Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016 Ran by Brian (administrator) on BRIAN-HP (09-09-2016 20:38:26) Running from C:\Users\Brian\Desktop Loaded Profiles: Brian (Available Profiles: Brian & DefaultAppPool) Platform: Windows 10 Home Version 1607 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe (Performix LLC) C:\Program Files (x86)\Adguard\AdguardSvc.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsClient.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Limited) C:\Program Files (x86)\Common Files\Sophos\Web Intelligence\swi_fc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe (Condusiv Technologies) C:\Program Files\Condusiv Technologies\Diskeeper\DKService.exe (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_service.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe (Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe (Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_tray.exe (Repkasoft) C:\Program Files (x86)\YoWindow\yowindow.exe (Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (Dashlane, Inc.) C:\Users\Brian\AppData\Roaming\Dashlane\Dashlane.exe () C:\Users\Brian\AppData\Roaming\Dashlane\DashlanePlugin.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-26] (Apple Inc.) HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-07-16] (Microsoft Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [656920 2011-02-01] (PDF Complete Inc) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [286992 2015-11-15] (RealNetworks, Inc.) HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [719632 2015-11-04] () HKLM-x32\...\Run: [IDrive Background process] => C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe [72736 2016-01-18] (Prosoftnet) HKLM-x32\...\Run: [IDrive Tray] => C:\Program Files (x86)\IDriveWindows\id_tray.exe [1985056 2016-01-18] (Prosoftnet) HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.) HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1596200 2016-01-15] (Sophos Limited) HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2631120 2016-07-28] (Malwarebytes Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" HKLM-x32\...\Run: [Digital Coupon Print Driver] => "C:\Program Files (x86)\Digital Coupon Printer\DigitalCouponPrinter.exe" HKLM Group Policy restriction on software: *.txt*.bat <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.divx*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.wma*.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.js <====== ATTENTION HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*.js <====== ATTENTION HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.pub*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx*.js <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\*.js <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\*.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION HKLM Group Policy restriction on software: *.rar*.js <====== ATTENTION HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.png*.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION HKLM Group Policy restriction on software: *.divx*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.rar*.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.js <====== ATTENTION HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.pdf*.js <====== ATTENTION HKLM Group Policy restriction on software: *.rar*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.doc*.js <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.wav*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.rar*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.mp4*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.doc*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.avi*.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.js <====== ATTENTION HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION HKLM Group Policy restriction on software: *.rtf*.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.doc*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.pub*.js <====== ATTENTION HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.gif*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.zip*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.mp3*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.xls*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.ppt*.js <====== ATTENTION HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.ppt*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.xls*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg*.bat <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.wmv*.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.7z*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.mp4*.js <====== ATTENTION HKLM Group Policy restriction on software: *.pdf*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.mp4*.bat <====== ATTENTION HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.7z*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*\*.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.jse <====== ATTENTION HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION HKLM Group Policy restriction on software: *.avi*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.gif*.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION HKLM Group Policy restriction on software: ** <====== ATTENTION HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION HKLM Group Policy restriction on software: *.pptx*.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.wma*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg*.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.docx*.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.wav*.js <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\*.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*\*.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.divx*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.wav*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION HKLM Group Policy restriction on software: *.pptx*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.mp4*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.bmp*.js <====== ATTENTION HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.bat <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.js <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION HKLM Group Policy restriction on software: *.pub*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.ppt*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION HKLM Group Policy restriction on software: *.jpg*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.jpg*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.pptx*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.pdf*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.zip*.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.gif*.bat <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION HKLM Group Policy restriction on software: *.jpg*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.avi*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.pdf*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION HKLM Group Policy restriction on software: *.mp3*.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.jpg*.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.js <====== ATTENTION HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.txt*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*\*.js <====== ATTENTION HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.zip*.bat <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.mp3*.js <====== ATTENTION HKLM Group Policy restriction on software: *.png*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.wmv*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.doc*.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.pub*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.wma*.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.bmp*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.txt*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.zip*.jse <====== ATTENTION HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.rtf*.cmd <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.docx*.js <====== ATTENTION HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.avi*.js <====== ATTENTION HKLM Group Policy restriction on software: *.docx*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.bat <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.pptx*.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.divx*.js <====== ATTENTION HKLM Group Policy restriction on software: *.7z*.js <====== ATTENTION HKLM Group Policy restriction on software: *.wmv*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.bmp*.bat <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.xls*.js <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.xls*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION HKLM Group Policy restriction on software: *.wmv*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.rtf*.js <====== ATTENTION HKLM Group Policy restriction on software: *.mp3*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.bmp*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.png*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx*.bat <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.wma*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.png*.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.docx*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.wav*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.7z*.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.gif*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.ppt*.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\*.js <====== ATTENTION HKLM Group Policy restriction on software: *.txt*.js <====== ATTENTION HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.rtf*.jse <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\*.jse <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\*.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\dashlane\dashlane.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\dashlane\dashlane.exe <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\dashlane\procdump.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\dashlane\dashlaneplugin.exe <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\dashlane\dashlaneplugin.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\dashlane\procdump.exe <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\dashlane\dashlane.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\dashlane\dashlaneplugin.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\dashlane\procdump.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\dashlane\procdump.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\dashlane\dashlane.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\dashlane\dashlaneplugin.exe <====== ATTENTION HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-08-30] (SUPERAntiSpyware) HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\Run: [Dashlane] => C:\Users\Brian\AppData\Roaming\Dashlane\Dashlane.exe [228224 2016-08-31] (Dashlane, Inc.) HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\Run: [DashlanePlugin] => C:\Users\Brian\AppData\Roaming\Dashlane\DashlanePlugin.exe [286080 2016-08-31] () HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe [10566352 2015-09-02] () HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.) HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\Run: [Adguard] => C:\Program Files (x86)\Adguard\Adguard.exe [5608440 2016-08-26] (Performix LLC) HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\Run: [eM Client] => "C:\Program Files (x86)\eM Client\MailClient.exe" /startup HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8894680 2016-08-05] (Piriform Ltd) HKU\S-1-5-21-1563961910-250262785-1644635927-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\yowindow.scr [859080 2016-07-10] (repkasoft) AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\\SOPHOS~1.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\\sophos_detoured.dll [275352 2016-02-22] (Sophos Limited) ShellIconOverlayIdentifiers: [ 0001IDSIcon1] -> {0FA6DCC0-CF0B-427D-A8AF-97C466AB5769} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2015-11-25] (Pro-Softnet Corporation, U.S.A) ShellIconOverlayIdentifiers: [ 0001IDSIcon2] -> {66357BBE-D2E5-453C-95FF-8102EB32419D} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2015-11-25] (Pro-Softnet Corporation, U.S.A) ShellIconOverlayIdentifiers: [ 0001IDSIcon3] -> {904E6336-8B13-43FA-B4C3-5B62C1C91971} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2015-11-25] (Pro-Softnet Corporation, U.S.A) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2015-11-15] ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.) Startup: C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-12-18] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\YoWindow.lnk [2016-01-22] ShortcutTarget: YoWindow.lnk -> C:\Program Files (x86)\YoWindow\yowindow.exe (Repkasoft) Startup: C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~Disabled [2016-08-04] () GroupPolicy: Restriction - Chrome <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 Tcpip\..\Interfaces\{136f715d-1007-4cf1-8adb-aa43da411b61}: [DhcpNameServer] 209.18.47.61 209.18.47.62 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKU\S-1-5-21-1563961910-250262785-1644635927-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset SearchScopes: HKLM -> OldSearch URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKLM -> {C46296C9-9FB6-4509-8294-68FA8F44E6DB} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKLM-x32 -> {C46296C9-9FB6-4509-8294-68FA8F44E6DB} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKU\S-1-5-21-1563961910-250262785-1644635927-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-1563961910-250262785-1644635927-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-1563961910-250262785-1644635927-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = SearchScopes: HKU\S-1-5-21-1563961910-250262785-1644635927-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKU\S-1-5-21-1563961910-250262785-1644635927-1001 -> {C46296C9-9FB6-4509-8294-68FA8F44E6DB} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-1563961910-250262785-1644635927-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKU\S-1-5-21-1563961910-250262785-1644635927-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKU\S-1-5-21-1563961910-250262785-1644635927-1001 -> {F2B5E2C6-4DFD-420A-80B7-6DDC3D8989CA} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default SearchScopes: HKU\S-1-5-21-1563961910-250262785-1644635927-1001 -> {F813F595-1DA6-4476-915D-E3C2FDF0B758} URL = hxxp://www.google.com/cse?cx=partner-pub-6697027465779297:3144322079&ie=ISO-8859-1&sa=Search&q={searchTerms} BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2015-11-04] (RealDownloader) BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-08-25] (Microsoft Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-08-25] (Microsoft Corporation) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2015-11-04] (RealDownloader) BHO-x32: Dashlane BHO -> {42D79B50-CC4A-4A8E-860F-BE674AF053A2} -> C:\Users\Brian\AppData\Roaming\Dashlane\ie\Dashlanei.dll [2016-08-31] (Dashlane, Inc.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-07-23] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-23] (Oracle Corporation) Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\Brian\AppData\Roaming\Dashlane\ie\KWIEBar.dll [2016-08-31] (Dashlane, Inc.) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-08-25] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-08-25] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-08-25] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-08-25] (Microsoft Corporation) FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] () FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-23] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-23] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-08-25] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @Motive.com/NpMotive,version=1.1 -> C:\Program Files (x86)\ATT\8.5.1.16\ma\bin\npMotive.dll [No File] FF Plugin-x32: @real.com/nppl3260;version=18.1.2.175 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2015-11-15] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=18.1.2.175 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2015-11-15] (RealPlayer) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.) FF Extension: (AT&T Extension) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\mcciwbch@motive.com.xpi [2016-04-02] [not signed] Chrome: ======= CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default CHR DefaultSearchKeyword: Default -> Yahoo CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10 CHR Profile: C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Xmarks Bookmark Sync) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2016-07-01] CHR Extension: (Adguard AdBlocker) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2016-08-29] CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2016-08-08] CHR Extension: (Adblock Plus) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-08-25] CHR Extension: (Incognito-Filter) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cifilbmpnkjinlkchohdfcpdkmpngiik [2016-07-01] CHR Extension: (Blur Privacy Dashboard) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjidbdiahninbecbcigapoocbkfncobc [2016-07-01] CHR Extension: (Adblock for Youtube™) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2016-07-01] CHR Extension: (PriceJump) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dblfcnaanidhgjbmcfgebdcifkaffcpb [2016-07-01] CHR Extension: (Facebook Customizer (by Adblock Plus)) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoeenbkoccjaefmmhpmlegngdjohdcm [2016-07-01] CHR Extension: (Blur) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2016-08-31] CHR Extension: (YoWindow Free Weather) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef [2016-07-01] CHR Extension: (Dashlane) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2016-09-07] CHR Extension: (Just Not Sorry -- the Gmail Plug-in) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmegmibednnlgojepmidhlhpjbppmlci [2016-07-01] CHR Extension: (HTTPS Everywhere) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2016-09-02] CHR Extension: (Assassin's Creed III) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\geadmffjboclimmeiaimcafapjaefnfn [2016-07-01] CHR Extension: (The Camelizer) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghnomdcacenbmilgjigehppbamfndblo [2016-07-01] CHR Extension: (AmazonSmile 1Button for Chrome) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgenjhkjihnmigcommchefpajjhdmba [2016-07-01] CHR Extension: (Protect My Choices) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgloanjhdcenjgiafkpbehddcnonlic [2016-07-18] CHR Extension: (The Weather Channel for Chrome) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop [2016-07-01] CHR Extension: (Google Voice (by Google)) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2016-07-01] CHR Extension: (Advanced Extensions) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\knchccdpckooledklhnooegnniofcfip [2016-07-01] CHR Extension: (iCloud Dashboard) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgojgddhfhekopdpkocobommepgdeffb [2016-09-06] CHR Extension: (Ghostery Fixer) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkaegpmdlhnpldpoadmnnbddbkcdmbhb [2016-07-01] CHR Extension: (Ghostery) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2016-09-06] CHR Extension: (Chrome Web Store Payments) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-30] CHR Extension: (Buffer) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\noojglkidnpfjbincgijbaiedldjfbhh [2016-09-09] CHR Extension: (Readability) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\oknpjjbmpnndlpmnhmekjpocelpnlfdi [2016-07-01] CHR Extension: (Chrome Media Router) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-29] CHR HKLM-x32\...\Chrome\Extension: [bhfhojbhbnajajgihpicejdalbjlpcep] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [nogdfjjfhknacchjpiccacoimeelkajb] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com) R2 Adguard Service; C:\Program Files (x86)\Adguard\AdguardSvc.exe [149496 2016-08-26] (Performix LLC) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2981056 2016-08-11] (Microsoft Corporation) R2 Diskeeper; C:\Program Files\Condusiv Technologies\Diskeeper\DKService.exe [2695920 2015-03-05] (Condusiv Technologies) R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5906088 2015-10-28] (Fitbit, Inc.) R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-09-09] (SurfRight B.V.) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.) R2 IDriveService; C:\Program Files (x86)\IDriveWindows\id_service.exe [154656 2016-01-18] (Prosoftnet) R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [750032 2016-07-28] (Malwarebytes Corporation) S4 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc) S4 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [33088 2015-11-04] () S4 RealTimes Desktop Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1095976 2015-11-15] (RealNetworks, Inc.) R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [288552 2016-02-14] (Sophos Limited) R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [208168 2016-02-14] (Sophos Limited) R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [636224 2016-01-15] (Sophos Limited) R2 Sophos MCS Agent; C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe [331048 2016-02-14] (Sophos Limited) R2 Sophos MCS Client; C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsClient.exe [909608 2016-02-14] (Sophos Limited) R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [341768 2016-02-14] (Sophos Limited) R2 swi_filter; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe [307848 2016-02-22] (Sophos Limited) R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3285640 2016-02-22] (Sophos Limited) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 adgnetworkwfpdrv; C:\Windows\System32\drivers\adgnetworkwfpdrv.sys [108656 2016-07-21] () R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices) R0 DKDFM; C:\Windows\System32\drivers\DKDFM.sys [41744 2013-05-06] (Condusiv Technologies) R3 DKRtWrt; C:\WINDOWS\system32\drivers\DKRtWrt.sys [53520 2014-10-24] (Condusiv Technologies) R0 DKTLFSMF; C:\Windows\System32\drivers\DKTLFSMF.sys [119536 2014-04-14] (Condusiv Technologies) R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [74984 2016-07-28] () R1 MpKsl102f7533; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{482E6572-E5A0-4FB2-9E13-5B6434E2FE82}\MpKsl102f7533.sys [44928 2016-09-08] (Microsoft Corporation) S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek ) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [161024 2016-02-14] (Sophos Limited) S3 sdcfilter; C:\Windows\system32\DRIVERS\sdcfilter.sys [38144 2016-02-14] (Sophos Limited) S4 SophosBootDriver; C:\Windows\system32\DRIVERS\SophosBootDriver.sys [27904 2016-02-14] (Sophos Limited) R1 swi_callout; C:\Windows\system32\DRIVERS\swi_callout.sys [32512 2016-02-22] (Sophos Limited) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) R3 WirelessKeyboardFilter; C:\Windows\System32\drivers\WirelessKeyboardFilter.sys [49384 2016-03-29] (Microsoft Corporation) R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2016-06-29] (Zemana Ltd.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-09-09 20:38 - 2016-09-09 20:39 - 00057563 _____ C:\Users\Brian\Desktop\FRST.txt 2016-09-09 20:37 - 2016-09-09 20:38 - 02397696 _____ (Farbar) C:\Users\Brian\Desktop\FRST64.exe 2016-09-09 18:18 - 2016-09-09 18:18 - 00000000 ___SH C:\DkHyperbootSync 2016-09-08 18:45 - 2016-09-08 18:45 - 00005826 _____ C:\Users\Brian\Downloads\fixlist (5).txt 2016-09-08 18:27 - 2016-09-08 18:47 - 00000000 ____D C:\Users\Brian\Desktop\Fix 9-8-16 2016-09-08 18:26 - 2016-09-08 18:26 - 00005826 _____ C:\Users\Brian\Downloads\fixlist (4).txt 2016-09-08 07:08 - 2016-09-08 07:08 - 00001426 _____ C:\WINDOWS\system32\.crusader 2016-09-07 23:04 - 2016-09-07 23:04 - 00005826 _____ C:\Users\Brian\Downloads\fixlist (3).txt 2016-09-07 22:55 - 2016-09-07 22:55 - 00005826 _____ C:\Users\Brian\Downloads\fixlist (2).txt 2016-09-07 22:50 - 2016-09-07 22:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2016-09-07 22:50 - 2016-09-07 22:50 - 00000000 ____D C:\Program Files\HitmanPro 2016-09-07 22:49 - 2016-09-07 22:49 - 11438608 _____ (SurfRight B.V.) C:\Users\Brian\Downloads\hitmanpro_x64 (1).exe 2016-09-07 22:43 - 2016-09-07 22:43 - 00000000 ____D C:\Users\Default\AppData\Roaming\Performix LLC 2016-09-07 22:43 - 2016-09-07 22:43 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Performix LLC 2016-09-07 22:33 - 2016-09-07 22:33 - 03826240 _____ C:\Users\Brian\Downloads\adwcleaner_6.010.exe 2016-09-07 21:32 - 2016-09-09 20:16 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit 2016-09-07 21:32 - 2016-09-07 21:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit 2016-09-07 21:32 - 2016-09-07 21:32 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit 2016-09-07 21:25 - 2016-09-07 22:51 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-09-07 21:25 - 2016-09-07 21:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-09-07 21:24 - 2016-09-07 21:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-09-07 21:24 - 2016-09-07 21:24 - 00000826 _____ C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\mbam-setup-2.2.1.lnk 2016-09-07 21:24 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2016-09-07 21:24 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2016-09-07 21:24 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2016-09-07 21:22 - 2016-09-07 21:22 - 22851472 _____ (Malwarebytes ) C:\Users\Brian\Downloads\mbam-setup-cnet.35891-2.2.1.1043.exe 2016-09-06 18:43 - 2016-09-06 18:43 - 01706112 _____ (Malwarebytes) C:\Users\Brian\Downloads\mbam-check-2.3.2.0 (2).exe 2016-09-06 18:43 - 2016-09-06 18:43 - 01706112 _____ (Malwarebytes) C:\Users\Brian\Downloads\mbam-check-2.3.2.0 (1).exe 2016-09-06 18:37 - 2016-09-06 18:37 - 01706112 _____ (Malwarebytes) C:\Users\Brian\Downloads\mbam-check-2.3.2.0.exe 2016-09-06 17:54 - 2016-02-22 11:17 - 00032512 _____ (Sophos Limited) C:\WINDOWS\system32\Drivers\swi_callout.sys 2016-09-06 17:44 - 2016-09-06 17:44 - 00346728 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-09-04 22:05 - 2016-09-04 22:05 - 00000000 ____D C:\WINDOWS\Panther 2016-09-04 20:28 - 2016-09-04 20:28 - 00000000 ____D C:\zoek_backup 2016-09-04 20:26 - 2016-09-04 20:27 - 01309184 _____ C:\Users\Brian\Downloads\zoek.exe 2016-09-04 18:02 - 2016-09-08 19:30 - 00000350 _____ C:\WINDOWS\Tasks\HPCeeScheduleForBrian.job 2016-09-04 18:02 - 2016-09-08 18:02 - 00003242 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForBrian 2016-09-02 21:49 - 2016-09-02 21:49 - 18309328 _____ (Microsoft Corporation) C:\Users\Brian\Downloads\MediaCreationTool.exe 2016-09-02 21:32 - 2016-09-02 21:32 - 05737808 _____ (Microsoft Corporation) C:\Users\Brian\Downloads\Windows10Upgrade9252 (1).exe 2016-09-02 21:11 - 2016-09-02 21:12 - 00000000 ____D C:\Users\Brian\Downloads\produkey-x64 2016-09-02 21:03 - 2016-09-08 22:28 - 00000000 ____D C:\WINDOWS\Microsoft Antimalware 2016-09-02 19:21 - 2016-08-27 00:12 - 04130944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2016-09-02 19:21 - 2016-08-27 00:12 - 00244816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll 2016-09-02 19:21 - 2016-08-26 23:58 - 03893376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2016-09-02 19:21 - 2016-08-26 23:58 - 00121368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll 2016-09-02 19:21 - 2016-08-26 23:39 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll 2016-09-02 19:21 - 2016-08-26 23:38 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll 2016-09-02 19:21 - 2016-08-26 23:38 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll 2016-09-02 19:21 - 2016-08-26 23:37 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll 2016-09-02 19:21 - 2016-08-26 23:25 - 00804864 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll 2016-09-02 19:21 - 2016-08-20 01:05 - 01377008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe 2016-09-02 19:21 - 2016-08-20 01:04 - 07814488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2016-09-02 19:21 - 2016-08-20 01:03 - 01883784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2016-09-02 19:21 - 2016-08-20 00:52 - 07219672 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2016-09-02 19:21 - 2016-08-20 00:52 - 02190688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2016-09-02 19:21 - 2016-08-20 00:52 - 01859264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll 2016-09-02 19:21 - 2016-08-20 00:52 - 00857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe 2016-09-02 19:21 - 2016-08-20 00:52 - 00658776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2016-09-02 19:21 - 2016-08-20 00:52 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2016-09-02 19:21 - 2016-08-20 00:51 - 00681312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ClipSp.sys 2016-09-02 19:21 - 2016-08-20 00:50 - 02913104 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll 2016-09-02 19:21 - 2016-08-20 00:50 - 01099608 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2016-09-02 19:21 - 2016-08-20 00:50 - 00987992 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2016-09-02 19:21 - 2016-08-20 00:50 - 00073568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys 2016-09-02 19:21 - 2016-08-20 00:50 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2016-09-02 19:21 - 2016-08-20 00:50 - 00020320 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll 2016-09-02 19:21 - 2016-08-20 00:47 - 22218808 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2016-09-02 19:21 - 2016-08-20 00:47 - 01453992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll 2016-09-02 19:21 - 2016-08-20 00:47 - 01071728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll 2016-09-02 19:21 - 2016-08-20 00:46 - 01570680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2016-09-02 19:21 - 2016-08-20 00:43 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2016-09-02 19:21 - 2016-08-20 00:34 - 01430200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll 2016-09-02 19:21 - 2016-08-20 00:34 - 00782176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe 2016-09-02 19:21 - 2016-08-20 00:33 - 05722312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2016-09-02 19:21 - 2016-08-20 00:32 - 02166232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll 2016-09-02 19:21 - 2016-08-20 00:32 - 00846552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll 2016-09-02 19:21 - 2016-08-20 00:29 - 20965240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2016-09-02 19:21 - 2016-08-20 00:29 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll 2016-09-02 19:21 - 2016-08-20 00:29 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll 2016-09-02 19:21 - 2016-08-20 00:25 - 01264912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2016-09-02 19:21 - 2016-08-20 00:22 - 22571008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2016-09-02 19:21 - 2016-08-20 00:22 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll 2016-09-02 19:21 - 2016-08-20 00:21 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\C_G18030.DLL 2016-09-02 19:21 - 2016-08-20 00:21 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll 2016-09-02 19:21 - 2016-08-20 00:21 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll 2016-09-02 19:21 - 2016-08-20 00:21 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\c_GSM7.DLL 2016-09-02 19:21 - 2016-08-20 00:20 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll 2016-09-02 19:21 - 2016-08-20 00:20 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\C_IS2022.DLL 2016-09-02 19:21 - 2016-08-20 00:15 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll 2016-09-02 19:21 - 2016-08-20 00:15 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe 2016-09-02 19:21 - 2016-08-20 00:14 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\C_G18030.DLL 2016-09-02 19:21 - 2016-08-20 00:14 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll 2016-09-02 19:21 - 2016-08-20 00:14 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\C_IS2022.DLL 2016-09-02 19:21 - 2016-08-20 00:13 - 01081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2016-09-02 19:21 - 2016-08-20 00:13 - 00743424 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll 2016-09-02 19:21 - 2016-08-20 00:13 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe 2016-09-02 19:21 - 2016-08-20 00:12 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2016-09-02 19:21 - 2016-08-20 00:12 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll 2016-09-02 19:21 - 2016-08-20 00:12 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll 2016-09-02 19:21 - 2016-08-20 00:12 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll 2016-09-02 19:21 - 2016-08-20 00:11 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2016-09-02 19:21 - 2016-08-20 00:09 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll 2016-09-02 19:21 - 2016-08-20 00:08 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll 2016-09-02 19:21 - 2016-08-20 00:08 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe 2016-09-02 19:21 - 2016-08-20 00:07 - 01403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll 2016-09-02 19:21 - 2016-08-20 00:07 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll 2016-09-02 19:21 - 2016-08-20 00:07 - 00554496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll 2016-09-02 19:21 - 2016-08-20 00:07 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll 2016-09-02 19:21 - 2016-08-20 00:07 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CastLaunch.dll 2016-09-02 19:21 - 2016-08-20 00:06 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2016-09-02 19:21 - 2016-08-20 00:06 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe 2016-09-02 19:21 - 2016-08-20 00:04 - 23682560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-09-02 19:21 - 2016-08-20 00:04 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2016-09-02 19:21 - 2016-08-20 00:04 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll 2016-09-02 19:21 - 2016-08-20 00:03 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll 2016-09-02 19:21 - 2016-08-20 00:01 - 04612096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll 2016-09-02 19:21 - 2016-08-20 00:01 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll 2016-09-02 19:21 - 2016-08-20 00:01 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll 2016-09-02 19:21 - 2016-08-20 00:00 - 19423232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2016-09-02 19:21 - 2016-08-20 00:00 - 08124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2016-09-02 19:21 - 2016-08-19 23:59 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll 2016-09-02 19:21 - 2016-08-19 23:59 - 01077760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll 2016-09-02 19:21 - 2016-08-19 23:57 - 01282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2016-09-02 19:21 - 2016-08-19 23:56 - 02315264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2016-09-02 19:21 - 2016-08-19 23:56 - 02289664 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2016-09-02 19:21 - 2016-08-19 23:56 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2016-09-02 19:21 - 2016-08-19 23:55 - 19418624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2016-09-02 19:21 - 2016-08-19 23:55 - 00726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll 2016-09-02 19:21 - 2016-08-19 23:52 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll 2016-09-02 19:21 - 2016-08-19 23:51 - 06044672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2016-09-02 19:21 - 2016-08-19 23:51 - 01992704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2016-09-02 19:20 - 2016-08-27 07:45 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfksproxy.dll 2016-09-02 19:20 - 2016-08-27 04:37 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfksproxy.dll 2016-09-02 19:20 - 2016-08-26 23:44 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\encapi.dll 2016-09-02 19:20 - 2016-08-26 23:43 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\encapi.dll 2016-09-02 19:20 - 2016-08-20 01:26 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2016-09-02 19:20 - 2016-08-20 01:13 - 00590952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2016-09-02 19:20 - 2016-08-20 01:06 - 01046976 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2016-09-02 19:20 - 2016-08-20 01:06 - 00885832 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2016-09-02 19:20 - 2016-08-20 01:06 - 00108384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys 2016-09-02 19:20 - 2016-08-20 01:04 - 01349120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2016-09-02 19:20 - 2016-08-20 01:04 - 01163696 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2016-09-02 19:20 - 2016-08-20 01:03 - 02257248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2016-09-02 19:20 - 2016-08-20 00:52 - 01279328 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll 2016-09-02 19:20 - 2016-08-20 00:52 - 00178528 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll 2016-09-02 19:20 - 2016-08-20 00:50 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll 2016-09-02 19:20 - 2016-08-20 00:50 - 00942424 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi 2016-09-02 19:20 - 2016-08-20 00:50 - 00807776 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe 2016-09-02 19:20 - 2016-08-20 00:42 - 02537824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2016-09-02 19:20 - 2016-08-20 00:34 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll 2016-09-02 19:20 - 2016-08-20 00:33 - 00852824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll 2016-09-02 19:20 - 2016-08-20 00:21 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2016-09-02 19:20 - 2016-08-20 00:21 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.UXRes.dll 2016-09-02 19:20 - 2016-08-20 00:21 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll 2016-09-02 19:20 - 2016-08-20 00:20 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll 2016-09-02 19:20 - 2016-08-20 00:20 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll 2016-09-02 19:20 - 2016-08-20 00:20 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys 2016-09-02 19:20 - 2016-08-20 00:19 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll 2016-09-02 19:20 - 2016-08-20 00:19 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll 2016-09-02 19:20 - 2016-08-20 00:18 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll 2016-09-02 19:20 - 2016-08-20 00:18 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2016-09-02 19:20 - 2016-08-20 00:18 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe 2016-09-02 19:20 - 2016-08-20 00:17 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll 2016-09-02 19:20 - 2016-08-20 00:17 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll 2016-09-02 19:20 - 2016-08-20 00:17 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerSvc.dll 2016-09-02 19:20 - 2016-08-20 00:16 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2016-09-02 19:20 - 2016-08-20 00:16 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll 2016-09-02 19:20 - 2016-08-20 00:16 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipboardServer.dll 2016-09-02 19:20 - 2016-08-20 00:15 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll 2016-09-02 19:20 - 2016-08-20 00:15 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll 2016-09-02 19:20 - 2016-08-20 00:14 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll 2016-09-02 19:20 - 2016-08-20 00:14 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll 2016-09-02 19:20 - 2016-08-20 00:14 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\c_GSM7.DLL 2016-09-02 19:20 - 2016-08-20 00:13 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.UXRes.dll 2016-09-02 19:20 - 2016-08-20 00:12 - 01014784 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll 2016-09-02 19:20 - 2016-08-20 00:12 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe 2016-09-02 19:20 - 2016-08-20 00:12 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2016-09-02 19:20 - 2016-08-20 00:11 - 00410624 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll 2016-09-02 19:20 - 2016-08-20 00:11 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll 2016-09-02 19:20 - 2016-08-20 00:10 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2016-09-02 19:20 - 2016-08-20 00:10 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe 2016-09-02 19:20 - 2016-08-20 00:10 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2016-09-02 19:20 - 2016-08-20 00:09 - 09128448 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2016-09-02 19:20 - 2016-08-20 00:09 - 00642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll 2016-09-02 19:20 - 2016-08-20 00:09 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe 2016-09-02 19:20 - 2016-08-20 00:08 - 01906176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll 2016-09-02 19:20 - 2016-08-20 00:08 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll 2016-09-02 19:20 - 2016-08-20 00:08 - 00204288 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\DscCoreConfProv.dll 2016-09-02 19:20 - 2016-08-20 00:08 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ClipboardServer.dll 2016-09-02 19:20 - 2016-08-20 00:07 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll 2016-09-02 19:20 - 2016-08-20 00:07 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\smphost.dll 2016-09-02 19:20 - 2016-08-20 00:06 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi_passthru.dll 2016-09-02 19:20 - 2016-08-20 00:05 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll 2016-09-02 19:20 - 2016-08-20 00:05 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll 2016-09-02 19:20 - 2016-08-20 00:04 - 03245056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll 2016-09-02 19:20 - 2016-08-20 00:04 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe 2016-09-02 19:20 - 2016-08-20 00:04 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll 2016-09-02 19:20 - 2016-08-20 00:04 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\delegatorprovider.dll 2016-09-02 19:20 - 2016-08-20 00:03 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2016-09-02 19:20 - 2016-08-20 00:03 - 02846208 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll 2016-09-02 19:20 - 2016-08-20 00:03 - 00944640 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2016-09-02 19:20 - 2016-08-20 00:02 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll 2016-09-02 19:20 - 2016-08-20 00:00 - 01316352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll 2016-09-02 19:20 - 2016-08-20 00:00 - 00141824 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\SysWOW64\DscCoreConfProv.dll 2016-09-02 19:20 - 2016-08-19 23:59 - 07624192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2016-09-02 19:20 - 2016-08-19 23:59 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll 2016-09-02 19:20 - 2016-08-19 23:59 - 01690112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2016-09-02 19:20 - 2016-08-19 23:59 - 01106944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll 2016-09-02 19:20 - 2016-08-19 23:59 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smphost.dll 2016-09-02 19:20 - 2016-08-19 23:58 - 01643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll 2016-09-02 19:20 - 2016-08-19 23:58 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi_passthru.dll 2016-09-02 19:20 - 2016-08-19 23:57 - 02680832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2016-09-02 19:20 - 2016-08-19 23:57 - 02264064 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2016-09-02 19:20 - 2016-08-19 23:57 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll 2016-09-02 19:20 - 2016-08-19 23:56 - 02711040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll 2016-09-02 19:20 - 2016-08-19 23:56 - 02143232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll 2016-09-02 19:20 - 2016-08-19 23:56 - 01006080 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll 2016-09-02 19:20 - 2016-08-19 23:56 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\delegatorprovider.dll 2016-09-02 19:20 - 2016-08-19 23:54 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll 2016-09-02 19:20 - 2016-08-19 23:53 - 03617792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2016-09-02 19:20 - 2016-08-19 23:53 - 03299328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe 2016-09-02 19:20 - 2016-08-19 23:53 - 01220608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll 2016-09-02 19:20 - 2016-08-19 23:51 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll 2016-09-02 19:20 - 2016-08-19 23:50 - 01875456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll 2016-09-02 19:20 - 2016-08-19 23:49 - 02999296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2016-09-02 19:20 - 2016-08-19 23:46 - 03105792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe 2016-09-02 19:20 - 2016-08-18 20:33 - 00162850 _____ C:\WINDOWS\system32\C_932.NLS 2016-09-02 19:19 - 2016-08-20 00:14 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll 2016-09-02 19:19 - 2016-08-20 00:11 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll 2016-09-02 19:19 - 2016-08-19 23:56 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll 2016-08-30 15:58 - 2016-08-30 15:58 - 00050977 _____ C:\Users\Brian\Downloads\Act150.pdf 2016-08-25 19:26 - 2016-08-05 23:17 - 00450400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys 2016-08-25 19:26 - 2016-08-05 23:17 - 00224096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2016-08-25 19:26 - 2016-08-05 23:16 - 00435040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys 2016-08-25 19:26 - 2016-08-05 22:19 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll 2016-08-25 19:25 - 2016-08-05 22:40 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafpos.dll 2016-08-25 19:23 - 2016-08-05 23:29 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys 2016-08-25 19:23 - 2016-08-05 22:31 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll 2016-08-25 19:21 - 2016-08-05 04:12 - 05622600 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe 2016-08-25 19:20 - 2016-08-05 23:33 - 00354264 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe 2016-08-25 19:20 - 2016-08-05 23:31 - 00041824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysResetErr.exe 2016-08-25 19:20 - 2016-08-05 04:14 - 01066328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pidgenx.dll 2016-08-25 19:20 - 2016-08-05 04:10 - 00939872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pidgenx.dll 2016-08-25 19:20 - 2016-08-05 04:05 - 00665768 _____ (Microsoft Corporation) C:\WINDOWS\system32\GenValObj.exe 2016-08-25 19:12 - 2016-08-05 22:33 - 01082368 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll 2016-08-25 19:12 - 2016-08-05 03:20 - 00538112 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll 2016-08-25 19:10 - 2016-08-05 22:41 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncPolicy.dll 2016-08-25 19:10 - 2016-08-05 03:22 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll 2016-08-25 19:08 - 2016-08-05 03:08 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\slc.dll 2016-08-25 19:05 - 2016-08-05 03:28 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll 2016-08-25 19:04 - 2016-08-05 22:48 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.exe 2016-08-25 18:17 - 2016-08-05 23:18 - 00396168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll 2016-08-25 18:17 - 2016-08-05 22:48 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll 2016-08-25 18:17 - 2016-08-05 22:47 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll 2016-08-25 18:17 - 2016-08-05 22:43 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll 2016-08-25 18:17 - 2016-08-05 22:41 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll 2016-08-25 18:17 - 2016-08-05 22:41 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll 2016-08-25 18:17 - 2016-08-05 22:39 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll 2016-08-25 18:17 - 2016-08-05 22:38 - 17187328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2016-08-25 18:17 - 2016-08-05 22:30 - 13080576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-08-25 18:17 - 2016-08-05 22:23 - 02370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll 2016-08-25 18:16 - 2016-08-05 23:08 - 00509784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe 2016-08-25 18:16 - 2016-08-05 22:40 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll 2016-08-25 18:16 - 2016-08-05 22:23 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll 2016-08-25 18:13 - 2016-08-05 22:31 - 12174336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2016-08-25 18:11 - 2016-08-05 23:26 - 01176664 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll 2016-08-25 18:11 - 2016-08-05 23:03 - 00529928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll 2016-08-25 18:11 - 2016-08-05 22:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll 2016-08-25 18:11 - 2016-08-05 22:28 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll 2016-08-25 18:11 - 2016-08-05 22:21 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll 2016-08-25 18:10 - 2016-08-05 23:17 - 00790760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll 2016-08-25 18:10 - 2016-08-05 23:13 - 00381760 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe 2016-08-25 18:10 - 2016-08-05 22:46 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll 2016-08-25 18:10 - 2016-08-05 22:43 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_WorkAccess.dll 2016-08-25 18:10 - 2016-08-05 22:28 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll 2016-08-25 18:09 - 2016-08-05 23:09 - 00151224 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2016-08-25 18:09 - 2016-08-05 23:03 - 00036168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe 2016-08-25 18:08 - 2016-08-05 22:47 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll 2016-08-25 18:08 - 2016-08-05 22:45 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll 2016-08-25 18:08 - 2016-08-05 22:45 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll 2016-08-25 18:08 - 2016-08-05 22:44 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll 2016-08-25 18:08 - 2016-08-05 22:42 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2016-08-25 18:08 - 2016-08-05 22:40 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2016-08-25 18:08 - 2016-08-05 22:39 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tcpipcfg.dll 2016-08-25 18:08 - 2016-08-05 22:37 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2016-08-25 18:08 - 2016-08-05 22:26 - 00758784 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2016-08-25 18:08 - 2016-08-05 22:26 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2016-08-25 18:08 - 2016-08-05 22:24 - 02095616 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2016-08-25 18:08 - 2016-08-05 22:24 - 02026496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2016-08-25 18:07 - 2016-08-05 23:18 - 00584032 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe 2016-08-25 18:07 - 2016-08-05 23:15 - 00408600 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll 2016-08-25 18:07 - 2016-08-05 23:08 - 02251432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2016-08-25 18:07 - 2016-08-05 23:04 - 00361096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll 2016-08-25 18:07 - 2016-08-05 23:03 - 01343928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll 2016-08-25 18:07 - 2016-08-05 23:03 - 00955008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll 2016-08-25 18:07 - 2016-08-05 22:45 - 00327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll 2016-08-25 18:07 - 2016-08-05 22:45 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll 2016-08-25 18:07 - 2016-08-05 22:45 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\netiougc.exe 2016-08-25 18:07 - 2016-08-05 22:45 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netiougc.exe 2016-08-25 18:07 - 2016-08-05 22:44 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceassociation.dll 2016-08-25 18:07 - 2016-08-05 22:40 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpipcfg.dll 2016-08-25 18:07 - 2016-08-05 22:39 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll 2016-08-25 18:07 - 2016-08-05 22:38 - 00526848 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll 2016-08-25 18:07 - 2016-08-05 22:33 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll 2016-08-25 18:07 - 2016-08-05 22:25 - 03116032 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAJApi.dll 2016-08-25 18:07 - 2016-08-05 22:23 - 01062400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll 2016-08-25 18:06 - 2016-08-05 23:31 - 00077664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys 2016-08-25 18:06 - 2016-08-05 23:23 - 00168800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2016-08-25 18:06 - 2016-08-05 23:17 - 00619368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2016-08-25 18:06 - 2016-08-05 23:13 - 01847048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll 2016-08-25 18:06 - 2016-08-05 23:13 - 01066096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll 2016-08-25 18:06 - 2016-08-05 23:13 - 00595488 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll 2016-08-25 18:06 - 2016-08-05 23:13 - 00044472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe 2016-08-25 18:06 - 2016-08-05 23:03 - 01557296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll 2016-08-25 18:06 - 2016-08-05 22:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll 2016-08-25 18:06 - 2016-08-05 22:47 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys 2016-08-25 18:06 - 2016-08-05 22:46 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys 2016-08-25 18:06 - 2016-08-05 22:43 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe 2016-08-25 18:06 - 2016-08-05 22:43 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys 2016-08-25 18:06 - 2016-08-05 22:41 - 13867520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2016-08-25 18:06 - 2016-08-05 22:41 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll 2016-08-25 18:06 - 2016-08-05 22:41 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll 2016-08-25 18:06 - 2016-08-05 22:31 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll 2016-08-25 18:06 - 2016-08-05 22:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll 2016-08-25 18:06 - 2016-08-05 22:29 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll 2016-08-25 18:06 - 2016-08-05 22:29 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll 2016-08-25 18:06 - 2016-08-05 22:28 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll 2016-08-25 18:06 - 2016-08-05 22:26 - 02422784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAJApi.dll 2016-08-25 18:06 - 2016-08-05 22:23 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2016-08-25 18:06 - 2016-08-05 22:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll 2016-08-25 18:06 - 2016-08-05 22:19 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll 2016-08-25 18:06 - 2016-08-05 03:29 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll 2016-08-25 18:06 - 2016-08-05 03:20 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll 2016-08-25 18:05 - 2016-08-05 22:46 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModelOOBE.exe 2016-08-25 18:05 - 2016-08-05 22:41 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll 2016-08-25 18:05 - 2016-08-05 22:25 - 01595904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2016-08-25 18:04 - 2016-08-05 23:29 - 00199008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys 2016-08-25 18:04 - 2016-08-05 22:46 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dasHost.exe 2016-08-25 18:04 - 2016-08-05 22:44 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceassociation.dll 2016-08-25 18:04 - 2016-08-05 22:39 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll 2016-08-25 18:04 - 2016-08-05 22:36 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\das.dll 2016-08-25 18:04 - 2016-08-05 22:23 - 01780736 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2016-08-25 18:04 - 2016-08-05 22:23 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2016-08-25 18:02 - 2016-08-05 23:18 - 02745224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2016-08-25 18:02 - 2016-08-05 22:29 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll 2016-08-25 18:01 - 2016-08-05 23:13 - 01694200 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll 2016-08-25 18:01 - 2016-08-05 22:23 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\system32\w32time.dll 2016-08-25 18:00 - 2016-08-05 22:31 - 01052672 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll 2016-08-25 17:57 - 2016-08-05 23:08 - 00313560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll 2016-08-25 17:57 - 2016-08-05 22:48 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanhlp.dll 2016-08-25 17:57 - 2016-08-05 22:45 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll 2016-08-25 17:54 - 2016-08-05 22:45 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll 2016-08-25 17:54 - 2016-08-05 22:41 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll 2016-08-25 17:54 - 2016-08-05 22:29 - 13433856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll 2016-08-25 17:51 - 2016-08-05 22:30 - 12345344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll 2016-08-25 17:39 - 2016-08-05 22:31 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll 2016-08-25 17:37 - 2016-08-05 23:08 - 01469120 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2016-08-25 17:31 - 2016-08-05 23:08 - 00587968 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2016-08-25 17:31 - 2016-08-05 23:08 - 00050880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2016-08-25 17:31 - 2016-08-05 23:02 - 00321280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe 2016-08-25 17:31 - 2016-08-05 22:48 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\spwmp.dll 2016-08-25 17:31 - 2016-08-05 22:48 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spwmp.dll 2016-08-25 17:31 - 2016-08-05 22:48 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdxm.ocx 2016-08-25 17:31 - 2016-08-05 22:48 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxmasf.dll 2016-08-25 17:31 - 2016-08-05 22:47 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdxm.ocx 2016-08-25 17:31 - 2016-08-05 22:47 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxmasf.dll 2016-08-25 17:31 - 2016-08-05 22:46 - 09260032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmploc.DLL 2016-08-25 17:31 - 2016-08-05 22:46 - 09260032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmploc.DLL 2016-08-25 17:31 - 2016-08-05 22:40 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncPolicy.dll 2016-08-25 17:31 - 2016-08-05 03:23 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppc.dll 2016-08-25 17:31 - 2016-08-05 03:18 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slc.dll 2016-08-22 18:18 - 2016-08-22 18:18 - 00000000 ____D C:\Users\Brian\Documents\Personal and Confidential - Copy 2016-08-22 18:17 - 2016-09-04 20:20 - 00000000 ____D C:\Users\Brian\Documents\Personal and Confidential 2016-08-21 23:25 - 2016-08-21 23:25 - 08227032 _____ (Piriform Ltd) C:\Users\Brian\Downloads\ccsetup521.exe 2016-08-13 23:02 - 2016-08-13 23:03 - 01190712 _____ (Alcpu ) C:\Users\Brian\Downloads\Core-Temp-setup (1).exe 2016-08-12 19:49 - 2016-08-12 19:49 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini 2016-08-12 18:55 - 2016-08-12 18:55 - 00037284 _____ C:\Users\Brian\Downloads\We_Energies_bill_2016_08_11_0780.pdf 2016-08-11 23:14 - 2016-09-09 20:37 - 00000000 ____D C:\IBVSSTEMP 2016-08-11 22:50 - 2015-11-07 21:47 - 339470477 _____ C:\Users\Brian\Downloads\5.wim 2016-08-11 03:02 - 2016-08-11 03:03 - 00000247 _____ C:\Users\Brian\Downloads\Heat_Street_Newsletter.vcf 2016-08-10 18:19 - 2016-08-10 18:19 - 16714056 _____ C:\Users\Brian\Downloads\yosetup (1).exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-09-09 20:39 - 2016-03-21 18:25 - 00000000 ____D C:\ProgramData\Adguard 2016-09-09 20:39 - 2015-12-09 18:52 - 00000000 ____D C:\ProgramData\IDrive 2016-09-09 20:38 - 2016-06-29 19:29 - 00684515 _____ C:\WINDOWS\ZAM_Guard.krnl.trace 2016-09-09 20:38 - 2016-06-25 15:51 - 00000000 ____D C:\FRST 2016-09-09 20:00 - 2016-08-04 00:16 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2016-09-09 19:43 - 2015-11-09 19:12 - 00000000 ____D C:\Users\Brian\Documents\Outlook Files 2016-09-09 18:41 - 2011-07-15 01:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2016-09-09 18:28 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps 2016-09-09 18:28 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-09-08 19:31 - 2016-03-21 18:25 - 00000000 ____D C:\Program Files (x86)\Adguard 2016-09-08 19:30 - 2016-08-04 00:40 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-09-08 19:12 - 2016-07-16 01:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI 2016-09-08 19:04 - 2015-11-08 16:29 - 00000000 ____D C:\Users\Brian\AppData\Local\Packages 2016-09-08 07:09 - 2016-06-29 19:26 - 00000000 ____D C:\ProgramData\HitmanPro 2016-09-07 22:43 - 2016-08-04 00:18 - 00000000 ____D C:\ProgramData\Package Cache 2016-09-07 22:43 - 2016-03-21 18:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adguard 2016-09-07 22:39 - 2016-06-29 19:34 - 00000000 ____D C:\AdwCleaner 2016-09-07 22:38 - 2016-07-23 00:43 - 00000000 ____D C:\Program Files (x86)\Yahoo! 2016-09-07 21:24 - 2015-11-09 23:23 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-09-06 06:23 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF 2016-09-05 12:02 - 2015-11-15 13:58 - 00000000 ____D C:\Users\Brian\AppData\Roaming\Dashlane 2016-09-05 02:16 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2016-09-04 22:07 - 2015-09-10 00:42 - 00000000 __RHD C:\Users\Public\AccountPictures 2016-09-04 21:58 - 2016-07-16 06:47 - 00000000 ___SD C:\WINDOWS\system32\dsc 2016-09-04 21:58 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2016-09-04 21:58 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\lv-LV 2016-09-04 21:58 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\lt-LT 2016-09-04 21:58 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\et-EE 2016-09-04 21:58 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\es-MX 2016-09-04 21:58 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\en-GB 2016-09-04 21:57 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2016-09-04 21:57 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ShellExperiences 2016-09-04 21:57 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\Provisioning 2016-09-04 21:12 - 2015-11-08 15:33 - 00000000 ____D C:\ESD 2016-09-04 21:08 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-09-04 15:57 - 2016-08-04 03:07 - 00000000 ____D C:\WINDOWS\system32\msmq 2016-09-02 18:43 - 2016-07-16 06:42 - 00409952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS 2016-09-02 18:41 - 2016-07-16 06:43 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe 2016-09-02 18:41 - 2016-07-16 06:43 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll 2016-09-02 18:41 - 2016-07-16 06:43 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll 2016-09-02 18:41 - 2016-07-16 06:43 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll 2016-09-02 18:41 - 2016-07-16 06:43 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll 2016-09-02 18:41 - 2016-07-16 06:43 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll 2016-09-02 18:41 - 2016-07-16 06:43 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe 2016-09-02 18:41 - 2016-07-16 06:42 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe 2016-09-02 18:41 - 2016-07-16 06:42 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll 2016-09-02 18:41 - 2016-07-16 06:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll 2016-09-02 18:41 - 2016-07-16 06:42 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2016-09-02 18:41 - 2016-07-16 06:42 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys 2016-09-02 18:41 - 2016-07-16 06:42 - 00114192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll 2016-09-02 18:41 - 2016-07-16 06:42 - 00079544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll 2016-09-02 18:41 - 2016-07-16 06:42 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll 2016-09-02 18:41 - 2016-07-16 06:42 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll 2016-09-02 18:41 - 2016-07-16 06:42 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe 2016-09-02 18:15 - 2016-06-25 19:28 - 00073600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2016-09-01 23:19 - 2016-01-22 23:21 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2016-08-27 19:42 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\appraiser 2016-08-26 00:43 - 2016-07-16 06:49 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2016-08-26 00:43 - 2016-07-16 06:49 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2016-08-25 08:09 - 2016-07-16 06:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-08-22 18:21 - 2016-01-31 22:57 - 00000000 ____D C:\Users\Brian\Documents\Drive K - Documents Backup 2016-08-21 23:26 - 2016-08-09 21:05 - 00000865 _____ C:\Users\Public\Desktop\CCleaner.lnk 2016-08-21 22:25 - 2016-07-19 22:08 - 00000368 _____ C:\WINDOWS\Tasks\HPCeeScheduleForBRIAN-HP$.job 2016-08-21 16:08 - 2016-08-04 00:40 - 00003290 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForBRIAN-HP$ 2016-08-18 19:23 - 2016-03-21 19:42 - 00000000 ____D C:\Users\Brian\Documents\Latest Reumes 2016-08-16 19:52 - 2015-11-16 18:43 - 00000000 _____ C:\Users\Brian\AppData\LocalLow\rightsCheck_1.txt 2016-08-13 23:43 - 2016-08-04 00:22 - 00000000 ____D C:\Users\Brian 2016-08-13 23:04 - 2016-07-31 03:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp 2016-08-13 23:04 - 2016-07-31 03:26 - 00000000 ____D C:\Program Files\Core Temp 2016-08-13 19:19 - 2016-02-07 04:20 - 00000000 ____D C:\Users\Brian\AppData\Roaming\brave 2016-08-13 19:12 - 2016-05-26 21:49 - 00000000 ____D C:\Users\Brian\AppData\Local\brave 2016-08-12 19:49 - 2016-08-04 00:22 - 00000000 ____D C:\Users\DefaultAppPool ==================== Files in the root of some directories ======= 2016-03-17 20:24 - 2016-03-17 20:24 - 0007602 _____ () C:\Users\Brian\AppData\Local\Resmon.ResmonCfg 2015-11-08 17:13 - 2015-11-08 17:13 - 0000057 _____ () C:\ProgramData\Ament.ini 2016-03-21 18:26 - 2016-08-06 21:59 - 0000258 _____ () C:\ProgramData\fontcacheev1.dat Files to move or delete: ==================== C:\ProgramData\fontcacheev1.dat ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-09-08 05:55 ==================== End of FRST.txt ============================