Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-07-2017
Ran by Heather (administrator) on HEATHER-PC (11-07-2017 12:00:50)
Running from C:\Users\Heather\Downloads
Loaded Profiles: Heather (Available Profiles: Heather & Guest & DefaultAppPool)
Platform: Windows 10 Pro Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(HID Global Corporation) C:\Program Files\HID Global\ActivClient\ac.activclient.gui.scagent.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(HID Global Corporation) C:\Program Files\HID Global\ActivClient\acevents.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\bcastdvr.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [ac.activclient.gui.scagent.exe] => C:\Program Files\HID Global\ActivClient\ac.activclient.gui.scagent.exe [813592 2016-07-20] (HID Global Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-25] (AVAST Software)
HKLM\...\Run: [IgfxTray] => C:\windows\system32\igfxtray.exe [401912 2016-12-02] ()
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [AprvRemoveLegacyExcelKeys] => C:\Program Files (x86)\ApproveIt\Support\Tools\AprvClean.exe [73728 2011-01-29] (Silanis Technology Inc.)
HKLM-x32\...\Run: [AprvRemoveLegacyWordKeys] => C:\Program Files (x86)\ApproveIt\Support\Tools\AprvClean.exe [73728 2011-01-29] (Silanis Technology Inc.)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4377256 2015-09-04] (Fitbit, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [1957888 2014-03-18] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKLM\ DisallowedCertificates: 675D2D785AF7EE6650B1A056CB3F82FDAEA8673E (U)
HKLM\ DisallowedCertificates: 7DA8E84296EE238818EE427287774508B26D094A (U)
HKLM\ DisallowedCertificates: 99C494ECE4FC093EEE13C4D65B1B1E01B9B5D434 (U)
HKU\S-1-5-21-1820616416-2687940189-4037331366-1000\ DisallowedCertificates: DA36FAF56B2F6FBA1604F5BE46D864C9FA013BA3 (U)
HKU\S-1-5-21-1820616416-2687940189-4037331366-1000\ DisallowedCertificates: FCE1B1E25374DD94F5935BEB86CA643D8C8D1FF4 (U)
HKU\S-1-5-21-1820616416-2687940189-4037331366-1000\ DisallowedCertificates: FFAD03329B9E527A43EEC66A56F9CBB5393E6E13 (U)
HKU\S-1-5-21-1820616416-2687940189-4037331366-1000\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4377256 2015-09-04] (Fitbit, Inc.)
HKU\S-1-5-21-1820616416-2687940189-4037331366-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Bubbles.scr [804352 2017-03-18] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ApproveIt StartUp.lnk [2015-03-14]
ShortcutTarget: ApproveIt StartUp.lnk -> C:\Windows\Installer\{F39BD95B-5B9E-4E83-96C4-D4667FD061C6}\Icon9557F1BC1.ico ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{2b6cb6cc-9d1f-422d-be4b-65f095323077}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{d7ec2e1e-02b4-4ee9-a0f0-c5aa8b8cc76c}: [DhcpNameServer] 192.168.2.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://
www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-1820616416-2687940189-4037331366-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://
www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
SearchScopes: HKU\S-1-5-21-1820616416-2687940189-4037331366-1000 -> DefaultScope {B13803F7-D4C5-4FDB-83FF-1BC6D1C7A345} URL = hxxps://
www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1820616416-2687940189-4037331366-1000 -> {B13803F7-D4C5-4FDB-83FF-1BC6D1C7A345} URL = hxxps://
www.google.com/search?q={searchTerms}
BHO: Amazon Assistant -> {0ddcea2a-7b00-4349-8acb-af7ba6da251f} -> C:\WINDOWS\system32\mscoree.dll [2017-03-18] (Microsoft Corporation)
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll => No File
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2017-04-11] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-09-13] (Google Inc.)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll [2017-04-11] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-05-04] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-09-13] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL [2017-03-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-04] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-09-13] (Google Inc.)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Toolbar: HKU\S-1-5-21-1820616416-2687940189-4037331366-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-09-13] (Google Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-09-21] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL [2016-09-21] (Microsoft Corporation)
Handler-x32: x-owacid2 - {5B290518-830E-4C57-A66B-E4F748900C27} - C:\Program Files (x86)\Microsoft\SMIME Client (2010)\mimectl.dll [2013-02-03] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: 61fsaisr.default
FF ProfilePath: C:\Users\Heather\AppData\Roaming\RedHat\ESC\Profiles\850350i8.default [2016-12-10]
FF ProfilePath: C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\61fsaisr.default [2017-07-11]
FF user.js: detected! => C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\61fsaisr.default\user.js [2015-02-02]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\61fsaisr.default -> Google
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\61fsaisr.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\61fsaisr.default -> hxxps://
www.google.com/
FF Extension: (Proxmate) - C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\61fsaisr.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2016-04-17]
FF Extension: (Avast SafePrice) - C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\61fsaisr.default\Extensions\sp@avast.com.xpi [2017-06-06]
FF Extension: (Multi Dictionary Lookup) - C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\61fsaisr.default\Extensions\tfdlookup@nohup.in.xpi [2016-03-11]
FF Extension: (Avast Online Security) - C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\61fsaisr.default\Extensions\wrc@avast.com.xpi [2017-06-06]
FF Extension: (Adblock Plus) - C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\61fsaisr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-11]
FF Extension: (ActivClient Security Module) - C:\Program Files (x86)\HID Global\ActivClient\Mozilla Extensions\ActivClient PKCS #11 Security Module [2017-03-19]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2016-05-30] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2017-01-28] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{f3fec9ea-7e7c-42ac-af46-c1b6f046a9d6}] - C:\Program Files (x86)\HID Global\ActivClient\Mozilla Extensions\ActivClient PKCS #11 Security Module
FF HKU\S-1-5-21-1820616416-2687940189-4037331366-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-21] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2016-09-21] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-21] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-09-21] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL [2016-09-21] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-03] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-03-28] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\mfc71.dll [2003-03-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\msvcr71.dll [2003-02-21] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npmfv.dll [2010-02-01] (IBM Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-03-28] (Adobe Systems Inc.)
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://
www.google.com/"
CHR Profile: C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default [2017-07-10]
CHR Extension: (Google Drive) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-17]
CHR Extension: (Avast SafePrice) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-06-20]
CHR Extension: (Google Docs Offline) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (Avast Online Security) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-06-20]
CHR Extension: (Feathered Corner) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhkdaliaddhbdmbdmgabgfanjiekiap [2017-04-12]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-03-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-18]
CHR Extension: (Chrome Media Router) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-10]
CHR HKU\S-1-5-21-1820616416-2687940189-4037331366-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Heather\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2016-03-13]
CHR HKU\S-1-5-21-1820616416-2687940189-4037331366-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Amazon Assistant Service; C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe [104624 2017-06-14] ()
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208 2017-05-25] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-25] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042544 2017-03-14] (Microsoft Corporation)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5750440 2015-09-04] (Fitbit, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373752 2016-12-02] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-10] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-30] (IObit)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-18] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-05-04] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
R2 ActivID Shared Store Service; C:\WINDOWS\system32\dllhost.exe /Processid:{BD1113E3-8BB6-4638-8495-7B6DFA9B0547}
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [311808 2017-05-25] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [190256 2017-05-25] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334576 2017-05-25] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [49016 2017-05-25] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-05-25] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32600 2017-05-25] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [128648 2017-05-25] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [101152 2017-05-25] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [75704 2017-05-25] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1007160 2017-05-25] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [569192 2017-05-25] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [158888 2017-07-04] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [339696 2017-05-25] (AVAST Software)
S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [31376 2015-03-10] ()
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77376 2017-06-27] ()
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [188352 2017-07-10] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [101784 2017-07-10] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [45472 2017-07-10] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [253856 2017-07-10] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93600 2017-07-11] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-09] (Realtek Semiconductor Corp.)
R3 S3XXx64; C:\WINDOWS\system32\DRIVERS\S3XXx64.sys [73856 2015-02-17] (Identiv)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [51392 2015-10-08] (Synaptics Incorporated)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [45720 2015-12-31] (Toshiba Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-07-11 11:59 - 2017-07-11 11:59 - 04110280 _____ C:\Users\Heather\Downloads\adwcleaner_6.047.exe
2017-07-11 11:48 - 2017-07-11 12:00 - 00000000 ____D C:\Users\Heather\Desktop\recovery tools
2017-07-11 09:00 - 2017-07-11 09:00 - 00005015 _____ C:\Users\Heather\Desktop\AdwCleaner[C0].txt
2017-07-11 08:55 - 2017-07-11 08:55 - 00000000 ____D C:\Users\Heather\AppData\Roaming\ProductData
2017-07-10 19:15 - 2017-07-10 19:15 - 00001432 _____ C:\Users\Heather\Desktop\JRT.txt
2017-07-10 19:09 - 2017-07-10 19:09 - 01663672 _____ (Malwarebytes) C:\Users\Heather\Downloads\JRT.exe
2017-07-10 18:51 - 2017-07-10 18:51 - 04110280 _____ C:\Users\Heather\Downloads\AdwCleaner(1).exe
2017-07-10 18:31 - 2017-07-10 18:53 - 00000000 ____D C:\AdwCleaner
2017-07-10 18:31 - 2017-07-10 18:31 - 04110280 _____ C:\Users\Heather\Downloads\AdwCleaner.exe
2017-07-10 18:23 - 2017-07-10 18:24 - 00396856 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-07-10 18:13 - 2017-07-10 18:13 - 00188352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-07-10 18:12 - 2017-07-11 09:57 - 00093600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-07-10 18:12 - 2017-07-10 18:42 - 00253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-07-10 18:12 - 2017-07-10 18:42 - 00101784 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-07-10 18:12 - 2017-07-10 18:42 - 00045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-07-10 18:12 - 2017-07-10 18:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-07-10 18:12 - 2017-07-10 18:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-07-10 18:12 - 2017-07-10 18:12 - 00000000 ____D C:\Program Files\Malwarebytes
2017-07-10 18:12 - 2017-06-27 12:06 - 00077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-07-10 18:11 - 2017-07-10 18:11 - 65033984 _____ (Malwarebytes ) C:\Users\Heather\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe
2017-07-10 17:02 - 2017-07-10 17:02 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-07-10 17:00 - 2017-07-10 18:18 - 00000000 ____D C:\ProgramData\RogueKiller
2017-07-10 17:00 - 2017-07-10 17:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-07-10 17:00 - 2017-07-10 17:00 - 00000000 ____D C:\Program Files\RogueKiller
2017-07-10 16:58 - 2017-07-10 16:58 - 35612552 _____ (Adlice Software ) C:\Users\Heather\Downloads\RogueKiller_setup_ref3.exe
2017-07-10 12:53 - 2017-07-10 12:53 - 00072386 _____ C:\Users\Heather\Downloads\Addition.txt
2017-07-10 12:51 - 2017-07-11 12:02 - 00024727 _____ C:\Users\Heather\Downloads\FRST.txt
2017-07-10 12:50 - 2017-07-11 12:00 - 00000000 ____D C:\FRST
2017-07-10 12:48 - 2017-07-10 12:48 - 02437120 _____ (Farbar) C:\Users\Heather\Downloads\FRST64.exe
2017-07-10 11:22 - 2017-07-10 11:22 - 00000000 ___HD C:\$AV_ASW
2017-07-10 11:20 - 2017-07-10 11:20 - 00000000 ____D C:\Program Files (x86)\Amazon
2017-07-05 22:27 - 2017-07-05 23:18 - 00000000 ____D C:\Users\Heather\Desktop\Profile request
2017-07-05 22:26 - 2017-07-05 22:26 - 01363778 _____ C:\Users\Heather\Desktop\Profile request Jul 2017 BACK.pdf
2017-07-05 22:04 - 2017-07-05 22:04 - 00023210 _____ C:\Users\Heather\Downloads\AR-MMC Physican Letter July 2016.pdf
2017-07-05 22:02 - 2017-07-05 22:02 - 01669952 _____ C:\Users\Heather\Downloads\AR-MMC_WKSHT-001 PRP July 2016(3).pdf
2017-07-05 22:02 - 2017-07-05 22:02 - 01349069 _____ C:\Users\Heather\Downloads\FCC507 AR-MMC PRP July 2016(1).pdf
2017-07-05 21:58 - 2017-07-05 21:58 - 01669952 _____ C:\Users\Heather\Downloads\AR-MMC_WKSHT-001 PRP July 2016(2).pdf
2017-07-05 21:58 - 2017-07-05 21:58 - 01145991 _____ C:\Users\Heather\Downloads\How to Retrieve a Copy of Your Profile.pdf
2017-07-05 21:58 - 2017-07-05 21:58 - 01063584 _____ C:\Users\Heather\Downloads\Profile Request Packet Process pdf.pdf
2017-07-05 21:58 - 2017-07-05 21:58 - 00116165 _____ C:\Users\Heather\Downloads\ARMY RESERVE MEDICAL PROFILE REQUEST PACKET INSTRUCTIONS(Read First).pdf
2017-07-04 09:51 - 2017-07-04 09:51 - 00043490 _____ C:\Users\Heather\Desktop\PGRVerificationofInsurance.pdf
2017-07-04 09:50 - 2017-07-04 09:50 - 00045109 _____ C:\Users\Heather\Downloads\PGRVerificationofInsurance.pdf
2017-06-26 19:25 - 2017-06-26 19:25 - 01669952 _____ C:\Users\Heather\Downloads\AR-MMC_WKSHT-001 PRP July 2016(1).pdf
2017-06-26 19:25 - 2017-06-26 19:25 - 01349069 _____ C:\Users\Heather\Downloads\FCC507 AR-MMC PRP July 2016.pdf
2017-06-26 18:59 - 2017-06-26 18:59 - 01669952 _____ C:\Users\Heather\Downloads\AR-MMC_WKSHT-001 PRP July 2016.pdf
2017-06-25 15:31 - 2017-06-25 15:31 - 03140724 _____ C:\Users\Heather\Downloads\TC25-10LaneTraining.pdf
2017-06-25 11:32 - 2017-06-25 11:33 - 00000000 ____D C:\Users\Heather\Desktop\PFC Flores Certs
2017-06-24 16:53 - 2017-06-24 16:53 - 00217637 _____ C:\Users\Heather\Downloads\Harris(2).pdf
2017-06-24 16:52 - 2017-06-24 16:52 - 00217637 _____ C:\Users\Heather\Downloads\Harris(1).pdf
2017-06-24 16:51 - 2017-06-24 16:51 - 00217637 _____ C:\Users\Heather\Downloads\Harris.pdf
2017-06-24 16:01 - 2017-06-24 16:01 - 00123654 _____ C:\Users\Heather\Downloads\UMR 16JUN2017 NO SS#.pdf
2017-06-21 11:10 - 2017-06-21 11:10 - 05427200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2017-06-20 10:03 - 2017-07-02 09:29 - 00000941 _____ C:\WINDOWS\Tasks\EPSON XP-310 Series Update {9C89B4A7-19CA-43CB-A508-0ADF5E400CD3}.job
2017-06-20 10:03 - 2017-07-02 09:29 - 00000755 _____ C:\WINDOWS\Tasks\EPSON XP-310 Series Invitation {9C89B4A7-19CA-43CB-A508-0ADF5E400CD3}.job
2017-06-20 10:03 - 2017-06-20 10:03 - 00004138 _____ C:\WINDOWS\System32\Tasks\EPSON XP-310 Series Update {9C89B4A7-19CA-43CB-A508-0ADF5E400CD3}
2017-06-20 10:03 - 2017-06-20 10:03 - 00003960 _____ C:\WINDOWS\System32\Tasks\EPSON XP-310 Series Invitation {9C89B4A7-19CA-43CB-A508-0ADF5E400CD3}
2017-06-20 09:55 - 2017-06-20 10:00 - 00000941 _____ C:\WINDOWS\Tasks\EPSON XP-310 Series Update {8A3FE365-CB04-46AF-93A5-00FA801EDC7B}.job
2017-06-20 09:55 - 2017-06-20 10:00 - 00000755 _____ C:\WINDOWS\Tasks\EPSON XP-310 Series Invitation {8A3FE365-CB04-46AF-93A5-00FA801EDC7B}.job
2017-06-20 09:55 - 2017-06-20 09:55 - 00004138 _____ C:\WINDOWS\System32\Tasks\EPSON XP-310 Series Update {8A3FE365-CB04-46AF-93A5-00FA801EDC7B}
2017-06-20 09:55 - 2017-06-20 09:55 - 00003960 _____ C:\WINDOWS\System32\Tasks\EPSON XP-310 Series Invitation {8A3FE365-CB04-46AF-93A5-00FA801EDC7B}
2017-06-20 00:34 - 2017-06-20 00:34 - 00006402 _____ C:\Users\Heather\Downloads\Champagne Currant.pdf
2017-06-20 00:30 - 2017-06-20 00:30 - 00006711 _____ C:\Users\Heather\Downloads\Aronia Berry.pdf
2017-06-18 22:57 - 2017-06-18 22:57 - 00000000 ____D C:\Users\Heather\AppData\Local\DBG
2017-06-18 14:44 - 2017-06-18 14:44 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2017-06-16 15:08 - 2017-06-16 15:08 - 00080196 _____ C:\Users\Heather\Downloads\APFT HW Jun 2017(1).pdf
2017-06-16 14:54 - 2017-06-16 14:54 - 00080196 _____ C:\Users\Heather\Downloads\APFT HW Jun 2017.pdf
2017-06-16 14:51 - 2017-06-16 14:51 - 00080196 _____ C:\Users\Heather\Desktop\APFT HW Jun 2017.pdf
2017-06-16 14:49 - 2017-06-16 14:49 - 00076099 _____ C:\Users\Heather\Downloads\QuickMemo+_170616_144700.pdf
2017-06-16 14:13 - 2017-06-16 14:13 - 00041032 _____ C:\Users\Heather\Desktop\Jun training schedule.docm
2017-06-15 11:37 - 2017-06-03 02:36 - 01150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-06-15 11:37 - 2017-06-03 02:23 - 20373920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-15 11:37 - 2017-06-03 02:23 - 06760024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-06-15 11:37 - 2017-06-03 02:23 - 00573856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2017-06-15 11:37 - 2017-06-03 02:11 - 02958848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-06-15 11:37 - 2017-06-03 02:09 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-06-15 11:37 - 2017-06-03 02:05 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2017-06-15 11:37 - 2017-06-03 02:05 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devicengccredprov.dll
2017-06-15 11:37 - 2017-06-03 02:03 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-06-15 11:37 - 2017-06-03 02:00 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-06-15 11:37 - 2017-06-03 01:59 - 02672128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-15 11:37 - 2017-06-03 01:59 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-06-15 11:37 - 2017-06-03 01:57 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-06-15 11:37 - 2017-06-03 01:57 - 00797184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-15 11:37 - 2017-06-03 01:56 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-06-15 11:37 - 2017-06-03 01:55 - 03656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-15 11:37 - 2017-06-03 01:55 - 02132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-15 11:37 - 2017-06-03 01:55 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-06-15 11:37 - 2017-06-03 01:53 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-06-15 11:36 - 2017-06-03 02:59 - 01409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-06-15 11:36 - 2017-06-03 02:59 - 00626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-06-15 11:36 - 2017-06-03 02:59 - 00311200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-15 11:36 - 2017-06-03 02:35 - 02259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-06-15 11:36 - 2017-06-03 02:26 - 00266640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\capauthz.dll
2017-06-15 11:36 - 2017-06-03 02:21 - 01516448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-06-15 11:36 - 2017-06-03 02:20 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-06-15 11:36 - 2017-06-03 02:11 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-15 11:36 - 2017-06-03 02:07 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-06-15 11:36 - 2017-06-03 02:05 - 20506624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-06-15 11:36 - 2017-06-03 02:03 - 19336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-15 11:36 - 2017-06-03 01:58 - 05961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-15 11:36 - 2017-06-03 01:57 - 11870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-15 11:36 - 2017-06-03 01:57 - 06535168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-06-15 11:36 - 2017-06-03 01:54 - 02341376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-15 11:36 - 2017-06-03 01:54 - 02298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-06-15 11:32 - 2017-06-03 03:10 - 00130464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-15 11:32 - 2017-06-03 03:09 - 01003624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-06-15 11:32 - 2017-06-03 03:07 - 00119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-15 11:32 - 2017-06-03 02:59 - 00259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-06-15 11:32 - 2017-06-03 02:58 - 21352696 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-15 11:32 - 2017-06-03 02:58 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-06-15 11:32 - 2017-06-03 02:58 - 00660384 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2017-06-15 11:32 - 2017-06-03 02:55 - 02681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-06-15 11:32 - 2017-06-03 02:14 - 03673088 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-06-15 11:32 - 2017-06-03 02:14 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-06-15 11:32 - 2017-06-03 02:12 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-06-15 11:32 - 2017-06-03 02:11 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-06-15 11:32 - 2017-06-03 02:11 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-06-15 11:32 - 2017-06-03 02:10 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-06-15 11:32 - 2017-06-03 02:10 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-06-15 11:32 - 2017-06-03 02:10 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCredentialDeployment.exe
2017-06-15 11:32 - 2017-06-03 02:09 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-06-15 11:32 - 2017-06-03 02:09 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\devicengccredprov.dll
2017-06-15 11:32 - 2017-06-03 02:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-06-15 11:32 - 2017-06-03 02:07 - 00778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-06-15 11:32 - 2017-06-03 02:07 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-06-15 11:32 - 2017-06-03 02:06 - 00551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-06-15 11:32 - 2017-06-03 02:05 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-06-15 11:32 - 2017-06-03 02:03 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-06-15 11:32 - 2017-06-03 02:02 - 08245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-06-15 11:32 - 2017-06-03 02:00 - 03379200 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-15 11:32 - 2017-06-03 02:00 - 00933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-15 11:32 - 2017-06-03 01:59 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-15 11:32 - 2017-06-03 01:59 - 02625024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-06-15 11:32 - 2017-06-03 01:59 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-15 11:32 - 2017-06-03 01:59 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-06-15 11:32 - 2017-06-03 01:59 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-06-15 11:32 - 2017-06-03 01:58 - 02516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-06-15 11:32 - 2017-06-03 01:58 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-06-15 11:32 - 2017-06-03 01:57 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-06-15 11:31 - 2017-06-03 03:15 - 01596600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-06-15 11:31 - 2017-06-03 03:15 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-06-15 11:31 - 2017-06-03 03:15 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-15 11:31 - 2017-06-03 03:14 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-06-15 11:31 - 2017-06-03 03:14 - 01024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-06-15 11:31 - 2017-06-03 03:09 - 08318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-15 11:31 - 2017-06-03 03:08 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-15 11:31 - 2017-06-03 03:07 - 00923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-06-15 11:31 - 2017-06-03 03:02 - 02444192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-15 11:31 - 2017-06-03 03:01 - 05477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-06-15 11:31 - 2017-06-03 03:00 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-06-15 11:31 - 2017-06-03 03:00 - 00321376 _____ (Microsoft Corporation) C:\WINDOWS\system32\capauthz.dll
2017-06-15 11:31 - 2017-06-03 02:58 - 00254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-06-15 11:31 - 2017-06-03 02:57 - 00371616 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-06-15 11:31 - 2017-06-03 02:56 - 02228120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-06-15 11:31 - 2017-06-03 02:56 - 01854880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-06-15 11:31 - 2017-06-03 02:56 - 01693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-06-15 11:31 - 2017-06-03 02:56 - 01458592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-06-15 11:31 - 2017-06-03 02:56 - 00848288 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-06-15 11:31 - 2017-06-03 02:56 - 00846752 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-06-15 11:31 - 2017-06-03 02:56 - 00844696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-06-15 11:31 - 2017-06-03 02:56 - 00697760 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-06-15 11:31 - 2017-06-03 02:56 - 00672672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-06-15 11:31 - 2017-06-03 02:56 - 00399264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-06-15 11:31 - 2017-06-03 02:28 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-06-15 11:31 - 2017-06-03 02:14 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll