Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Issues with Samsung 8.1 Laptop - potential infection?

malware 8.1 Unresponsive frst

  • Please log in to reply

#1
PatriotsBallBoy

PatriotsBallBoy

    New Member

  • Member
  • Pip
  • 2 posts

For the past 2 months I have been dealing with issues related to my Samsung model NP355E5C-A01US

 

After trying to restore/refresh the Windows 8.1 operating system, I was forced to do a complete factory reset.   Since that time, the system has been VERY unresponsive, often hanging whenever I use Chrome, Excel, or have more than 2 applications open.

 

When using Chrome, I also find that new windows will open unexpectedly.

 

Any assistance you can provide is greatly appreciated.

 

Thanks

 

PM

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by mcmor_000 (administrator) on ZOEMC-OPZOMIST (01-04-2016 12:51:45)
Running from C:\Users\mcmor_000\Desktop
Loaded Profiles: mcmor_000 (Available Profiles: mcmor_000 & zdmcm_000)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\nsbu.exe
(Digital Delivery Networks, Inc.) C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\nsbu.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\nacl64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\conathst.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\nacl64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Users\mcmor_000\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Failed to access process -> EXCEL.EXE
() C:\Users\mcmor_000\AppData\Roaming\Nox\bin\nox_adb.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2012-08-10] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [133760 2014-01-07] (Qualcomm®Atheros®)
HKU\S-1-5-21-2620583142-3316455340-3143807552-1001\...\Run: [FlickrUploadr] => "C:\Users\mcmor_000\AppData\Local\FlickrUploadrWindows\Update.exe" --processStart Flickr.exe
HKU\S-1-5-21-2620583142-3316455340-3143807552-1001\...\MountPoints2: {25d4170b-ef6c-11e5-bebc-b888e3fddb9e} - "E:\VZW_Software_upgrade_assistant.exe" 
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security with Backup\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security with Backup\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security with Backup\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
Startup: C:\Users\mcmor_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-03-08]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1BC78161-7B57-445A-8943-52A25080DBCD}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-2620583142-3316455340-3143807552-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung13.msn.com/
HKU\S-1-5-21-2620583142-3316455340-3143807552-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com
SearchScopes: HKU\S-1-5-21-2620583142-3316455340-3143807552-1001 -> DefaultScope {912E5865-04A0-4805-B7C3-0430B9D6BB56} URL = 
SearchScopes: HKU\S-1-5-21-2620583142-3316455340-3143807552-1001 -> {912E5865-04A0-4805-B7C3-0430B9D6BB56} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-03-13] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security with Backup\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-03-13] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security with Backup\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-13] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-13] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-13] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-13] (Microsoft Corporation)
 
FireFox:
========
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-03-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-27] (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2011-05-15] (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-24] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-24] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2620583142-3316455340-3143807552-1001: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\mcmor_000\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-03-21] (RocketLife, LLP)
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.5.5.15\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.5.5.15\coFFAddon [2016-03-21]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.5.5.15\coFFAddon
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://samsung13.msn.com/
CHR StartupUrls: Default -> "chrome://newtab/","hxxps://www.google.com/intl/en/chrome/webstore/features.html"
CHR DefaultSearchURL: Default -> hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11908&prt=cr
CHR DefaultSearchKeyword: Default -> NortonSafe
CHR DefaultSuggestURL: Default -> hxxp://ss-sym.ask.com/query?q={searchTerms}&sstype=prefix&li=ff
CHR Profile: C:\Users\mcmor_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\mcmor_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-24]
CHR Extension: (TechSmith Snagit (Extension)) - C:\Users\mcmor_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\annopcfmbiofommjmcmcfmhklhgbhkce [2016-03-08]
CHR Extension: (Google Docs) - C:\Users\mcmor_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-24]
CHR Extension: (Google Drive) - C:\Users\mcmor_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-24]
CHR Extension: (Fotor Photo Editor) - C:\Users\mcmor_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbckhhmjfnmedpakkaaflpnmkamdppf [2016-02-24]
CHR Extension: (Quizlet) - C:\Users\mcmor_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgofflgeghkhocbociocnckocbjmomjh [2016-02-24]
CHR Extension: (YouTube) - C:\Users\mcmor_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-24]
CHR Extension: (Norton Security Toolbar) - C:\Users\mcmor_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-02-25]
CHR Extension: (Google Search) - C:\Users\mcmor_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-24]
CHR Extension: (Polarr Photo Editor 3) - C:\Users\mcmor_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\djonnbgfieijldcieafgjcnhmpcfpmgg [2016-03-04]
CHR Extension: (Google Sheets) - C:\Users\mcmor_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-24]
CHR Extension: (Green Eye) - C:\Users\mcmor_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbngeppiginhckphonoffahjcoagofd [2016-02-24]
CHR Extension: (Google Docs Offline) - C:\Users\mcmor_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Pixlr Editor) - C:\Users\mcmor_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk [2016-02-24]
CHR Extension: (Norton Identity Safe) - C:\Users\mcmor_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-02-24]
CHR Extension: (Cisco WebEx Extension) - C:\Users\mcmor_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2016-02-24]
CHR Extension: (Canva) - C:\Users\mcmor_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbcfmcoibkecmionmehabndbljdleekf [2016-02-24]
CHR Extension: (Plugins) - C:\Users\mcmor_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcblfncjaclajmegihojiekebofjcen [2016-02-24]
CHR Extension: (Norton Safe) - C:\Users\mcmor_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2016-03-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\mcmor_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-24]
CHR Extension: (Tarot Readings Free) - C:\Users\mcmor_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdbmfoilfogamlgfmmamgccdpigakodf [2016-03-02]
CHR Extension: (Gmail) - C:\Users\mcmor_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-24]
CHR Profile: C:\Users\mcmor_000\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\mcmor_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-24]
CHR Extension: (Google Docs) - C:\Users\mcmor_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-24]
CHR Extension: (Google Drive) - C:\Users\mcmor_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-24]
CHR Extension: (YouTube) - C:\Users\mcmor_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-24]
CHR Extension: (Norton Security Toolbar) - C:\Users\mcmor_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-02-24]
CHR Extension: (Google Search) - C:\Users\mcmor_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-24]
CHR Extension: (Google Sheets) - C:\Users\mcmor_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-24]
CHR Extension: (Google Docs Offline) - C:\Users\mcmor_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-24]
CHR Extension: (Norton Identity Safe) - C:\Users\mcmor_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-02-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\mcmor_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-24]
CHR Extension: (Gmail) - C:\Users\mcmor_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-24]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\Exts\Chrome.crx [2016-03-21]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\Exts\Chrome.crx [2016-03-21]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [318592 2014-01-07] (Windows ® Win 7 DDK provider) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2823920 2016-03-13] (Microsoft Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NSBU; C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\NSBU.exe [289080 2016-02-26] (Symantec Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2014-01-07] (Atheros) [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [91648 2012-08-21] (Advanced Micro Devices)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.5.15\Definitions\BASHDefs\20160401.001\BHDrvx64.sys [1766640 2016-03-09] (Symantec Corporation)
R3 BTATH_HID; C:\Windows\system32\DRIVERS\btath_hid.sys [223432 2014-01-07] (Qualcomm Atheros)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-01-07] (Qualcomm Atheros)
R3 ccSet_NSBU; C:\Windows\system32\drivers\NSBUx64\1606000.08E\ccSetx64.sys [173808 2015-11-11] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-24] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2016-02-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2016-02-04] (Symantec Corporation)
R3 IDSVia64; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.5.15\Definitions\IPSDefs\20160331.001\IDSvia64.sys [767224 2016-02-23] (Symantec Corporation)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.5.15\Definitions\VirusDefs\20160331.022\ENG64.SYS [138488 2016-03-03] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.5.15\Definitions\VirusDefs\20160331.022\EX64.SYS [2148080 2016-03-03] (Symantec Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows ® Win 7 DDK provider)
R3 SRTSP; C:\Windows\System32\Drivers\NSBUx64\1606000.08E\SRTSP64.SYS [928504 2016-02-23] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NSBUx64\1606000.08E\SRTSPX64.SYS [50936 2015-11-11] (Symantec Corporation)
R3 SymEFASI; C:\Windows\system32\drivers\NSBUx64\1606000.08E\SYMEFASI64.SYS [1621232 2016-02-23] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NSBUx64\1606000.08E\SymELAM.sys [24192 2015-11-11] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2016-02-23] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NSBUx64\1606000.08E\Ironx64.SYS [295664 2016-02-23] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NSBUx64\1606000.08E\SYMNETS.SYS [577768 2016-02-23] (Symantec Corporation)
R1 VBoxUSBMon; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [127432 2015-09-16] (BigNox Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R1 XQHDrv; C:\Windows\system32\DRIVERS\XQHDrv.sys [253384 2015-09-15] (BigNox Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-01 12:51 - 2016-04-01 12:52 - 00022293 _____ C:\Users\mcmor_000\Desktop\FRST.txt
2016-04-01 12:51 - 2016-04-01 12:51 - 00000000 ____D C:\FRST
2016-04-01 12:49 - 2016-04-01 12:49 - 02374144 _____ (Farbar) C:\Users\mcmor_000\Desktop\FRST64.exe
2016-04-01 08:12 - 2016-04-01 08:46 - 00153569 _____ C:\Users\mcmor_000\Documents\Baseball Opening Day Rosters.xlsx
2016-03-31 18:42 - 2016-04-01 08:48 - 00048311 _____ C:\Users\mcmor_000\Documents\Baseball Salaries.xlsx
2016-03-31 18:13 - 2016-03-31 18:13 - 00000000 ____D C:\Users\mcmor_000\Documents\Job Search
2016-03-31 10:39 - 2016-03-31 10:39 - 00605273 _____ C:\Users\mcmor_000\Downloads\PJMcMorran Resume (1).pdf
2016-03-31 10:05 - 2016-03-31 10:05 - 00438066 _____ C:\Users\mcmor_000\Downloads\cpsa2015.xlsx
2016-03-31 09:43 - 2016-03-31 09:43 - 00056979 _____ C:\Users\mcmor_000\Downloads\DataFinder-20160331094338.xlsx
2016-03-31 09:42 - 2016-03-31 09:42 - 00115317 _____ C:\Users\mcmor_000\Downloads\DataFinder-20160331094259.xlsx
2016-03-29 22:18 - 2016-04-01 12:37 - 00003966 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{DCBD3506-BE7C-4129-9CE3-A0110B7601FB}
2016-03-29 08:38 - 2016-03-29 08:38 - 00216355 _____ C:\Users\mcmor_000\Documents\StatementPdf.pdf
2016-03-28 08:24 - 2016-03-28 08:24 - 00000000 ___RD C:\Users\mcmor_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2016-03-27 19:12 - 2016-03-27 19:12 - 00585243 _____ C:\Users\zdmcm_000\Documents\Calming the teenage mind in the classroom - CNN.pdf
2016-03-27 18:42 - 2016-03-27 18:42 - 00000000 ____D C:\Users\zdmcm_000\Documents\Custom Office Templates
2016-03-27 17:13 - 2016-03-27 17:13 - 00000000 ___RD C:\Users\zdmcm_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2016-03-26 16:38 - 2016-03-27 17:14 - 00000000 ____D C:\Users\zdmcm_000\OneDrive
2016-03-26 16:34 - 2016-03-26 16:34 - 00000000 ____D C:\Users\zdmcm_000\AppData\Local\AMD
2016-03-26 16:33 - 2016-03-27 17:13 - 00000000 ____D C:\Users\zdmcm_000\Documents\Bluetooth Folder
2016-03-26 16:33 - 2016-03-26 16:33 - 00000000 ____D C:\Users\zdmcm_000\AppData\Local\BMExplorer
2016-03-26 16:28 - 2016-03-26 16:28 - 00001446 _____ C:\Users\zdmcm_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-03-26 16:25 - 2016-03-26 16:25 - 00000020 ___SH C:\Users\zdmcm_000\ntuser.ini
2016-03-25 00:18 - 2016-03-25 00:18 - 00000000 ____D C:\Users\mcmor_000\AppData\Local\MultiPlayerManager
2016-03-24 20:09 - 2016-03-28 08:23 - 00000000 ____D C:\Users\mcmor_000\AppData\Local\FlickrUploadrWindows
2016-03-24 20:09 - 2016-03-24 20:09 - 00002401 _____ C:\Users\mcmor_000\Desktop\Flickr Uploadr.lnk
2016-03-24 20:09 - 2016-03-24 20:09 - 00000000 ____D C:\Users\mcmor_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flickr
2016-03-24 20:09 - 2016-03-24 20:09 - 00000000 ____D C:\Users\mcmor_000\AppData\Local\Flickr
2016-03-24 20:08 - 2016-03-24 20:09 - 00000000 ____D C:\Users\mcmor_000\AppData\Local\SquirrelTemp
2016-03-24 20:07 - 2016-03-24 20:07 - 21889520 _____ (Flickr) C:\Users\mcmor_000\Downloads\FlickrUploadrInstallr.exe
2016-03-24 20:02 - 2016-03-24 20:02 - 00000000 ___RD C:\Users\mcmor_000\Documents\RocketLifeNetwork
2016-03-24 20:02 - 2016-03-24 20:02 - 00000000 ____D C:\Users\mcmor_000\AppData\Local\RLPlatform
2016-03-24 20:01 - 2016-03-24 20:02 - 00000000 ____D C:\Users\mcmor_000\AppData\Roaming\Visan
2016-03-24 20:01 - 2016-03-24 20:02 - 00000000 ____D C:\Users\mcmor_000\AppData\Roaming\RocketLife
2016-03-24 20:01 - 2016-03-24 20:01 - 00002096 _____ C:\Users\mcmor_000\Desktop\RocketLife.lnk
2016-03-24 20:01 - 2016-03-24 20:01 - 00000000 ____D C:\Users\mcmor_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RocketLife
2016-03-24 19:56 - 2016-03-24 19:56 - 00000000 ____D C:\ProgramData\Visan
2016-03-23 23:30 - 2016-03-25 01:02 - 00000000 ____D C:\Users\mcmor_000\Desktop\NoxApps
2016-03-23 18:19 - 2015-07-17 09:51 - 00984448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2016-03-23 18:19 - 2015-07-17 09:51 - 00063840 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll
2016-03-23 18:19 - 2015-07-17 09:51 - 00020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll
2016-03-23 18:19 - 2015-07-17 09:51 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-23 18:19 - 2015-07-17 09:51 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll
2016-03-23 18:19 - 2015-07-17 09:51 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-23 18:19 - 2015-07-17 09:51 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-23 18:19 - 2015-07-17 09:51 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-03-23 18:19 - 2015-07-17 09:51 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll
2016-03-23 18:19 - 2015-07-17 09:51 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-23 18:19 - 2015-07-17 09:51 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll
2016-03-23 18:19 - 2015-07-17 09:51 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-03-23 18:19 - 2015-07-17 09:51 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-03-23 18:19 - 2015-07-17 09:51 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-03-23 18:19 - 2015-07-17 09:51 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-03-23 18:19 - 2015-07-17 09:51 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-03-23 18:19 - 2015-07-17 09:47 - 00901264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2016-03-23 18:19 - 2015-07-17 09:47 - 00066400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-03-23 18:19 - 2015-07-17 09:47 - 00022368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-03-23 18:19 - 2015-07-17 09:47 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-23 18:19 - 2015-07-17 09:47 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-03-23 18:19 - 2015-07-17 09:47 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-23 18:19 - 2015-07-17 09:47 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-23 18:19 - 2015-07-17 09:47 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-03-23 18:19 - 2015-07-17 09:47 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-03-23 18:19 - 2015-07-17 09:47 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-23 18:19 - 2015-07-17 09:47 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-03-23 18:19 - 2015-07-17 09:47 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-03-23 18:19 - 2015-07-17 09:47 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-03-23 18:19 - 2015-07-17 09:47 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-03-23 18:19 - 2015-07-17 09:47 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-03-23 18:19 - 2015-07-17 09:47 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-03-23 17:58 - 2016-03-23 17:58 - 00000000 ____D C:\Users\mcmor_000\AppData\Local\AMD
2016-03-23 17:57 - 2016-03-23 17:57 - 00000000 ____D C:\ProgramData\ATI
2016-03-23 10:04 - 2016-03-08 03:00 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-03-23 10:04 - 2016-03-08 03:00 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-23 09:35 - 2015-07-30 10:04 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-03-23 09:35 - 2015-07-30 09:48 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-03-23 07:37 - 2016-01-10 13:50 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll
2016-03-23 07:37 - 2016-01-10 13:31 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-03-23 07:37 - 2016-01-10 13:16 - 00898048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2016-03-23 07:37 - 2016-01-10 13:14 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll
2016-03-23 07:37 - 2016-01-10 13:12 - 00532480 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
2016-03-23 07:37 - 2016-01-10 12:58 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-03-23 07:37 - 2016-01-10 12:51 - 00702976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2016-03-23 07:37 - 2016-01-10 12:49 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EncDec.dll
2016-03-23 07:37 - 2016-01-10 12:40 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-03-23 07:33 - 2015-06-28 01:07 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-03-23 07:33 - 2015-06-28 01:06 - 01311960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-03-23 07:33 - 2015-06-28 01:06 - 00332120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-03-23 07:33 - 2015-06-27 12:42 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-03-23 07:29 - 2016-01-10 13:02 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-03-23 07:29 - 2016-01-10 12:43 - 00801792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-03-23 07:29 - 2015-10-13 13:10 - 00559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2016-03-23 07:29 - 2015-10-13 13:10 - 00108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2016-03-23 07:29 - 2014-10-30 18:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2016-03-23 07:29 - 2014-10-30 18:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2016-03-23 07:28 - 2015-12-05 01:58 - 02745184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2016-03-23 07:28 - 2015-12-05 01:58 - 02528784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2016-03-23 07:28 - 2015-12-05 01:58 - 02450240 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVENCOD.DLL
2016-03-23 07:28 - 2015-12-05 01:58 - 02447136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVENCOD.DLL
2016-03-23 07:28 - 2015-12-05 01:58 - 02334104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-03-23 07:28 - 2015-12-05 01:58 - 02324744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-03-23 07:28 - 2015-12-05 01:58 - 01877504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2016-03-23 07:28 - 2015-12-05 01:58 - 01798480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-03-23 07:28 - 2015-12-05 01:58 - 01484888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2016-03-23 07:28 - 2015-12-05 01:58 - 01288128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-03-23 07:28 - 2015-12-05 01:58 - 01210200 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-03-23 07:28 - 2015-12-05 01:58 - 01150232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOE.DLL
2016-03-23 07:28 - 2015-12-05 01:58 - 01115640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-03-23 07:28 - 2015-12-05 01:58 - 01037680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-03-23 07:28 - 2015-12-05 01:58 - 00914672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOE.DLL
2016-03-23 07:28 - 2015-12-05 01:58 - 00850680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-03-23 07:28 - 2015-12-05 01:58 - 00735496 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-03-23 07:28 - 2015-12-05 01:58 - 00700360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-03-23 07:28 - 2015-12-05 01:58 - 00629600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP4SDECD.DLL
2016-03-23 07:28 - 2015-12-05 01:58 - 00584656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-03-23 07:28 - 2015-12-05 01:58 - 00557856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSDECD.DLL
2016-03-23 07:28 - 2015-12-05 01:58 - 00498472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-03-23 07:28 - 2015-12-05 01:58 - 00492736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSDECD.DLL
2016-03-23 07:28 - 2015-12-05 01:58 - 00463776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP4SDECD.DLL
2016-03-23 07:28 - 2015-12-05 01:58 - 00399776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-03-23 07:28 - 2015-12-05 01:58 - 00299080 _____ (Microsoft Corporation) C:\WINDOWS\system32\VIDRESZR.DLL
2016-03-23 07:28 - 2015-12-05 01:58 - 00275312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MPG4DECD.DLL
2016-03-23 07:28 - 2015-12-05 01:58 - 00274280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP43DECD.DLL
2016-03-23 07:28 - 2015-12-05 01:58 - 00250520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPG4DECD.DLL
2016-03-23 07:28 - 2015-12-05 01:58 - 00248432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP43DECD.DLL
2016-03-23 07:28 - 2015-12-05 01:58 - 00246856 _____ (Microsoft Corporation) C:\WINDOWS\system32\RESAMPLEDMO.DLL
2016-03-23 07:28 - 2015-12-05 01:58 - 00244296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-03-23 07:28 - 2015-12-05 01:58 - 00229272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL
2016-03-23 07:28 - 2015-12-05 01:58 - 00203016 _____ (Microsoft Corporation) C:\WINDOWS\system32\COLORCNV.DLL
2016-03-23 07:28 - 2015-12-05 01:58 - 00184912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\COLORCNV.DLL
2016-03-23 07:28 - 2015-12-05 01:58 - 00183856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VIDRESZR.DLL
2016-03-23 07:28 - 2015-12-05 01:58 - 00116720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-03-23 07:28 - 2015-12-05 01:58 - 00110544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-03-23 07:28 - 2015-12-05 01:58 - 00099136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-03-23 07:28 - 2015-12-05 01:58 - 00090904 _____ (Microsoft Corporation) C:\WINDOWS\system32\devenum.dll
2016-03-23 07:28 - 2015-12-05 01:58 - 00090392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfvdsp.dll
2016-03-23 07:28 - 2015-12-05 01:58 - 00081032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devenum.dll
2016-03-23 07:28 - 2015-12-05 01:58 - 00076936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfvdsp.dll
2016-03-23 07:28 - 2015-12-03 14:07 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-03-23 07:28 - 2015-12-03 14:07 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-03-23 07:28 - 2015-12-03 14:05 - 00644608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVXENCD.DLL
2016-03-23 07:28 - 2015-12-03 14:02 - 01664000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-03-23 07:28 - 2015-12-03 14:00 - 00451072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSENCD.DLL
2016-03-23 07:28 - 2015-12-03 13:58 - 00378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysFxUI.dll
2016-03-23 07:28 - 2015-12-03 13:36 - 01697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-03-23 07:28 - 2015-12-03 13:30 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFWMAAEC.DLL
2016-03-23 07:28 - 2015-12-03 13:28 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-03-23 07:28 - 2015-12-03 13:28 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-03-23 07:28 - 2015-12-03 13:27 - 00736256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVXENCD.DLL
2016-03-23 07:28 - 2015-12-03 13:24 - 01411584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-03-23 07:28 - 2015-12-03 13:23 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSENCD.DLL
2016-03-23 07:28 - 2015-12-03 13:06 - 01501184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-03-23 07:28 - 2015-12-03 13:01 - 00743936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFWMAAEC.DLL
2016-03-23 07:28 - 2015-12-03 12:40 - 01010688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-03-23 07:28 - 2015-12-03 12:29 - 00887296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-03-23 07:28 - 2015-12-02 11:04 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-03-23 07:28 - 2015-12-02 11:01 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-03-23 07:28 - 2015-11-05 04:59 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2016-03-23 07:28 - 2015-08-26 22:43 - 22372152 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-03-23 07:28 - 2015-08-26 22:42 - 19795904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-03-23 07:28 - 2015-06-15 18:41 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2016-03-23 07:28 - 2015-06-15 18:24 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-03-23 07:28 - 2015-06-15 17:16 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2016-03-23 07:28 - 2015-06-15 17:09 - 03607552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-03-23 07:28 - 2014-12-08 21:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-03-23 07:27 - 2015-05-30 17:18 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2016-03-23 07:27 - 2015-05-30 15:36 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-03-23 07:27 - 2015-05-30 15:35 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-03-23 07:27 - 2014-12-08 15:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-03-23 07:27 - 2014-12-08 15:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2016-03-23 07:27 - 2014-12-08 15:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-03-23 07:27 - 2014-12-08 15:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2016-03-23 07:27 - 2014-12-08 15:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2016-03-23 07:27 - 2014-12-08 15:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2016-03-23 07:27 - 2014-12-08 15:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2016-03-23 07:27 - 2014-12-08 15:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2016-03-23 07:21 - 2016-02-08 17:05 - 20352512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-03-23 07:21 - 2016-02-08 16:39 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-03-23 07:21 - 2016-02-08 16:34 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-03-23 07:21 - 2016-02-08 16:29 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-03-23 07:21 - 2016-02-08 16:28 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-03-23 07:21 - 2016-02-08 16:10 - 04611072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-03-23 07:21 - 2016-02-08 16:07 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-03-23 07:21 - 2016-02-08 16:05 - 25816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-03-23 07:21 - 2016-02-08 16:03 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2016-03-23 07:21 - 2016-02-08 16:02 - 13012480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-03-23 07:21 - 2016-02-08 16:02 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-03-23 07:21 - 2016-02-08 16:01 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-03-23 07:21 - 2016-02-08 15:43 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-03-23 07:21 - 2016-02-08 15:39 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-03-23 07:21 - 2016-02-08 15:38 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-03-23 07:21 - 2016-02-08 14:27 - 02887680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-03-23 07:21 - 2016-02-08 14:26 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-03-23 07:21 - 2016-02-08 14:16 - 06052352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-03-23 07:21 - 2016-02-08 14:14 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-03-23 07:21 - 2016-02-08 14:13 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-03-23 07:21 - 2016-02-08 13:51 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-03-23 07:21 - 2016-02-08 13:42 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-03-23 07:21 - 2016-02-08 13:37 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2016-03-23 07:21 - 2016-02-08 13:34 - 00798720 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-03-23 07:21 - 2016-02-08 13:33 - 14613504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-03-23 07:21 - 2016-02-08 13:33 - 02123264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-03-23 07:21 - 2016-02-08 13:19 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-03-23 07:21 - 2016-02-08 13:15 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-03-23 07:21 - 2016-02-08 13:07 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-03-23 07:21 - 2016-02-08 12:55 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-03-23 07:21 - 2015-11-11 11:44 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-03-23 07:21 - 2015-11-11 11:44 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-03-23 07:21 - 2015-11-09 20:11 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2016-03-23 07:21 - 2015-11-09 20:04 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2016-03-23 07:21 - 2015-11-09 19:36 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-03-23 07:21 - 2015-11-09 19:25 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-03-23 07:21 - 2015-11-08 18:02 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2016-03-23 07:21 - 2015-11-08 17:32 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-03-23 07:21 - 2015-11-08 17:32 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-03-23 07:21 - 2015-11-08 17:16 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-03-23 07:21 - 2015-11-08 17:15 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-03-23 07:21 - 2015-09-10 13:18 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2016-03-23 07:21 - 2015-09-10 12:51 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2016-03-23 07:21 - 2015-09-10 12:17 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2016-03-23 07:21 - 2015-09-10 12:07 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2016-03-23 07:21 - 2015-07-16 16:36 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2016-03-23 07:21 - 2015-07-16 15:50 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2016-03-23 07:21 - 2015-06-15 18:02 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2016-03-23 07:21 - 2015-06-15 17:58 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2016-03-23 07:21 - 2015-06-15 16:47 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2016-03-23 07:21 - 2015-06-15 16:44 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2016-03-23 07:21 - 2015-05-22 23:04 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-03-23 07:21 - 2015-05-22 14:47 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2016-03-23 07:21 - 2015-04-21 12:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2016-03-23 07:21 - 2014-12-08 23:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2016-03-23 07:21 - 2014-12-08 21:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2016-03-23 07:20 - 2016-02-05 10:59 - 07784960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-03-23 07:20 - 2016-02-05 10:55 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-03-23 07:20 - 2016-02-05 10:48 - 07075840 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
2016-03-23 07:20 - 2016-02-05 10:47 - 05268480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll
2016-03-23 07:18 - 2015-01-29 21:29 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll
2016-03-23 07:16 - 2015-07-15 20:29 - 00101720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2016-03-23 07:16 - 2015-07-10 13:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2016-03-23 07:12 - 2015-09-07 12:22 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2016-03-23 07:12 - 2015-09-07 11:54 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2016-03-23 07:12 - 2015-09-07 11:30 - 01091584 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2016-03-23 07:12 - 2015-03-19 23:49 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2016-03-23 07:12 - 2015-01-28 21:04 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-03-23 07:11 - 2015-12-03 15:42 - 00561952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-03-23 07:11 - 2015-12-03 15:42 - 00397224 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2016-03-23 07:11 - 2015-12-03 15:42 - 00137968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2016-03-23 07:11 - 2015-12-03 15:42 - 00106960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2016-03-23 07:11 - 2015-12-03 15:41 - 00177488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-03-23 07:11 - 2015-12-03 14:52 - 00340872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2016-03-23 07:11 - 2015-12-03 14:52 - 00120376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
2016-03-23 07:11 - 2015-12-03 14:52 - 00091416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2016-03-23 07:11 - 2015-12-03 14:28 - 00401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-03-23 07:11 - 2015-12-03 14:28 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-03-23 07:11 - 2015-12-03 13:51 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-03-23 07:11 - 2015-12-03 13:16 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-03-23 07:11 - 2015-12-03 13:13 - 01441280 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-03-23 07:11 - 2015-12-03 13:07 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-03-23 07:11 - 2015-12-03 12:45 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-03-23 07:11 - 2015-11-21 12:59 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2016-03-23 07:11 - 2015-11-21 12:49 - 01344000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2016-03-23 07:11 - 2015-11-21 12:47 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2016-03-23 07:11 - 2015-11-21 12:40 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2016-03-23 07:11 - 2015-06-26 23:12 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-03-23 07:11 - 2014-12-11 22:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2016-03-23 07:11 - 2014-12-11 20:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2016-03-23 06:37 - 2016-02-12 15:14 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-03-23 06:37 - 2016-02-12 11:14 - 03708416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-03-23 06:37 - 2016-02-12 10:55 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2016-03-23 06:37 - 2016-02-12 10:54 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2016-03-23 06:37 - 2016-02-12 10:54 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2016-03-23 06:37 - 2016-02-12 10:54 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2016-03-23 06:37 - 2016-02-12 10:51 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2016-03-23 06:37 - 2016-02-12 10:51 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2016-03-23 06:37 - 2016-02-12 10:51 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2016-03-23 06:37 - 2016-02-12 10:48 - 02244096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2016-03-23 06:37 - 2016-02-12 10:47 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-03-23 06:37 - 2016-02-12 10:46 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-03-23 06:37 - 2016-02-03 16:37 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-03-23 06:37 - 2016-02-03 16:36 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-03-23 06:37 - 2016-02-03 11:09 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-03-23 06:37 - 2016-02-03 11:00 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-03-23 06:37 - 2016-02-03 11:00 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-03-23 06:37 - 2015-11-20 14:18 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2016-03-23 06:37 - 2015-11-08 20:41 - 01540728 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-03-23 06:37 - 2015-11-08 17:23 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2016-03-23 06:37 - 2015-11-08 17:13 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2016-03-23 06:37 - 2015-11-08 17:01 - 01753600 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-03-23 06:37 - 2015-11-08 16:52 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2016-03-23 06:37 - 2015-11-08 16:48 - 01376256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-03-23 06:37 - 2015-11-08 16:42 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-03-23 06:37 - 2015-07-30 13:18 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll
2016-03-23 06:37 - 2015-07-30 12:22 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkEd.dll
2016-03-23 06:37 - 2015-07-09 14:40 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2016-03-23 06:37 - 2015-06-26 23:08 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-03-23 06:37 - 2015-06-26 22:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2016-03-23 06:37 - 2015-03-23 17:59 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2016-03-23 06:37 - 2015-03-23 17:45 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2016-03-23 06:37 - 2015-03-19 23:17 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe
2016-03-23 06:37 - 2015-03-19 22:41 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tracerpt.exe
2016-03-23 06:37 - 2015-03-19 22:40 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2016-03-23 06:37 - 2015-03-19 22:16 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2016-03-23 06:37 - 2015-02-20 19:49 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2016-03-23 06:36 - 2015-09-24 12:42 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-03-23 06:36 - 2015-09-24 12:40 - 00737280 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-03-23 06:36 - 2015-07-07 05:40 - 00270168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2016-03-23 06:36 - 2015-07-07 05:40 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2016-03-23 06:36 - 2015-07-07 05:40 - 00044560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2016-03-23 06:36 - 2015-07-01 18:19 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2016-03-23 06:36 - 2015-07-01 18:16 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2016-03-23 06:36 - 2015-07-01 17:37 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2016-03-23 06:36 - 2015-07-01 17:35 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2016-03-23 06:36 - 2015-04-08 18:55 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-03-23 06:36 - 2015-03-12 22:58 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2016-03-23 06:36 - 2015-03-12 22:37 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2016-03-23 06:36 - 2015-02-02 19:53 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2016-03-23 06:36 - 2015-02-02 19:53 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2016-03-23 06:36 - 2014-06-09 18:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2016-03-23 06:36 - 2014-06-09 18:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2016-03-23 06:35 - 2015-10-28 11:49 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-03-23 06:35 - 2015-10-28 11:29 - 02462720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-03-23 06:35 - 2015-07-22 10:33 - 01728000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-03-23 06:35 - 2015-07-22 10:25 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-03-23 06:35 - 2015-07-18 14:31 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2016-03-23 06:35 - 2015-07-18 14:29 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-03-23 06:35 - 2015-07-18 14:29 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2016-03-23 06:35 - 2015-07-18 14:27 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-03-23 06:34 - 2016-02-06 14:08 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2016-03-23 06:34 - 2016-02-05 15:07 - 00292696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMASF.DLL
2016-03-23 06:34 - 2016-02-05 15:07 - 00243032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMASF.DLL
2016-03-23 06:34 - 2016-02-05 11:03 - 15432704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-03-23 06:34 - 2016-02-05 11:00 - 13318144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-03-23 06:34 - 2016-01-19 15:14 - 07453024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-03-23 06:34 - 2016-01-19 15:13 - 02175008 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-03-23 06:34 - 2016-01-19 15:13 - 01063464 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-03-23 06:34 - 2016-01-19 15:12 - 01737088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-03-23 06:34 - 2016-01-19 15:12 - 01133744 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-03-23 06:34 - 2016-01-19 14:23 - 01564496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-03-23 06:34 - 2016-01-19 14:23 - 01501496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-03-23 06:34 - 2016-01-19 14:23 - 00548024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-03-23 06:34 - 2016-01-19 14:15 - 00246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-03-23 06:34 - 2016-01-19 13:30 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-03-23 06:34 - 2016-01-19 12:37 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2016-03-23 06:34 - 2016-01-06 14:25 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-03-23 06:34 - 2015-12-07 06:56 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-03-23 06:34 - 2015-12-04 11:00 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-03-23 06:34 - 2015-11-22 02:59 - 01659568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-03-23 06:34 - 2015-11-22 02:59 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-03-23 06:34 - 2015-11-22 02:59 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-03-23 06:34 - 2015-11-22 02:59 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-03-23 06:34 - 2015-11-21 14:32 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2016-03-23 06:34 - 2015-11-21 13:50 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2016-03-23 06:34 - 2015-09-12 09:47 - 00414559 _____ C:\WINDOWS\system32\ApnDatabase.xml
2016-03-23 06:34 - 2015-07-13 15:46 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2016-03-23 06:34 - 2015-07-13 15:45 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-03-23 06:34 - 2015-03-20 00:10 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2016-03-23 06:34 - 2015-03-20 00:10 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2016-03-23 06:34 - 2014-10-28 21:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2016-03-23 06:34 - 2014-10-28 21:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2016-03-23 06:34 - 2014-10-28 21:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2016-03-23 06:34 - 2014-10-28 21:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2016-03-23 06:32 - 2016-02-04 14:18 - 04174336 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-03-23 06:32 - 2016-01-31 15:16 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2016-03-23 06:31 - 2015-07-09 13:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2016-03-23 06:31 - 2015-07-09 13:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2016-03-23 06:31 - 2015-07-09 12:30 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2016-03-23 06:31 - 2015-02-24 04:32 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-03-23 06:30 - 2016-02-04 14:18 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-03-23 06:30 - 2016-02-04 14:12 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-03-23 06:30 - 2016-02-04 13:44 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-03-23 06:30 - 2016-02-04 13:39 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-03-23 06:30 - 2015-04-24 22:34 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2016-03-23 06:30 - 2015-04-24 22:33 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2016-03-23 06:30 - 2015-01-30 19:20 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2016-03-23 06:30 - 2014-12-05 23:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2016-03-23 06:30 - 2014-12-05 21:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2016-03-23 06:28 - 2015-12-28 17:42 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSync.dll
2016-03-23 06:28 - 2015-12-28 16:31 - 00578048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSync.dll
2016-03-23 06:28 - 2015-08-03 17:15 - 00074928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2016-03-23 06:28 - 2015-08-03 17:15 - 00065600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2016-03-23 06:28 - 2015-08-01 10:22 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2016-03-23 06:28 - 2015-07-31 23:47 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schtasks.exe
2016-03-23 06:28 - 2015-07-31 23:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schtasks.exe
2016-03-23 06:28 - 2015-07-31 23:38 - 01265152 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2016-03-23 06:28 - 2015-07-31 23:37 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskeng.exe
2016-03-23 06:28 - 2015-07-31 23:37 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskeng.exe
2016-03-23 06:28 - 2015-07-13 23:22 - 02529880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-03-23 06:28 - 2015-07-13 23:21 - 01901776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2016-03-23 06:28 - 2015-07-10 13:42 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-03-23 06:28 - 2015-07-10 13:13 - 07032320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-03-23 06:28 - 2015-07-10 12:47 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-03-23 06:28 - 2015-07-10 12:31 - 06213120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-03-23 06:28 - 2015-01-29 14:45 - 01763352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-03-23 06:28 - 2015-01-29 14:34 - 01488040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-03-23 06:27 - 2015-07-10 14:19 - 01101824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2016-03-23 06:27 - 2015-07-10 13:14 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2016-03-23 06:27 - 2015-01-27 21:31 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2016-03-23 06:27 - 2015-01-27 21:11 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2016-03-23 06:24 - 2016-02-04 13:24 - 00603648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-03-23 06:24 - 2016-02-04 13:02 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-03-23 06:24 - 2015-12-17 14:29 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-03-23 06:24 - 2015-12-17 12:17 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-03-23 06:24 - 2015-10-08 12:08 - 01083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-03-23 06:24 - 2015-08-10 14:15 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-03-23 06:24 - 2015-08-10 14:06 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-03-23 06:24 - 2015-08-10 13:49 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2016-03-23 06:24 - 2015-08-10 12:56 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-03-23 06:24 - 2015-08-10 12:46 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2016-03-23 06:24 - 2015-07-13 23:27 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzsync.exe
2016-03-23 06:24 - 2015-03-13 21:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2016-03-23 06:24 - 2015-03-13 20:09 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-03-23 06:24 - 2015-03-04 06:25 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-03-23 06:24 - 2015-03-03 23:04 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2016-03-23 06:24 - 2015-03-03 22:19 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2016-03-23 06:24 - 2014-11-10 14:06 - 00136512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2016-03-23 06:24 - 2014-10-18 02:50 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2016-03-23 06:20 - 2015-12-08 15:08 - 00685432 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-03-23 06:20 - 2015-12-08 15:07 - 00507176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-03-23 06:20 - 2014-07-23 23:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2016-03-23 06:20 - 2014-07-23 23:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2016-03-23 06:19 - 2015-01-21 01:54 - 01384712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-03-23 06:19 - 2015-01-21 01:15 - 01123848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-03-23 06:15 - 2016-03-23 06:15 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2016-03-23 06:08 - 2016-03-23 06:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2016-03-23 06:07 - 2016-03-23 06:07 - 00000000 ____D C:\Program Files\ATI Technologies
2016-03-23 06:00 - 2016-03-28 08:29 - 00000000 ___DO C:\Users\mcmor_000\OneDrive
2016-03-23 06:00 - 2016-03-23 06:00 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Security with Backup
2016-03-23 05:54 - 2016-03-23 05:58 - 00000000 ____D C:\Users\mcmor_000\AppData\Local\PackageStaging
2016-03-23 05:54 - 2016-03-23 05:54 - 00003116 _____ C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2620583142-3316455340-3143807552-1001
2016-03-23 05:52 - 2016-03-23 05:52 - 00001446 _____ C:\Users\mcmor_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-03-23 05:51 - 2016-03-23 05:51 - 00000020 ___SH C:\Users\mcmor_000\ntuser.ini
2016-03-23 05:08 - 2016-03-23 05:53 - 00000000 ___DC C:\WINDOWS\Panther
2016-03-23 05:06 - 2016-03-23 05:06 - 00262144 _____ C:\WINDOWS\system32\config\userdiff
2016-03-23 05:03 - 2016-03-23 05:03 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-03-23 05:03 - 2016-03-23 05:03 - 00000000 ____D C:\Program Files\MSBuild
2016-03-23 05:03 - 2016-03-23 05:03 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-03-23 05:03 - 2016-03-23 05:03 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-03-23 05:02 - 2016-03-23 05:02 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2016-03-23 05:02 - 2016-03-23 05:02 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2016-03-23 05:02 - 2013-08-03 00:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2016-03-23 05:02 - 2013-08-03 00:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2016-03-23 01:53 - 2016-03-23 01:53 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2016-03-23 01:35 - 2016-03-23 01:35 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-03-23 01:26 - 2016-03-23 01:26 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2016-03-23 01:24 - 2016-04-01 12:18 - 00000000 ____D C:\Users\mcmor_000
2016-03-23 01:24 - 2016-03-26 16:38 - 00000000 ____D C:\Users\zdmcm_000
2016-03-23 01:24 - 2016-03-23 01:24 - 00000000 _SHDL C:\Users\zdmcm_000\My Documents
2016-03-23 01:24 - 2016-03-23 01:24 - 00000000 _SHDL C:\Users\zdmcm_000\Documents\My Videos
2016-03-23 01:24 - 2016-03-23 01:24 - 00000000 _SHDL C:\Users\zdmcm_000\Documents\My Pictures
2016-03-23 01:24 - 2016-03-23 01:24 - 00000000 _SHDL C:\Users\zdmcm_000\Documents\My Music
2016-03-23 01:24 - 2016-03-23 01:24 - 00000000 _SHDL C:\Users\mcmor_000\My Documents
2016-03-23 01:24 - 2016-03-23 01:24 - 00000000 _SHDL C:\Users\mcmor_000\Documents\My Videos
2016-03-23 01:24 - 2016-03-23 01:24 - 00000000 _SHDL C:\Users\mcmor_000\Documents\My Pictures
2016-03-23 01:24 - 2016-03-23 01:24 - 00000000 _SHDL C:\Users\mcmor_000\Documents\My Music
2016-03-23 01:24 - 2014-11-21 04:52 - 00000369 _____ C:\Users\zdmcm_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2016-03-23 01:24 - 2014-11-21 04:52 - 00000369 _____ C:\Users\zdmcm_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2016-03-23 01:24 - 2014-11-21 04:52 - 00000369 _____ C:\Users\mcmor_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2016-03-23 01:24 - 2014-11-21 04:52 - 00000369 _____ C:\Users\mcmor_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2016-03-23 01:23 - 2016-03-23 01:54 - 00028578 _____ C:\WINDOWS\diagwrn.xml
2016-03-23 01:23 - 2016-03-23 01:54 - 00028578 _____ C:\WINDOWS\diagerr.xml
2016-03-23 01:12 - 2016-03-23 01:12 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-03-23 01:12 - 2016-03-23 01:12 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2016-03-23 01:12 - 2016-03-23 01:12 - 00000000 ____D C:\Program Files\Realtek
2016-03-23 01:12 - 2016-03-23 01:12 - 00000000 ____D C:\Program Files\AMD
2016-03-23 01:12 - 2016-03-23 01:12 - 00000000 ____D C:\AMD
2016-03-23 01:12 - 2016-03-23 01:12 - 00000000 _____ C:\WINDOWS\ativpsrm.bin
2016-03-23 01:11 - 2016-03-23 01:11 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2016-03-23 01:11 - 2016-03-23 01:11 - 00000000 ____D C:\Program Files\Synaptics
2016-03-23 00:44 - 2016-03-23 01:33 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-03-22 17:51 - 2016-03-30 23:38 - 00000000 ____D C:\Users\mcmor_000\.android
2016-03-22 17:48 - 2016-04-01 12:18 - 00000000 ____D C:\Users\mcmor_000\.BigNox
2016-03-22 17:48 - 2016-03-23 01:25 - 00000000 ____D C:\Users\mcmor_000\AppData\Roaming\Microsoft\Windows\Start Menu\Nox
2016-03-22 17:48 - 2016-03-22 17:48 - 00001821 _____ C:\Users\mcmor_000\Desktop\Nox.lnk
2016-03-22 17:48 - 2016-03-22 17:48 - 00000972 _____ C:\Users\mcmor_000\Desktop\Multi-Drive.lnk
2016-03-22 17:48 - 2016-03-22 17:48 - 00000000 ____D C:\Users\mcmor_000\Documents\Nox_share
2016-03-22 17:48 - 2015-09-16 02:07 - 00127432 _____ (BigNox Corporation) C:\WINDOWS\system32\Drivers\VBoxUSBMon.sys
2016-03-22 17:47 - 2015-09-15 23:29 - 00253384 _____ (BigNox Corporation) C:\WINDOWS\system32\Drivers\XQHDrv.sys
2016-03-22 17:45 - 2016-03-22 17:48 - 00000000 ____D C:\Program Files\Bignox
2016-03-22 17:44 - 2016-04-01 12:26 - 00000000 ____D C:\Users\mcmor_000\AppData\Local\Nox
2016-03-22 17:44 - 2016-03-22 17:44 - 00000000 ____D C:\Users\mcmor_000\AppData\Roaming\Nox
2016-03-22 11:55 - 2016-03-22 11:55 - 00605273 _____ C:\Users\mcmor_000\Downloads\PJMcMorran Resume.pdf
2016-03-22 11:48 - 2016-03-22 11:58 - 268477256 _____ (Duodian Technology Co. Ltd.) C:\Users\mcmor_000\Downloads\nox_setup_v3.1.0.0_full.exe
2016-03-21 15:49 - 2016-03-21 15:49 - 00302011 _____ C:\Users\mcmor_000\Downloads\WindowsUpdateDiagnostic (5).diagcab
2016-03-21 15:48 - 2016-03-21 15:48 - 00429438 _____ C:\Users\mcmor_000\Documents\laptop.xlsx
2016-03-21 15:47 - 2016-03-21 15:47 - 00302011 _____ C:\Users\mcmor_000\Downloads\WindowsUpdateDiagnostic (4).diagcab
2016-03-21 14:28 - 2016-03-21 14:28 - 00079064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\rdsk.sys
2016-03-21 11:49 - 2016-03-23 05:51 - 00003242 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2016-03-21 11:49 - 2016-03-23 05:51 - 00002509 _____ C:\Users\Public\Desktop\Norton Security with Backup.LNK
2016-03-21 09:50 - 2016-03-27 17:05 - 00000000 ____D C:\WINDOWS\system32\AutoUpdateLicense
2016-03-18 16:35 - 2016-03-18 16:35 - 00000094 _____ C:\Users\mcmor_000\Desktop\Erase_Cache.bat
2016-03-17 21:59 - 2016-03-17 21:59 - 00062501 _____ C:\Users\mcmor_000\Downloads\PATRICK_NEWMEDICALCLAIMSUMMARY.csv
2016-03-17 10:33 - 2016-03-17 10:33 - 00139418 _____ C:\Users\mcmor_000\Documents\ExportData (1).xlsx
2016-03-17 07:52 - 2016-03-17 07:52 - 00002308 _____ C:\Users\mcmor_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-03-16 18:13 - 2016-03-16 18:14 - 00136923 _____ C:\Users\mcmor_000\Documents\March 2015 Citizen's Bank(1).xlsx
2016-03-16 17:41 - 2016-03-16 17:41 - 00000000 ____D C:\Users\mcmor_000\AppData\Local\Microsoft Help
2016-03-16 17:31 - 2016-03-16 17:32 - 00000000 ___SD C:\Users\mcmor_000\Documents\My Data Sources
2016-03-16 13:50 - 2016-03-16 13:50 - 00034304 _____ C:\Users\mcmor_000\Downloads\Citizens Bank External Job Postings 1.11.2016.xls
2016-03-16 13:50 - 2016-03-16 13:50 - 00024576 _____ C:\Users\mcmor_000\Downloads\Citizens Bank External Job Postings 12.28.2015.xls
2016-03-16 13:49 - 2016-03-16 13:49 - 00033792 _____ C:\Users\mcmor_000\Downloads\Citizens Bank External Job Postings 1.19.2016.xls
2016-03-16 13:49 - 2016-03-16 13:49 - 00031232 _____ C:\Users\mcmor_000\Downloads\Citizens Bank External Job Postings 1.25.2016.xls
2016-03-16 13:48 - 2016-03-16 13:48 - 00035328 _____ C:\Users\mcmor_000\Downloads\Citizens Bank External Job Postings 2.8.2016.xls
2016-03-16 13:48 - 2016-03-16 13:48 - 00030208 _____ C:\Users\mcmor_000\Downloads\Citizens Bank External Job Postings 2.22.2016.xls
2016-03-16 13:47 - 2016-03-16 13:47 - 00062690 _____ C:\Users\mcmor_000\Downloads\March 2015 Attendees.xlsx
2016-03-16 13:47 - 2016-03-16 13:47 - 00062690 _____ C:\Users\mcmor_000\Downloads\March 2015 Attendees (1).xlsx
2016-03-16 13:43 - 2016-03-16 13:43 - 00031744 _____ C:\Users\mcmor_000\Downloads\Citizens Bank External Job Postings 3.14.2016.xls
2016-03-15 08:10 - 2016-03-15 08:10 - 00018719 _____ C:\Users\mcmor_000\Documents\Coins (Autosaved).xlsx
2016-03-15 08:09 - 2016-03-15 08:09 - 00008324 _____ C:\Users\mcmor_000\Documents\MassHealth Premium Assistance.xlsx
2016-03-14 17:37 - 2016-03-14 17:38 - 03685158 _____ C:\Users\mcmor_000\Downloads\Mitotic Cell Division - SmartBoard Animation.notebook
2016-03-14 17:18 - 2016-03-14 17:18 - 01170110 _____ C:\Users\mcmor_000\Downloads\Biology CP-1 SmartBoard file on cell cycle, mitosis and meiosis (1).notebook
2016-03-14 17:17 - 2016-03-14 17:17 - 01170110 _____ C:\Users\mcmor_000\Downloads\Biology CP-1 SmartBoard file on cell cycle, mitosis and meiosis.notebook
2016-03-14 16:31 - 2016-03-14 16:31 - 02163194 _____ C:\Users\mcmor_000\Downloads\Biology CP-1 Cell Cycle and Mitosis ppt for class 2016.pptx
2016-03-10 16:56 - 2016-03-10 16:56 - 00464891 _____ C:\Users\mcmor_000\Downloads\19643-46043-1-PB.pdf
2016-03-09 18:24 - 2016-03-09 18:24 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2016-03-09 18:09 - 2016-03-09 18:09 - 09569792 _____ C:\Users\mcmor_000\Downloads\USDollars.ppt
2016-03-09 10:46 - 2016-03-09 10:46 - 00013806 _____ C:\Users\mcmor_000\Downloads\Coins.xlsx
2016-03-09 10:37 - 2016-02-21 01:23 - 00046768 ____N (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-03-09 10:37 - 2016-02-20 23:43 - 01373184 ____N (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-03-09 10:37 - 2016-02-20 23:43 - 00696832 ____N (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-03-09 10:37 - 2016-02-20 23:43 - 00076800 ____N (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-03-08 10:56 - 2016-03-08 10:56 - 00000000 ____D C:\Users\mcmor_000\Documents\OneNote Notebooks
2016-03-08 09:37 - 2016-03-08 09:37 - 00302011 _____ C:\Users\mcmor_000\Downloads\WindowsUpdateDiagnostic (3).diagcab
2016-03-07 23:13 - 2016-03-07 23:13 - 00302011 _____ C:\Users\mcmor_000\Downloads\WindowsUpdateDiagnostic (2).diagcab
2016-03-07 23:13 - 2016-03-07 23:13 - 00000639 _____ C:\Users\mcmor_000\Downloads\WindowsUpdateDiagnostic (1).diagcab
2016-03-03 11:13 - 2016-03-22 09:07 - 01325904 _____ C:\Users\mcmor_000\Documents\GOW.xlsx
2016-03-03 11:08 - 2016-03-03 11:08 - 00042290 _____ C:\Users\mcmor_000\Downloads\BroncoTrojan-Game-of-War-Building-Upgrade-Table.xlsx
2016-03-03 11:06 - 2016-03-03 11:06 - 00086487 _____ C:\Users\mcmor_000\Downloads\BroncoTrojan-Game-of-War-Research-Table.xlsx
2016-03-03 11:06 - 2016-03-03 11:06 - 00086487 _____ C:\Users\mcmor_000\Downloads\BroncoTrojan-Game-of-War-Research-Table (1).xlsx
2016-03-02 14:26 - 2015-03-04 03:26 - 00011105 ____N C:\WINDOWS\system32\AutoconfigV2.cab
2016-03-02 11:24 - 2016-03-02 11:24 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-03-02 07:50 - 2016-03-02 07:50 - 00000117 _____ C:\WINDOWS\system32\netcfg-64912.txt
2016-03-02 07:49 - 2016-03-02 07:49 - 00000117 _____ C:\WINDOWS\system32\netcfg-1426909.txt
2016-03-02 07:28 - 2016-03-02 07:28 - 00000128 _____ C:\WINDOWS\system32\netcfg-161585.txt
2016-03-02 07:27 - 2016-03-02 07:27 - 00000135 _____ C:\WINDOWS\system32\netcfg-146984.txt
2016-03-02 07:27 - 2016-03-02 07:27 - 00000129 _____ C:\WINDOWS\system32\netcfg-145689.txt
2016-03-02 07:27 - 2016-03-02 07:27 - 00000128 _____ C:\WINDOWS\system32\netcfg-148996.txt
2016-03-02 07:27 - 2016-03-02 07:27 - 00000128 _____ C:\WINDOWS\system32\netcfg-147483.txt
2016-03-02 07:27 - 2016-03-02 07:27 - 00000127 _____ C:\WINDOWS\system32\netcfg-148466.txt
2016-03-02 07:27 - 2016-03-02 07:27 - 00000126 _____ C:\WINDOWS\system32\netcfg-147982.txt
2016-03-02 07:26 - 2016-03-02 07:26 - 00000117 _____ C:\WINDOWS\system32\netcfg-64693.txt
2016-03-02 07:25 - 2016-03-02 07:25 - 00000117 _____ C:\WINDOWS\system32\netcfg-1543801.txt
2016-03-02 07:03 - 2016-03-02 07:03 - 00000135 _____ C:\WINDOWS\system32\netcfg-262268.txt
2016-03-02 07:03 - 2016-03-02 07:03 - 00000129 _____ C:\WINDOWS\system32\netcfg-260303.txt
2016-03-02 07:03 - 2016-03-02 07:03 - 00000128 _____ C:\WINDOWS\system32\netcfg-279335.txt
2016-03-02 07:03 - 2016-03-02 07:03 - 00000128 _____ C:\WINDOWS\system32\netcfg-264671.txt
2016-03-02 07:03 - 2016-03-02 07:03 - 00000128 _____ C:\WINDOWS\system32\netcfg-262908.txt
2016-03-02 07:03 - 2016-03-02 07:03 - 00000127 _____ C:\WINDOWS\system32\netcfg-264078.txt
2016-03-02 07:03 - 2016-03-02 07:03 - 00000126 _____ C:\WINDOWS\system32\netcfg-263516.txt
2016-03-02 07:01 - 2016-03-02 07:01 - 00000117 _____ C:\WINDOWS\system32\netcfg-150728.txt
2016-03-02 06:58 - 2016-03-02 06:58 - 00000117 _____ C:\WINDOWS\system32\netcfg-3749702.txt
2016-03-02 02:28 - 2016-03-02 02:28 - 00000117 _____ C:\WINDOWS\system32\netcfg-50466.txt
2016-03-02 02:27 - 2016-03-02 02:27 - 00000117 _____ C:\WINDOWS\system32\netcfg-1150117.txt
2016-03-02 02:11 - 2016-03-02 02:11 - 00000135 _____ C:\WINDOWS\system32\netcfg-165392.txt
2016-03-02 02:11 - 2016-03-02 02:11 - 00000129 _____ C:\WINDOWS\system32\netcfg-163083.txt
2016-03-02 02:11 - 2016-03-02 02:11 - 00000128 _____ C:\WINDOWS\system32\netcfg-180103.txt
2016-03-02 02:11 - 2016-03-02 02:11 - 00000128 _____ C:\WINDOWS\system32\netcfg-167747.txt
2016-03-02 02:11 - 2016-03-02 02:11 - 00000128 _____ C:\WINDOWS\system32\netcfg-166109.txt
2016-03-02 02:11 - 2016-03-02 02:11 - 00000127 _____ C:\WINDOWS\system32\netcfg-167217.txt
2016-03-02 02:11 - 2016-03-02 02:11 - 00000126 _____ C:\WINDOWS\system32\netcfg-166718.txt
2016-03-02 02:09 - 2016-03-02 02:09 - 00000117 _____ C:\WINDOWS\system32\netcfg-75988.txt
2016-03-02 02:08 - 2016-03-02 02:08 - 00000117 _____ C:\WINDOWS\system32\netcfg-1248975.txt
2016-03-02 01:52 - 2016-03-02 01:52 - 00000128 _____ C:\WINDOWS\system32\netcfg-287993.txt
2016-03-02 01:51 - 2016-03-02 01:51 - 00000135 _____ C:\WINDOWS\system32\netcfg-274249.txt
2016-03-02 01:51 - 2016-03-02 01:51 - 00000129 _____ C:\WINDOWS\system32\netcfg-273532.txt
2016-03-02 01:51 - 2016-03-02 01:51 - 00000128 _____ C:\WINDOWS\system32\netcfg-276386.txt
2016-03-02 01:51 - 2016-03-02 01:51 - 00000128 _____ C:\WINDOWS\system32\netcfg-274780.txt
2016-03-02 01:51 - 2016-03-02 01:51 - 00000127 _____ C:\WINDOWS\system32\netcfg-275840.txt
2016-03-02 01:51 - 2016-03-02 01:51 - 00000126 _____ C:\WINDOWS\system32\netcfg-275310.txt
2016-03-02 01:49 - 2016-03-02 01:49 - 00000117 _____ C:\WINDOWS\system32\netcfg-141056.txt
2016-03-02 01:46 - 2016-03-02 01:46 - 00000117 _____ C:\WINDOWS\system32\netcfg-5383953.txt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-01 12:39 - 2016-02-24 18:34 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-01 10:29 - 2016-02-29 08:55 - 00000000 ____D C:\Users\mcmor_000\Documents\Outlook Files
2016-03-31 18:13 - 2014-11-21 04:44 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-31 18:13 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\Inf
2016-03-31 17:39 - 2016-02-24 18:34 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-31 10:43 - 2016-02-23 17:44 - 00000000 ____D C:\Users\mcmor_000\AppData\Local\Packages
2016-03-31 00:58 - 2016-02-23 17:53 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2620583142-3316455340-3143807552-1001
2016-03-30 21:40 - 2016-02-24 18:37 - 00002217 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-30 21:40 - 2016-02-24 18:37 - 00002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-30 12:42 - 2016-02-26 21:00 - 00000000 ____D C:\Users\mcmor_000\AppData\Local\ElevatedDiagnostics
2016-03-29 22:23 - 2016-02-25 13:44 - 00000507 _____ C:\Users\mcmor_000\Desktop\Gmail.website
2016-03-28 09:00 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-03-28 08:26 - 2012-09-19 01:55 - 00000000 ____D C:\ProgramData\WinClon
2016-03-28 08:23 - 2016-02-24 23:23 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-03-27 20:20 - 2016-02-27 10:14 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2620583142-3316455340-3143807552-1004
2016-03-27 17:23 - 2013-08-22 11:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-27 17:23 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-03-27 17:06 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-27 17:00 - 2013-08-22 09:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-03-27 13:45 - 2016-02-24 23:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-26 19:00 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache
2016-03-26 18:03 - 2016-02-23 17:49 - 00000000 ____D C:\Users\mcmor_000\Documents\Bluetooth Folder
2016-03-26 16:38 - 2016-02-27 10:04 - 00000000 ____D C:\Users\zdmcm_000\AppData\Local\Packages
2016-03-26 16:33 - 2016-02-24 09:12 - 00000000 ____D C:\ProgramData\Atheros
2016-03-24 16:15 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-23 18:19 - 2013-08-22 11:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-03-23 18:17 - 2016-02-24 15:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-03-23 10:00 - 2013-08-22 10:44 - 00472712 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-03-23 10:00 - 2012-07-26 04:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-03-23 09:51 - 2013-08-22 11:36 - 00000000 ___RD C:\WINDOWS\ToastData
2016-03-23 09:50 - 2014-11-21 04:25 - 00000000 ____D C:\Program Files\Windows Journal
2016-03-23 09:49 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Windows Defender
2016-03-23 09:49 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-03-23 09:48 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-03-23 06:15 - 2012-09-19 01:42 - 00002990 _____ C:\WINDOWS\System32\Tasks\Synaptics TouchPad Enhancements
2016-03-23 06:07 - 2012-09-19 01:38 - 00000000 ____D C:\ProgramData\AMD
2016-03-23 06:05 - 2016-02-29 10:49 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-23 06:00 - 2016-02-24 15:55 - 00000000 ___RD C:\Users\mcmor_000\OneDrive.old
2016-03-23 05:59 - 2016-02-24 14:05 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2016-03-23 05:51 - 2016-02-23 22:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security with Backup
2016-03-23 05:07 - 2013-08-22 11:36 - 00262144 _____ C:\WINDOWS\system32\config\BCD-Template
2016-03-23 01:54 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\Registration
2016-03-23 01:48 - 2013-08-22 11:36 - 00000000 __RSD C:\WINDOWS\Media
2016-03-23 01:48 - 2013-08-22 11:36 - 00000000 __RHD C:\Users\Public\Libraries
2016-03-23 01:37 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2016-03-23 01:35 - 2014-11-21 11:56 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2016-03-23 01:35 - 2014-11-21 04:00 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2016-03-23 01:35 - 2014-11-21 04:00 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2016-03-23 01:35 - 2014-11-21 04:00 - 00000000 ____D C:\WINDOWS\system32\WCN
2016-03-23 01:35 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2016-03-23 01:35 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2016-03-23 01:35 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2016-03-23 01:35 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-03-23 01:35 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\spool
2016-03-23 01:35 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\MUI
2016-03-23 01:35 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\IME
2016-03-23 01:35 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI
2016-03-23 01:35 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-03-23 01:35 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-03-23 01:35 - 2012-09-19 01:41 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2016-03-23 01:35 - 2012-07-26 04:12 - 00000000 ____D C:\WINDOWS\system32\catroot2.bak
2016-03-23 01:35 - 2012-07-26 01:37 - 00000000 ____D C:\Users\Default.migrated
2016-03-23 01:33 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\Resources
2016-03-23 01:33 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\IME
2016-03-23 01:33 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\Help
2016-03-23 01:33 - 2012-09-19 02:09 - 00000000 ____D C:\WINDOWS\fr
2016-03-23 01:32 - 2016-02-24 23:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-23 01:32 - 2016-02-24 15:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2016-03-23 01:32 - 2016-02-24 01:28 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Program
2016-03-23 01:32 - 2013-08-22 11:43 - 00000000 ____D C:\WINDOWS\DigitalLocker
2016-03-23 01:32 - 2013-08-22 11:36 - 00000000 __SHD C:\Program Files\Windows Sidebar
2016-03-23 01:32 - 2013-08-22 11:36 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2016-03-23 01:32 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppCompat
2016-03-23 01:32 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Common Files\System
2016-03-23 01:32 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-03-23 01:32 - 2012-09-19 02:10 - 00000000 ____D C:\WINDOWS\es
2016-03-23 01:32 - 2012-09-19 02:08 - 00000000 ____D C:\WINDOWS\en
2016-03-23 01:32 - 2012-09-19 02:06 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Power2Go 8
2016-03-23 01:32 - 2012-09-19 02:05 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 10
2016-03-23 01:32 - 2012-09-19 02:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PopCap Games
2016-03-23 01:32 - 2012-09-19 01:37 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2016-03-23 01:32 - 2012-09-19 00:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2016-03-23 01:32 - 2012-08-05 17:11 - 00000000 ____D C:\ProgramData\PRICache
2016-03-23 01:25 - 2016-02-24 18:43 - 00000000 ____D C:\Users\mcmor_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2016-03-22 23:44 - 2012-07-26 04:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2016-03-22 17:47 - 2012-09-19 01:47 - 00000000 ____D C:\Program Files\DIFX
2016-03-21 11:50 - 2016-02-23 22:36 - 00000000 ____D C:\WINDOWS\system32\Drivers\NSBUx64
2016-03-17 21:38 - 2016-03-01 14:10 - 00272179 _____ C:\Users\mcmor_000\Documents\Amazon Year-end Statement.xlsx
2016-03-10 18:34 - 2016-02-24 11:58 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-03-10 18:21 - 2016-02-24 11:57 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-03-03 19:28 - 2016-02-27 10:06 - 00000000 ____D C:\Users\zdmcm_000\AppData\Local\Google
 
==================== Files in the root of some directories =======
 
2016-02-24 02:01 - 2013-02-21 20:59 - 2063240 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe
2016-02-24 02:01 - 2013-01-13 03:51 - 0003004 _____ () C:\ProgramData\MakeMarkerFile.xml
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-03-23 01:10
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by mcmor_000 (2016-04-01 12:54:09)
Running from C:\Users\mcmor_000\Desktop
Windows 8.1 (X64) (2016-03-23 09:50:55)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2620583142-3316455340-3143807552-500 - Administrator - Disabled)
Guest (S-1-5-21-2620583142-3316455340-3143807552-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2620583142-3316455340-3143807552-1006 - Limited - Enabled)
mcmor_000 (S-1-5-21-2620583142-3316455340-3143807552-1001 - Administrator - Enabled) => C:\Users\mcmor_000
zdmcm_000 (S-1-5-21-2620583142-3316455340-3143807552-1004 - Limited - Enabled) => C:\Users\zdmcm_000
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Security with Backup (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security with Backup (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security with Backup (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Allshare Play Link (HKLM-x32\...\{91786428-D4AA-476D-8AF9-A63FFAC2901F}) (Version: 1.0.0 - Samsung)
AMD Catalyst Install Manager (HKLM\...\{C7415F39-BB71-99D4-7C7A-BFF06A6659A8}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD VISION Engine Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1912 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.4 - Samsung Electronics CO.,LTD.)
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
Flickr Uploadr for Windows (HKU\S-1-5-21-2620583142-3316455340-3143807552-1001\...\FlickrUploadrWindows) (Version: 1.0.1.292 - Flickr)
Galería de fotos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.110 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Help Desk (HKLM\...\{AEC9D273-E162-4614-83F1-722B8C74B185}) (Version: 1.0.96 - Samsung Electronics CO., LTD.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6741.2017 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2620583142-3316455340-3143807552-1001\...\OneDriveSetup.exe) (Version: 17.3.6302.0225 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Norton Security with Backup (HKLM-x32\...\NSBU) (Version: 22.6.0.142 - Symantec Corporation)
Nox APP Player (HKLM-x32\...\Nox) (Version: 3.1.0.0 - Duodian Technology Co. Ltd.)
Oasis2Service (HKLM-x32\...\Oasis2Service) (Version: 2.0.607.7 - DDNi)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6701.1011 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6701.1011 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6701.1011 - Microsoft Corporation) Hidden
Online Support(S Service) (HKLM-x32\...\{C8996970-A56E-4659-B01B-CCB7097C4E59}) (Version: 1.1 - Samsung Electronics Co., Ltd.)
Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version:  - PopCap Games)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.314 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Quick Starter (HKLM\...\{EC36E2BC-86F7-44C9-84B2-93930F0FBDBF}) (Version: 1.0.2 - Samsung Electronics CO., LTD.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6702 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.12.20 - Samsung Electronics CO., LTD.)
RocketLife (HKU\S-1-5-21-2620583142-3316455340-3143807552-1001\...\RocketLife) (Version: 1.0.0.20332 - Visan / RocketLife)
S Agent (Version: 1.1.51 - Samsung Electronics CO., LTD.) Hidden
Samsung Survey (HKLM-x32\...\{F1F6B58E-CF23-475C-AA96-EC658E9E50F3}) (Version: 2.0.1 - Samsung Electronics Co., Ltd.)
Support Center (HKLM\...\{711DE117-767F-48A8-9864-66C525B9539F}) (Version: 2.1.1223 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.17 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM-x32\...\{391A07F0-748F-474F-986C-F03934F98F6E}) (Version: 2.0.19 - Samsung Electronics CO., LTD.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.0.0.0 - Synaptics Incorporated)
User Guide (HKLM-x32\...\{66172F70-0BDE-4BAB-A973-E2E4EF501F6D}) (Version: 1.2.00 - Samsung Electronics CO., LTD.)
Windows Driver Package - BigNox Corporation (VBoxUSB) USB  (09/16/2015 4.3.12) (HKLM\...\76B144D15273552931249392EDB13C0BBD52C84E) (Version: 09/16/2015 4.3.12 - BigNox Corporation)
Windows Driver Package - BigNox Corporation VBoxUSBMon System  (09/16/2015 4.3.12) (HKLM\...\39F54A37125643D2E1E90FA7D81F36ACC9441510) (Version: 09/16/2015 4.3.12 - BigNox Corporation)
Windows Driver Package - BigNox Corporation XQHDrv System  (09/16/2015 4.3.12) (HKLM\...\0147813640F7AF69F569581EE672B6BE1E71798E) (Version: 09/16/2015 4.3.12 - BigNox Corporation)
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass  (07/27/2012 20.57.1.735) (HKLM\...\9F04C462DAB591BDCCE784F77E4D4F1736010B92) (Version: 07/27/2012 20.57.1.735 - Samsung Electronics Co. Ltd.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2620583142-3316455340-3143807552-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\mcmor_000\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-2620583142-3316455340-3143807552-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\mcmor_000\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {06858A7E-07C8-4AA8-8393-43BCEE2001B9} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2015-04-10] (SEC)
Task: {0DF5B094-ED25-41C0-A4BE-8BA27B4E580E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-24] (Google Inc.)
Task: {18A98B28-FEA9-4A5B-B63D-9542DC4EE68C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {37C6FF77-F984-4B86-BC62-51E0AF9EBF4B} - System32\Tasks\Norton Security with Backup\Norton Error Processor => C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation)
Task: {56A1B724-294E-40B9-9431-1327F7614BFB} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2620583142-3316455340-3143807552-1001 => C:\Users\mcmor_000\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-03-17] (Microsoft Corporation)
Task: {5E36DC48-88FC-4C19-9F6D-43C3ADCEBBD8} - System32\Tasks\Microsoft\Windows\SetupSQMTask => C:\WINDOWS\SYSTEM32\OOBE\SETUPSQM.EXE [2014-11-21] (Microsoft Corporation)
Task: {61CFA691-078A-4F9C-985A-DD2AE488E43B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-24] (Google Inc.)
Task: {6C68E0E7-499D-4B2E-A668-CD28C38FAEE2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-03-13] (Microsoft Corporation)
Task: {98F94EE8-B6E8-4CE2-8C1E-2925802EDE17} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-11-29] (Synaptics Incorporated)
Task: {B5C0F259-2DC8-449C-918D-90E0623B4043} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-03-14] (Microsoft Corporation)
Task: {BE918386-CEB0-4737-8243-FF2EB413E437} - System32\Tasks\Norton Security with Backup\Norton Error Analyzer => C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation)
Task: {C2BCC0FA-3750-4D76-866E-C797359E4DF9} - System32\Tasks\SWUpdateAgent => C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2012-09-14] (Samsung Electronics CO., LTD.)
Task: {C31B58FC-9009-4AC0-A439-E614A65B042A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-03-13] (Microsoft Corporation)
Task: {C5E053C3-639C-468A-A78A-95C2E4A2F93D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2016-03-10] (Microsoft Corporation)
Task: {D0C806FD-DDE9-4052-81C8-68977A395D5D} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2014-10-29] (Samsung Electronics CO., LTD.)
Task: {DBD904BB-667D-4A02-8433-2CB639B8702E} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\WSCStub.exe [2016-02-26] (Symantec Corporation)
Task: {EA179FF2-9895-40CD-A59C-3948E930AA33} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security with Backup\Upgrade.exe [2016-02-26] (Symantec Corporation)
Task: {F1AE9EAA-26EB-4B3C-972B-734AC7A4D2E4} - System32\Tasks\SUPatchForW10Up => C:\ProgramData\Samsung\SamsungUpdatePatch\SUPatchForW10Up.exe [2015-08-18] (Samsung Electronics CO., LTD.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-07-04 21:33 - 2014-07-04 21:33 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2016-03-15 10:07 - 2016-03-13 08:43 - 00173256 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2016-03-15 10:16 - 2016-03-13 11:45 - 08919232 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2014-01-07 05:29 - 2014-01-07 05:29 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-01-07 05:26 - 2014-01-07 05:26 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2014-01-07 05:32 - 2014-01-07 05:32 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2016-03-22 17:45 - 2016-03-22 17:45 - 00815104 _____ () C:\Users\mcmor_000\AppData\Roaming\Nox\bin\nox_adb.exe
2016-02-24 01:21 - 2014-03-07 20:47 - 00045672 ____N () C:\Program Files (x86)\DDNi\Oasis2Service\OasisCloudModel.dll
2016-02-24 01:21 - 2014-03-07 20:47 - 00017000 ____N () C:\Program Files (x86)\DDNi\Oasis2Service\OasisCloudClient.dll
2012-09-19 02:06 - 2012-06-07 23:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-07 22:34 - 2012-06-07 22:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2016-03-30 21:40 - 2016-03-27 03:58 - 01675928 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\libglesv2.dll
2016-03-30 21:40 - 2016-03-27 03:58 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\libegl.dll
2016-03-17 07:51 - 2016-03-17 07:51 - 00026824 _____ () C:\Users\mcmor_000\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuthLib.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2620583142-3316455340-3143807552-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\mcmor_000\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\samsung_wallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKU\S-1-5-21-2620583142-3316455340-3143807552-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-2620583142-3316455340-3143807552-1001\...\StartupApproved\Run: => "FlickrUploadr"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{21FF3BF7-B857-40A3-9500-E0CB4708BCAB}] => (Allow) C:\Program Files\Bignox\BigNoxVM\RTNoxVMHandle.exe
FirewallRules: [{CB14D432-343A-465B-ABC2-C76DE82202FD}] => (Allow) C:\Users\mcmor_000\AppData\Roaming\Nox\bin\Nox.exe
FirewallRules: [{5236E774-780D-4850-A57F-719FCA382075}] => (Allow) C:\Users\mcmor_000\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{E3595361-2C69-40C7-B4E6-6838D5AD2F51}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{4772DFCC-9AEF-4724-AA70-57EC768B7ABE}] => (Allow) LPort=1900
FirewallRules: [{D0CE5281-11F7-474C-9660-D7763EB4D760}] => (Allow) LPort=2869
FirewallRules: [{A6BC6D55-5D14-45E7-B031-E23B480F1717}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{AA26C557-A5E4-486B-92D7-FAD04B1129CC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{31CC4E6B-625A-4DF8-AEDE-350B919DF957}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{9C6E8B86-EE5E-43EB-89FD-B3C7A7DECD9E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
23-03-2016 06:04:19 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
01-04-2016 11:15:36 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/31/2016 08:14:50 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220
 
Error: (03/30/2016 09:17:58 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220
 
Error: (03/30/2016 09:47:09 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program CommonAgent.exe version 1.1.5.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 16ac
 
Start Time: 01d188ecb7235cb0
 
Termination Time: 14171
 
Application Path: C:\Program Files\Samsung\S Agent\CommonAgent.exe
 
Report Id: d1f29733-f67d-11e5-bec2-50b7c3af37dd
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (03/30/2016 09:42:22 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 2230
 
Start Time: 01d18a4f1adafe49
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: 38154f55-f67d-11e5-bec2-50b7c3af37dd
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (03/29/2016 10:15:11 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220
 
Error: (03/28/2016 10:25:36 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220
 
Error: (03/28/2016 08:25:25 AM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {5B6EE25C-012C-4E69-B6C2-8EDF0F674C5D}
 
Error: (03/28/2016 08:25:25 AM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {5B6EE25C-012C-4E69-B6C2-8EDF0F674C5D}
 
Error: (03/27/2016 05:49:07 PM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {70BE11BF-51BC-455F-A264-7F954E0EBA74}
 
Error: (03/27/2016 05:49:07 PM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {70BE11BF-51BC-455F-A264-7F954E0EBA74}
 
 
System errors:
=============
Error: (03/31/2016 12:42:23 AM) (Source: cdrom) (EventID: 15) (User: )
Description: The device, \Device\CdRom0, is not ready for access yet.
 
Error: (03/31/2016 12:42:23 AM) (Source: cdrom) (EventID: 15) (User: )
Description: The device, \Device\CdRom0, is not ready for access yet.
 
Error: (03/31/2016 12:42:23 AM) (Source: cdrom) (EventID: 15) (User: )
Description: The device, \Device\CdRom0, is not ready for access yet.
 
Error: (03/31/2016 12:42:23 AM) (Source: cdrom) (EventID: 15) (User: )
Description: The device, \Device\CdRom0, is not ready for access yet.
 
Error: (03/31/2016 12:42:23 AM) (Source: cdrom) (EventID: 15) (User: )
Description: The device, \Device\CdRom0, is not ready for access yet.
 
Error: (03/31/2016 12:42:23 AM) (Source: cdrom) (EventID: 15) (User: )
Description: The device, \Device\CdRom0, is not ready for access yet.
 
Error: (03/30/2016 11:25:36 PM) (Source: cdrom) (EventID: 15) (User: )
Description: The device, \Device\CdRom0, is not ready for access yet.
 
Error: (03/30/2016 03:02:34 PM) (Source: cdrom) (EventID: 15) (User: )
Description: The device, \Device\CdRom0, is not ready for access yet.
 
Error: (03/29/2016 10:14:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/29/2016 07:37:21 AM) (Source: cdrom) (EventID: 15) (User: )
Description: The device, \Device\CdRom0, is not ready for access yet.
 
 
==================== Memory info =========================== 
 
Processor: AMD E2-1800 APU with Radeon™ HD Graphics
Percentage of memory in use: 25%
Total physical RAM: 7771.78 MB
Available physical RAM: 5793.91 MB
Total Virtual: 9691.78 MB
Available Virtual: 6325.62 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:441.76 GB) (Free:382.59 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 16BDA460)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 


  • 0

Advertisements


#2
PatriotsBallBoy

PatriotsBallBoy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts

Forgot to include that the process "activatedesktop.exe" is something that appeared within the past week.   Or at least, I dont recall it being there previously.   


Edited by PatriotsBallBoy, 05 April 2016 - 05:27 PM.

  • 0






Similar Topics


Also tagged with one or more of these keywords: malware, 8.1, Unresponsive, frst

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP