01-04 02:08 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\Registration
    2016-01-04 02:07 - 2015-06-03 16:31 - 00002428 _____ C:\WINDOWS\System32\Tasks\Update Checker
    2016-01-04 02:07 - 2014-08-23 20:32 - 00002574 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask
    2016-01-04 02:07 - 2014-04-15 16:15 - 00003078 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{75CF3992-7D62-45CC-8B5F-C2362DB54678}
    2016-01-04 02:07 - 2014-04-15 15:40 - 00002810 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1987870432-1314437653-830200918-1006
    2016-01-04 02:07 - 2014-02-28 17:11 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
    2016-01-04 02:07 - 2014-02-09 03:19 - 00003290 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
    2016-01-04 02:07 - 2014-02-09 03:19 - 00003062 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
    2016-01-04 02:07 - 2014-02-09 02:58 - 00002810 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1987870432-1314437653-830200918-1001
    2016-01-04 02:07 - 2013-08-24 04:02 - 00002748 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1987870432-1314437653-830200918-500
    2016-01-04 02:07 - 2013-08-22 10:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicyUsers
    2016-01-04 02:01 - 2015-10-30 02:24 - 00000000 __RHD C:\Users\Public\Libraries
    2016-01-04 01:55 - 2015-11-06 10:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
    2016-01-04 01:55 - 2015-10-30 02:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2016-01-04 01:55 - 2015-10-24 17:26 - 00000000 ____D C:\Users\beavs_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
    2016-01-04 01:55 - 2015-10-24 15:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
    2016-01-04 01:55 - 2014-10-03 11:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
    2016-01-04 01:55 - 2014-09-16 15:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.3
    2016-01-04 01:55 - 2014-06-02 16:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2016-01-04 01:55 - 2014-02-09 02:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX410 series
    2016-01-04 01:55 - 2013-08-24 03:38 - 00000000 ____D C:\WINDOWS\SysWOW64\Atheros_L1e
    2016-01-04 01:55 - 2013-04-26 07:47 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2016-01-04 01:55 - 2013-04-26 07:44 - 00000000 ____D C:\WINDOWS\fr
    2016-01-04 01:55 - 2013-04-26 07:44 - 00000000 ____D C:\WINDOWS\es
    2016-01-04 01:55 - 2013-04-26 07:44 - 00000000 ____D C:\WINDOWS\en
    2016-01-04 01:55 - 2013-04-26 07:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
    2016-01-04 01:54 - 2013-08-22 08:36 - 00000000 ____D C:\Users\Default.migrated
    2016-01-04 01:52 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
    2016-01-04 01:51 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
    2016-01-04 01:51 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2016-01-04 01:51 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\spool
    2016-01-04 01:51 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\oobe
    2016-01-04 01:51 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\NDF
    2016-01-04 01:51 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\MUI
    2016-01-04 01:51 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\InputMethod
    2016-01-04 01:51 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\IME
    2016-01-04 01:51 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
    2016-01-04 01:51 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
    2016-01-04 01:49 - 2015-10-30 04:02 - 00000000 ____D C:\WINDOWS\DigitalLocker
    2016-01-04 01:49 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
    2016-01-04 01:49 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
    2016-01-04 01:49 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\InputMethod
    2016-01-04 01:49 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\IME
    2016-01-04 01:49 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files\Common Files\System
    2016-01-04 01:49 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
    2016-01-04 01:49 - 2014-02-09 03:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Media Suite
    2016-01-04 01:49 - 2014-02-09 02:59 - 00000000 ___HD C:\WINDOWS\system32\CanonIJ Uninstaller Information
    2016-01-04 01:49 - 2013-08-24 03:44 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
    2016-01-04 01:49 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\MediaViewer
    2016-01-04 01:49 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\ADFS
    2016-01-04 01:49 - 2012-08-01 20:24 - 00000000 ____D C:\ProgramData\PRICache
    2016-01-04 01:48 - 2015-04-04 15:59 - 00000000 ____D C:\Users\beavs_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DigitalDNA Games
    2016-01-04 01:44 - 2015-10-30 01:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
    2016-01-04 01:36 - 2015-10-30 04:13 - 00000000 ____D C:\WINDOWS\ServiceProfiles
    2016-01-04 01:02 - 2015-10-30 04:42 - 00000000 ___HD C:\$WINDOWS.~BT
    2016-01-04 01:00 - 2013-08-24 03:51 - 00004268 _____ C:\WINDOWS\SysWOW64\LOCALSERVICE.INI
    2016-01-03 22:45 - 2013-08-24 03:51 - 00000043 _____ C:\WINDOWS\SysWOW64\LOCALDEVICE.INI
    2016-01-02 20:40 - 2015-10-30 02:26 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2016-01-02 20:40 - 2015-10-30 02:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

    ==================== Files in the root of some directories =======

    2014-02-09 02:53 - 2016-01-30 21:57 - 0000074 _____ () C:\Users\beavs_000\AppData\Roaming\sp_data.sys
    2013-04-26 07:42 - 2012-09-07 06:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
    2013-04-26 07:42 - 2009-07-22 05:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
    2013-04-26 07:42 - 2012-09-07 06:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
    2014-02-09 03:03 - 2014-02-09 03:06 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
    2014-02-09 03:02 - 2014-02-09 03:03 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

    Some files in TEMP:
    ====================
    C:\Users\beavs_000\AppData\Local\Temp\ModelCheckUtility.exe
    C:\Users\beavs_000\AppData\Local\Temp\NASUPnP.dll
    C:\Users\beavs_000\AppData\Local\Temp\scp8B29.tmp.exe


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-01-24 12:20

    ==================== End of FRST.txt ============================
     
  11. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    BTW, speedtest.com is a malicious site. If you want to check your internet speed you go to speedtest.NET not .com.

    I still need Addition.txt log.
     
  12. Robert Beaver

    Robert Beaver TS Rookie Topic Starter Posts: 17

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
    Ran by William (2016-01-30 22:05:23)
    Running from C:\Users\beavs_000\Downloads
    Windows 10 Home (X64) (2016-01-04 22:12:57)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1987870432-1314437653-830200918-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-1987870432-1314437653-830200918-503 - Limited - Disabled)
    Guest (S-1-5-21-1987870432-1314437653-830200918-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1987870432-1314437653-830200918-1005 - Limited - Enabled)
    William (S-1-5-21-1987870432-1314437653-830200918-1001 - Administrator - Enabled) => C:\Users\beavs_000
    William_2 (S-1-5-21-1987870432-1314437653-830200918-1006 - Limited - Enabled) => C:\Users\William_2

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
    Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.9.145.62246 - Alcor Micro Corp.)
    Alcor Micro USB Card Reader (x32 Version: 3.9.145.62246 - Alcor Micro Corp.) Hidden
    ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
    ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS)
    ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.4 - ASUS)
    ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS)
    ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.5 - ASUS)
    ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0005 - ASUS)
    ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
    ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)
    AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.309 - ASUSTEK)
    ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0028 - ASUS)
    Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Besiege (HKLM-x32\...\Steam App 346010) (Version: - Spiderling Studios)
    Canon MX410 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series) (Version: - )
    CastleMiner Z (HKU\S-1-5-21-1987870432-1314437653-830200918-1001\...\97f28be79b4a4109) (Version: 1.7.0.0 - DigitalDNA Games)
    Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.4.60 - Conexant)
    Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.6) (Version: 5.0.1.6 - Coupons.com Incorporated)
    CouponBar (HKLM-x32\...\CouponBar5.0.0.4) (Version: 5.0.0.4 - Coupons.com Incorporated) <==== ATTENTION
    Cut the Rope (x32 Version: 3.0.2.38 - WildTangent) Hidden
    CyberLink LabelPrint 2.5 (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5415 - CyberLink Corp.)
    CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.3625 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    DriverUpdate (HKLM-x32\...\{44E388BE-45EC-4DE3-B837-E2BEF5F9FA5C}) (Version: 2.5.4 - Slimware Utilities Holdings, Inc.)
    Elevated Installer (x32 Version: 4.1.10.0 - Garmin Ltd or its subsidiaries) Hidden
    Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
    Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
    Garmin Express (HKLM-x32\...\{b292f4e5-60ca-4bb8-8810-e5f908c3c1ff}) (Version: 4.1.10.0 - Garmin Ltd or its subsidiaries)
    Garmin Express (x32 Version: 4.1.10.0 - Garmin Ltd or its subsidiaries) Hidden
    Garmin Express Tray (x32 Version: 4.1.10.0 - Garmin Ltd or its subsidiaries) Hidden
    Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.97 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
    Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
    Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
    LEGO® Worlds (HKLM-x32\...\Steam App 332310) (Version: - TT Games)
    Lernout & Hauspie TruVoice American English TTS Engine (HKLM-x32\...\tv_enua) (Version: - )
    LibreOffice 4.3.1.2 (HKLM-x32\...\{303C2B0D-03AF-4C25-A443-E62DE8AA36A8}) (Version: 4.3.1.2 - The Document Foundation)
    LogixPro Simulator -- Trial CD Edition (HKLM-x32\...\LogixPro PLC Simulator -- Trial CD Edition_is1) (Version: - )
    Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
    Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS)
    NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.4.18.00 - NETGEAR Inc.)
    Peggle (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
    PLC Technician (HKLM-x32\...\{5C750DE2-B502-4B04-9DE0-66B7EA5C4E37}) (Version: 3.01.0005 - Logic Design)
    Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.16 - Qualcomm Atheros Communications Inc.)
    Ralink Bluetooth Stack64 (HKLM\...\{F790713B-8265-35DA-4820-4ECF0290ADC4}) (Version: 9.0.727.4 - Ralink Corporation)
    Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 1.2.0.41 - Ralink)
    ReadySHARE Vault (HKLM-x32\...\ReadySHARE Vault) (Version: 3.0 - Genie9)
    Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
    SlimCleaner Plus (HKLM\...\{D9EBF625-7464-4700-B27B-145728CE1BEA}) (Version: 2.5.2 - Slimware Utilities Holdings, Inc.)
    Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
    Subnautica (HKLM-x32\...\Steam App 264710) (Version: - Unknown Worlds Entertainment)
    Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.0.0 - WildTangent)
    WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden
    Windows Driver Package - ASUS (ATP) Mouse (06/17/2015 1.0.0.262) (HKLM\...\14588A15B66655338DBCC021FFA81E31DC281859) (Version: 06/17/2015 1.0.0.262 - ASUS)
    Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
    Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
    WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-1987870432-1314437653-830200918-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\beavs_000\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-1987870432-1314437653-830200918-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
    CustomCLSID: HKU\S-1-5-21-1987870432-1314437653-830200918-1006_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\William_2\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {029CF9A2-963F-49D2-908D-D4AF0D83C70D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {0CFE2E40-6A97-48C5-9F38-DE82315CF1B0} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
    Task: {1FE02840-2D46-4B3B-AD98-0E6974510169} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {38901250-1076-4196-A0A0-D9F39DC56BB4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {4BEAF72C-7460-4D20-A7B1-F1EDB8A6B6EE} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {4ECC2A27-34C2-448D-8251-34B995E0161A} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-02-26] (ASUSTeK Computer Inc.)
    Task: {555D4530-CE86-4A5A-B37E-B1816425A3A7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
    Task: {5C1999E8-47E3-49CF-9F39-5B5F5579F67F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {5D525D9B-4323-4FBA-BEF9-16FD4FA7D315} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
    Task: {69CC9F88-4266-4626-A68D-C9437D260D33} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {796C9E68-81A3-4BE3-8E13-48AD0B0630AF} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-01-04] ()
    Task: {7C826B45-B048-4AE8-B248-361E1260146E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {7D4BD42F-17E1-455F-8929-B28DAAC0B632} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2012-11-28] (ASUS)
    Task: {8F03EF53-81F1-4DB6-B742-93BF68AE92E3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
    Task: {B2156AFF-6675-4F94-99A4-B193C8C667D4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {C251F95F-28D5-4446-84DC-928823EAF7A9} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
    Task: {C2632D10-B933-45AC-B945-3C1EF3B4A3BD} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {CB69ADE8-A28D-4468-A13E-D19B4F017185} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)
    Task: {CCA215BE-63FF-40D4-8AAC-164628CF9AB9} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2013-06-19] (ASUS)
    Task: {CF7268F3-DF5F-4AAE-B2BC-A42FE687477C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {D13934AB-1DDC-48E2-A7F8-E96EFAF695E5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-01-16] (Microsoft Corporation)
    Task: {D451AB0F-C11C-4F3E-954B-46A4B19955D0} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2015-10-29] ()
    Task: {D8D0D4AA-F9B4-4554-9E60-997D5FB724BA} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-08-23] (AsusTek)
    Task: {DE14B6F0-76C0-4BC4-A15F-AD45E583BE5F} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2015-02-12] ()
    Task: {E74F7F84-BC0B-43E4-8B7A-085B64786C62} - System32\Tasks\ASUS InstantOn Config => C:\Program Files\ASUS\P4G\InsOnCfg.exe
    Task: {F4F6F341-FE91-4672-9574-F9BCD4FDD1E8} - System32\Tasks\ASUS Patch for Touch Panel => C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe [2013-01-09] (ASUSTek Computer INC.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\DriverUpdate Scan.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
    Task: C:\WINDOWS\Tasks\DriverUpdate Startup.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - William).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2012-12-19 01:10 - 2012-12-19 01:10 - 00072192 _____ () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
    2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
    2016-01-30 14:10 - 2013-08-29 02:08 - 00163328 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl
    2016-01-30 14:10 - 2013-08-29 02:08 - 00209920 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\Settings.gtl
    2016-01-30 14:10 - 2013-08-01 04:36 - 00045568 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSLogging.gtl
    2016-01-30 14:10 - 2013-08-01 04:36 - 00089600 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSEncryption.gtl
    2016-01-04 04:26 - 2016-01-04 04:26 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
    2016-01-04 04:26 - 2016-01-04 04:26 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
    2016-01-13 16:54 - 2016-01-04 20:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2016-01-13 16:54 - 2016-01-04 20:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2016-01-13 16:54 - 2016-01-04 20:24 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2016-01-13 16:54 - 2016-01-04 20:26 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2013-08-29 02:08 - 2013-08-29 02:08 - 00332800 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\OnlineHandler.dll
    2013-08-01 04:36 - 2013-08-01 04:36 - 00045568 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSLogging.dll
    2013-08-29 02:08 - 2013-08-29 02:08 - 00490496 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSIndexDB.dll
    2013-08-29 02:08 - 2013-08-29 02:08 - 00087040 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\QueueManager.dll
    2013-08-29 02:08 - 2013-08-29 02:08 - 00710144 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSBackupManager.dll
    2013-08-29 02:08 - 2013-08-29 02:08 - 00209920 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\Settings.dll
    2013-08-29 02:08 - 2013-08-29 02:08 - 00370688 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSWatcher4.dll
    2013-08-01 04:36 - 2013-08-01 04:36 - 00058368 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSLibrariesManager.dll
    2012-02-02 04:16 - 2012-02-02 04:16 - 00740864 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\sqlite3.dll
    2013-02-03 06:40 - 2013-02-03 06:40 - 00011264 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\RWLock.dll
    2013-08-01 04:36 - 2013-08-01 04:36 - 00089600 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSEncryption.dll
    2013-08-29 02:08 - 2013-08-29 02:08 - 00054784 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSLogManager.dll
    2013-02-03 06:40 - 2013-02-03 06:40 - 00010752 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\VSSEngine_Proxy.dll
    2013-02-03 04:21 - 2013-02-03 04:21 - 00045056 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\pcre.dll
    2013-02-03 04:21 - 2013-02-03 04:21 - 00097792 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\pcrebase.dll
    2016-01-06 23:01 - 2016-01-06 23:03 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    2014-06-18 03:46 - 2014-06-18 03:46 - 01358912 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GenieTimelineAgent.exe
    2013-08-29 02:08 - 2013-08-29 02:08 - 00063488 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\XBalloonMsgDll.dll
    2013-08-01 04:36 - 2013-08-01 04:36 - 00093696 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSCurl.dll
    2016-01-20 14:28 - 2016-01-20 14:28 - 00763072 _____ () C:\Program Files\SlimService\MyDefragDll.dll
    2013-06-19 22:49 - 2013-06-19 22:49 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
    2013-08-24 03:42 - 2012-06-25 12:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
    2016-01-06 23:01 - 2016-01-06 23:03 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
    2016-01-06 23:01 - 2016-01-06 23:03 - 21845504 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkyWrap.dll
    2016-01-30 12:15 - 2016-01-27 12:39 - 01632584 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\libglesv2.dll
    2016-01-30 12:15 - 2016-01-27 12:39 - 00087880 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\libegl.dll
    2016-01-30 12:15 - 2016-01-27 12:39 - 16799048 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\PepperFlash\pepflashplayer.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1987870432-1314437653-830200918-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\beavs_000\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\asus.jpg
    HKU\S-1-5-21-1987870432-1314437653-830200918-1006\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    MSCONFIG\startupreg: ASUSPRP => "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
    MSCONFIG\startupreg: ASUSWebStorage => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe /S
    MSCONFIG\startupreg: BtTray => "C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"
    MSCONFIG\startupreg: cAudioFilterAgent => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
    MSCONFIG\startupreg: DisableS3S4 => c:\windows\temp\DisableS3S464\sethigh.cmd
    MSCONFIG\startupreg: HotKeysCmds => "C:\WINDOWS\system32\hkcmd.exe"
    MSCONFIG\startupreg: IgfxTray => "C:\WINDOWS\system32\igfxtray.exe"
    MSCONFIG\startupreg: mcpltui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    MSCONFIG\startupreg: SmartAudio => C:\Program Files\CONEXANT\SAII\SACpl.exe /c /delay:30
    HKLM\...\StartupApproved\Run32: => "CLMLServer"
    HKU\S-1-5-21-1987870432-1314437653-830200918-1001\...\StartupApproved\Run: => "GarminExpressTrayApp"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{8B61DF16-3570-431B-8683-B2A958109DCD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Besiege\Besiege.exe
    FirewallRules: [{BCF5E31F-0B15-4AD6-A3DC-B7123290D1E8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Besiege\Besiege.exe
    FirewallRules: [{5E60EBFD-ECBA-465B-92FA-BFAB055EE4D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Subnautica\Subnautica.exe
    FirewallRules: [{FB50BB31-CB58-4AE4-9B2D-A330E546112C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Subnautica\Subnautica.exe
    FirewallRules: [{E2D153F6-E6D7-44A7-BEBD-B84270EB3C7D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{1B300A60-5D71-4C1B-9EEA-F3EAA7BFC4B8}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{2A2B95F4-C309-4097-BA3A-0D76DECDB1EE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{7A82B8CD-0C31-4D3D-849B-84F7E620FB17}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [UDP Query User{D9E31728-F2F9-460F-B262-34F4A470744F}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Block) C:\program files (x86)\libreoffice 4\program\soffice.bin
    FirewallRules: [TCP Query User{C424DBAA-1FB2-455A-8C6E-A8D98895EB9A}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Block) C:\program files (x86)\libreoffice 4\program\soffice.bin
    FirewallRules: [UDP Query User{90E2334B-7052-4E79-A994-3E266C048839}C:\users\beavs_000\appdata\local\apps\2.0\bkj4lb9q.b0k\9p2x5159.p19\cast..tion_18b0662c5b8109ff_0001.0007_c786eb4b5c855ea6\castleminerz.exe] => (Block) C:\users\beavs_000\appdata\local\apps\2.0\bkj4lb9q.b0k\9p2x5159.p19\cast..tion_18b0662c5b8109ff_0001.0007_c786eb4b5c855ea6\castleminerz.exe
    FirewallRules: [TCP Query User{1E319E0B-66CB-42D7-8AE5-751B068109D8}C:\users\beavs_000\appdata\local\apps\2.0\bkj4lb9q.b0k\9p2x5159.p19\cast..tion_18b0662c5b8109ff_0001.0007_c786eb4b5c855ea6\castleminerz.exe] => (Block) C:\users\beavs_000\appdata\local\apps\2.0\bkj4lb9q.b0k\9p2x5159.p19\cast..tion_18b0662c5b8109ff_0001.0007_c786eb4b5c855ea6\castleminerz.exe
    FirewallRules: [{7DDB678C-AD17-4EE6-8C24-64C1BF85C773}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{DB976C7D-0F91-4268-89D9-93C9888B22BF}] => (Allow) LPort=2869
    FirewallRules: [{9E835905-E224-44C0-A818-B972D817FB78}] => (Allow) LPort=1900
    FirewallRules: [{E6D5A438-3BBD-44DB-BD0C-545AE350CCD5}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
    FirewallRules: [{EC0905EE-F270-4C3F-836F-B46229F1208B}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
    FirewallRules: [{1CCC3160-A725-4E6C-85CD-D8808A1C4B28}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
    FirewallRules: [{E37C575F-1AC4-4461-B6DB-6569C2DC5942}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
    FirewallRules: [{DA8461D5-5CE9-4741-86C6-21DC9652EE62}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
    FirewallRules: [{C2FBB5B2-6EBE-48BD-A2A0-D4B30413DC78}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
    FirewallRules: [{33DFED3E-4E78-42B6-B536-1F370D9306C6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [TCP Query User{8A124ED9-90A0-48CB-9A31-96BFB1B10A5D}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
    FirewallRules: [UDP Query User{367FA02D-886A-4B89-A2D8-8439700D32DB}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe

    ==================== Restore Points =========================

    16-01-2016 12:53:13 Windows Update
    24-01-2016 11:51:12 Windows Update

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/30/2016 10:06:00 PM) (Source: ESENT) (EventID: 447) (User: )
    Description: svchost (1364) SRUJet: A bad page link (error -338) has been detected in a B-Tree (ObjectId: 15, PgnoRoot: 57) of database C:\WINDOWS\system32\SRU\SRUDB.dat (1240 => 1317, svchost0).

    Error: (01/30/2016 10:05:00 PM) (Source: ESENT) (EventID: 447) (User: )
    Description: svchost (1364) SRUJet: A bad page link (error -338) has been detected in a B-Tree (ObjectId: 15, PgnoRoot: 57) of database C:\WINDOWS\system32\SRU\SRUDB.dat (1240 => 1317, svchost0).

    Error: (01/30/2016 10:04:00 PM) (Source: ESENT) (EventID: 447) (User: )
    Description: svchost (1364) SRUJet: A bad page link (error -338) has been detected in a B-Tree (ObjectId: 15, PgnoRoot: 57) of database C:\WINDOWS\system32\SRU\SRUDB.dat (1240 => 1317, svchost0).

    Error: (01/30/2016 10:03:00 PM) (Source: ESENT) (EventID: 447) (User: )
    Description: svchost (1364) SRUJet: A bad page link (error -338) has been detected in a B-Tree (ObjectId: 15, PgnoRoot: 57) of database C:\WINDOWS\system32\SRU\SRUDB.dat (1240 => 1317, svchost0).

    Error: (01/30/2016 10:02:00 PM) (Source: ESENT) (EventID: 447) (User: )
    Description: svchost (1364) SRUJet: A bad page link (error -338) has been detected in a B-Tree (ObjectId: 15, PgnoRoot: 57) of database C:\WINDOWS\system32\SRU\SRUDB.dat (1240 => 1317, svchost0).

    Error: (01/30/2016 10:01:00 PM) (Source: ESENT) (EventID: 447) (User: )
    Description: svchost (1364) SRUJet: A bad page link (error -338) has been detected in a B-Tree (ObjectId: 15, PgnoRoot: 57) of database C:\WINDOWS\system32\SRU\SRUDB.dat (1240 => 1317, svchost0).

    Error: (01/30/2016 10:00:00 PM) (Source: ESENT) (EventID: 447) (User: )
    Description: svchost (1364) SRUJet: A bad page link (error -338) has been detected in a B-Tree (ObjectId: 15, PgnoRoot: 57) of database C:\WINDOWS\system32\SRU\SRUDB.dat (1240 => 1317, svchost0).

    Error: (01/30/2016 09:59:00 PM) (Source: ESENT) (EventID: 447) (User: )
    Description: svchost (1364) SRUJet: A bad page link (error -338) has been detected in a B-Tree (ObjectId: 15, PgnoRoot: 57) of database C:\WINDOWS\system32\SRU\SRUDB.dat (1240 => 1317, svchost0).

    Error: (01/30/2016 09:58:00 PM) (Source: ESENT) (EventID: 447) (User: )
    Description: svchost (1364) SRUJet: A bad page link (error -338) has been detected in a B-Tree (ObjectId: 15, PgnoRoot: 57) of database C:\WINDOWS\system32\SRU\SRUDB.dat (1240 => 1317, svchost0).

    Error: (01/30/2016 09:57:49 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: William)
    Description: Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information.


    System errors:
    =============
    Error: (01/30/2016 09:59:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

    Error: (01/30/2016 09:57:29 PM) (Source: DCOM) (EventID: 10016) (User: William)
    Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}WilliamWilliam_2S-1-5-21-1987870432-1314437653-830200918-1006LocalHost (Using LRPC)UnavailableUnavailable

    Error: (01/30/2016 09:57:10 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
    Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

    Error: (01/30/2016 09:16:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{3185A766-B338-11E4-A71E-12E3F512A338}{7006698D-2974-4091-A424-85DD0B909E23}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

    Error: (01/30/2016 09:16:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Genie Timeline Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

    Error: (01/30/2016 07:46:38 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
    Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

    Error: (01/30/2016 07:38:08 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the GenieTimelineService service.

    Error: (01/30/2016 07:37:38 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the GenieTimelineService service.

    Error: (01/30/2016 07:37:08 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the GenieTimelineService service.

    Error: (01/30/2016 07:36:38 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the GenieTimelineService service.


    CodeIntegrity:
    ===================================
    Date: 2016-01-13 22:05:44.392
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-01-11 07:51:39.111
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-01-06 22:55:50.606
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-01-04 02:02:05.092
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-01-04 01:59:53.871
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-01-04 01:42:19.188
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe because the set of per-page image hashes could not be found on the system.

    Date: 2016-01-04 01:37:24.693
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Celeron(R) CPU 1007U @ 1.50GHz
    Percentage of memory in use: 58%
    Total physical RAM: 3981.86 MB
    Available physical RAM: 1670.24 MB
    Total Virtual: 5389.86 MB
    Available Virtual: 2834.94 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:276.34 GB) (Free:196.65 GB) NTFS ==>[system with boot components (obtained from drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 298.1 GB) (Disk ID: 39D40F56)

    Partition: GPT.

    ==================== End of Addition.txt ============================
     
  13. Robert Beaver

    Robert Beaver TS Rookie Topic Starter Posts: 17

    Sorry about that. Friend of mine couldn't remember the .com .net thing. I rolled the dice and lost.
     
  14. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    [​IMG] Uninstall following unwanted program: CouponBar.

    [​IMG]
    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  15. Robert Beaver

    Robert Beaver TS Rookie Topic Starter Posts: 17

    Explorer won't give me the option to remove the couponbar.
     
  16. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    What do you mean Explorer?
    Right click on Start button, click Control Panel then Programs & Features and uninstall from there.
     
  17. Robert Beaver

    Robert Beaver TS Rookie Topic Starter Posts: 17

    Fix result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
    Ran by William (2016-01-31 13:13:35) Run:1
    Running from C:\Users\beavs_000\Downloads
    Loaded Profiles: William & William_2 (Available Profiles: William & William_2)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    HKU\S-1-5-21-1987870432-1314437653-830200918-1001\...\MountPoints2: {25504de8-ba6b-11e5-beb9-0c84dc9cb160} - "D:\setup.exe"
    GroupPolicyUsers\S-1-5-21-1987870432-1314437653-830200918-1006\User: Restriction <======= ATTENTION
    GroupPolicyUsers\S-1-5-21-1987870432-1314437653-830200918-1001\User: Restriction <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    Toolbar: HKU\S-1-5-21-1987870432-1314437653-830200918-1001 -> No Name - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - No File
    FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
    2014-02-09 02:53 - 2016-01-30 21:57 - 0000074 _____ () C:\Users\beavs_000\AppData\Roaming\sp_data.sys
    2013-04-26 07:42 - 2012-09-07 06:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
    2013-04-26 07:42 - 2009-07-22 05:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
    2013-04-26 07:42 - 2012-09-07 06:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
    2014-02-09 03:03 - 2014-02-09 03:06 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
    2014-02-09 03:02 - 2014-02-09 03:03 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
    C:\Users\beavs_000\AppData\Local\Temp\ModelCheckUtility.exe
    C:\Users\beavs_000\AppData\Local\Temp\NASUPnP.dll
    C:\Users\beavs_000\AppData\Local\Temp\scp8B29.tmp.exe
    Task: {029CF9A2-963F-49D2-908D-D4AF0D83C70D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {1FE02840-2D46-4B3B-AD98-0E6974510169} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {38901250-1076-4196-A0A0-D9F39DC56BB4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {4BEAF72C-7460-4D20-A7B1-F1EDB8A6B6EE} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {5C1999E8-47E3-49CF-9F39-5B5F5579F67F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {5D525D9B-4323-4FBA-BEF9-16FD4FA7D315} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
    Task: {69CC9F88-4266-4626-A68D-C9437D260D33} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {7C826B45-B048-4AE8-B248-361E1260146E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {B2156AFF-6675-4F94-99A4-B193C8C667D4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {C251F95F-28D5-4446-84DC-928823EAF7A9} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
    Task: {C2632D10-B933-45AC-B945-3C1EF3B4A3BD} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {CF7268F3-DF5F-4AAE-B2BC-A42FE687477C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION

    *****************

    "HKU\S-1-5-21-1987870432-1314437653-830200918-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{25504de8-ba6b-11e5-beb9-0c84dc9cb160}" => key removed successfully
    HKCR\CLSID\{25504de8-ba6b-11e5-beb9-0c84dc9cb160} => key not found.
    C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-1987870432-1314437653-830200918-1006\User => moved successfully
    C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-1987870432-1314437653-830200918-1001\User => moved successfully
    "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
    HKU\S-1-5-21-1987870432-1314437653-830200918-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8660E5B3-6C41-44DE-8503-98D99BBECD41} => value removed successfully
    HKCR\CLSID\{8660E5B3-6C41-44DE-8503-98D99BBECD41} => key not found.
    HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\msktbird@mcafee.com => value removed successfully
    C:\Users\beavs_000\AppData\Roaming\sp_data.sys => moved successfully
    C:\ProgramData\SetStretch.cmd => moved successfully
    C:\ProgramData\SetStretch.exe => moved successfully
    C:\ProgramData\SetStretch.VBS => moved successfully
    C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log => moved successfully
    C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log => moved successfully
    C:\Users\beavs_000\AppData\Local\Temp\ModelCheckUtility.exe => moved successfully
    C:\Users\beavs_000\AppData\Local\Temp\NASUPnP.dll => moved successfully
    C:\Users\beavs_000\AppData\Local\Temp\scp8B29.tmp.exe => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{029CF9A2-963F-49D2-908D-D4AF0D83C70D}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{029CF9A2-963F-49D2-908D-D4AF0D83C70D}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1FE02840-2D46-4B3B-AD98-0E6974510169}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1FE02840-2D46-4B3B-AD98-0E6974510169}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{38901250-1076-4196-A0A0-D9F39DC56BB4}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{38901250-1076-4196-A0A0-D9F39DC56BB4}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4BEAF72C-7460-4D20-A7B1-F1EDB8A6B6EE}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4BEAF72C-7460-4D20-A7B1-F1EDB8A6B6EE}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5C1999E8-47E3-49CF-9F39-5B5F5579F67F}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C1999E8-47E3-49CF-9F39-5B5F5579F67F}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5D525D9B-4323-4FBA-BEF9-16FD4FA7D315}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D525D9B-4323-4FBA-BEF9-16FD4FA7D315}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{69CC9F88-4266-4626-A68D-C9437D260D33}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69CC9F88-4266-4626-A68D-C9437D260D33}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7C826B45-B048-4AE8-B248-361E1260146E}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C826B45-B048-4AE8-B248-361E1260146E}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B2156AFF-6675-4F94-99A4-B193C8C667D4}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2156AFF-6675-4F94-99A4-B193C8C667D4}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C251F95F-28D5-4446-84DC-928823EAF7A9}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C251F95F-28D5-4446-84DC-928823EAF7A9}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C2632D10-B933-45AC-B945-3C1EF3B4A3BD}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C2632D10-B933-45AC-B945-3C1EF3B4A3BD}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CF7268F3-DF5F-4AAE-B2BC-A42FE687477C}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF7268F3-DF5F-4AAE-B2BC-A42FE687477C}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully


    The system needed a reboot.

    ==== End of Fixlog 13:13:40 ====
     
  18. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services

    Press "Scan".
    It will create a log (FSS.txt) in the same directory the tool is run.
    Please copy and paste the log to your reply.


    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
  19. Robert Beaver

    Robert Beaver TS Rookie Topic Starter Posts: 17

    Results of screen317's Security Check version 1.009
    x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Windows Defender
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Java 8 Update 45
    Java version 32-bit out of Date!
    Adobe Reader 10.1.16 Adobe Reader out of Date!
    Google Chrome (47.0.2526.111)
    Google Chrome (48.0.2564.97)
    Google Chrome (plugins...)
    ````````Process Check: objlist.exe by Laurent````````
    Windows Defender MSMpEng.exe
    Windows Defender MpCmdRun.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: %
    ````````````````````End of Log``````````````````````
     
  20. Robert Beaver

    Robert Beaver TS Rookie Topic Starter Posts: 17

    Farbar Service Scanner Version: 27-01-2016
    Ran by William (administrator) on 01-02-2016 at 17:26:19
    Running from "C:\Users\beavs_000\Downloads"
    Microsoft Windows 10 Home (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Attempt to access Google IP returned error. Google IP is unreachable
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Policy:
    ========================


    Security Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\SDRSVC.dll => File is digitally signed
    C:\Windows\System32\vssvc.exe => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed


    **** End of log ****
     
  21. Robert Beaver

    Robert Beaver TS Rookie Topic Starter Posts: 17

    Sophos is giving me an error 1606. Could not access network location data
     
  22. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Run this instead...

    Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Click on "Run ESET Online Scanner" button.
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
     
  23. Robert Beaver

    Robert Beaver TS Rookie Topic Starter Posts: 17

    C:\Users\beavs_000\Downloads\CouponPrinterCPS (1).exe a variant of Win32/Adware.Coupons.AA application cleaned by deleting
    C:\Users\beavs_000\Downloads\CouponPrinterCPS (2).exe a variant of Win32/Adware.Coupons.AA application cleaned by deleting
    C:\Users\beavs_000\Downloads\CouponPrinterCPS.exe a variant of Win32/Adware.Coupons.AA application cleaned by deleting
    C:\Windows.old\Users\beavs_000\AppData\Local\Temp\cpnprt2win32.cid a variant of Win32/Adware.Coupons.AA application cleaned by deleting
    C:\Windows.old\Users\beavs_000\AppData\Local\Temp\_ir_sf_temp_0\CouponPrinterServiceWin32.exe a variant of Win32/Adware.Coupons.AA application cleaned by deleting
    C:\Windows.old\Users\beavs_000\AppData\Local\Temp\_ir_sf_temp_0\npCouponPrinter.dll a variant of Win32/Adware.Coupons.AA application cleaned by deleting
    C:\Windows.old\Users\beavs_000\AppData\Local\Temp\_ir_sf_temp_0\npMozCouponPrinter.dll a variant of Win32/Adware.Coupons.AA application cleaned by deleting
    C:\Windows.old\Users\beavs_000\AppData\Local\Temp\_ir_sf_temp_1\CouponPrinterServiceWin32.exe a variant of Win32/Adware.Coupons.AA application cleaned by deleting
    C:\Windows.old\Users\beavs_000\AppData\Local\Temp\_ir_sf_temp_1\npCouponPrinter.dll a variant of Win32/Adware.Coupons.AA application cleaned by deleting
    C:\Windows.old\Users\beavs_000\AppData\Local\Temp\_ir_sf_temp_1\npMozCouponPrinter.dll a variant of Win32/Adware.Coupons.AA application cleaned by deleting
    C:\Windows.old\Users\beavs_000\AppData\Local\Temp\_ir_sf_temp_2\CouponPrinterServiceWin32.exe a variant of Win32/Adware.Coupons.AA application cleaned by deleting
    C:\Windows.old\Users\beavs_000\AppData\Local\Temp\_ir_sf_temp_2\npCouponPrinter.dll a variant of Win32/Adware.Coupons.AA application cleaned by deleting
    C:\Windows.old\Users\beavs_000\AppData\Local\Temp\_ir_sf_temp_2\npMozCouponPrinter.dll a variant of Win32/Adware.Coupons.AA application cleaned by deleting
     
  24. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Update your Java version here: http://www.java.com/en/download/manual.jsp
    Alternate download: http://www.filehippo.com/search?q=java

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
    Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

    ====================================

    Your computer is clean [​IMG]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    11. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

    12. Please, let me know, how your computer is doing.
     
  25. Robert Beaver

    Robert Beaver TS Rookie Topic Starter Posts: 17

    Broni,
    Everything seems fine! The speedtest.com site must have just loaded a bunch of addware based on all the tests ran.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...