Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Start Menu Corrupted

Started by Megan81991 , Mar 11 2016 03:14 AM

Please log in to reply

#1
Megan81991

Posted 11 March 2016 - 03:14 AM

Member

Member
13 posts

My start menu icon has changed to just a blank page icon, and every time I attempt to open the start menu I get an error message:

C:\Users\Megan\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe
The file or directory is corrupted and unreadable.

Right-clicking on the start menu and clicking "start menu" results in : "the item you selected is unavailable. It might have been moved, renamed, or removed. Do you want to remove it from the list."

Additional things that have happened:
-run command prompt and attempted to run "chkdsk c: /f /x /r", which only worked on reboot. Ran it twice, and it repeatedly gets stuck on 17% before continuing some time later. Still didn't fix the issue
-attempted to reinstall the pokki start menu for windows 8.1, and both the installer and secondary installer failed
-running update on my Windows 8.1 fails
-Attempted to run refresh PC for recovery and it fails
-restarting Windows explorer does nothing
-in Task Manager, "system" is frequently running at 100% disk space and that never used to happen
-ran Malwarebytes and it only detected 4 potentially problematic files, no malware, and I removed those 4 files and restarted, hoping it would fix this. It didn't
-Comodo firewall isn't detecting anything attacking my computer from the outside

Comp info: Hp Envy 17t, with Windows 8.1

I'm at my wits end with this, I have tried everything I can find. Please help!

#2
RKinner

Posted 11 March 2016 - 12:28 PM

Malware Expert

Expert
24,624 posts

Get the free version of Speccy:

http://www.filehippo...download_speccy(Look in the upper right for the Download

Latest Version button - Do NOT press the large Start Download button on the upper left!) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post. (More Reply Options, Choose File, Open, Attach This File.)

Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK

Options, Verify Image Signatures

Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a full minute then:

File, Save As,(to your desktop) Save. (Note the file name) Open the file on your desktop and copy and paste the text to a reply.

#3
Megan81991

Posted 11 March 2016 - 06:44 PM

Member

Topic Starter
Member
13 posts

I did as requested, attached is the Speccy text file, and here is the Process Explorer text:

Process   CPU   Private Bytes   Working Set   PID   Verified Signer
System Idle Process   95.53   0 K   4 K   0
firefox.exe   1.61   882,668 K   896,080 K   6360   (Verified) Mozilla Corporation
avp.exe   0.88   281,392 K   51,676 K   2032   (Verified) Kaspersky Lab
procexp64.exe   0.83   33,796 K   63,864 K   4960   (Verified) Microsoft Corporation
dwm.exe   0.26   34,708 K   24,736 K   632   (Verified) Microsoft Windows
Interrupts   0.19   0 K   0 K   n/a
FlashPlayerPlugin_19_0_0_245.exe   0.16   12,956 K   20,992 K   5036   (Verified) Adobe Systems Incorporated
avp.exe   0.14   62,908 K   7,952 K   5744   (Verified) Kaspersky Lab
plugin-container.exe   0.11   12,328 K   17,700 K   6320   (Verified) Mozilla Corporation
System   0.09   116 K   1,040 K   4
csrss.exe   0.04   3,512 K   25,328 K   776   (Verified) Microsoft Windows Publisher
explorer.exe   0.03   80,632 K   120,812 K   4064   (Verified) Microsoft Windows
FlashPlayerPlugin_19_0_0_245.exe   0.03   16,588 K   35,432 K   6304   (Verified) Adobe Systems Incorporated
cmdagent.exe   0.02   22,276 K   17,996 K   1864   (Verified) Comodo Security Solutions
AppleMobileDeviceService.exe   0.01   4,892 K   12,612 K   1964   (Verified) Apple Inc.
OmniServ.exe   0.01   5,252 K   12,632 K   500   (No signature was present in the subject) Softex Inc.
CisTray.exe   0.01   4,348 K   1,696 K   5892   (Verified) Comodo Security Solutions
iPodService.exe   < 0.01   4,160 K   8,748 K   5592   (Verified) Apple Inc.
TeamViewer_Service.exe   < 0.01   8,808 K   16,264 K   2980   (Verified) TeamViewer
audiodg.exe   < 0.01   15,028 K   18,904 K   6896   (Verified) Microsoft Windows
svchost.exe   < 0.01   30,844 K   47,348 K   592   (Verified) Microsoft Windows Publisher
svchost.exe   < 0.01   7,248 K   11,028 K   988   (Verified) Microsoft Windows Publisher
services.exe   < 0.01   6,004 K   11,712 K   876   (Verified) Microsoft Windows Publisher
svchost.exe   < 0.01   88,640 K   102,872 K   1148   (Verified) Microsoft Windows Publisher
agent.exe   < 0.01   5,732 K   14,700 K   5444   (Verified) Flexera Software LLC
WUDFHost.exe   < 0.01   7,332 K   12,368 K   1384   (Verified) Microsoft Windows
YouCamService.exe   < 0.01   8,424 K   2,568 K   5696   (Verified) CyberLink Corp.
WmiPrvSE.exe   < 0.01   24,488 K   30,856 K   3144   (Verified) Microsoft Windows
officeclicktorun.exe   < 0.01   32,956 K   41,960 K   1764   (Verified) Microsoft Corporation
HPSA_Service.exe   < 0.01   30,968 K   25,332 K   4420   (Verified) Hewlett-Packard Company
lsass.exe   < 0.01   7,272 K   14,824 K   884   (Verified) Microsoft Windows Publisher
SearchIndexer.exe   < 0.01   32,892 K   30,712 K   5104   (Verified) Microsoft Windows
svchost.exe   < 0.01   8,000 K   14,416 K   956   (Verified) Microsoft Windows Publisher
SynTPEnh.exe   < 0.01   7,052 K   18,232 K   3892   (Verified) Synaptics Incorporated
IntelTechnologyAccessService.exe   < 0.01   16,652 K   25,176 K   2428   (Verified) Intel® Technology Access
iTunesHelper.exe   < 0.01   6,236 K   15,204 K   5400   (Verified) Apple Inc.
csrss.exe   < 0.01   2,256 K   4,568 K   696   (Verified) Microsoft Windows Publisher
hpservice.exe   < 0.01   2,712 K   6,480 K   1256   (Verified) Hewlett-Packard Company
wmpnetwk.exe       8,068 K   20,560 K   6096   (Verified) Microsoft Windows
WmiPrvSE.exe       9,656 K   18,768 K   2248   (Verified) Microsoft Windows
wlanext.exe       4,532 K   8,344 K   1532   (Verified) Microsoft Windows
winlogon.exe       1,560 K   8,764 K   832   (Verified) Microsoft Windows
wininit.exe       904 K   3,928 K   748   (Verified) Microsoft Windows
valWBFPolicyService.exe       2,708 K   5,972 K   3016   (No signature was present in the subject) Validity Sensors, Inc.
taskhostex.exe       8,004 K   14,468 K   3780   (Verified) Microsoft Windows
taskeng.exe       3,492 K   7,460 K   1228   (Verified) Microsoft Windows
SynTPHelper.exe       3,136 K   5,932 K   3864   (Verified) Synaptics Incorporated
SynTPEnhService.exe       2,632 K   6,024 K   2896   (Verified) Synaptics Incorporated
svchost.exe       11,584 K   18,848 K   608   (Verified) Microsoft Windows Publisher
svchost.exe       23,572 K   28,700 K   888   (Verified) Microsoft Windows Publisher
svchost.exe       16,756 K   23,180 K   1704   (Verified) Microsoft Windows Publisher
svchost.exe       12,840 K   18,600 K   1076   (Verified) Microsoft Windows Publisher
svchost.exe       6,896 K   12,748 K   5076   (Verified) Microsoft Windows Publisher
svchost.exe       3,836 K   8,040 K   1680   (Verified) Microsoft Windows Publisher
svchost.exe       6,320 K   10,616 K   1936   (Verified) Microsoft Windows Publisher
svchost.exe       8,096 K   16,588 K   2148   (Verified) Microsoft Windows Publisher
svchost.exe       4,780 K   9,576 K   6504   (Verified) Microsoft Windows Publisher
svchost.exe       5,036 K   9,312 K   2876   (Verified) Microsoft Windows Publisher
svchost.exe       4,444 K   7,932 K   5044   (Verified) Microsoft Windows Publisher
spoolsv.exe       7,672 K   14,152 K   1612   (Verified) Microsoft Windows
smss.exe       272 K   1,056 K   492   (Verified) Microsoft Windows Publisher
RtkNGUI64.exe       5,940 K   11,920 K   5340   (Verified) Realtek Semiconductor Corp
RtkAudioService64.exe       3,664 K   8,452 K   1280   (Verified) Realtek Semiconductor Corp
RAVBg64.exe       8,164 K   13,624 K   1300   (Verified) Realtek Semiconductor Corp
RAVBg64.exe       7,952 K   13,548 K   1308   (Verified) Realtek Semiconductor Corp
ProtectedObjectsSrv.exe       2,592 K   7,032 K   2124   (Verified) ZAO InfoWatch
procexp.exe       3,836 K   9,932 K   1352   (Verified) Microsoft Corporation
PresentationFontCache.exe       30,580 K   24,636 K   3560   (Verified) Microsoft Corporation
opvapp.exe       3,856 K   8,956 K   4920   (No signature was present in the subject) %CFullName%
OPBHOBrokerDsktop.exe       4,324 K   3,220 K   6008   (Verified) Softex Incorporated
OPBHOBroker.exe       4,320 K   3,248 K   6000   (Verified) Softex Incorporated
mDNSResponder.exe       3,292 K   7,388 K   692   (Verified) Apple Inc.
loggerservice.exe       2,488 K   6,296 K   3056   (Verified) Nuance Communications
LMS.exe       4,992 K   11,796 K   4416   (Verified) Intel Corporation - Software and Firmware Products
LegacyCsLoaderService.exe       6,996 K   13,728 K   2388   (Verified) Intel® Technology Access
jusched.exe       3,184 K   10,384 K   5864   (Verified) Oracle America
jucheck.exe       5,884 K   13,712 K   1720   (Verified) Oracle America
jhi_service.exe       2,888 K   6,732 K   6220   (Verified) Intel Corporation - Intel® Management Engine Firmware
ISUSPM.exe       5,960 K   13,744 K   5704   (Verified) Flexera Software LLC
iSCTsysTray8.exe       2,616 K   6,820 K   5524   (Verified) Intel® Smart Connect software
iSCTAgent.exe       5,440 K   12,996 K   2484   (Verified) Intel® Smart Connect software
IntelMeFWService.exe       2,324 K   6,144 K   3688   (Verified) Intel Corporation - Intel® Management Engine Firmware
igfxTray.exe       14,780 K   20,312 K   5124   (Verified) Intel Corporation - Software and Firmware Products
igfxHK.exe       7,320 K   12,464 K   2092   (Verified) Intel Corporation - Software and Firmware Products
igfxEM.exe       9,464 K   15,876 K   5040   (Verified) Intel Corporation - Software and Firmware Products
igfxCUIService.exe       3,772 K   8,908 K   1124   (Verified) Intel Corporation - Software and Firmware Products
IAStorDataMgrSvc.exe       37,784 K   45,044 K   3172   (Verified) Intel Corporation - Intel® Rapid Storage Technology
HPWMISVC.exe       2,448 K   6,300 K   2224   (Verified) Hewlett-Packard Company
hpqwmiex.exe       4,000 K   8,932 K   1464   (Verified) Hewlett-Packard Company
HeciServer.exe       3,336 K   7,812 K   2336   (No signature was present in the subject) Intel® Corporation
GWX.exe       4,856 K   2,564 K   5856   (Verified) Microsoft Windows
dgnsvc.exe       2,636 K   6,996 K   2192   (Verified) Nuance Communications
dasHost.exe       7,104 K   15,184 K   2184   (Verified) Microsoft Windows
CoolSense.exe       4,024 K   1,824 K   5732   (Verified) Hewlett-Packard Company
conhost.exe       2,712 K   5,704 K   1552   (Verified) Microsoft Windows
ClientCore.exe       6,296 K   7,412 K   3764   (Verified) Softex Incorporated
cis.exe       37,040 K   3,972 K   6336   (Verified) Comodo Security Solutions
cavwp.exe       15,216 K   1,888 K   4176   (Verified) Comodo Security Solutions
armsvc.exe       2,496 K   6,432 K   1892   (Verified) Adobe Systems
AccelerometerSt.exe       3,632 K   3,824 K   5824   (Verified) Hewlett-Packard

------------------------------------------------------

And last night I ran command prompt sfc /scannow, to no avail. As someone with only an average knowledge of computers, I'm out of ideas. I appreciate your aid.

Attached Files

MEMTWO.txt 131.25KB 521 downloads

#4
RKinner

Posted 11 March 2016 - 10:51 PM

Malware Expert

Expert
24,624 posts

Process Explorer looks good tho I wonder why you have Kaspersky and Comodo programs.

Speccy says it is not hot and the hard drive appears healthy.

When you ran sfc did it say it couldn't fix everything?

Have you run dism?

DISM  /Online  /Cleanup-Image  /RestoreHealth

It must be run from an elevated command prompt. http://www.eightforu...indows-8-a.html

Have you run the built in memory check?

http://windows.micro...n-your-computer

#5
Megan81991

Posted 11 March 2016 - 11:12 PM

Member

Topic Starter
Member
13 posts

I use Kaspersky for anti-virus and Comodo for firewall. It's what my father who is a computer programmer put on my computer for those purposes.

Yes, sfc said it couldn't fix everything, which I assume was the start menu files.

I haven't run dism or memory check, because i've never heard of them. I'll try that now then.

#6
Megan81991

Posted 12 March 2016 - 04:05 AM

Member

Topic Starter
Member
13 posts

I ran the dism and it stated it changed things, start menu still didn't work.

Then I ran command prompt sfc /scannow, and still nothing.

Then ran the built in memory check, it didn't find anything wrong.

#7
RKinner

Posted 12 March 2016 - 07:27 AM

Malware Expert

Expert
24,624 posts

Does SFC still say it can't fix everything? If so copy the next two lines:

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
notepad \windows\logs\cbs\junk.txt

Open an elevated Command Prompt as before. Right click and Paste or Edit then Paste and the copied lines should appear.

Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file. If notepad is empty, rerun sfc /scannow and try it again.

#8
Megan81991

Posted 12 March 2016 - 03:02 PM

Member

Topic Starter
Member
13 posts

sfc /scannow says there are no issues:

"Windows Resource Protection did not find any integrity violations."

And I attached the file of the copied text anyways.

Is there any way to purge my system of the start menu so that maybe re-installing it will work?

Attached Files

junk.txt 70.17KB 194 downloads

#9
RKinner

Posted 12 March 2016 - 03:28 PM

Malware Expert

Expert
24,624 posts

Let's run FRST. I'll have to have this topic moved to the malware forum as they frown on running FRST outside of malware.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.

Press Scan button.

It will produce a log called FRST.txt in the same directory the tool is run from.

Please copy and paste log back here.

The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Sometimes the two logs are longer than the forum likes so it's best to post them in two separate replies.

#10
Megan81991

Posted 12 March 2016 - 03:49 PM

Member

Topic Starter
Member
13 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Megan (administrator) on MEMTWO (12-03-2016 13:45:07)
Running from C:\Users\Megan\Desktop
Loaded Profiles: Megan (Available Profiles: Megan)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel® Corporation) C:\Program Files\Intel Corporation\Intel® Technology Access\LegacyCsLoaderService.exe
(Intel® Corporation) C:\Program Files\Intel Corporation\Intel® Technology Access\IntelTechnologyAccessService.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Validity Sensors, Inc.) C:\Windows\System32\valWBFPolicyService.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(%CFullName%) C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Users\Megan\jagexcache\jagexlauncher\bin\JagexLauncher.exe
() C:\Users\Megan\jagexcache\jagexlauncher\bin\JagexLauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\powerpnt.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7642328 2015-02-03] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2811120 2014-03-13] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-30] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-09] (Apple Inc.)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\runner_avp.exe [24256 2013-11-11] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2010-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [821144 2010-10-25] (Adobe Systems Inc.)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKLM-x32\...\Run: [DNS7reminder] => "C:\Program Files (x86)\Nuance\NaturallySpeaking13\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking13\Ereg.ini"
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [653576 2015-06-29] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [127528 2015-07-08] (Hewlett-Packard Company)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKU\S-1-5-21-1022377986-404654602-2291752943-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKU\S-1-5-21-1022377986-404654602-2291752943-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe [1216416 2010-10-25] (Adobe Systems Incorporated)
HKU\S-1-5-21-1022377986-404654602-2291752943-1001\...\Run: [Power2GoExpress8] => NA
HKU\S-1-5-21-1022377986-404654602-2291752943-1001\...\RunOnce: [Application Restart #4] => C:\Users\Megan\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [7874536 2016-03-08] ()
ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll [2015-09-03] (Kaspersky Lab ZAO)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll [2015-09-03] (Kaspersky Lab ZAO)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2014-08-05]
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0DA267CB-E934-4F58-A4C8-7846FE35812C}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{CAF44E52-F595-45D0-82CC-72D28AAA956B}: [DhcpNameServer] 40.20.1.201 40.20.1.202

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-1022377986-404654602-2291752943-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1022377986-404654602-2291752943-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-1022377986-404654602-2291752943-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://js.redirect.hp.com/jumpstation?bd=all&c=143&locale=ww_ww&pf=cnnb&s=ieHPtab&tp=iehome
SearchScopes: HKLM -> {5AA17EB2-EF7C-418E-822D-3B9E73F03C13} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {5AA17EB2-EF7C-418E-822D-3B9E73F03C13} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1022377986-404654602-2291752943-1001 -> DefaultScope {20DA0F49-D856-11E4-834E-8CDCD4703BCB} URL =
SearchScopes: HKU\S-1-5-21-1022377986-404654602-2291752943-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1022377986-404654602-2291752943-1001 -> {5AA17EB2-EF7C-418E-822D-3B9E73F03C13} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-02-23] (Microsoft Corporation)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-09-01] (Kaspersky Lab ZAO)
BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\dgnriaie_x64.dll [2014-07-12] (Nuance Communications, Inc.)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-09-01] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-09-01] (Kaspersky Lab ZAO)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-02-23] (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-09-01] (Kaspersky Lab ZAO)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll [2011-03-19] (Adobe Systems, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-10-25] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-02-23] (Microsoft Corporation)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-09-01] (Kaspersky Lab ZAO)
BHO-x32: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dgnriaie.dll [2014-07-12] (Nuance Communications, Inc.)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-09-01] (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-11-16] (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-09-01] (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-23] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-11-16] (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-09-01] (Kaspersky Lab ZAO)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll [2011-03-19] (Adobe Systems, Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Megan\AppData\Roaming\Mozilla\Firefox\Profiles\79w7j6gd.default
FF DefaultSearchEngine: Web Search
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine: Web Search
FF Homepage: about:home
FF Session Restore: -> is enabled.
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-16] ()
FF Plugin: nuance.com/DgnRia2_x86_64 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\npDgnRia2_x64.dll [2014-07-12] (Nuance Communications, Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-16] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-11-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-11-16] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-08-31] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin-x32: nuance.com/DgnRia2 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\npDgnRia2.dll [2014-07-12] (Nuance Communications, Inc.)
FF Plugin HKU\S-1-5-21-1022377986-404654602-2291752943-1001: pokki.com/PokkiDownloadHelper -> C:\Users\Megan\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll [2016-03-11] (Pokki)
FF Extension: mp3it - C:\Users\Megan\AppData\Roaming\Mozilla\Firefox\Profiles\79w7j6gd.default\Extensions\[email protected] [2015-05-29]
FF Extension: YouTube mp3 - C:\Users\Megan\AppData\Roaming\Mozilla\Firefox\Profiles\79w7j6gd.default\Extensions\[email protected] [2015-05-29]
FF Extension: Easy Youtube Video Downloader Express - C:\Users\Megan\AppData\Roaming\Mozilla\Firefox\Profiles\79w7j6gd.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2015-12-28]
FF Extension: Adblock Plus - C:\Users\Megan\AppData\Roaming\Mozilla\Firefox\Profiles\79w7j6gd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-23]
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-10] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected]
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected] [2015-02-19] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected]
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected] [2015-02-19] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected]
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected] [2015-02-19] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected]
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected] [2015-02-19] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected]
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected] [2015-02-19] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2014-09-01] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-09-01] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt
FF Extension: HP SimplePass - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt [2015-08-26] [not signed]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [fidikogfgleiaefnjbmnjaplmgknppkg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - hxxps://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx [2013-11-11]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-13] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2809072 2016-01-20] (Microsoft Corporation)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6817544 2014-04-16] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2264280 2014-03-25] (COMODO)
R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch)
R2 DragonLoggerService; C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe [137280 2014-07-12] (Nuance Communications, Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [602888 2015-06-29] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-08] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315376 2015-02-03] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-10] (Intel Corporation)
S3 Intel® TA SAM; C:\Program Files (x86)\Intel Corporation\Intel® Technology Access\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-08-12] (Intel Corporation)
R2 Intel® TechnologyAccessLegacyCSLoader; C:\Program Files\Intel Corporation\Intel® Technology Access\LegacyCsLoaderService.exe [157344 2015-12-03] (Intel® Corporation)
R2 Intel® TechnologyAccessService; C:\Program Files\Intel Corporation\Intel® Technology Access\IntelTechnologyAccessService.exe [486048 2015-12-03] (Intel® Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [200168 2013-12-04] ()
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [124928 2015-07-02] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [292568 2015-02-03] (Realtek Semiconductor)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [190704 2014-03-13] (Synaptics Incorporated)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [32768 2013-08-01] (Validity Sensors, Inc.) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-13] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7552760 2015-08-15] (Broadcom Corporation)
S3 BtwSerialBus; C:\Windows\System32\drivers\BtwSerialBus.sys [150744 2013-09-09] (Broadcom Corporation.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [100624 2015-06-08] (CyberLink)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2014-04-16] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [748784 2014-04-16] (COMODO)
R1 cmdhlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [37560 2014-04-16] (COMODO)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [98504 2013-09-25] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys [67784 2013-09-25] (Infowatch)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-13] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-13] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-13] ()
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [127664 2014-04-16] (COMODO)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-13] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-09-01] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2013-11-11] (Kaspersky Lab)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2014-09-01] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [627264 2014-09-01] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-09-01] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [50448 2013-11-11] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [177864 2015-02-19] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
R1 ndisrd; C:\Windows\system32\DRIVERS\ndisrfl.sys [41688 2015-04-30] (Intel Corporation)
S3 NetTap630; C:\Windows\system32\DRIVERS\nettap630.sys [67800 2015-04-30] (Intel Corporation)
S3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [466136 2014-01-14] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2014-03-13] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-03-13] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30544 2015-08-13] (HP)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30544 2015-08-13] (HP)
U3 mfecore; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-12 13:45 - 2016-03-12 13:45 - 00031598 _____ C:\Users\Megan\Desktop\FRST.txt
2016-03-12 13:37 - 2016-03-12 13:45 - 00000000 ____D C:\FRST
2016-03-12 13:35 - 2016-03-12 13:35 - 02374144 _____ (Farbar) C:\Users\Megan\Desktop\FRST64.exe
2016-03-12 02:16 - 2016-02-05 06:59 - 07784960 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-03-12 02:16 - 2016-02-05 06:55 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-03-12 02:16 - 2016-02-05 06:48 - 07075840 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2016-03-12 02:16 - 2016-02-05 06:47 - 05268480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2016-03-12 02:14 - 2016-02-20 07:45 - 01373184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-03-12 02:14 - 2016-02-20 07:45 - 01168896 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-03-12 02:14 - 2016-02-20 07:45 - 00696832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-03-12 02:14 - 2016-02-20 07:45 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-03-12 02:14 - 2016-02-20 07:45 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-03-12 02:14 - 2016-02-20 07:45 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-03-12 02:14 - 2016-02-05 11:06 - 00046768 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-03-12 02:13 - 2016-02-06 10:08 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-03-12 02:13 - 2016-02-05 11:07 - 00292696 _____ (Microsoft Corporation) C:\Windows\system32\WMASF.DLL
2016-03-12 02:13 - 2016-02-05 11:07 - 00243032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMASF.DLL
2016-03-12 02:13 - 2016-02-05 07:03 - 15432704 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-03-12 02:13 - 2016-02-05 07:00 - 13318144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-03-12 02:13 - 2016-02-04 09:24 - 00603648 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-03-12 02:13 - 2016-02-04 09:02 - 00483328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2016-03-11 16:34 - 2016-03-11 16:34 - 02694816 _____ (Sysinternals - www.sysinternals.com) C:\Users\Megan\Desktop\procexp.exe
2016-03-11 16:31 - 2016-03-11 16:31 - 00000808 _____ C:\Users\Public\Desktop\Speccy.lnk
2016-03-11 16:31 - 2016-03-11 16:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2016-03-11 16:30 - 2016-03-11 16:31 - 00000000 ____D C:\Program Files\Speccy
2016-03-11 00:00 - 2016-03-11 00:00 - 00000000 ____D C:\Users\Megan\AppData\Local\Pokki
2016-03-10 18:04 - 2016-03-10 18:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-10 17:04 - 2016-03-10 17:04 - 00000000 __SHD C:\found.000
2016-02-22 15:55 - 2016-02-22 22:00 - 00019386 _____ C:\Windows\ntbtlog.txt
2016-02-22 13:47 - 2016-02-22 13:47 - 00000000 ____D C:\ProgramData\redistpart
2016-02-22 13:46 - 2016-02-22 13:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Partition Manager™ 14 Free
2016-02-22 13:46 - 2016-02-22 13:46 - 00000000 ____D C:\ProgramData\launcher
2016-02-22 13:46 - 2016-02-22 13:46 - 00000000 ____D C:\ProgramData\explauncher
2016-02-22 13:46 - 2016-02-22 13:46 - 00000000 ____D C:\Program Files\Paragon Software
2016-02-22 13:44 - 2016-02-22 13:44 - 00000000 ____D C:\Users\Megan\AppData\Local\Downloaded Installations
2016-02-22 01:03 - 2016-02-06 02:48 - 25839104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-02-22 01:03 - 2016-02-06 02:24 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-02-22 01:03 - 2016-02-06 02:01 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-02-22 01:03 - 2016-02-06 01:43 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-02-22 01:03 - 2016-02-06 01:32 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-02-22 01:03 - 2016-02-06 01:16 - 12857856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-02-22 01:03 - 2016-02-06 01:09 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-02-22 01:03 - 2016-02-06 00:54 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-02-22 01:02 - 2015-01-05 19:01 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
2016-02-22 01:02 - 2015-01-05 18:59 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2016-02-22 01:02 - 2015-01-05 17:12 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\rascfg.dll
2016-02-22 01:02 - 2015-01-05 17:02 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rascfg.dll
2016-02-22 01:01 - 2016-01-21 22:40 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-02-22 01:01 - 2016-01-21 22:29 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-02-22 01:01 - 2016-01-21 22:28 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2016-02-22 01:01 - 2016-01-21 22:27 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-02-22 01:01 - 2016-01-21 22:02 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-02-22 01:01 - 2016-01-21 21:55 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-02-22 01:01 - 2016-01-21 21:52 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2016-02-22 01:01 - 2016-01-21 21:51 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-02-22 01:01 - 2016-01-21 21:50 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-02-22 01:01 - 2016-01-21 21:48 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-02-22 01:01 - 2016-01-21 21:48 - 00372224 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-02-22 01:01 - 2016-01-21 21:47 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-02-22 01:01 - 2016-01-21 21:46 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-02-22 01:01 - 2016-01-21 21:35 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-02-22 01:01 - 2016-01-21 21:31 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-02-22 01:01 - 2016-01-21 21:31 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-02-22 01:01 - 2016-01-21 21:27 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-02-22 01:01 - 2016-01-21 21:25 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-02-22 01:01 - 2016-01-21 21:25 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-02-22 01:01 - 2016-01-21 21:24 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-02-22 01:01 - 2016-01-21 21:08 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-02-22 01:01 - 2016-01-21 21:07 - 02120704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-02-22 01:01 - 2016-01-21 21:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-02-22 01:01 - 2016-01-08 17:38 - 00091992 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2016-02-22 01:01 - 2016-01-06 10:25 - 00416768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-02-22 01:01 - 2015-12-16 09:11 - 01200128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2016-02-22 01:01 - 2015-12-16 08:51 - 00868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2016-02-22 01:00 - 2016-01-24 10:19 - 00419160 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2016-02-22 01:00 - 2016-01-24 10:19 - 00378712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2016-02-22 01:00 - 2016-01-24 10:19 - 00331608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2016-02-22 01:00 - 2016-01-24 03:57 - 01335296 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
2016-02-22 01:00 - 2016-01-24 03:45 - 01063424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
2016-02-22 01:00 - 2016-01-10 11:37 - 00136912 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-02-22 01:00 - 2016-01-10 08:51 - 03707392 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-02-22 01:00 - 2016-01-10 08:39 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-02-22 01:00 - 2016-01-10 08:38 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-02-22 01:00 - 2016-01-10 08:36 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2016-02-22 01:00 - 2016-01-10 08:36 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-02-22 01:00 - 2016-01-10 08:35 - 02243584 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-02-22 01:00 - 2016-01-10 08:35 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-02-22 01:00 - 2016-01-10 08:29 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-02-22 01:00 - 2016-01-10 08:29 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-02-22 01:00 - 2016-01-10 08:27 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-02-22 01:00 - 2016-01-10 08:26 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-02-22 01:00 - 2016-01-07 10:34 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-02-22 01:00 - 2015-12-20 06:57 - 00839168 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2016-02-22 01:00 - 2015-12-20 06:43 - 00696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2016-02-22 01:00 - 2014-11-15 11:05 - 00801584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-02-22 01:00 - 2014-11-14 22:29 - 00962216 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-02-22 01:00 - 2014-11-13 22:57 - 01027584 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2016-02-22 01:00 - 2014-11-13 21:03 - 00885760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2016-02-22 01:00 - 2014-11-09 18:57 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys
2016-02-22 01:00 - 2014-11-09 17:20 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll
2016-02-22 01:00 - 2014-11-09 17:08 - 00702464 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll
2016-02-22 01:00 - 2014-11-09 16:57 - 00624640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll
2016-02-22 01:00 - 2014-11-07 20:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys
2016-02-22 01:00 - 2014-11-07 19:58 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys
2016-02-22 01:00 - 2014-11-07 19:56 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\kmddsp.tsp
2016-02-22 01:00 - 2014-11-07 19:56 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\rasmxs.dll
2016-02-22 01:00 - 2014-11-07 19:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\rasser.dll
2016-02-22 01:00 - 2014-11-07 19:24 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\rasdiag.dll
2016-02-22 01:00 - 2014-11-07 19:13 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kmddsp.tsp
2016-02-22 01:00 - 2014-11-07 19:13 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasmxs.dll
2016-02-22 01:00 - 2014-11-07 19:13 - 00022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasser.dll
2016-02-22 01:00 - 2014-11-07 18:48 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdiag.dll
2016-02-22 01:00 - 2014-11-07 18:38 - 00166912 _____ (Microsoft Corporation) C:\Windows\system32\AppxAllUserStore.dll
2016-02-22 01:00 - 2014-11-07 18:17 - 00143360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxAllUserStore.dll
2016-02-22 01:00 - 2014-11-07 18:03 - 00733696 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2016-02-22 01:00 - 2014-11-07 17:58 - 04837376 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2016-02-22 01:00 - 2014-11-07 17:49 - 01154048 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2016-02-22 01:00 - 2014-11-06 19:58 - 00952896 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2016-02-22 01:00 - 2014-11-06 19:20 - 00786120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2016-02-22 01:00 - 2014-11-04 18:12 - 00211968 _____ (Microsoft Corporation) C:\Windows\system32\QSHVHOST.DLL
2016-02-22 01:00 - 2014-11-04 18:12 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\QSVRMGMT.DLL
2016-02-22 01:00 - 2014-11-04 18:06 - 00514048 _____ (Microsoft Corporation) C:\Windows\system32\DevicePairing.dll
2016-02-22 01:00 - 2014-11-04 17:44 - 00657920 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2016-02-22 01:00 - 2014-11-04 17:43 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2016-02-22 01:00 - 2014-11-04 17:39 - 00155648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\QSHVHOST.DLL
2016-02-22 01:00 - 2014-11-04 17:39 - 00094208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\QSVRMGMT.DLL
2016-02-22 01:00 - 2014-11-04 17:33 - 00465408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DevicePairing.dll
2016-02-22 01:00 - 2014-11-04 17:21 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2016-02-22 01:00 - 2014-11-04 17:20 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2016-02-22 01:00 - 2014-11-04 17:14 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\WSDMon.dll
2016-02-22 01:00 - 2014-11-04 17:06 - 00555520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2016-02-22 01:00 - 2014-11-04 11:33 - 00058176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dam.sys
2016-02-22 01:00 - 2014-11-03 22:27 - 00128512 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2016-02-22 01:00 - 2014-11-03 21:01 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2016-02-22 01:00 - 2014-10-28 19:05 - 00551232 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2016-02-22 01:00 - 2014-10-28 17:55 - 00242176 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2016-02-22 01:00 - 2014-10-28 17:13 - 00169984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2016-02-22 01:00 - 2014-10-20 17:59 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\eventcls.dll
2016-02-22 01:00 - 2014-10-20 17:19 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eventcls.dll
2016-02-22 01:00 - 2014-10-20 16:50 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\vsstrace.dll
2016-02-22 01:00 - 2014-10-20 16:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\vssapi.dll
2016-02-22 01:00 - 2014-10-20 16:31 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vsstrace.dll
2016-02-22 01:00 - 2014-10-20 16:30 - 01454080 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2016-02-22 01:00 - 2014-10-20 16:20 - 01142272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vssapi.dll
2016-02-22 01:00 - 2014-10-16 20:56 - 00039744 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
2016-02-22 01:00 - 2014-10-16 19:35 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2016-02-22 00:58 - 2016-01-05 07:00 - 00570880 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2016-02-22 00:58 - 2015-12-20 06:56 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\msra.exe
2016-02-22 00:58 - 2015-12-17 10:29 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-02-22 00:58 - 2015-12-17 08:17 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-02-22 00:57 - 2016-01-15 08:56 - 02487296 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll
2016-02-22 00:57 - 2016-01-15 08:45 - 01482240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll
2016-02-22 00:57 - 2015-06-09 14:39 - 00081920 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS
2016-02-22 00:57 - 2015-06-09 14:39 - 00053248 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys
2016-02-22 00:57 - 2015-06-09 14:38 - 01201664 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2016-02-22 00:45 - 2016-01-22 00:01 - 22365992 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-02-22 00:45 - 2016-01-21 23:11 - 19794896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-02-22 00:45 - 2016-01-21 21:25 - 14467072 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2016-02-22 00:45 - 2016-01-21 21:14 - 12879360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2016-02-22 00:45 - 2016-01-21 21:07 - 02778624 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-02-22 00:45 - 2015-12-30 13:53 - 02017624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-02-22 00:44 - 2016-01-21 21:28 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2016-02-22 00:44 - 2016-01-21 20:58 - 02464256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-02-22 00:44 - 2016-01-19 11:14 - 07453024 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-02-22 00:44 - 2016-01-19 11:13 - 02175008 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2016-02-22 00:44 - 2016-01-19 11:13 - 01063464 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2016-02-22 00:44 - 2016-01-19 11:12 - 01737088 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-02-22 00:44 - 2016-01-19 11:12 - 01133744 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-02-22 00:44 - 2016-01-19 10:23 - 01564496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2016-02-22 00:44 - 2016-01-19 10:23 - 01501496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-02-22 00:44 - 2016-01-19 10:23 - 00548024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinTypes.dll
2016-02-22 00:44 - 2016-01-19 10:15 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2016-02-22 00:44 - 2016-01-19 09:30 - 00862720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-02-22 00:44 - 2016-01-19 08:37 - 00267776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincorlib.dll
2016-02-22 00:44 - 2016-01-10 11:37 - 00442720 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-02-22 00:44 - 2016-01-10 10:39 - 00332640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-02-22 00:44 - 2016-01-10 10:15 - 00401920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-02-22 00:44 - 2016-01-10 10:15 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-02-22 00:44 - 2016-01-10 09:50 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\cfgbkend.dll
2016-02-22 00:44 - 2016-01-10 09:43 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-02-22 00:44 - 2016-01-10 09:31 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-02-22 00:44 - 2016-01-10 09:16 - 00898048 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-02-22 00:44 - 2016-01-10 09:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cfgbkend.dll
2016-02-22 00:44 - 2016-01-10 09:12 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-02-22 00:44 - 2016-01-10 09:09 - 01442304 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-02-22 00:44 - 2016-01-10 09:09 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-02-22 00:44 - 2016-01-10 09:02 - 00987648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-02-22 00:44 - 2016-01-10 08:58 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-02-22 00:44 - 2016-01-10 08:56 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2016-02-22 00:44 - 2016-01-10 08:51 - 00702976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-02-22 00:44 - 2016-01-10 08:49 - 00443392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-02-22 00:44 - 2016-01-10 08:43 - 00801792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-02-22 00:44 - 2016-01-10 08:41 - 01707008 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2016-02-22 00:44 - 2016-01-10 08:40 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-02-22 00:44 - 2016-01-10 08:31 - 01344512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2016-02-22 00:44 - 2016-01-08 17:49 - 00218448 _____ (Microsoft Corporation) C:\Windows\system32\rsaenh.dll
2016-02-22 00:44 - 2016-01-08 17:49 - 00192120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2016-02-22 00:44 - 2016-01-06 15:46 - 00148752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
2016-02-22 00:44 - 2016-01-06 15:45 - 00177712 _____ (Microsoft Corporation) C:\Windows\system32\wscapi.dll
2016-02-22 00:44 - 2016-01-06 10:25 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-02-22 00:44 - 2016-01-06 08:47 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\wscsvc.dll
2016-02-22 00:44 - 2015-12-30 12:49 - 00470360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2016-02-22 00:44 - 2015-12-28 13:42 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\WinSync.dll
2016-02-22 00:44 - 2015-12-28 12:31 - 00578048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSync.dll
2016-02-22 00:44 - 2015-11-19 06:33 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-02-22 00:44 - 2015-11-19 06:26 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-02-22 00:44 - 2015-04-30 17:13 - 06521800 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2016-02-22 00:44 - 2015-04-30 17:13 - 01488000 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2016-02-22 00:44 - 2015-04-30 17:13 - 00261376 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2016-02-22 00:44 - 2014-11-17 12:17 - 00672984 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe
2016-02-22 00:44 - 2014-11-17 12:17 - 00273240 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe
2016-02-22 00:44 - 2014-11-13 22:54 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettings.Handlers.dll
2016-02-22 00:44 - 2014-11-13 22:46 - 02171904 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlowUI.dll
2016-02-21 01:27 - 2016-03-12 13:08 - 00000045 _____ C:\Users\Megan\jagex_cl_runescape_LIVE1.dat
2016-02-21 01:27 - 2016-02-21 01:27 - 00000000 ____D C:\Users\Megan\jagexcache1
2016-02-21 01:27 - 2016-02-21 01:27 - 00000000 ____D C:\Users\Megan\.jagex_cache_32
2016-02-21 00:14 - 2016-03-12 13:28 - 00000024 _____ C:\Users\Megan\jagexappletviewer.preferences
2016-02-21 00:14 - 2016-03-12 13:08 - 00000044 _____ C:\Users\Megan\jagex_cl_runescape_LIVE.dat
2016-02-21 00:14 - 2016-02-21 00:14 - 00000000 ____D C:\.jagex_cache_32
2016-02-21 00:12 - 2016-02-21 00:14 - 00000000 ____D C:\Users\Megan\jagexcache
2016-02-21 00:12 - 2016-02-21 00:12 - 00002106 _____ C:\Users\Megan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape.lnk
2016-02-21 00:12 - 2016-02-21 00:12 - 00002076 _____ C:\Users\Megan\Desktop\RuneScape.lnk
2016-02-21 00:12 - 2016-02-21 00:12 - 00000000 ____D C:\Users\Megan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape
2016-02-20 19:28 - 2016-03-10 17:41 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-02-20 19:28 - 2016-03-10 17:40 - 00000943 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-02-20 19:28 - 2016-02-20 19:28 - 00000000 ____D C:\Users\Megan\AppData\Roaming\TeamViewer
2016-02-20 05:20 - 2016-03-12 00:38 - 00000024 _____ C:\Users\Megan\random.dat
2016-02-19 22:06 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2016-02-19 22:06 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2016-02-19 22:06 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2016-02-19 22:06 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2016-02-19 22:06 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2016-02-19 22:06 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2016-02-19 22:06 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2016-02-19 22:06 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2016-02-19 22:06 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2016-02-19 22:06 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2016-02-19 22:06 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2016-02-19 22:06 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2016-02-19 22:06 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2016-02-19 22:06 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2016-02-19 22:06 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2016-02-19 22:06 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2016-02-19 22:06 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2016-02-19 22:06 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2016-02-19 22:06 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2016-02-19 22:06 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2016-02-19 22:06 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2016-02-19 22:06 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2016-02-19 22:06 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2016-02-19 22:06 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2016-02-19 22:06 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2016-02-19 22:06 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2016-02-19 22:06 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2016-02-19 22:06 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2016-02-19 22:06 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2016-02-19 22:06 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2016-02-19 22:06 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2016-02-19 22:06 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2016-02-19 22:06 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2016-02-19 22:06 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2016-02-19 22:06 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2016-02-19 22:06 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2016-02-19 22:06 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2016-02-19 22:06 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2016-02-19 22:06 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2016-02-19 22:06 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2016-02-19 22:06 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2016-02-19 22:06 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2016-02-19 22:06 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2016-02-19 22:06 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2016-02-19 22:06 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2016-02-19 22:06 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2016-02-19 22:06 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2016-02-19 22:06 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2016-02-19 22:06 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2016-02-19 22:06 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2016-02-19 22:06 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2016-02-19 22:06 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2016-02-19 22:06 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2016-02-19 22:06 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2016-02-19 22:06 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2016-02-19 22:06 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2016-02-19 22:06 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2016-02-19 22:06 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2016-02-19 22:06 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2016-02-19 22:06 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2016-02-19 22:06 - 2008-10-10 04:52 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2016-02-19 22:06 - 2008-10-10 04:52 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2016-02-19 22:06 - 2008-10-10 04:52 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2016-02-19 22:06 - 2008-10-10 04:52 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2016-02-19 22:06 - 2008-10-10 04:52 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2016-02-19 22:06 - 2008-10-10 04:52 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2016-02-19 22:06 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2016-02-19 22:06 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2016-02-19 22:06 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2016-02-19 22:06 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2016-02-19 22:06 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2016-02-19 22:06 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2016-02-19 22:06 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2016-02-19 22:06 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2016-02-19 22:06 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2016-02-19 22:06 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2016-02-19 22:06 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2016-02-19 22:06 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2016-02-19 22:06 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2016-02-19 22:06 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2016-02-19 22:06 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2016-02-19 22:06 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2016-02-19 22:05 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2016-02-19 22:05 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2016-02-19 22:05 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2016-02-19 22:05 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2016-02-19 22:05 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2016-02-19 22:05 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2016-02-19 22:05 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2016-02-19 22:05 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2016-02-19 22:05 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2016-02-19 22:05 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2016-02-19 22:05 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2016-02-19 22:05 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2016-02-19 22:05 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2016-02-19 22:05 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2016-02-19 22:05 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2016-02-19 22:05 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2016-02-19 22:05 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2016-02-19 22:05 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2016-02-19 22:05 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2016-02-19 22:05 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2016-02-19 22:05 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2016-02-19 22:05 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2016-02-19 22:05 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2016-02-19 22:05 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2016-02-19 22:05 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2016-02-19 22:05 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2016-02-19 22:05 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2016-02-19 22:05 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2016-02-19 22:05 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2016-02-19 22:05 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2016-02-19 22:05 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2016-02-19 22:05 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2016-02-19 22:05 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2016-02-19 22:05 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2016-02-19 22:05 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2016-02-19 22:05 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2016-02-19 22:05 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2016-02-19 22:05 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2016-02-19 22:05 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2016-02-19 22:05 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2016-02-19 22:05 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2016-02-19 22:05 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2016-02-19 22:05 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2016-02-19 22:05 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2016-02-19 22:05 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2016-02-19 22:05 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2016-02-19 22:05 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2016-02-19 22:05 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2016-02-19 22:05 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2016-02-19 22:05 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2016-02-19 22:05 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2016-02-19 22:05 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2016-02-19 22:05 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2016-02-19 22:05 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2016-02-19 22:05 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2016-02-19 22:05 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2016-02-19 22:05 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2016-02-19 22:05 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2016-02-19 22:05 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2016-02-19 22:05 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2016-02-19 22:05 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2016-02-19 22:05 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2016-02-19 22:05 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2016-02-19 22:05 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2016-02-19 22:05 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2016-02-19 22:05 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2016-02-19 22:05 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2016-02-19 22:05 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2016-02-19 22:05 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2016-02-19 22:05 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2016-02-19 22:05 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2016-02-19 22:05 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2016-02-19 22:05 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2016-02-19 22:05 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2016-02-19 22:05 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2016-02-19 22:05 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2016-02-19 22:05 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2016-02-19 22:05 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2016-02-19 22:05 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2016-02-19 22:05 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2016-02-19 22:05 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2016-02-19 22:05 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2016-02-19 22:05 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2016-02-19 22:05 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2016-02-19 22:05 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2016-02-19 22:05 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2016-02-19 22:05 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2016-02-19 22:05 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2016-02-19 22:05 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2016-02-19 22:05 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2016-02-19 22:05 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2016-02-19 22:05 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2016-02-19 22:05 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2016-02-19 22:05 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2016-02-19 22:05 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2016-02-19 22:05 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2016-02-19 22:05 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2016-02-19 22:05 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2016-02-19 22:05 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2016-02-19 22:05 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2016-02-19 22:00 - 2016-02-19 22:06 - 00000000 ____D C:\Windows\SysWOW64\directx
2016-02-18 00:21 - 2016-02-18 00:21 - 00000000 ____D C:\Windows\System32\Tasks\Intel
2016-02-18 00:21 - 2016-02-18 00:21 - 00000000 ____D C:\ProgramData\Intel Telemetry

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-12 13:23 - 2014-08-31 21:52 - 00000000 ____D C:\Users\Megan\AppData\Local\Packages
2016-03-12 13:20 - 2014-03-18 01:53 - 00958356 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-12 13:20 - 2013-08-22 05:36 - 00000000 ____D C:\Windows\Inf
2016-03-12 12:48 - 2014-09-01 11:22 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-03-12 02:23 - 2014-09-07 10:56 - 00000000 ____D C:\Windows\system32\MRT
2016-03-12 02:20 - 2015-04-15 02:08 - 00000000 ____D C:\Windows\system32\appraiser
2016-03-12 02:20 - 2014-09-07 10:56 - 143659408 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-03-12 02:20 - 2013-08-22 07:20 - 00000000 ____D C:\Windows\CbsTemp
2016-03-12 02:19 - 2015-04-03 23:22 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-03-12 02:19 - 2015-04-03 23:22 - 00000000 ___SD C:\Windows\system32\GWX
2016-03-12 02:04 - 2013-08-22 06:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-12 01:12 - 2013-08-22 05:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-03-11 22:06 - 2015-04-10 15:09 - 00000000 ____D C:\Users\Megan\AppData\Roaming\TS3Client
2016-03-11 20:57 - 2014-08-31 21:57 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1022377986-404654602-2291752943-1001
2016-03-11 17:50 - 2014-09-12 00:39 - 00573952 ___SH C:\Users\Megan\Desktop\Thumbs.db
2016-03-11 00:02 - 2014-09-09 19:32 - 00000000 ____D C:\Users\Megan\AppData\Local\CrashDumps
2016-03-10 22:00 - 2015-11-16 00:38 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-10 18:39 - 2014-08-31 22:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-03-10 16:14 - 2013-08-22 07:36 - 00000000 ___RD C:\Windows\DesktopTileResources
2016-03-10 15:44 - 2016-01-17 21:01 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-10 15:35 - 2014-08-31 21:51 - 00000000 ____D C:\Users\Megan\AppData\Local\SweetLabs App Platform
2016-03-09 16:06 - 2014-09-09 18:22 - 00003160 _____ C:\Windows\System32\Tasks\HPCeeScheduleForMegan
2016-03-09 16:06 - 2014-09-09 18:22 - 00000346 _____ C:\Windows\Tasks\HPCeeScheduleForMegan.job
2016-03-07 23:00 - 2014-09-09 18:34 - 00829944 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-07 23:00 - 2014-09-09 18:34 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-24 22:35 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\rescache
2016-02-23 22:49 - 2013-08-22 07:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-02-23 22:48 - 2014-08-31 22:50 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-02-22 01:14 - 2014-09-19 00:31 - 05055520 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-22 01:10 - 2013-08-22 07:36 - 00000000 ___RD C:\Windows\ToastData
2016-02-22 01:10 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\SysWOW64\setup
2016-02-22 01:10 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\SysWOW64\inetsrv
2016-02-22 01:10 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\system32\setup
2016-02-22 01:10 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\system32\inetsrv
2016-02-22 00:51 - 2014-03-18 01:38 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-22 00:42 - 2015-11-10 23:19 - 00561952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-02-22 00:42 - 2015-11-10 23:19 - 00177496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-02-21 01:27 - 2014-08-31 21:51 - 00000000 ____D C:\Users\Megan
2016-02-21 00:20 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\AppReadiness
2016-02-19 22:00 - 2014-08-05 15:51 - 00000000 ____D C:\ProgramData\Package Cache
2016-02-18 00:21 - 2015-09-05 19:23 - 00003746 _____ C:\Windows\System32\Tasks\IntelTA-Upgrade-56460984-97c2-4bc7-a632-d776cf817f5d
2016-02-18 00:21 - 2015-09-05 19:23 - 00003500 _____ C:\Windows\System32\Tasks\IntelTA-Upgrade-56460984-97c2-4bc7-a632-d776cf817f5d-Logon
2016-02-18 00:21 - 2014-08-05 15:40 - 00000000 ____D C:\Program Files\Intel
2016-02-15 05:39 - 2015-10-31 02:24 - 00003296 _____ C:\Windows\System32\Tasks\SweetLabs App Platform
2016-02-15 05:39 - 2014-08-31 21:54 - 00002432 _____ C:\Users\Megan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk

==================== Files in the root of some directories =======

2015-01-20 22:27 - 2016-01-08 07:52 - 0002318 _____ () C:\Users\Megan\AppData\Roaming\SAS7_000.DAT
2014-09-01 15:02 - 2014-09-01 15:02 - 0000047 _____ () C:\Users\Megan\AppData\Roaming\WB.CFG

Some files in TEMP:
====================
C:\Users\Megan\AppData\Local\Temp\Extract.exe
C:\Users\Megan\AppData\Local\Temp\oct43A0.tmp.exe
C:\Users\Megan\AppData\Local\Temp\oct721B.tmp.exe
C:\Users\Megan\AppData\Local\Temp\octB00C.tmp.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-03-03 11:44

==================== End of FRST.txt ============================

#11
Megan81991

Posted 12 March 2016 - 03:49 PM

Member

Topic Starter
Member
13 posts

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Megan (2016-03-12 13:46:41)
Running from C:\Users\Megan\Desktop
Windows 8.1 (X64) (2014-09-01 05:51:16)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1022377986-404654602-2291752943-500 - Administrator - Disabled)
Guest (S-1-5-21-1022377986-404654602-2291752943-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1022377986-404654602-2291752943-1003 - Limited - Enabled)
Megan (S-1-5-21-1022377986-404654602-2291752943-1001 - Administrator - Enabled) => C:\Users\Megan

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky PURE 3.0 (Enabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AS: Kaspersky PURE 3.0 (Enabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
AS: COMODO Antivirus (Disabled - Out of date) {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall (Enabled) {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
FW: Kaspersky PURE 3.0 (Disabled) {8C27F4BD-7F99-4CD1-5651-D3EB97674300}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Ableton Live 8 (HKLM-x32\...\{A56A3423-C468-40EE-B7BF-FD2902AF1FB3}) (Version: 8.0.0.0 - Ableton)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.0.0 - Adobe Systems)
Adobe After Effects CS5.5 Third Party Content (HKLM-x32\...\{606A0AC5-5F90-4379-81AE-11B44707E094}) (Version: 10.5 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 1.4.0 - Adobe Systems Incorporated)
Adobe Creative Suite 5.5 Master Collection (HKLM-x32\...\{D57FC112-312E-4D70-860F-2DB8FB6858F0}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Adobe Story (HKLM-x32\...\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.0.571 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
Apple Application Support (32-bit) (HKLM-x32\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{CBF12D2F-CF64-4CB7-858B-2C1F21068E5F}) (Version: 4.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: - Broadcom Corporation)
Broadcom Bluetooth Drivers (HKLM\...\{0A1B4690-E176-4533-8058-939480AEE1D0}) (Version: 12.0.0.9840 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Celtx (2.9.7) (HKLM-x32\...\Celtx (2.9.7)) (Version: 2.9.7 (en-US) - Greyfirst)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
COMODO Firewall (HKLM\...\{2736B6BD-31EC-4FC8-A48C-F0A5C914C0B6}) (Version: 7.0.55655.4142 - COMODO Security Solutions Inc.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.9.4928 - CyberLink Corp.)
CyberLink MediaEspresso 6.7 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.7.4.6127 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.6.5104 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.10.5422 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.6.3604 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.6.5011 - CyberLink Corp.)
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dragon NaturallySpeaking 13 (HKLM-x32\...\{33EA20FB-5389-4938-BA59-2BCD9BB68F41}) (Version: 13.00.000 - Nuance Communications Inc.)
EndNote X7 (HKLM-x32\...\{86B3F2D6-AC2B-0017-8AE1-F2F77F781B0C}) (Version: 17.4.0.8818 - Thomson Reuters)
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Extended Update (HKU\S-1-5-21-1022377986-404654602-2291752943-1001\...\UpdaterEX) (Version: - Extended Update) <==== ATTENTION
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Host App Service (HKU\S-1-5-21-1022377986-404654602-2291752943-1001\...\SweetLabs_AP) (Version: 0.269.7.883 - Pokki)
HP 3D DriveGuard (HKLM-x32\...\{E8D0E2B8-B64B-44BC-8E01-00DDACBDF78A}) (Version: 6.0.28.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{ADE2F6A7-E7BD-4955-BD66-30903B223DDF}) (Version: 2.20.41 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{4BBA238C-9E5D-40F9-8AC6-FACB736752B9}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7493.4758 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.46 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{8C696B4B-6AB1-44BC-9416-96EAC474CABE}) (Version: 7.5.2.12 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{8B4EE87E-6D40-4C91-B5E8-0DC77DC412F1}) (Version: 1.4.1 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{36F80C5F-DC0D-4DF4-AF09-DC1867F0EB0A}) (Version: 2.4.4 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard)
IBM SPSS Statistics 23 (HKLM\...\{C3BA73A4-2A45-4036-8541-4F5F8146078B}) (Version: 23.0.0.0 - IBM Corp)
Inst5675 (Version: 8.01.46 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.46 - Softex Inc.) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3574 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.9.1000 - Intel Corporation)
Intel® Smart Connect Technology (HKLM\...\{51AC86D3-C431-48AD-9195-0D6C930D07CD}) (Version: 4.2.41.2710 - Intel Corporation)
Intel® Technology Access (HKLM-x32\...\{2ff1a4b2-d080-4abd-a571-d0cef9664790}) (Version: 1.7.0.1011 - Intel Corporation)
Intel® Technology Access Software Asset Manager (x32 Version: 3.1.814 - Intel Corporation) Hidden
Intel® Update Manager (HKLM-x32\...\{B991A1BC-DE0F-41B3-9037-B2F948F706EC}) (Version: 3.1.1228 - Intel Corporation)
iTunes (HKLM\...\{0D44E3A4-6C3D-45D7-B443-079509E5BE5D}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Kaspersky PURE 3.0 (HKLM-x32\...\InstallWIX_{D0702EE9-9DE4-419A-9C6C-4730B1C985BA}) (Version: 13.0.2.558 - Kaspersky Lab)
Kaspersky PURE 3.0 (x32 Version: 13.0.2.558 - Kaspersky Lab) Hidden
Live 8.0.7 (HKLM-x32\...\Live 8.0.7) (Version: - )
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4797.1003 - Microsoft Corporation)
Microsoft Project Professional 2013 - en-us (HKLM\...\ProjectProRetail - en-us) (Version: 15.0.4797.1003 - Microsoft Corporation)
Microsoft Visio Professional 2013 - en-us (HKLM\...\VisioProRetail - en-us) (Version: 15.0.4797.1003 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 45.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0 (x86 en-US)) (Version: 45.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.0.5906 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4797.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4797.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4797.1003 - Microsoft Corporation) Hidden
Paragon Partition Manager™ 14 Free (HKLM\...\{47E5588F-C3A0-11DE-9857-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Pokki Download Helper (HKU\S-1-5-21-1022377986-404654602-2291752943-1001\...\PokkiDownloadHelper) (Version: 1.3.1.289 - Pokki)
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.40 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.32.508.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7358 - Realtek Semiconductor Corp.)
ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version: - Thomson Reuters)
Rosetta Stone Version 3 (HKLM-x32\...\{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}) (Version: 3.4.7.0 - Rosetta Stone Ltd.)
RuneScape Launcher 1.2.7 (HKLM-x32\...\{FA52A2D0-298E-4D40-8BB7-39928627EA6A}) (Version: 1.2.7 - Jagex Ltd)
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Solitaire (HKU\S-1-5-21-1022377986-404654602-2291752943-1001\...\Pokki_2b66b623f5a42458674544b4dc338a2420c548d1) (Version: 1.0.0.49336 - SweetLabs)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
Start Menu (HKU\S-1-5-21-1022377986-404654602-2291752943-1001\...\SweetLabs_Start_Menu) (Version: 0.269.7.883 - Pokki)
Sudoku Smiles (HKU\S-1-5-21-1022377986-404654602-2291752943-1001\...\Pokki_a8a104e3c52413a90b17bc1de0627f77b9baf9a8) (Version: 1.0 - SweetLabs)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.5.2 - Synaptics Incorporated)
TeamSpeak 3 Client (HKU\S-1-5-21-1022377986-404654602-2291752943-1001\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.56083 - TeamViewer)
Validity WBF DDK (HKLM\...\{21498212-1146-4540-8A81-6A1328BA19F2}) (Version: 4.5.228.0 - Validity Sensors, Inc.)
Vegas Pro 13.0 (64-bit) (HKLM\...\{CDA02BF0-BFBC-11E3-AFA0-F04DA23A5C58}) (Version: 13.0.290 - Sony)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1022377986-404654602-2291752943-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07D2FB97-8593-496E-9F04-05A3467646B9} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {0E674239-7E56-4B89-A087-A15CFCF5B31B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {1653C079-4421-40F8-A7B0-299FC60AD098} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {170AE935-DD5F-408A-8A0E-31877F55D3F0} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2015-11-12] (AO Kaspersky Lab)
Task: {1759F8DA-5654-4769-B589-083D30BE7279} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFReport.exe [2016-02-18] (Hewlett-Packard)
Task: {1D6F8063-A650-4B37-BF82-07291910596F} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2015-02-11] (CyberLink Corp.)
Task: {2F22C363-8C2C-4203-8B73-8B0B11D25F50} - System32\Tasks\IntelTA-Upgrade-56460984-97c2-4bc7-a632-d776cf817f5d => C:\Program Files (x86)\Intel Corporation\Intel® Technology Access\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-08-12] (Intel Corporation)
Task: {34C23C0F-8A2F-407D-A26A-D1964CF35EF2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {386201E9-DAB7-4A44-AE65-F93C4ED080C7} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2015-09-04] (Intel Corporation)
Task: {4303AF06-8669-4B66-AF22-52C30D937DD3} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\Windows\system32\MRT.exe [2016-03-12] (Microsoft Corporation)
Task: {432B9AD9-3362-4FE4-ADFE-4C2DF1A4E6D9} - System32\Tasks\Start OPBHOBroker => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [2015-07-02] (Hewlett-Packard)
Task: {43807ED8-A68E-4F2D-ADE2-BB935E350C04} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {55CC5999-71D4-4296-BA9C-140DA226B276} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-28] (Microsoft Corporation)
Task: {5FBD01E6-06EB-4132-A4D2-FD695458D540} - System32\Tasks\HPCeeScheduleForMegan => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {62402AE5-9ED1-42D8-A3A2-3DACEE959169} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2014-05-19] (Hewlett-Packard Development Company, L.P.)
Task: {62B8C7FF-7327-4818-9375-4BB28FD93205} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-03-12] (Microsoft Corporation)
Task: {694C1227-6007-4486-96CC-3472699E870F} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)
Task: {6F378B8B-3910-4CFD-9B89-C7D27D109A01} - System32\Tasks\IntelTA-Upgrade-56460984-97c2-4bc7-a632-d776cf817f5d-Logon => C:\Program Files (x86)\Intel Corporation\Intel® Technology Access\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-08-12] (Intel Corporation)
Task: {8E55168F-E20C-4179-85E5-541D5366A286} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-01-12] (Microsoft Corporation)
Task: {8F183958-21A2-4957-8B82-176F3F2B7FAB} - System32\Tasks\SweetLabs App Platform => C:\Users\Megan\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
Task: {A560E202-2A24-4B0E-B3F7-F47885D64179} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {A83FFBC9-9018-4CC9-83C7-4B150E5D213A} - System32\Tasks\{76910D15-E496-4E52-AFE7-EA1227EF1214} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=7.2.0.103&LastError=12002
Task: {ADAE1DA9-B08A-4D33-B5CC-AC304A0151B9} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-01-12] (Microsoft Corporation)
Task: {AEB1E6B9-222C-4978-AF65-9F41B167801C} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)
Task: {C1B26A6E-0A9E-4C0E-9483-917FF0C173EB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-02-22] (HP Inc.)
Task: {C41F6F1A-E3AE-4E8E-9143-3AC638848DD8} - System32\Tasks\Start OPBHOBrokerDesktop => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [2015-07-02] (Hewlett-Packard)
Task: {C4DAEE42-1324-42EC-9D0F-F8232580B6E8} - System32\Tasks\Start SimplePass => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [2015-07-02] (Hewlett-Packard)
Task: {CA128E33-C489-4153-94F7-4FF04B981B2A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2015-11-30] (Hewlett-Packard)
Task: {EB50CDAA-0F5D-419A-8EBE-6B6B1BE7B806} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {F53788EE-C5DC-4583-8168-FF739FAFFA74} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-28] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\HPCeeScheduleForMegan.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-05-15 15:26 - 2015-05-15 15:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 04:45 - 2015-10-13 04:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-31 22:50 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-07-07 10:44 - 2015-07-07 10:44 - 00088064 _____ () C:\Program Files\Intel Corporation\Intel® Technology Access\libglog.dll
2015-12-03 12:43 - 2015-12-03 12:43 - 00369824 _____ () C:\Program Files\Intel Corporation\Intel® Technology Access\JsonCpp.dll
2013-12-04 07:44 - 2013-12-04 07:44 - 00200168 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
2013-12-04 07:44 - 2013-12-04 07:44 - 00054760 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll
2013-12-04 07:44 - 2013-12-04 07:44 - 00034792 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\ISCTNetMon.dll
2015-10-28 14:38 - 2015-09-01 08:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-03-26 17:05 - 2015-03-26 17:05 - 00014336 _____ () C:\Users\Megan\jagexcache\jagexlauncher\bin\JagexLauncher.exe
2012-12-20 17:19 - 2012-12-20 17:19 - 00479752 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\dblite.dll
2012-12-20 17:19 - 2012-12-20 17:19 - 01310728 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\kpcengine.2.2.dll
2014-08-05 15:40 - 2013-12-10 07:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-10-28 14:38 - 2015-09-01 04:25 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2011-11-10 17:35 - 2011-11-10 17:35 - 03198464 _____ () C:\Users\Megan\jagexcache\jagexlauncher\bin\jvm.dll
2011-11-10 18:16 - 2011-11-10 18:16 - 00402944 _____ () C:\Users\Megan\jagexcache\jagexlauncher\bin\freetype.dll
2016-02-21 00:14 - 2016-03-12 13:03 - 00066048 _____ () C:\.jagex_cache_32\browsercontrol.dll
2016-02-21 00:14 - 2016-03-12 13:03 - 00132096 _____ () C:\Users\Megan\jagexcache\runescape\LIVE\jaclib.dll
2016-02-21 00:14 - 2016-03-12 13:03 - 00076288 _____ () C:\Users\Megan\jagexcache\runescape\LIVE\jagdx.dll
2016-02-21 01:27 - 2016-03-12 13:08 - 00066048 _____ () C:\Users\Megan\.jagex_cache_32\browsercontrol.dll
2016-02-21 01:27 - 2016-03-12 13:08 - 00132096 _____ () C:\Users\Megan\jagexcache1\runescape\LIVE\jaclib.dll
2016-02-21 01:28 - 2016-03-12 13:08 - 00076288 _____ () C:\Users\Megan\jagexcache1\runescape\LIVE\jagdx.dll
2016-02-23 22:44 - 2016-02-23 22:44 - 00325824 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2015-10-28 14:38 - 2015-09-01 04:25 - 08901184 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\1033\GrooveIntlResource.dll
2015-03-17 17:05 - 2015-05-05 16:37 - 01286312 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\PPRESOURCES.DLL

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:0FF263E8 [273]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 05:25 - 2014-09-01 22:20 - 00002301 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 3dns.adobe.com
127.0.0.1 3dns-1.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-4.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com
127.0.0.1 activate.wip2.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 activate.wip4.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-1.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com
127.0.0.1 practivate.adobe
127.0.0.1 practivate.adobe.com
127.0.0.1 practivate.adobe.newoa
127.0.0.1 practivate.adobe.ntp
127.0.0.1 practivate.adobe.ipp
127.0.0.1 ereg.adobe.com
127.0.0.1 ereg.wip.adobe.com
127.0.0.1 ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com
127.0.0.1 ereg.wip3.adobe.com

There are 17 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1022377986-404654602-2291752943-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Megan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher"
HKLM\...\StartupApproved\Run32: => "AdobeCS5.5ServiceManager"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{AFF26655-1F33-4285-B63E-C754AE7A9DDF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{12C202F9-6705-4221-8BB1-988F55CF91D0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9D5760C7-7C41-450E-8ACD-580DAE7EEB2C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{94D16897-3AB8-4E95-8580-4A07ACED9A45}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B50B95B9-FE0B-45CA-80B9-7FBB05ABED99}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{93FDED19-00FE-40FE-BCD9-F4DA4886841F}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{19E68438-44EE-4FAA-8044-AA99FC79BCAA}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.5\FlashBuilder.exe
FirewallRules: [{1D1AE45A-1E26-4F04-9D47-B03CA766B666}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.5\FlashBuilder.exe
FirewallRules: [{651E33BC-9A9B-4844-AA49-24D2C2F47B8B}] => (Allow) LPort=7935
FirewallRules: [{A5407C29-5E48-46F4-BDD0-CEDC0064C662}] => (Allow) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe
FirewallRules: [{BAA000E6-14AA-49D0-8767-B0C69C451A79}] => (Allow) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe
FirewallRules: [{CCC5C56F-2B43-461F-9998-3F2423A8EE00}] => (Allow) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe
FirewallRules: [{045B7ACB-DD94-4E11-8A2F-76A30C4A60E2}] => (Allow) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe
FirewallRules: [{685DE098-6332-4A95-8081-795B0640AE4F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{515A6AA9-40F3-4156-930E-E0E35B01DB19}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E5C77155-4547-4A51-BF9E-FA0EDBDAD0E2}] => (Allow) LPort=51001
FirewallRules: [{FA9BC15E-521A-4129-94DD-34A9A921A911}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe
FirewallRules: [{D14D1BCC-AAF2-42C6-9E1B-F21D9DFD8FBF}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{138B1956-B4DB-424E-8F8D-4F9ACA8CA146}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{13B91611-2A07-4ABD-BBDE-67536352A1F3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{24A1661F-B17C-43B4-AA2C-EB806EF807FA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{713B4F95-91B2-4D75-8E25-BCE95F56E827}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{869BB15B-C5BD-4A2A-B35E-078DE160296F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{DCF9ABB2-491C-4758-A3CF-347F1113CE60}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3E3AB175-9979-4391-A2F3-FDE9A99722B8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{700F5AE9-0564-4299-BB58-3A36E18393C6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3D66EEAF-DB82-4091-BAB4-516E22E50EFC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{084616EE-82F3-4CF2-92DA-F0F1CE630A3D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{480F2554-235B-4508-B59A-EE468E5EADBA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{63D9047F-FD32-4580-B33C-256BEC7EAF52}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{14167075-6ED8-4F9A-B28A-3960C4BB6129}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{0DB1DD07-0712-4BDF-BB9A-4F0F9A3E656A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{8E6A15EC-532F-4FA6-8C02-FC9C93AD513F}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{54B0DFD6-C814-4F44-A5A0-560B6A747AFD}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\23\stats.com
FirewallRules: [{48819FE7-3240-4527-95E5-A5221BE05317}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\23\stats.com
FirewallRules: [{A46B99E9-7B04-4127-88C4-CAD3D9307084}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\23\stats.exe
FirewallRules: [{0E387136-7BD4-4E32-9C99-18C0BF571243}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\23\stats.exe
FirewallRules: [{E2C34C8B-C006-41D0-A51B-6E3E899A3803}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\23\WinWrapIDE.exe
FirewallRules: [{85EDB6A2-D56A-4009-81C6-548FE17520A6}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\23\WinWrapIDE.exe
FirewallRules: [{3E955867-0356-4D00-9678-A40CF897E6D6}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{CA2BDF5E-BEDA-42C8-B7F9-D803080774FD}] => (Allow) LPort=51001
FirewallRules: [{F25E50CB-1C90-4640-AB48-584573051D2B}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{67D3CD6F-EE17-4F28-ACFA-4A05397A21F9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{CEE4CD50-FB3C-49CA-AE41-00F29B53DFD8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{77E2D5C2-9E1D-4AB9-8171-23F6331ADD46}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E21CCD3E-50E3-492B-8184-5A25358C90CC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Restore Points =========================

22-02-2016 13:46:05 Installed Paragon Partition Manager™ 14 Free.
29-02-2016 01:01:14 Intel® Technology Access
06-03-2016 20:30:14 Intel® Technology Access
08-03-2016 14:09:43 Intel® Technology Access
08-03-2016 14:10:18 Intel® Technology Access
09-03-2016 15:00:50 Intel® Technology Access
09-03-2016 15:01:05 Intel® Technology Access
10-03-2016 22:08:40 Intel® Technology Access

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (03/12/2016 01:43:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 5.3.2016.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 64c

Start Time: 01d17ca824e16746

Termination Time: 8

Application Path: C:\Users\Megan\Desktop\FRST64.exe

Report Id: 85227ba1-e89b-11e5-8432-8cdcd4703bcb

Faulting package full name:

Faulting package-relative application ID:

Error: (03/12/2016 01:42:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 5.3.2016.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1ec8

Start Time: 01d17ca7c371e589

Termination Time: 15778

Application Path: C:\Users\Megan\Desktop\FRST64.exe

Report Id: 3f10b437-e89b-11e5-8432-8cdcd4703bcb

Faulting package full name:

Faulting package-relative application ID:

Error: (03/12/2016 01:38:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 5.3.2016.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1ca0

Start Time: 01d17ca760cb35b3

Termination Time: 7

Application Path: C:\Users\Megan\Desktop\FRST64.exe

Report Id: c95c2070-e89a-11e5-8432-8cdcd4703bcb

Faulting package full name:

Faulting package-relative application ID:

Error: (03/12/2016 02:24:24 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16578

Error: (03/12/2016 02:24:24 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16578

Error: (03/12/2016 02:24:24 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/12/2016 02:24:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15422

Error: (03/12/2016 02:24:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15422

Error: (03/12/2016 02:24:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/12/2016 02:24:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14297

System errors:
=============
Error: (03/12/2016 12:55:12 PM) (Source: DCOM) (EventID: 10010) (User: MEMTwo)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (03/12/2016 12:54:42 PM) (Source: DCOM) (EventID: 10010) (User: MEMTwo)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (03/12/2016 02:17:40 AM) (Source: DCOM) (EventID: 10010) (User: MEMTwo)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (03/12/2016 02:17:10 AM) (Source: DCOM) (EventID: 10010) (User: MEMTwo)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (03/12/2016 01:12:10 AM) (Source: DCOM) (EventID: 10010) (User: MEMTwo)
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (03/12/2016 01:12:10 AM) (Source: DCOM) (EventID: 10010) (User: MEMTwo)
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (03/11/2016 08:58:16 PM) (Source: DCOM) (EventID: 10010) (User: MEMTwo)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (03/11/2016 04:19:45 PM) (Source: Application Popup) (EventID: 877) (User: )
Description: DATABASE OPEN FAILED

Error: (03/11/2016 12:33:52 AM) (Source: DCOM) (EventID: 10010) (User: MEMTwo)
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (03/11/2016 12:33:52 AM) (Source: DCOM) (EventID: 10010) (User: MEMTwo)
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

CodeIntegrity:
===================================
Date: 2016-03-12 12:59:01.896
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-12 12:35:32.236
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-12 02:04:58.563
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-12 01:39:55.238
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-12 01:14:13.378
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-11 16:30:31.731
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-10 21:59:14.883
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-10 20:16:42.722
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-10 20:09:01.791
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-10 18:51:21.109
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i7-4710HQ CPU @ 2.50GHz
Percentage of memory in use: 43%
Total physical RAM: 12218.15 MB
Available physical RAM: 6851.41 MB
Total Virtual: 14650.15 MB
Available Virtual: 8445.93 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:146.23 GB) (Free:53.39 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:22.61 GB) (Free:2.26 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (Data_F) (Fixed) (Total:761.66 GB) (Free:564.45 GB) NTFS
Drive g: () (Removable) (Total:0.94 GB) (Free:0.92 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 46FD23FB)

Partition: GPT.

========================================================
Disk: 1 (Size: 965 MB) (Disk ID: 0CB55431)
Partition 1: (Not Active) - (Size=964 MB) - (Type=06)

==================== End of Addition.txt ============================

#12
RKinner

Posted 12 March 2016 - 04:29 PM

Malware Expert

Expert
24,624 posts

Uninstall:

Comodo - You have Kaspersky and two anti-viruses just slow down your system

Bonjour - it's not working

Pokki Download Helper

Solitaire

Start Menu
Sudoku Smiles

Then

Download the attached fixlist.txt to the same location as FRST

Run FRST and press Fix

A fix log will be generated please post that

Then run FRST again. In the box type:

Pokki

and then hit Search Registry. You will get a new log. please post it.

#13
Megan81991

Posted 12 March 2016 - 04:57 PM

Member

Topic Starter
Member
13 posts

Only Kaspersky is running anti-virus, Comodo's is turned off.

I uninstalled Bonjour and Pokki download helper, but when i attempt to uninstall the rest I get this message:

"An error occurred when trying to uninstall ___. Would you like to remove ___ from the Programs and Features list? (Y/N)"

Says that for Solitaire, Start Menu, and Sudoku Smiles.

Should I remove them from the Programs list?

#14
RKinner

Posted 12 March 2016 - 05:20 PM

Malware Expert

Expert
24,624 posts

Comodo is not that off. Still quite a but running.

Go ahead and let it remove them from the programs and features list.

#15
Megan81991

Posted 12 March 2016 - 05:36 PM

Member

Topic Starter
Member
13 posts

Hmm, Comodo anti-virus is supposed to be off. Not sure why it's not.

---------------

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Megan (2016-03-12 15:32:15) Run:1
Running from C:\Users\Megan\Desktop
Loaded Profiles: Megan (Available Profiles: Megan)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKU\S-1-5-21-1022377986-404654602-2291752943-1001\...\Run: [Power2GoExpress8] => NA
HKU\S-1-5-21-1022377986-404654602-2291752943-1001\...\RunOnce: [Application Restart #4] =>

C:\Users\Megan\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [7874536

2016-03-08] ()
SearchScopes: HKU\S-1-5-21-1022377986-404654602-2291752943-1001 -> DefaultScope {20DA0F49

-D856-11E4-834E-8CDCD4703BCB} URL =
SearchScopes: HKU\S-1-5-21-1022377986-404654602-2291752943-1001 -> {0633EE93-D776-472f-

A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1022377986-404654602-2291752943-1001 -> {5AA17EB2-EF7C-418E-

822D-3B9E73F03C13} URL =
U3 mfecore; no ImagePath
2016-03-11 00:00 - 2016-03-11 00:00 - 00000000 ____D C:\Users\Megan\AppData\Local\Pokki
2016-02-15 05:39 - 2015-10-31 02:24 - 00003296 _____ C:\Windows\System32\Tasks\SweetLabs

App Platform
Task: {8F183958-21A2-4957-8B82-176F3F2B7FAB} - System32\Tasks\SweetLabs App Platform =>

C:\Users\Megan\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
CMD: dir /a /s C:\found.000
CMD: type C:\Windows\ntbtlog.txt

*****************

HKU\S-1-5-21-1022377986-404654602-2291752943-1001\Software\Microsoft\Windows

\CurrentVersion\Run\\Power2GoExpress8 => value removed successfully
HKU\S-1-5-21-1022377986-404654602-2291752943-1001\Software\Microsoft\Windows

\CurrentVersion\RunOnce\\Application Restart #4 => value removed successfully
HKU\S-1-5-21-1022377986-404654602-2291752943-1001\SOFTWARE\Microsoft\Internet Explorer

\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-1022377986-404654602-2291752943-1001\SOFTWARE\Microsoft\Internet Explorer

\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKU\S-1-5-21-1022377986-404654602-2291752943-1001\SOFTWARE\Microsoft\Internet Explorer

\SearchScopes\{5AA17EB2-EF7C-418E-822D-3B9E73F03C13}" => key removed successfully
HKCR\CLSID\{5AA17EB2-EF7C-418E-822D-3B9E73F03C13} => key not found.
mfecore => service removed successfully
"C:\Users\Megan\AppData\Local\Pokki" => not found.
C:\Windows\System32\Tasks\SweetLabs App Platform => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8F183958-

21A2-4957-8B82-176F3F2B7FAB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F183958-

21A2-4957-8B82-176F3F2B7FAB}" => key removed successfully
C:\Windows\System32\Tasks\SweetLabs App Platform => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SweetLabs App

Platform" => key removed successfully

========= dir /a /s C:\found.000 =========

Volume in drive C has no label.
Volume Serial Number is 9C52-5B59

Directory of C:\found.000

03/10/2016 05:04 PM    <DIR>          .
03/10/2016 05:04 PM    <DIR>          ..
03/10/2016 05:04 PM    <DIR>          dir0000.chk
03/10/2016 05:04 PM    <DIR>          dir0001.chk
03/10/2016 05:04 PM    <DIR>          dir0002.chk
03/10/2016 05:04 PM    <DIR>          dir0003.chk
02/15/2016 05:39 AM    <DIR>          dir_00000004.chk
               0 File(s)              0 bytes

Directory of C:\found.000\dir0000.chk

03/10/2016 05:04 PM    <DIR>          .
03/10/2016 05:04 PM    <DIR>          ..
02/15/2016 05:39 AM    <DIR>          sysapps
01/13/2016 10:27 AM                 0 wow_helper.exe
               1 File(s)              0 bytes

Directory of C:\found.000\dir0000.chk\sysapps

02/15/2016 05:39 AM    <DIR>          .
02/15/2016 05:39 AM    <DIR>          ..
               0 File(s)              0 bytes

Directory of C:\found.000\dir0001.chk

03/10/2016 05:04 PM    <DIR>          .
03/10/2016 05:04 PM    <DIR>          ..
03/10/2016 03:35 PM                28 6bbcfd58-dc6f-4d7e-b3e6-81ab9111996d
03/10/2016 03:35 PM                28 7ad44dca-9d0e-4abc-9b47-8676509d6e4b
               2 File(s)             56 bytes

Directory of C:\found.000\dir0002.chk

03/10/2016 05:04 PM    <DIR>          .
03/10/2016 05:04 PM    <DIR>          ..
02/15/2016 05:39 AM    <DIR>          languages
01/13/2016 10:28 AM             1,962 sidebar.html
               1 File(s)          1,962 bytes

Directory of C:\found.000\dir0002.chk\languages

02/15/2016 05:39 AM    <DIR>          .
02/15/2016 05:39 AM    <DIR>          ..
02/15/2016 05:39 AM    <DIR>          da
02/15/2016 05:39 AM    <DIR>          de
02/15/2016 05:39 AM    <DIR>          en-US
02/15/2016 05:39 AM    <DIR>          es
02/15/2016 05:39 AM    <DIR>          es-419
02/15/2016 05:39 AM    <DIR>          fi
02/15/2016 05:39 AM    <DIR>          fr
02/15/2016 05:39 AM    <DIR>          it
02/15/2016 05:39 AM    <DIR>          ja
02/15/2016 05:39 AM    <DIR>          ko
02/15/2016 05:39 AM    <DIR>          no
02/15/2016 05:39 AM    <DIR>          pt-BR
02/15/2016 05:39 AM    <DIR>          ru
02/15/2016 05:39 AM    <DIR>          sv
02/15/2016 05:39 AM    <DIR>          zh-CN
02/15/2016 05:39 AM    <DIR>          zh-TW
               0 File(s)              0 bytes

Directory of C:\found.000\dir0002.chk\languages\da

02/15/2016 05:39 AM    <DIR>          .
02/15/2016 05:39 AM    <DIR>          ..
01/13/2016 10:28 AM             4,680 strings.txt
               1 File(s)          4,680 bytes

Directory of C:\found.000\dir0002.chk\languages\de

02/15/2016 05:39 AM    <DIR>          .
02/15/2016 05:39 AM    <DIR>          ..
01/13/2016 10:28 AM             4,935 strings.txt
               1 File(s)          4,935 bytes

Directory of C:\found.000\dir0002.chk\languages\en-US

02/15/2016 05:39 AM    <DIR>          .
02/15/2016 05:39 AM    <DIR>          ..
01/13/2016 10:28 AM             6,698 strings.txt
               1 File(s)          6,698 bytes

Directory of C:\found.000\dir0002.chk\languages\es

02/15/2016 05:39 AM    <DIR>          .
02/15/2016 05:39 AM    <DIR>          ..
01/13/2016 10:28 AM             5,162 strings.txt
               1 File(s)          5,162 bytes

Directory of C:\found.000\dir0002.chk\languages\es-419

02/15/2016 05:39 AM    <DIR>          .
02/15/2016 05:39 AM    <DIR>          ..
01/13/2016 10:28 AM             5,161 strings.txt
               1 File(s)          5,161 bytes

Directory of C:\found.000\dir0002.chk\languages\fi

02/15/2016 05:39 AM    <DIR>          .
02/15/2016 05:39 AM    <DIR>          ..
01/13/2016 10:28 AM             5,004 strings.txt
               1 File(s)          5,004 bytes

Directory of C:\found.000\dir0002.chk\languages\fr

02/15/2016 05:39 AM    <DIR>          .
02/15/2016 05:39 AM    <DIR>          ..
01/13/2016 10:28 AM             5,337 strings.txt
               1 File(s)          5,337 bytes

Directory of C:\found.000\dir0002.chk\languages\it

02/15/2016 05:39 AM    <DIR>          .
02/15/2016 05:39 AM    <DIR>          ..
01/13/2016 10:28 AM             4,873 strings.txt
               1 File(s)          4,873 bytes

Directory of C:\found.000\dir0002.chk\languages\ja

02/15/2016 05:39 AM    <DIR>          .
02/15/2016 05:39 AM    <DIR>          ..
01/13/2016 10:28 AM             8,876 strings.txt
               1 File(s)          8,876 bytes

Directory of C:\found.000\dir0002.chk\languages\ko

02/15/2016 05:39 AM    <DIR>          .
02/15/2016 05:39 AM    <DIR>          ..
01/13/2016 10:28 AM             8,245 strings.txt
               1 File(s)          8,245 bytes

Directory of C:\found.000\dir0002.chk\languages\no

02/15/2016 05:39 AM    <DIR>          .
02/15/2016 05:39 AM    <DIR>          ..
01/13/2016 10:28 AM             4,687 strings.txt
               1 File(s)          4,687 bytes

Directory of C:\found.000\dir0002.chk\languages\pt-BR

02/15/2016 05:39 AM    <DIR>          .
02/15/2016 05:39 AM    <DIR>          ..
01/13/2016 10:28 AM             5,066 strings.txt
               1 File(s)          5,066 bytes

Directory of C:\found.000\dir0002.chk\languages\ru

02/15/2016 05:39 AM    <DIR>          .
02/15/2016 05:39 AM    <DIR>          ..
01/13/2016 10:28 AM             7,013 strings.txt
               1 File(s)          7,013 bytes

Directory of C:\found.000\dir0002.chk\languages\sv

02/15/2016 05:39 AM    <DIR>          .
02/15/2016 05:39 AM    <DIR>          ..
01/13/2016 10:28 AM             4,797 strings.txt
               1 File(s)          4,797 bytes

Directory of C:\found.000\dir0002.chk\languages\zh-CN

02/15/2016 05:39 AM    <DIR>          .
02/15/2016 05:39 AM    <DIR>          ..
01/13/2016 10:28 AM             4,509 strings.txt
               1 File(s)          4,509 bytes

Directory of C:\found.000\dir0002.chk\languages\zh-TW

02/15/2016 05:39 AM    <DIR>          .
02/15/2016 05:39 AM    <DIR>          ..
01/13/2016 10:28 AM             7,678 strings.txt
               1 File(s)          7,678 bytes

Directory of C:\found.000\dir0003.chk

03/10/2016 05:04 PM    <DIR>          .
03/10/2016 05:04 PM    <DIR>          ..
01/13/2016 10:28 AM             4,233 dpi240fullscreen.css
01/13/2016 10:28 AM             4,816 dpi96fullscreen.css
01/13/2016 10:28 AM            11,888 fullscreen.css
02/15/2016 05:39 AM    <DIR>          themes
               3 File(s)         20,937 bytes

Directory of C:\found.000\dir0003.chk\themes

02/15/2016 05:39 AM    <DIR>          .
02/15/2016 05:39 AM    <DIR>          ..
01/13/2016 10:28 AM            38,874 dark.css
               1 File(s)         38,874 bytes

Directory of C:\found.000\dir_00000004.chk

02/15/2016 05:39 AM    <DIR>          .
02/15/2016 05:39 AM    <DIR>          ..
01/13/2016 10:28 AM               472 arrow-sm.svg
01/13/2016 10:28 AM               568 arrow.svg
01/13/2016 10:28 AM               870 caution.svg
01/13/2016 10:28 AM               847 checkmark.svg
01/13/2016 10:28 AM               942 mag-120.svg
01/13/2016 10:28 AM               945 mag-144.svg
01/13/2016 10:28 AM               933 mag-96.svg
01/13/2016 10:28 AM               939 mag-fs-150.svg
01/13/2016 10:28 AM               631 metro-icon.svg
01/13/2016 10:28 AM             1,593 notifications-120.svg
01/13/2016 10:28 AM             1,751 notifications-144.svg
01/13/2016 10:28 AM             1,391 notifications-96.svg
01/13/2016 10:28 AM               580 option-arrow.svg
01/13/2016 10:28 AM               667 page-left.svg
01/13/2016 10:28 AM               673 page-right.svg
01/13/2016 10:28 AM             1,020 powerbutton-150.svg
01/13/2016 10:28 AM             1,002 scroll-down.svg
01/13/2016 10:28 AM             1,002 scroll-up.svg
01/13/2016 10:28 AM               791 showmore-150.svg
01/13/2016 10:28 AM               661 toast-close.svg
01/13/2016 10:28 AM               965 x-fs-150.svg
              21 File(s)         19,243 bytes

     Total Files Listed:
              45 File(s)        173,793 bytes
              74 Dir(s) 59,342,880,768 bytes free

========= End of CMD: =========

========= type C:\Windows\ntbtlog.txt =========

2 22 2016 15:55:22.273
BOOTLOG_LOADED \SystemRoot\system32\ntoskrnl.exe
BOOTLOG_LOADED \SystemRoot\system32\hal.dll
BOOTLOG_LOADED \SystemRoot\system32\kd.dll
BOOTLOG_LOADED \SystemRoot\system32\mcupdate_GenuineIntel.dll
BOOTLOG_LOADED \SystemRoot\System32\drivers\werkernel.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\CLFS.SYS
BOOTLOG_LOADED \SystemRoot\System32\drivers\tm.sys
BOOTLOG_LOADED \SystemRoot\system32\PSHED.dll
BOOTLOG_LOADED \SystemRoot\system32\BOOTVID.dll
BOOTLOG_LOADED \SystemRoot\system32\CI.dll
BOOTLOG_LOADED \SystemRoot\System32\drivers\msrpc.sys
BOOTLOG_LOADED \SystemRoot\system32\drivers\Wdf01000.sys
BOOTLOG_LOADED \SystemRoot\system32\drivers\WDFLDR.SYS
BOOTLOG_LOADED \SystemRoot\System32\Drivers\acpiex.sys
BOOTLOG_LOADED \SystemRoot\System32\Drivers\WppRecorder.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\ACPI.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\WMILIB.SYS
BOOTLOG_LOADED \SystemRoot\System32\Drivers\cng.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\klelam.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\kl1.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\msisadrv.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\pci.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\vdrvroot.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\CSCrySec.sys
BOOTLOG_LOADED \SystemRoot\system32\drivers\pdc.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\partmgr.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\spaceport.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\volmgr.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\volmgrx.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\mountmgr.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\iaStorA.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\storport.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\EhStorClass.sys
BOOTLOG_LOADED \SystemRoot\system32\drivers\fltmgr.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\fileinfo.sys
BOOTLOG_LOADED \SystemRoot\System32\Drivers\Wof.sys
BOOTLOG_LOADED \SystemRoot\System32\Drivers\PxHlpa64.sys
BOOTLOG_LOADED \SystemRoot\System32\Drivers\Ntfs.sys
BOOTLOG_LOADED \SystemRoot\System32\Drivers\ksecdd.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\pcw.sys
BOOTLOG_LOADED \SystemRoot\System32\Drivers\Fs_Rec.sys
BOOTLOG_LOADED \SystemRoot\system32\drivers\ndis.sys
BOOTLOG_LOADED \SystemRoot\system32\drivers\NETIO.SYS
BOOTLOG_LOADED \SystemRoot\System32\Drivers\ksecpkg.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\tcpip.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\fwpkclnt.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\wfplwfs.sys
BOOTLOG_LOADED \SystemRoot\System32\DRIVERS\fvevol.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\hpdskflt.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\volsnap.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\rdyboost.sys
BOOTLOG_LOADED \SystemRoot\System32\Drivers\mup.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\intelpep.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\hwpolicy.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\disk.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\CLASSPNP.SYS
BOOTLOG_LOADED \SystemRoot\System32\DRIVERS\cmderd.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\cdrom.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\cmdguard.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\klif.sys
BOOTLOG_LOADED \SystemRoot\System32\Drivers\Null.SYS
BOOTLOG_LOADED \SystemRoot\System32\Drivers\Beep.SYS
BOOTLOG_LOADED \SystemRoot\System32\drivers\dxgkrnl.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\BasicRender.sys
BOOTLOG_NOT_LOADED \SystemRoot\System32\drivers\dxgkrnl.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\BasicDisplay.sys
BOOTLOG_LOADED \SystemRoot\System32\Drivers\Npfs.SYS
BOOTLOG_LOADED \SystemRoot\System32\Drivers\Msfs.SYS
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\klwfp.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\tdx.sys
BOOTLOG_LOADED \SystemRoot\System32\DRIVERS\cmdhlp.sys
BOOTLOG_LOADED \SystemRoot\System32\DRIVERS\netbt.sys
BOOTLOG_LOADED \SystemRoot\system32\drivers\afd.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\pacer.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\vwififlt.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\klim6.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\inspect.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\ndisrfl.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\netbios.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\rdbss.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\wanarp.sys
BOOTLOG_LOADED \SystemRoot\system32\drivers\nsiproxy.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\npsvctrig.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\mssmbios.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\kneps.sys
BOOTLOG_LOADED \SystemRoot\System32\Drivers\dfsc.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\CSVirtualDiskDrv.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\CLVirtualDrive.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\ahcache.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\CompositeBus.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\kdnic.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\umbus.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\CmBatt.sys
BOOTLOG_NOT_LOADED \SystemRoot\System32\drivers\dxgkrnl.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\igdkmd64.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\HDAudBus.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\ucx01000.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\USBXHCI.SYS
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\TeeDriverx64.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\usbehci.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\bcmwl63a.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\vwifibus.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\Rt630x64.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\i8042prt.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\ikbevent.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\SynTP.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\klkbdflt.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\kbdclass.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\imsevent.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\klmouflt.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\mouclass.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\Accelerometer.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\WirelessButtonDriver64.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\wmiacpi.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\intelppm.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\acpitime.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\ISCTD64.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\NdisVirtualBus.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\swenum.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\iwdbus.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\rdpbus.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\clwvd.sys
BOOTLOG_LOADED \SystemRoot\system32\drivers\ksthunk.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\usbhub.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\IntcDAud.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\UsbHub3.sys
BOOTLOG_LOADED \SystemRoot\system32\drivers\RTKVHD64.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\hidusb.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\mouhid.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\usbccgp.sys
BOOTLOG_LOADED \SystemRoot\System32\Drivers\usbvideo.sys
BOOTLOG_LOADED \SystemRoot\system32\drivers\bcbtums.sys
BOOTLOG_LOADED \??\C:\Program Files\Paragon Software\Partition Manager 14 Free\bluescrn

\BioNT_bs.sys
BOOTLOG_LOADED \SystemRoot\System32\Drivers\BTHUSB.sys
BOOTLOG_LOADED \SystemRoot\System32\Drivers\fastfat.SYS
BOOTLOG_LOADED \SystemRoot\System32\drivers\WinUsb.sys
BOOTLOG_NOT_LOADED \SystemRoot\System32\drivers\dxgkrnl.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\monitor.sys
BOOTLOG_NOT_LOADED \SystemRoot\System32\drivers\dxgkrnl.sys
BOOTLOG_LOADED \SystemRoot\system32\drivers\luafv.sys
BOOTLOG_LOADED \??\C:\Windows\system32\drivers\mbam.sys
BOOTLOG_LOADED \SystemRoot\system32\drivers\WudfPf.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\WinUsb.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\WUDFRd.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\lltdio.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\nwifi.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\ndisuio.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\rspndr.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\condrv.sys
BOOTLOG_LOADED \SystemRoot\system32\drivers\HTTP.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\bowser.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\mpsdrv.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\mrxsmb.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\mrxsmb20.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\vwifimp.sys
BOOTLOG_LOADED \SystemRoot\system32\drivers\MSPQM.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\mrxsmb10.sys
BOOTLOG_LOADED \SystemRoot\system32\drivers\Ndu.sys
BOOTLOG_LOADED \SystemRoot\system32\drivers\peauth.sys
BOOTLOG_LOADED \SystemRoot\System32\DRIVERS\srvnet.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\tcpipreg.sys
BOOTLOG_LOADED \SystemRoot\System32\DRIVERS\srv2.sys
BOOTLOG_LOADED \SystemRoot\System32\DRIVERS\srv.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\tunnel.sys
BOOTLOG_LOADED \??\C:\Windows\System32\Drivers\INETMON.sys
BOOTLOG_LOADED \SystemRoot\system32\drivers\MSPQM.sys
BOOTLOG_LOADED \SystemRoot\system32\drivers\MSPQM.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\monitor.sys

========= End of CMD: =========

==== End of Fixlog 15:32:18 ====