Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

touch screen not workin, volume broke, pop ups... [Closed]


  • This topic is locked This topic is locked

#1
retro1324

retro1324

    Member

  • Member
  • PipPipPip
  • 113 posts

hey there! your help is greatly appreciated! i have come across another virus that has stopped my touch screen from working it has also messed w the volume on my comp as its rlly low and i get random pop ups with a time thingy to close them n they r video pop ups. im sure theres other issues but i just recently got internet back. thanks for the help ... my comp is windows 8.1 n 64 bit. heres logs. ... so i left for a bit and ten come home and all of a sudden my comps updating to windows 10! just by itself and thats turned off! so now i have windows 10! idk how that happened when for ages now i wouldnt let it update and i wasnt even home i left youtube on n playing ...

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:29-05-2016 02
Ran by catrina (administrator) on CATRINA (31-05-2016 17:23:29)
Running from C:\Users\catrina\Desktop
Loaded Profiles: catrina (Available Profiles: catrina & Administrator)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_6.3.9600.20278_x64__8wekyb3d8bbwe\numbers.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\wimserv.exe
(Netflix, Inc.) C:\Program Files\WindowsApps\4DF9E0F8.Netflix_2.18.0.19_x64__mcm4njqhnhss8\Netflix.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\FileManager\PhotosApp.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Farbar) C:\Users\catrina\Desktop\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7174728 2013-03-29] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-13] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-3730912956-2149780455-674675747-1001\...\MountPoints2: {9281e9e3-e2fe-11e5-bea2-a4db30264dde} - "F:\VZW_Software_upgrade_assistant.exe" 
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{C73D2BFA-83BE-430F-9F0D-96823E926035}: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
HKU\S-1-5-21-3730912956-2149780455-674675747-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE07&ocid=UE07DHP
HKU\S-1-5-21-3730912956-2149780455-674675747-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_instlmtrx_15_48&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDtByCyE0D0D0E0AyDtC0CtN0D0Tzu0StCyEtBtBtN1L2XzutAtFtCtBtFyBtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyCtBtB0FtCtD0CtDtGyD0FyD0BtGtC0CtD0BtGyB0C0AtDtG0C0CtD0EtAyE0DyB0F0AyE0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyC0F0A0EtDtB0EtG0BzyzyzytGyE0AtA0BtGzz0DyC0CtGtCtCyEtD0C0DyB0F0F0BtAtC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDzzzy%26cr%3D90773413%26a%3Dwbf_instlmtrx_15_48%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3730912956-2149780455-674675747-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_bimmed_15_38_ssg02&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDtByCyE0D0D0E0AyDtC0CtN0D0Tzu0StCtAyDyBtN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyD0AtByBtBtA0DyCtGtByD0FtDtGyEtA0BzytG0AzyyE0DtG0F0F0AtC0D0F0AtBtCyCyByE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0DtDtA0Fzy0CyBtGzy0FtBtBtGyE0FyByDtGzz0B0CtAtGzzyDyByD0Ezy0BtBzzyDtByD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDtBtC%26cr%3D1528194446%26a%3Dwncy_bimmed_15_38_ssg02%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3730912956-2149780455-674675747-1001 -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_bimmed_15_38_ssg02&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDtByCyE0D0D0E0AyDtC0CtN0D0Tzu0StCtAyDyBtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2Szy0E0ByBtBtA0AtDtG0A0AyCyEtGyEtDyEzytGzzyE0D0DtG0EtDtD0C0A0CyC0A0E0AtD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0DtDtA0Fzy0CyBtGzy0FtBtBtGyE0FyByDtGzz0B0CtAtGzzyDyByD0Ezy0BtBzzyDtByD2QtN0A0LzuyE%26cr%3D778995846%26a%3Dwny_bimmed_15_38_ssg02%26os%3DWindows 8.1&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3730912956-2149780455-674675747-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-09] (Hewlett-Packard)
Toolbar: HKU\S-1-5-21-3730912956-2149780455-674675747-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\catrina\AppData\Roaming\Mozilla\Firefox\Profiles\v2tnow4k.default
FF DefaultSearchEngine.US: Search Provided by Yahoo
FF Homepage: hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_instlmtrx_15_48&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDtByCyE0D0D0E0AyDtC0CtN0D0Tzu0StCyEtBtBtN1L2XzutAtFtCtBtFyBtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyCtBtB0FtCtD0CtDtGyD0FyD0BtGtC0CtD0BtGyB0C0AtDtG0C0CtD0EtAyE0DyB0F0AyE0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyC0F0A0EtDtB0EtG0BzyzyzytGyE0AtA0BtGzz0DyC0CtGtCtCyEtD0C0DyB0F0F0BtAtC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDzzzy%26cr%3D90773413%26a%3Dwbf_instlmtrx_15_48%26os%3DWindows%2B8.1
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-25] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-25] (Google Inc.)
FF SearchPlugin: C:\Users\catrina\AppData\Roaming\Mozilla\Firefox\Profiles\v2tnow4k.default\searchplugins\search-provided-by-yahoo.xml [2015-11-10]
 
Chrome: 
=======
CHR Session Restore: Profile 1 -> is enabled.
CHR Profile: C:\Users\catrina\AppData\Local\Google\Chrome\User Data\Default
CHR Profile: C:\Users\catrina\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\catrina\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-31]
CHR Extension: (Google Docs) - C:\Users\catrina\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-31]
CHR Extension: (Google Drive) - C:\Users\catrina\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-31]
CHR Extension: (YouTube) - C:\Users\catrina\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-31]
CHR Extension: (Off The Record History) - C:\Users\catrina\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\djbaolpiihkcmmfjnjdmomeeheldhhdp [2016-05-31]
CHR Extension: (Google Sheets) - C:\Users\catrina\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-31]
CHR Extension: (Google Docs Offline) - C:\Users\catrina\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-31]
CHR Extension: (Safe Kitten) - C:\Users\catrina\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jmdnbaoclifcikbajkdmageonhgghjko [2016-05-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\catrina\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-31]
CHR Extension: (Gmail) - C:\Users\catrina\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-31]
CHR HKU\S-1-5-21-3730912956-2149780455-674675747-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ajcmdlkeklfmbjffnlofgfkjcnpfckab] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 CLHNServiceForPowerDVD12; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [89864 2013-06-09] (CyberLink Corp.)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-06-09] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [294664 2013-06-09] (CyberLink)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-06-07] (Hewlett-Packard Company) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [239176 2013-02-19] (Realtek Semiconductor)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-08-12] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-08-12] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-15] (CyberLink)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R2 ntk_PowerDVD12; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [84168 2013-03-12] (Cyberlink Corp.)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [288840 2013-05-16] (Realtek Semiconductor Corp.)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-08-12] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-08-12] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-08-12] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-31 17:23 - 2016-05-31 17:23 - 00014624 _____ C:\Users\catrina\Desktop\FRST.txt
2016-05-31 17:17 - 2016-05-31 17:18 - 02383872 _____ (Farbar) C:\Users\catrina\Desktop\FRST64 (1).exe
2016-05-31 10:12 - 2012-10-24 12:44 - 00656048 _____ (WildTangent, Inc.) C:\ProgramData\uninstall730261.exe
2016-05-29 13:06 - 2016-05-29 16:25 - 952953376 _____ C:\Users\catrina\Downloads\The.Witch.2015.720p.BluRay.H264.AAC-RARBG.mp4
2016-05-29 12:55 - 2016-05-29 16:25 - 974707372 _____ C:\Users\catrina\Downloads\Dirty.Grandpa.2016.720p.BluRay.H264.AAC-RARBG.mp4
2016-05-29 12:04 - 2016-05-29 12:04 - 00000000 ____D C:\WINDOWS\LastGood
2016-05-26 18:03 - 2016-05-11 13:08 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-05-26 18:03 - 2016-05-11 13:08 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-25 19:58 - 2016-04-22 13:15 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-05-25 19:58 - 2016-04-22 13:14 - 02893312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-05-25 19:58 - 2016-04-22 13:06 - 20349952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-05-25 19:58 - 2016-04-22 12:35 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-05-25 19:58 - 2016-04-22 12:29 - 02285568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-05-25 19:58 - 2016-04-22 12:23 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-05-25 19:58 - 2016-04-22 12:14 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-05-25 19:58 - 2016-04-22 12:12 - 02131968 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-05-25 19:58 - 2016-04-22 11:58 - 04611072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-05-25 19:58 - 2016-04-22 11:54 - 13811200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-05-25 19:58 - 2016-04-22 11:53 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2016-05-25 19:58 - 2016-04-22 11:52 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-05-25 19:58 - 2016-04-22 11:51 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-05-25 19:58 - 2016-04-22 11:40 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-05-25 19:58 - 2016-04-22 11:24 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-05-25 19:58 - 2016-03-30 23:50 - 01307328 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-05-25 19:58 - 2016-03-30 20:40 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-05-25 19:58 - 2016-02-08 13:29 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-05-25 19:58 - 2016-01-10 10:50 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll
2016-05-25 19:58 - 2016-01-10 10:16 - 00898048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2016-05-25 19:58 - 2016-01-10 10:14 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll
2016-05-25 19:58 - 2016-01-10 10:12 - 00532480 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
2016-05-25 19:58 - 2016-01-10 09:51 - 00702976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2016-05-25 19:58 - 2016-01-10 09:49 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EncDec.dll
2016-05-25 19:58 - 2015-12-30 14:53 - 02017624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-05-25 19:57 - 2016-04-22 13:54 - 25816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-05-25 19:57 - 2016-04-22 13:08 - 06052864 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-05-25 19:57 - 2016-04-22 13:00 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-05-25 19:57 - 2016-04-22 12:24 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-05-25 19:57 - 2016-04-22 12:19 - 15414784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-05-25 19:57 - 2016-04-22 12:17 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2016-05-25 19:57 - 2016-04-22 12:14 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-05-25 19:57 - 2016-04-22 12:14 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-05-25 19:57 - 2016-04-22 11:58 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-05-25 19:57 - 2016-04-22 11:52 - 02596864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-05-25 19:57 - 2016-04-22 11:52 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-05-25 19:57 - 2016-04-22 11:29 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-05-25 19:57 - 2016-04-22 11:27 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-05-25 19:57 - 2016-04-22 11:23 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-05-25 19:57 - 2016-04-06 14:13 - 00561960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-05-25 19:57 - 2016-04-06 14:13 - 00137976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2016-05-25 19:57 - 2016-04-06 11:20 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-05-25 19:57 - 2016-04-06 11:19 - 00401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-05-25 19:57 - 2016-04-06 11:19 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-05-25 19:57 - 2016-04-06 10:49 - 00120384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
2016-05-25 19:57 - 2016-04-06 10:40 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-05-25 19:57 - 2016-04-06 09:57 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-05-25 19:57 - 2016-04-06 09:52 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-05-25 19:57 - 2016-04-06 09:20 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-05-25 19:57 - 2016-04-06 08:48 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-05-25 19:57 - 2016-03-30 16:56 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-05-25 19:57 - 2016-03-30 16:56 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-05-25 19:57 - 2016-03-30 16:55 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-05-25 19:57 - 2016-03-30 16:30 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-05-25 19:57 - 2016-03-30 16:30 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-05-25 19:57 - 2016-02-08 11:14 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-05-25 19:57 - 2016-02-02 11:16 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2016-05-25 19:57 - 2016-01-06 11:25 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2016-05-25 19:56 - 2016-03-11 07:48 - 00833024 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-05-25 19:56 - 2016-03-10 10:03 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-05-25 19:56 - 2016-03-10 09:48 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-05-25 19:56 - 2016-01-24 11:19 - 00419160 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2016-05-25 19:56 - 2016-01-24 11:19 - 00331608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2016-05-25 19:56 - 2016-01-24 04:57 - 01335296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2016-05-25 19:56 - 2016-01-24 04:45 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2016-05-25 19:56 - 2016-01-21 12:35 - 00952928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-05-25 19:56 - 2016-01-21 11:42 - 00786152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-05-25 19:56 - 2016-01-08 18:38 - 00091992 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2016-05-25 19:53 - 2016-04-09 14:58 - 00534016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-05-25 19:53 - 2016-04-09 14:50 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-05-25 19:53 - 2016-04-03 23:35 - 00046768 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-05-25 19:53 - 2016-04-02 06:26 - 01386496 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-05-25 19:53 - 2016-04-02 06:26 - 01169408 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-05-25 19:53 - 2016-03-28 06:21 - 00698368 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-05-25 19:53 - 2016-03-28 06:21 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-05-25 19:53 - 2016-03-28 06:21 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-05-25 19:53 - 2016-03-28 06:21 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-05-25 19:53 - 2016-03-28 06:21 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-05-25 19:53 - 2016-03-02 18:39 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-05-25 19:53 - 2016-03-02 18:39 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-05-25 19:53 - 2016-02-05 07:46 - 01455104 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2016-05-25 19:52 - 2016-02-05 07:59 - 07784960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-05-25 19:52 - 2016-02-05 07:55 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-05-25 19:52 - 2016-02-05 07:48 - 07075840 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
2016-05-25 19:52 - 2016-02-05 07:47 - 05268480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll
2016-05-25 19:52 - 2016-01-27 08:18 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2016-05-25 19:50 - 2016-04-09 21:21 - 01763376 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-05-25 19:50 - 2016-04-09 21:21 - 01489088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-05-25 19:50 - 2016-03-03 09:47 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-05-25 19:50 - 2016-03-03 09:33 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-05-25 19:50 - 2016-02-03 08:14 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys
2016-05-25 19:50 - 2016-02-02 10:51 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmAuto.dll
2016-05-25 19:50 - 2016-02-02 10:19 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmAuto.dll
2016-05-25 19:50 - 2016-02-02 10:01 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmAgent.dll
2016-05-25 19:50 - 2016-02-02 09:51 - 02609152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-05-25 19:50 - 2016-02-02 09:48 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2016-05-25 19:50 - 2016-02-02 09:46 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmAgent.dll
2016-05-25 19:50 - 2016-02-02 09:41 - 02170880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2016-05-25 19:50 - 2016-02-02 09:39 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll
2016-05-25 19:50 - 2016-01-08 18:49 - 00218448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2016-05-25 19:50 - 2016-01-08 18:49 - 00192120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2016-05-25 19:48 - 2016-02-11 07:21 - 00869576 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2016-05-25 19:48 - 2016-02-11 07:21 - 00678600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2016-05-25 19:48 - 2016-02-11 07:20 - 00875720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2016-05-25 19:48 - 2016-02-11 07:20 - 00536776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
2016-05-25 19:47 - 2016-02-08 18:31 - 22365472 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-05-25 19:47 - 2016-02-08 18:31 - 19794896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-05-25 19:47 - 2016-02-08 18:31 - 02757616 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-05-25 19:47 - 2016-02-08 18:31 - 02412576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-05-25 19:47 - 2016-02-08 18:31 - 00273264 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-05-25 19:47 - 2016-02-08 13:55 - 02712576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-05-25 19:47 - 2016-02-08 13:15 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2016-05-25 19:47 - 2016-02-08 13:02 - 01197056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-05-25 19:47 - 2016-02-08 12:48 - 12879360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-05-25 19:47 - 2016-02-08 12:43 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-05-25 19:47 - 2016-02-08 12:40 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2016-05-25 19:47 - 2016-02-08 12:39 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-05-25 19:47 - 2016-02-08 12:37 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingMonitor.dll
2016-05-25 19:47 - 2016-02-08 12:35 - 00954880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-05-25 19:47 - 2016-02-08 12:34 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-05-25 19:47 - 2016-02-08 12:33 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-05-25 19:47 - 2016-02-08 11:50 - 03120640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-05-25 19:47 - 2016-02-08 10:55 - 02592256 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2016-05-25 19:47 - 2016-02-08 10:33 - 01278464 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-05-25 19:47 - 2016-02-08 10:15 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-05-25 19:47 - 2016-02-08 10:12 - 14466560 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-05-25 19:47 - 2016-02-08 10:02 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-05-25 19:47 - 2016-02-08 10:00 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2016-05-25 19:47 - 2016-02-08 09:58 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-05-25 19:47 - 2016-02-08 09:55 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingMonitor.dll
2016-05-25 19:47 - 2016-02-08 09:53 - 02171904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2016-05-25 19:47 - 2016-02-08 09:53 - 01348096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-05-25 19:47 - 2016-02-08 09:50 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-05-25 19:47 - 2016-02-08 09:50 - 00841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-05-25 19:47 - 2016-02-08 09:48 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-05-25 19:47 - 2016-02-08 09:47 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2016-05-25 19:47 - 2016-02-08 09:44 - 00955392 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-05-25 19:47 - 2016-02-03 08:11 - 01673728 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2016-05-25 19:47 - 2016-02-02 10:15 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2016-05-25 19:47 - 2016-01-06 16:46 - 00148752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2016-05-25 19:47 - 2016-01-06 16:45 - 00177712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-05-25 19:47 - 2016-01-06 09:47 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-05-25 19:46 - 2016-03-28 18:42 - 07446368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-05-25 19:46 - 2016-03-10 12:17 - 01133752 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-05-25 19:46 - 2016-03-10 10:48 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-05-25 19:46 - 2016-03-10 10:43 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-05-25 19:46 - 2016-03-10 09:55 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-05-25 19:46 - 2016-03-10 09:42 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-05-25 19:46 - 2016-02-06 09:58 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-05-25 19:46 - 2016-02-06 09:32 - 00801792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-05-25 19:46 - 2016-02-03 08:09 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-05-25 19:46 - 2016-02-03 08:00 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-05-25 19:46 - 2016-02-03 08:00 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-05-25 19:46 - 2016-01-20 15:40 - 00099672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\disk.sys
2016-05-25 19:45 - 2016-02-12 12:14 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-05-25 19:45 - 2016-02-12 08:14 - 03708416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-05-25 19:45 - 2016-02-12 07:55 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2016-05-25 19:45 - 2016-02-12 07:54 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2016-05-25 19:45 - 2016-02-12 07:54 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2016-05-25 19:45 - 2016-02-12 07:54 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2016-05-25 19:45 - 2016-02-12 07:51 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2016-05-25 19:45 - 2016-02-12 07:51 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2016-05-25 19:45 - 2016-02-12 07:51 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2016-05-25 19:45 - 2016-02-12 07:48 - 02244096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2016-05-25 19:45 - 2016-02-12 07:47 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-05-25 19:45 - 2016-02-12 07:46 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-05-25 19:45 - 2016-01-26 12:15 - 00072024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpci.sys
2016-05-25 19:44 - 2016-03-10 10:03 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsparse.dll
2016-05-25 19:44 - 2016-03-10 09:48 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsparse.dll
2016-05-25 19:44 - 2016-03-05 10:44 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2016-05-25 19:44 - 2016-03-05 10:04 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2016-05-25 19:44 - 2016-02-11 13:17 - 01737088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-05-25 19:44 - 2016-02-11 13:17 - 01663184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-05-25 19:44 - 2016-02-11 13:17 - 01523208 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-05-25 19:44 - 2016-02-11 13:17 - 01490120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-05-25 19:44 - 2016-02-11 13:17 - 01358952 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-05-25 19:44 - 2016-02-11 13:16 - 01501488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-05-25 19:44 - 2016-02-09 11:07 - 00246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-05-25 19:44 - 2016-02-06 11:08 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2016-05-25 19:44 - 2016-02-05 12:07 - 00378712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-05-25 19:44 - 2016-02-04 11:07 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpsapi.dll
2016-05-25 19:44 - 2016-02-04 10:35 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpsapi.dll
2016-05-25 19:44 - 2016-02-02 10:18 - 01574912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
2016-05-25 19:44 - 2016-01-31 10:17 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsAnytimeUpgradeui.exe
2016-05-25 19:44 - 2016-01-21 22:22 - 02487296 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2016-05-25 19:44 - 2016-01-21 22:11 - 01482240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2016-05-25 19:44 - 2016-01-19 12:13 - 02175008 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-05-25 19:44 - 2016-01-19 11:23 - 01564496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-05-25 19:44 - 2016-01-10 09:41 - 01707008 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2016-05-25 19:44 - 2016-01-10 09:31 - 01344512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2016-05-25 19:44 - 2015-12-30 13:49 - 00470360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2016-05-25 19:44 - 2015-11-19 07:33 - 00994760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2016-05-25 19:44 - 2015-11-19 07:26 - 00922432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2016-05-25 19:43 - 2016-04-10 23:21 - 00074584 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2016-05-25 19:43 - 2016-04-10 00:48 - 00738096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-05-25 19:43 - 2016-04-10 00:48 - 00613624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-05-25 19:43 - 2016-04-09 22:37 - 01549144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-05-25 19:43 - 2016-04-09 21:14 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-05-25 19:43 - 2016-04-09 16:29 - 04169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-05-25 19:43 - 2016-04-09 15:07 - 01097728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-05-25 19:43 - 2016-03-15 18:58 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-05-25 19:43 - 2016-03-15 18:58 - 00332632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-05-25 19:43 - 2016-03-14 09:50 - 00316760 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2016-05-25 19:43 - 2016-03-11 17:49 - 02466136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-05-25 19:43 - 2016-03-11 17:47 - 00160160 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPHLPAPI.DLL
2016-05-25 19:43 - 2016-03-11 17:47 - 00121912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IPHLPAPI.DLL
2016-05-25 19:43 - 2016-03-10 09:55 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2016-05-25 19:43 - 2016-03-10 09:52 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2016-05-25 19:43 - 2016-03-10 09:42 - 00413696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2016-05-25 19:43 - 2016-03-03 09:13 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-05-25 19:43 - 2016-02-27 11:28 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-05-25 19:43 - 2016-02-27 10:57 - 03273728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2016-05-25 19:43 - 2016-02-27 10:19 - 03820544 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2016-05-25 19:43 - 2016-02-27 09:32 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-05-25 19:43 - 2016-02-06 16:05 - 00551256 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2016-05-25 19:43 - 2016-02-05 12:07 - 00292696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMASF.DLL
2016-05-25 19:43 - 2016-02-05 12:07 - 00243032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMASF.DLL
2016-05-25 19:43 - 2016-02-05 08:11 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-05-25 19:43 - 2016-02-05 08:11 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-05-25 19:43 - 2016-02-05 08:07 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-05-25 19:43 - 2016-02-05 08:03 - 15432704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-05-25 19:43 - 2016-02-05 08:02 - 01083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-05-25 19:43 - 2016-02-05 08:00 - 13318144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-05-25 19:43 - 2016-02-04 11:18 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-05-25 19:43 - 2016-02-04 11:12 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-05-25 19:43 - 2016-02-04 10:44 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-05-25 19:43 - 2016-02-04 10:39 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-05-25 19:43 - 2016-02-04 10:24 - 00603648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-05-25 19:43 - 2016-02-04 10:02 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-05-25 19:43 - 2016-02-04 09:23 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2016-05-25 19:43 - 2016-02-04 09:22 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2016-05-25 19:43 - 2016-01-31 12:16 - 00148832 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2016-05-25 19:43 - 2016-01-19 12:13 - 01063464 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-05-25 19:43 - 2016-01-19 11:23 - 00548024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-05-25 19:43 - 2016-01-19 09:37 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2016-05-25 19:43 - 2016-01-06 11:25 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-05-25 19:43 - 2016-01-05 08:00 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-05-25 19:43 - 2015-12-28 14:42 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSync.dll
2016-05-25 19:43 - 2015-12-28 13:31 - 00578048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSync.dll
2016-05-25 19:43 - 2015-12-20 07:57 - 00839168 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2016-05-25 19:43 - 2015-12-20 07:56 - 00616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2016-05-25 19:43 - 2015-12-20 07:43 - 00696320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-31 17:23 - 2015-05-13 20:10 - 00000000 ____D C:\FRST
2016-05-31 16:37 - 2015-08-05 21:43 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-31 16:37 - 2015-01-06 08:35 - 00000000 ____D C:\Users\catrina\Desktop\Uninstall
2016-05-31 16:36 - 2015-08-08 09:19 - 00000000 ____D C:\Users\catrina\AppData\Local\ElevatedDiagnostics
2016-05-31 14:57 - 2015-08-05 21:27 - 00003930 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0A788BEA-587A-4B00-B93B-AEFFBE826DB5}
2016-05-31 10:45 - 2015-08-05 21:35 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3730912956-2149780455-674675747-1001
2016-05-31 10:13 - 2013-07-30 12:51 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2016-05-31 10:12 - 2013-07-30 12:51 - 00000000 ____D C:\ProgramData\WildTangent
2016-05-31 06:43 - 2013-08-22 08:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-05-31 06:43 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-05-30 19:37 - 2015-08-05 21:43 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-30 07:12 - 2014-10-12 16:12 - 00045568 ___SH C:\Users\catrina\Downloads\Thumbs.db
2016-05-29 17:02 - 2015-08-12 05:05 - 00000000 ___DC C:\WINDOWS\Panther
2016-05-29 16:52 - 2016-02-13 07:21 - 00000000 ___HD C:\$WINDOWS.~BT
2016-05-29 13:29 - 2014-07-25 22:32 - 00000000 ____D C:\Users\catrina\Documents\Youcam
2016-05-29 12:04 - 2013-08-22 06:36 - 00000000 ____D C:\WINDOWS\Inf
2016-05-28 10:41 - 2015-08-16 10:42 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-05-28 10:41 - 2012-07-26 00:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-28 07:07 - 2015-08-12 09:37 - 00000000 ____D C:\Users\catrina\OneDrive
2016-05-28 07:04 - 2015-08-05 21:26 - 00000000 ____D C:\Users\catrina\AppData\Local\Packages
2016-05-27 14:51 - 2015-08-12 04:28 - 00000000 ____D C:\Users\catrina
2016-05-27 14:37 - 2014-11-21 01:44 - 00956476 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-05-27 14:31 - 2013-08-22 07:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-05-26 18:50 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\rescache
2016-05-26 18:08 - 2013-08-22 07:44 - 00346744 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-05-26 17:58 - 2015-08-12 04:30 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2016-05-26 17:58 - 2015-08-12 04:30 - 00000000 ___SD C:\WINDOWS\system32\GWX
2016-05-26 17:58 - 2014-11-21 01:25 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-26 17:58 - 2013-08-22 08:36 - 00000000 ___RD C:\WINDOWS\ToastData
2016-05-25 23:40 - 2015-08-07 00:26 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-25 23:32 - 2015-08-07 00:26 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-05-25 19:45 - 2015-08-05 21:44 - 00002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-25 19:32 - 2015-08-05 21:43 - 00003894 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-25 19:32 - 2015-08-05 21:43 - 00003658 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
 
==================== Files in the root of some directories =======
 
2015-09-19 13:33 - 2015-10-17 00:33 - 0000178 _____ () C:\Users\catrina\AppData\Roaming\WB.CFG
2016-05-31 10:12 - 2012-10-24 12:44 - 0656048 _____ (WildTangent, Inc.) C:\ProgramData\uninstall730261.exe
 
Files to move or delete:
====================
C:\ProgramData\uninstall730261.exe
 
 
Some files in TEMP:
====================
C:\Users\catrina\AppData\Local\Temp\apptemp.1.exe
C:\Users\catrina\AppData\Local\Temp\ICReinstall_zipinstall.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-05-28 03:04
 
==================== End of FRST.txt ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:29-05-2016 02
Ran by catrina (2016-05-31 17:24:52)
Running from C:\Users\catrina\Desktop
Windows 8.1 (Update) (X64) (2015-08-12 16:28:31)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3730912956-2149780455-674675747-500 - Administrator - Disabled) => C:\Users\Administrator
catrina (S-1-5-21-3730912956-2149780455-674675747-1001 - Administrator - Enabled) => C:\Users\catrina
Guest (S-1-5-21-3730912956-2149780455-674675747-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3730912956-2149780455-674675747-1007 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AMD Catalyst Install Manager (HKLM\...\{3296F1CA-C7E8-2A05-A835-62B4682E992C}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4.6522 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.4.3003 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.2.4016 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.4.2921 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.4.3007 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.1.3007 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.6.6119 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6668.4491 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{C88F84E5-AE23-44BD-922C-2ABEACACAF7A}) (Version: 7.2.23.56 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 43.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.29064 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.15.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6875 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.6208 - CyberLink Corp.) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {02C87315-CFE6-45AB-A624-1D94368A07BF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-06-07] (Hewlett-Packard Company)
Task: {0AE20955-7BE7-4662-83EE-C9D06CEF88BB} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
Task: {244B36C9-4D0A-41EB-85BF-C03B03D82061} - System32\Tasks\ProfessionalPCCleaner_Start => C:\Program Files (x86)\Professional PC Cleaner\ProfessionalPCCleaner.exe
Task: {2AD61C83-F1F8-433C-BEAA-7E41A7750AFC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-06-07] (Hewlett-Packard Company)
Task: {2B7182F3-CED5-449B-8ACA-0C0F50795D00} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-11-29] (Hewlett-Packard Company)
Task: {2CC9D81B-E031-4092-85BC-76068E74DA7E} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-12] (CyberLink)
Task: {46A0200B-D841-4798-817E-70970210EFC1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-05] (Google Inc.)
Task: {66E39BB9-C0C4-451B-AAFB-1E70E4EBCE2C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-06-06] (Hewlett-Packard)
Task: {7BF7ACC8-CFC0-4419-AB5F-E7A100766DFE} - System32\Tasks\{21FD9DBB-6D6E-462F-B274-4752297044DF} => pcalua.exe -a C:\Users\catrina\AppData\Local\GamesFlight\uflight.exe
Task: {9C1583E2-3F57-463A-AFB1-258CFB53063F} - System32\Tasks\ProfessionalPCCleaner_Popup => C:\Program Files (x86)\Professional PC Cleaner\Splash.exe
Task: {AD144F19-563C-42F6-BF9C-0F5D1C88352F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-05] (Google Inc.)
Task: {CB62FA84-B064-41A5-8B8E-26E3164F7DB1} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2015-07-27] (Symantec Corporation)
Task: {D73FA0AB-058F-43E7-BE5D-B520C3A124DF} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-05-29 03:55 - 2016-05-29 03:55 - 04558848 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.UI.Xaml\41536cbe62e2cc3fdcca60c0512068c0\Windows.UI.Xaml.ni.dll
2016-05-29 03:55 - 2016-05-29 03:55 - 01631232 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.App640a3541#\43ca73404d89572ce84a9c26be832fd9\Windows.ApplicationModel.ni.dll
2016-05-29 03:56 - 2016-05-29 03:56 - 00297984 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\ebe03b3c11abfbff08a535839cbae703\Windows.Foundation.ni.dll
2016-05-29 03:56 - 2016-05-29 03:56 - 00168448 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.System\a49870dfece531297faecc62698fa8c8\Windows.System.ni.dll
2016-05-29 03:56 - 2016-05-29 03:56 - 01294336 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.UI\6a39fdf1f078ad7a0e53ae4ed562037d\Windows.UI.ni.dll
2016-05-29 03:56 - 2016-05-29 03:56 - 00418304 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Graphics\6a5d87951a3db39340b481000e7865a1\Windows.Graphics.ni.dll
2016-05-29 03:56 - 2016-05-29 03:56 - 00531968 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Security\46b907439c57284af80b18d58d42f125\Windows.Security.ni.dll
2016-05-29 03:56 - 2016-05-29 03:56 - 01173504 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Storage\72368aac10cce1da53c29b7925e8246e\Windows.Storage.ni.dll
2016-05-29 03:56 - 2016-05-29 03:56 - 00308736 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Gloaae92e31#\1e81ce0458374888435e9af4514894f0\Windows.Globalization.ni.dll
2016-05-29 03:56 - 2016-05-29 03:56 - 01753088 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Devices\8a5e4b33cea90fb7fe378692fa158ded\Windows.Devices.ni.dll
2016-05-29 03:57 - 2016-05-29 03:57 - 00048640 _____ () C:\Users\catrina\AppData\Local\Packages\4df9e0f8.netflix_mcm4njqhnhss8\AC\Microsoft\CLR_v4.0\NativeImages\Netflix.Winebddf6ee#\571a9ccfb01a911fec6c4289fe0ccba1\Netflix.Windows.BridgeComponent.ni.dll
2016-05-29 03:57 - 2016-05-29 03:57 - 00015360 _____ () C:\Users\catrina\AppData\Local\Packages\4df9e0f8.netflix_mcm4njqhnhss8\AC\Microsoft\CLR_v4.0\NativeImages\Netflix.Win8062e102#\058e6b0a79975f3408999ba14780aa6b\Netflix.Windows.Media.Audio.ni.dll
2016-05-29 03:56 - 2016-05-29 03:56 - 00467456 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Data\a2520fd79800cd166f4ca2577c68d01d\Windows.Data.ni.dll
2016-05-25 19:44 - 2016-05-11 04:48 - 01738904 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libglesv2.dll
2016-05-25 19:44 - 2016-05-11 04:48 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libegl.dll
2016-05-25 19:44 - 2016-05-11 04:48 - 17565848 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 06:25 - 2015-11-23 14:37 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3730912956-2149780455-674675747-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\catrina\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{DBAFCF13-1F92-4347-B7C1-40EFAC3409E5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{15A3DC85-F7E1-41F4-948E-9769D8E52DA9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F23F44BA-A7B7-4CA4-9D49-BB53AAE3B007}] => (Allow) LPort=1900
FirewallRules: [{825E0E02-790A-4CFE-A8D8-74C346F0FF4E}] => (Allow) LPort=2869
FirewallRules: [{F45F65AA-21D1-40FF-A256-C50031E74513}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{DBFC5238-CC4A-4065-B196-5B814395E060}] => (Allow) C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{BE16D70F-C564-45FA-A49B-3D4916DF17EA}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{C36CAA4C-91B6-4A3F-8A55-FA1D308F9737}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{39F136F0-0ACD-4801-9D3C-694E0006EA2B}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{6FC0C456-3E0D-444C-8702-556F4970D0B5}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{04F52E89-71F2-4330-9060-C241AF2E51BB}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{03AE4C69-537D-472F-8171-3D26B1CAB088}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{25E39814-7148-476D-99B3-A6D963E38773}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{88194878-C3C3-4461-BF34-EF94DC92BD68}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{ECC184E6-F71D-497C-BE25-07417C9A0762}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{ECEE4841-C59A-4FF3-B4AA-73E7D8A354FC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{78CC9B3D-9B4B-4A79-83A6-1680329E482F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F8ED7D7E-EAE5-4C16-8D60-27D46CF43AC4}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{CDCBA2BA-0FCB-4208-B629-A11CD88C8B49}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{6DB54BCB-0DCD-410A-BDCF-135296DE57C2}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{D34D0CEA-479B-4621-97FB-A5E9415C9B10}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{C96DFA8A-1439-4840-B623-490289667808}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{D03DFC3E-5C67-46A0-9297-117E7E93D46F}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{64098242-916E-4E0B-8009-843A28E5396C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B634DEEA-7C40-4895-8403-A6AE9FA0D714}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EB96F976-2D28-4DBA-8708-76E64442ADCE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{D8B86D41-FA2D-48A0-8682-A7EA60EEC838}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
 
==================== Restore Points =========================
 
07-04-2016 14:18:11 Scheduled Checkpoint
25-05-2016 23:25:51 Windows Update
30-05-2016 11:52:26 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/29/2016 07:02:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Netflix.exe version 2.18.0.19 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1244
 
Start Time: 01d1ba081b72b91d
 
Termination Time: 31
 
Application Path: C:\Program Files\WindowsApps\4DF9E0F8.Netflix_2.18.0.19_x64__mcm4njqhnhss8\Netflix.exe
 
Report Id: 8afff310-260a-11e6-beaa-54bef73417d0
 
Faulting package full name: 4DF9E0F8.Netflix_2.18.0.19_x64__mcm4njqhnhss8
 
Faulting package-relative application ID: App
 
Error: (05/29/2016 02:31:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Netflix.exe version 2.18.0.19 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 144c
 
Start Time: 01d1b9c462244a69
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\4DF9E0F8.Netflix_2.18.0.19_x64__mcm4njqhnhss8\Netflix.exe
 
Report Id: acbac21e-25e4-11e6-beaa-54bef73417d0
 
Faulting package full name: 4DF9E0F8.Netflix_2.18.0.19_x64__mcm4njqhnhss8
 
Faulting package-relative application ID: App
 
Error: (05/29/2016 02:31:16 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: CATRINA)
Description: Package 4DF9E0F8.Netflix_2.18.0.19_x64__mcm4njqhnhss8+App was terminated because it took too long to suspend.
 
Error: (05/29/2016 09:03:10 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Netflix.exe version 2.18.0.19 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 13cc
 
Start Time: 01d1b8e9e33feccd
 
Termination Time: 31
 
Application Path: C:\Program Files\WindowsApps\4DF9E0F8.Netflix_2.18.0.19_x64__mcm4njqhnhss8\Netflix.exe
 
Report Id: d59429c3-25b6-11e6-beaa-54bef73417d0
 
Faulting package full name: 4DF9E0F8.Netflix_2.18.0.19_x64__mcm4njqhnhss8
 
Faulting package-relative application ID: App
 
Error: (05/26/2016 06:00:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RAVBg64.exe, version: 1.0.0.136, time stamp: 0x5139a0f9
Faulting module name: RAVBg64.exe, version: 1.0.0.136, time stamp: 0x5139a0f9
Exception code: 0xc0000005
Fault offset: 0x0000000000024368
Faulting process id: 0x410
Faulting application start time: 0xRAVBg64.exe0
Faulting application path: RAVBg64.exe1
Faulting module path: RAVBg64.exe2
Report Id: RAVBg64.exe3
Faulting package full name: RAVBg64.exe4
Faulting package-relative application ID: RAVBg64.exe5
 
Error: (05/26/2016 06:00:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.
 
Details:
System Writer object failed to subscribe to VSS.
 
System Error:
0x80042302 (unresolvable).
 
Error: (05/26/2016 06:00:35 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070057, The parameter is incorrect.
.
 
 
Operation:
   Subscribing Writer
 
Context:
   Writer Class Id: {2a40fd15-dfca-4aa8-a654-1f8c654603f6}
   Writer Name: IIS Config Writer
   Writer Instance ID: {59f190cb-75ca-4086-a175-afcaeec5bdee}
 
Error: (05/26/2016 06:00:35 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070057, The parameter is incorrect.
.
 
 
Operation:
   Subscribing Writer
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {5f333a50-83eb-49b2-8a70-dfdd577984e8}
 
Error: (05/26/2016 06:00:35 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x80070057, The parameter is incorrect.
]
 
 
Operation:
   Subscribing Writer
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {5f333a50-83eb-49b2-8a70-dfdd577984e8}
 
Error: (05/26/2016 06:00:35 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x80070057, The parameter is incorrect.
]
 
 
Operation:
   Subscribing Writer
 
Context:
   Writer Class Id: {2a40fd15-dfca-4aa8-a654-1f8c654603f6}
   Writer Name: IIS Config Writer
   Writer Instance ID: {59f190cb-75ca-4086-a175-afcaeec5bdee}
 
 
System errors:
=============
Error: (05/27/2016 02:31:26 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:48:22 PM on ‎5/‎26/‎2016 was unexpected.
 
Error: (05/26/2016 06:02:47 PM) (Source: Microsoft-Windows-Eventlog) (EventID: 30) (User: NT AUTHORITY)
Description: The event logging service encountered an error (5) while enabling publisher {0BF2FB94-7B60-4B4D-9766-E82F658DF540} to channel Microsoft-Windows-Kernel-ShimEngine/Operational. This does not affect channel operation, but does affect the ability of the publisher to raise events to the channel. One common reason for this error is that the Provider is using ETW Provider Security and has not granted enable permissions to the Event Log service identity.
 
Error: (05/26/2016 06:02:37 PM) (Source: Microsoft-Windows-Eventlog) (EventID: 30) (User: NT AUTHORITY)
Description: The event logging service encountered an error (5) while enabling publisher {0BF2FB94-7B60-4B4D-9766-E82F658DF540} to channel Microsoft-Windows-Kernel-ShimEngine/Operational. This does not affect channel operation, but does affect the ability of the publisher to raise events to the channel. One common reason for this error is that the Provider is using ETW Provider Security and has not granted enable permissions to the Event Log service identity.
 
Error: (05/26/2016 06:00:30 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WLAN AutoConfig service terminated with the following error: 
%%87
 
Error: (05/26/2016 06:00:30 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4002) (User: NT AUTHORITY)
Description: WLAN AutoConfig service has failed to start.
 
Error Code: 87
 
Error: (05/26/2016 06:00:29 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Audio Endpoint Builder service terminated with the following error: 
%%2147746132
 
Error: (05/26/2016 06:00:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Audio service depends on the Windows Audio Endpoint Builder service which failed to start because of the following error: 
%%0
 
Error: (05/26/2016 06:00:29 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:55:03 AM on ‎5/‎26/‎2016 was unexpected.
 
Error: (05/25/2016 07:16:55 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:53:30 PM on ‎5/‎25/‎2016 was unexpected.
 
Error: (05/23/2016 05:33:30 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:58:54 PM on ‎5/‎9/‎2016 was unexpected.
 
 
CodeIntegrity:
===================================
  Date: 2016-05-31 17:19:45.843
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-31 17:19:45.077
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-31 17:06:35.363
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-31 17:06:34.509
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-31 17:05:05.939
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-31 17:05:05.152
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-12-03 02:32:34.121
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-12-03 02:32:33.457
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-11-26 21:22:54.441
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-11-26 21:22:53.879
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: AMD A4-5000 APU with Radeon™ HD Graphics 
Percentage of memory in use: 53%
Total physical RAM: 3541.48 MB
Available physical RAM: 1646.29 MB
Total Virtual: 4967.16 MB
Available Virtual: 1938.91 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:445.61 GB) (Free:401.11 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery Image) (Fixed) (Total:17.89 GB) (Free:2.19 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: AE4989AF)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

Edited by retro1324, 02 June 2016 - 01:46 AM.

  • 0

Advertisements


#2
Jr0x

Jr0x

    Malware removal team

  • Malware Removal
  • 1,830 posts
Hi retro1324,

Welcome to :welcome:. My name is Jr0x and I'll be helping you with your problem.

Please Note: I am still in training and my fixes have to be approved by my instructor so there may be a slight delay in my replies. Look upon it as a good thing though in that you have two people looking at your problem.

Before we get started, there are a few things I need you to take note of.
  • Please read through the instructions before attempting to follow those procedures. I would recommend printing them out as some of the instructions would requires you to be in safe mode / offline.
  • If there is anything you are unclear of, please ask before you start the fix.
  • Do not run any scripts / tools on your own, unsupervised usage may cause more harm than good.
  • Please stay with me on this thread, do not start another thread in here (Geeks To Go) or any other forum until I've declared you clean and good to go.
  • There may be delayed response to you as we may live in different timezone.
  • Inform me of anything that happens unexpectedly during the fix at any point of time.
  • As much as we like to make this a easy process for you. Malware removal is a complex multi-step process, and things may happen such as data loss or render your machine unbootable. I would recommend that you backup your personal data before we proceed.
  • Posts that are not replied to in four (4) days will result in the topic being closed. We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • As we go along please tell me how the computer is running now. Please be as descriptive as possible e.g. I'm still getting web redirects, I am unable to access the internet etc.
Let's get started.

Windows 10 update prompt came with a new "trick" that if you are not careful, cancelling the prompt screen will still update your Windows to 10.
 
Since you have been updated to Windows 10, your old log would not be useful. Hence, I will need you to grab me a copy of the latest log.


FRST.gif Scan with Farbar's Recovery Scan Tool (FRST)

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#3
retro1324

retro1324

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 113 posts
 
 
LastRegBack: 2016-06-01 23:47
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-06-2016 02
Ran by catrina (2016-06-05 17:00:34)
Running from C:\Users\catrina\Desktop
Windows 10 Home Version 1511 (X64) (2016-06-02 07:37:08)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3730912956-2149780455-674675747-500 - Administrator - Disabled) => C:\Users\Administrator
catrina (S-1-5-21-3730912956-2149780455-674675747-1001 - Administrator - Enabled) => C:\Users\catrina
DefaultAccount (S-1-5-21-3730912956-2149780455-674675747-503 - Limited - Disabled)
Guest (S-1-5-21-3730912956-2149780455-674675747-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3730912956-2149780455-674675747-1007 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AMD Catalyst Install Manager (HKLM\...\{3296F1CA-C7E8-2A05-A835-62B4682E992C}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4.6522 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.4.3003 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.2.4016 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.4.2921 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.4.3007 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.1.3007 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.6.6119 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.79 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6668.4491 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{C88F84E5-AE23-44BD-922C-2ABEACACAF7A}) (Version: 7.2.23.56 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 43.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.29064 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.15.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7548 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.6208 - CyberLink Corp.) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3730912956-2149780455-674675747-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\catrina\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {00F26C2D-E025-4804-AE49-628DE2397BF4} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {02C87315-CFE6-45AB-A624-1D94368A07BF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-06-07] (Hewlett-Packard Company)
Task: {0AE20955-7BE7-4662-83EE-C9D06CEF88BB} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
Task: {0EF5E43C-35D4-44A6-BD34-15E445BB8EAC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {0FEF7088-A888-47F3-B0FA-B7E3A2C1604C} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {244B36C9-4D0A-41EB-85BF-C03B03D82061} - System32\Tasks\ProfessionalPCCleaner_Start => C:\Program Files (x86)\Professional PC Cleaner\ProfessionalPCCleaner.exe
Task: {2AD61C83-F1F8-433C-BEAA-7E41A7750AFC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-06-07] (Hewlett-Packard Company)
Task: {2B7182F3-CED5-449B-8ACA-0C0F50795D00} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-11-29] (Hewlett-Packard Company) <==== ATTENTION
Task: {2CC9D81B-E031-4092-85BC-76068E74DA7E} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-12] (CyberLink)
Task: {38643DC3-D1A9-43B1-9BE7-FFCD4627FA74} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {46A0200B-D841-4798-817E-70970210EFC1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-05] (Google Inc.)
Task: {5719E1D5-A0F5-4213-B1C4-1275AF14753B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {66E39BB9-C0C4-451B-AAFB-1E70E4EBCE2C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-06-06] (Hewlett-Packard)
Task: {70CFA540-0165-4950-B101-1AC4F71F6252} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {717D6E66-D3D2-472C-BE4A-507C625B1729} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {7BF7ACC8-CFC0-4419-AB5F-E7A100766DFE} - System32\Tasks\{21FD9DBB-6D6E-462F-B274-4752297044DF} => pcalua.exe -a C:\Users\catrina\AppData\Local\GamesFlight\uflight.exe
Task: {7C4D2D26-2B5F-486C-87FD-6A3EFE70D9F4} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {892518B8-0BED-4B18-B5D7-D7BEFE0010F6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {9BA5995D-D414-4972-911D-DEF34C4F801F} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {9C1583E2-3F57-463A-AFB1-258CFB53063F} - System32\Tasks\ProfessionalPCCleaner_Popup => C:\Program Files (x86)\Professional PC Cleaner\Splash.exe
Task: {AD144F19-563C-42F6-BF9C-0F5D1C88352F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-05] (Google Inc.)
Task: {B49BBAD7-DD4E-46D5-80C3-5760254D42A4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C61D9D52-8B29-470B-851F-FFAC7424FB31} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {CFBE3F22-CB77-4B89-B3FA-B3B49C3C5205} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {D73FA0AB-058F-43E7-BE5D-B520C3A124DF} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {D7C95FA2-092C-4DDA-BBD7-AA47AFDCC75F} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {FD553706-3F6C-420B-BEAC-1B7F2F975899} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 00:18 - 2015-10-30 00:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-06-02 00:46 - 2016-06-02 00:46 - 00959168 _____ () C:\Users\catrina\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-06-02 00:56 - 2016-06-02 01:04 - 07409664 _____ () C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.66.201.0_x86__kgqvnymyfvs32\stritz.exe
2016-06-02 01:23 - 2016-06-02 01:24 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-10-30 02:08 - 2015-10-30 02:08 - 08395776 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.10.13.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2015-10-30 02:08 - 2015-10-30 02:08 - 02311680 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.10.13.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-06-02 00:46 - 2016-06-02 00:46 - 00679624 _____ () C:\Users\catrina\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2016-06-02 00:56 - 2016-06-02 01:04 - 00029840 _____ () C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.66.201.0_x86__kgqvnymyfvs32\libEGL.dll
2016-06-02 00:56 - 2016-06-02 01:04 - 01259160 _____ () C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.66.201.0_x86__kgqvnymyfvs32\libGLESv2.dll
2016-06-02 00:56 - 2016-06-02 01:04 - 00255488 _____ () C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.66.201.0_x86__kgqvnymyfvs32\curl.dll
2016-06-02 00:56 - 2016-06-02 01:04 - 01602560 _____ () C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.66.201.0_x86__kgqvnymyfvs32\LIBEAY32.dll
2016-06-02 00:56 - 2016-06-02 01:04 - 00479232 _____ () C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.66.201.0_x86__kgqvnymyfvs32\SSLEAY32.dll
2016-06-02 00:56 - 2016-06-02 01:04 - 00066560 _____ () C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.66.201.0_x86__kgqvnymyfvs32\zlib.dll
2016-06-02 01:23 - 2016-06-02 01:24 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-06-02 01:23 - 2016-06-02 01:24 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-06-02 17:41 - 2016-05-31 23:50 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.79\libglesv2.dll
2016-06-02 17:41 - 2016-05-31 23:50 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.79\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 06:25 - 2015-11-23 14:37 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3730912956-2149780455-674675747-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\catrina\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{B634DEEA-7C40-4895-8403-A6AE9FA0D714}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{64098242-916E-4E0B-8009-843A28E5396C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D03DFC3E-5C67-46A0-9297-117E7E93D46F}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{C96DFA8A-1439-4840-B623-490289667808}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{D34D0CEA-479B-4621-97FB-A5E9415C9B10}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{6DB54BCB-0DCD-410A-BDCF-135296DE57C2}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{CDCBA2BA-0FCB-4208-B629-A11CD88C8B49}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{F8ED7D7E-EAE5-4C16-8D60-27D46CF43AC4}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{78CC9B3D-9B4B-4A79-83A6-1680329E482F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{ECEE4841-C59A-4FF3-B4AA-73E7D8A354FC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{ECC184E6-F71D-497C-BE25-07417C9A0762}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{88194878-C3C3-4461-BF34-EF94DC92BD68}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{25E39814-7148-476D-99B3-A6D963E38773}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{03AE4C69-537D-472F-8171-3D26B1CAB088}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{04F52E89-71F2-4330-9060-C241AF2E51BB}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{6FC0C456-3E0D-444C-8702-556F4970D0B5}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{39F136F0-0ACD-4801-9D3C-694E0006EA2B}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{C36CAA4C-91B6-4A3F-8A55-FA1D308F9737}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{BE16D70F-C564-45FA-A49B-3D4916DF17EA}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{DBFC5238-CC4A-4065-B196-5B814395E060}] => (Allow) C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{F45F65AA-21D1-40FF-A256-C50031E74513}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{825E0E02-790A-4CFE-A8D8-74C346F0FF4E}] => (Allow) LPort=2869
FirewallRules: [{F23F44BA-A7B7-4CA4-9D49-BB53AAE3B007}] => (Allow) LPort=1900
FirewallRules: [{15A3DC85-F7E1-41F4-948E-9769D8E52DA9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DBAFCF13-1F92-4347-B7C1-40EFAC3409E5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9F6BADDF-4462-4FB2-B62E-F4B3304C94B0}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{C007B9F7-A519-4C06-96A9-5D8B9A3084C9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/03/2016 07:33:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WUDFHost.exe, version: 10.0.10586.0, time stamp: 0x5632d175
Faulting module name: ntdll.dll, version: 10.0.10586.306, time stamp: 0x571af2eb
Exception code: 0xc0000374
Fault offset: 0x00000000000ee6fc
Faulting process id: 0x1f14
Faulting application start time: 0xWUDFHost.exe0
Faulting application path: WUDFHost.exe1
Faulting module path: WUDFHost.exe2
Report Id: WUDFHost.exe3
Faulting package full name: WUDFHost.exe4
Faulting package-relative application ID: WUDFHost.exe5
 
Error: (06/03/2016 07:33:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WUDFHost.exe, version: 10.0.10586.0, time stamp: 0x5632d175
Faulting module name: ntdll.dll, version: 10.0.10586.306, time stamp: 0x571af2eb
Exception code: 0xc0000374
Fault offset: 0x00000000000ee6fc
Faulting process id: 0x104c
Faulting application start time: 0xWUDFHost.exe0
Faulting application path: WUDFHost.exe1
Faulting module path: WUDFHost.exe2
Report Id: WUDFHost.exe3
Faulting package full name: WUDFHost.exe4
Faulting package-relative application ID: WUDFHost.exe5
 
Error: (06/02/2016 06:47:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WUDFHost.exe, version: 10.0.10586.0, time stamp: 0x5632d175
Faulting module name: ntdll.dll, version: 10.0.10586.306, time stamp: 0x571af2eb
Exception code: 0xc0000374
Fault offset: 0x00000000000ee6fc
Faulting process id: 0x139c
Faulting application start time: 0xWUDFHost.exe0
Faulting application path: WUDFHost.exe1
Faulting module path: WUDFHost.exe2
Report Id: WUDFHost.exe3
Faulting package full name: WUDFHost.exe4
Faulting package-relative application ID: WUDFHost.exe5
 
Error: (06/02/2016 01:31:53 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CATRINA)
Description: Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/02/2016 01:19:43 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CATRINA)
Description: Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/02/2016 01:13:11 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CATRINA)
Description: Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/02/2016 01:07:16 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CATRINA)
Description: Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/02/2016 01:06:53 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CATRINA)
Description: Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/02/2016 12:58:11 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CATRINA)
Description: Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/02/2016 12:13:30 AM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: 0x8007085A
 
 
System errors:
=============
Error: (06/03/2016 07:33:25 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{3185A766-B338-11E4-A71E-12E3F512A338}{7006698D-2974-4091-A424-85DD0B909E23}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (06/02/2016 12:19:24 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
 
Error: (06/02/2016 12:17:20 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error: 
%%1058
 
Error: (06/02/2016 12:17:20 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error: 
%%1058
 
Error: (06/02/2016 12:17:20 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error: 
%%1058
 
Error: (06/02/2016 12:17:20 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error: 
%%1058
 
Error: (06/02/2016 12:17:20 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error: 
%%1058
 
Error: (06/02/2016 12:17:20 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error: 
%%1058
 
Error: (06/02/2016 12:17:20 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error: 
%%1058
 
Error: (06/02/2016 12:17:20 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error: 
%%1058
 
 
CodeIntegrity:
===================================
  Date: 2016-06-02 00:12:57.797
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-02 00:08:42.617
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-01 23:48:47.175
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: AMD A4-5000 APU with Radeon™ HD Graphics 
Percentage of memory in use: 48%
Total physical RAM: 3541.48 MB
Available physical RAM: 1833.76 MB
Total Virtual: 3941.48 MB
Available Virtual: 1907.2 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:445.61 GB) (Free:396.55 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery Image) (Fixed) (Total:17.89 GB) (Free:2.19 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: AE4989AF)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

  • 0

#4
Jr0x

Jr0x

    Malware removal team

  • Malware Removal
  • 1,830 posts

Hi retro1324,

 

It seem like your reply did not include FRST.txt

 

Please copy and paste into your next reply.

 

Thank you.


  • 0

#5
retro1324

retro1324

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 113 posts

no it did but thats what came up for it ... sooo um should i delete that and then rescan? or delete frst and reinstall then rescan? 


  • 0

#6
Jr0x

Jr0x

    Malware removal team

  • Malware Removal
  • 1,830 posts

Please follow my instruction as Post #2 to download a new copy of FRST and follow the instruction given.


  • 0

#7
retro1324

retro1324

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 113 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-06-2016
Ran by catrina (administrator) on CATRINA (07-06-2016 12:01:33)
Running from C:\Users\catrina\Desktop
Loaded Profiles: catrina (Available Profiles: catrina & Administrator)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.10.13.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe
(Microsoft Corporation) C:\Windows\System32\wuapihost.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8513792 2015-08-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411328 2015-08-07] (Realtek Semiconductor)
HKU\S-1-5-21-3730912956-2149780455-674675747-1001\...\Run: [Norton Download Manager{NIS2250215-SHPD-FSD51083}] => C:\Users\catrina\AppData\Local\Temp\{55B734A3-08DB-4499-A563-D5EF636AEACF}\Upgrade.exe [2059272 2015-07-27] (Symantec Corporation) <===== ATTENTION
HKU\S-1-5-21-3730912956-2149780455-674675747-1001\...\RunOnce: [Uninstall C:\Users\catrina\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\catrina\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-3730912956-2149780455-674675747-1001\...\RunOnce: [Uninstall C:\Users\catrina\AppData\Local\Microsoft\OneDrive\17.3.5892.0626] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\catrina\AppData\Local\Microsoft\OneDrive\17.3.5892.0626"
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\catrina\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-06-02] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\catrina\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-06-02] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\catrina\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-06-02] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\catrina\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-06-02] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\catrina\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-06-02] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\catrina\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-06-02] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{c73d2bfa-83be-430f-9f0d-96823e926035}: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
HKU\S-1-5-21-3730912956-2149780455-674675747-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_instlmtrx_15_48&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDtByCyE0D0D0E0AyDtC0CtN0D0Tzu0StCyEtBtBtN1L2XzutAtFtCtBtFyBtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyCtBtB0FtCtD0CtDtGyD0FyD0BtGtC0CtD0BtGyB0C0AtDtG0C0CtD0EtAyE0DyB0F0AyE0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyC0F0A0EtDtB0EtG0BzyzyzytGyE0AtA0BtGzz0DyC0CtGtCtCyEtD0C0DyB0F0F0BtAtC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDzzzy%26cr%3D90773413%26a%3Dwbf_instlmtrx_15_48%26os%3DWindows%2B8.1
HKU\S-1-5-21-3730912956-2149780455-674675747-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
HKU\S-1-5-21-3730912956-2149780455-674675747-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/HPDSK13/1
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_instlmtrx_15_48&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDtByCyE0D0D0E0AyDtC0CtN0D0Tzu0StCyEtBtBtN1L2XzutAtFtCtBtFyBtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyCtBtB0FtCtD0CtDtGyD0FyD0BtGtC0CtD0BtGyB0C0AtDtG0C0CtD0EtAyE0DyB0F0AyE0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyC0F0A0EtDtB0EtG0BzyzyzytGyE0AtA0BtGzz0DyC0CtGtCtCyEtD0C0DyB0F0F0BtAtC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDzzzy%26cr%3D90773413%26a%3Dwbf_instlmtrx_15_48%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3730912956-2149780455-674675747-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_bimmed_15_38_ssg02&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDtByCyE0D0D0E0AyDtC0CtN0D0Tzu0StCtAyDyBtN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyD0AtByBtBtA0DyCtGtByD0FtDtGyEtA0BzytG0AzyyE0DtG0F0F0AtC0D0F0AtBtCyCyByE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0DtDtA0Fzy0CyBtGzy0FtBtBtGyE0FyByDtGzz0B0CtAtGzzyDyByD0Ezy0BtBzzyDtByD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDtBtC%26cr%3D1528194446%26a%3Dwncy_bimmed_15_38_ssg02%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3730912956-2149780455-674675747-1001 -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_bimmed_15_38_ssg02&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDtByCyE0D0D0E0AyDtC0CtN0D0Tzu0StCtAyDyBtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2Szy0E0ByBtBtA0AtDtG0A0AyCyEtGyEtDyEzytGzzyE0D0DtG0EtDtD0C0A0CyC0A0E0AtD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0DtDtA0Fzy0CyBtGzy0FtBtBtGyE0FyByDtGzz0B0CtAtGzzyDyByD0Ezy0BtBzzyDtByD2QtN0A0LzuyE%26cr%3D778995846%26a%3Dwny_bimmed_15_38_ssg02%26os%3DWindows 8.1&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3730912956-2149780455-674675747-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-09] (Hewlett-Packard)
Toolbar: HKU\S-1-5-21-3730912956-2149780455-674675747-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
 
FireFox:
========
FF ProfilePath: C:\Users\catrina\AppData\Roaming\Mozilla\Firefox\Profiles\v2tnow4k.default
FF DefaultSearchEngine.US: Search Provided by Yahoo
FF Homepage: hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_instlmtrx_15_48&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDtByCyE0D0D0E0AyDtC0CtN0D0Tzu0StCyEtBtBtN1L2XzutAtFtCtBtFyBtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyCtBtB0FtCtD0CtDtGyD0FyD0BtGtC0CtD0BtGyB0C0AtDtG0C0CtD0EtAyE0DyB0F0AyE0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyC0F0A0EtDtB0EtG0BzyzyzytGyE0AtA0BtGzz0DyC0CtGtCtCyEtD0C0DyB0F0F0BtAtC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDzzzy%26cr%3D90773413%26a%3Dwbf_instlmtrx_15_48%26os%3DWindows%2B8.1
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-25] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-25] (Google Inc.)
FF SearchPlugin: C:\Users\catrina\AppData\Roaming\Mozilla\Firefox\Profiles\v2tnow4k.default\searchplugins\search-provided-by-yahoo.xml [2015-11-10]
 
Chrome: 
=======
CHR Session Restore: Profile 1 -> is enabled.
CHR Profile: C:\Users\catrina\AppData\Local\Google\Chrome\User Data\Default
CHR Profile: C:\Users\catrina\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\catrina\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-31]
CHR Extension: (Google Docs) - C:\Users\catrina\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-31]
CHR Extension: (Google Drive) - C:\Users\catrina\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-31]
CHR Extension: (YouTube) - C:\Users\catrina\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-31]
CHR Extension: (Off The Record History) - C:\Users\catrina\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\djbaolpiihkcmmfjnjdmomeeheldhhdp [2016-05-31]
CHR Extension: (Google Sheets) - C:\Users\catrina\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-31]
CHR Extension: (Google Docs Offline) - C:\Users\catrina\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-31]
CHR Extension: (Safe Kitten) - C:\Users\catrina\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jmdnbaoclifcikbajkdmageonhgghjko [2016-05-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\catrina\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-31]
CHR Extension: (Gmail) - C:\Users\catrina\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-31]
CHR HKU\S-1-5-21-3730912956-2149780455-674675747-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ajcmdlkeklfmbjffnlofgfkjcnpfckab] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 CLHNServiceForPowerDVD12; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [89864 2013-06-09] (CyberLink Corp.)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-06-09] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [294664 2013-06-09] (CyberLink)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-06-07] (Hewlett-Packard Company) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312064 2015-08-07] (Realtek Semiconductor)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4318760 2015-08-28] (Qualcomm Atheros Communications, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-15] (CyberLink)
R2 ntk_PowerDVD12; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [84168 2013-03-12] (Cyberlink Corp.)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [896760 2016-02-17] (Realtek                                            )
U5 usbfilter; C:\Windows\System32\Drivers\usbfilter.sys [58536 2012-08-28] (Advanced Micro Devices)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-07 12:01 - 2016-06-07 12:02 - 00015771 _____ C:\Users\catrina\Desktop\FRST.txt
2016-06-07 12:00 - 2016-06-07 12:01 - 02385408 _____ (Farbar) C:\Users\catrina\Desktop\FRST64.exe
2016-06-03 10:59 - 2016-06-03 10:59 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-06-02 01:27 - 2016-06-02 01:27 - 00000000 ____D C:\Users\catrina\AppData\Local\NetworkTiles
2016-06-02 00:47 - 2016-06-02 00:47 - 00000000 ___HD C:\OneDriveTemp
2016-06-02 00:46 - 2016-06-02 00:37 - 00000000 ___DC C:\WINDOWS\Panther
2016-06-02 00:45 - 2016-06-02 00:47 - 00002414 _____ C:\Users\catrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-06-02 00:41 - 2016-06-02 00:42 - 00000000 ____D C:\Windows.old
2016-06-02 00:41 - 2016-06-02 00:41 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-06-02 00:40 - 2016-06-02 00:40 - 00000000 ____D C:\Users\catrina\AppData\Local\ActiveSync
2016-06-02 00:39 - 2016-06-02 00:39 - 00000000 ____D C:\Users\catrina\AppData\Local\Publishers
2016-06-02 00:38 - 2016-06-02 00:38 - 00000000 ____D C:\Users\catrina\AppData\Local\TileDataLayer
2016-06-02 00:38 - 2016-06-02 00:38 - 00000000 ____D C:\Users\catrina\AppData\Local\Comms
2016-06-02 00:37 - 2016-06-02 00:37 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 02919832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 02544264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 02403680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-06-02 00:37 - 2016-06-02 00:37 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2016-06-02 00:37 - 2016-06-02 00:37 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 01152328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 01092464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-06-02 00:37 - 2016-06-02 00:37 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 01017032 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-06-02 00:37 - 2016-06-02 00:37 - 00980352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-06-02 00:37 - 2016-06-02 00:37 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00895080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-06-02 00:37 - 2016-06-02 00:37 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00882720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00871936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2016-06-02 00:37 - 2016-06-02 00:37 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00858952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00848168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00819648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-06-02 00:37 - 2016-06-02 00:37 - 00786696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-06-02 00:37 - 2016-06-02 00:37 - 00713824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00701384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00696672 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-06-02 00:37 - 2016-06-02 00:37 - 00671472 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00526856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00498960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00493568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00476728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00462760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00454056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00451928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00420928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-06-02 00:37 - 2016-06-02 00:37 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2016-06-02 00:37 - 2016-06-02 00:37 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2016-06-02 00:37 - 2016-06-02 00:37 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-06-02 00:37 - 2016-06-02 00:37 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-06-02 00:37 - 2016-06-02 00:37 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-06-02 00:37 - 2016-06-02 00:37 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00287712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-06-02 00:37 - 2016-06-02 00:37 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-06-02 00:37 - 2016-06-02 00:37 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2016-06-02 00:37 - 2016-06-02 00:37 - 00245840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-06-02 00:37 - 2016-06-02 00:37 - 00234504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00208176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwbase.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwbase.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2016-06-02 00:37 - 2016-06-02 00:37 - 00119320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-06-02 00:37 - 2016-06-02 00:37 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2016-06-02 00:37 - 2016-06-02 00:37 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00110032 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00100160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-06-02 00:37 - 2016-06-02 00:37 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00088392 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMSRoamingSecurity.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00073360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.proxy.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsdchngr.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfapigp.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00000020 ___SH C:\Users\catrina\ntuser.ini
2016-06-02 00:36 - 2016-06-02 00:36 - 24604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 18676224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 13383168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 12586496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 08705672 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 07533568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-06-02 00:36 - 2016-06-02 00:36 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 06952088 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 06740992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 06605504 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 05502976 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 05324288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 05240960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 04827136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 04775424 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 04515256 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-06-02 00:36 - 2016-06-02 00:36 - 04412928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-06-02 00:36 - 2016-06-02 00:36 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 03673424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 03591168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-06-02 00:36 - 2016-06-02 00:36 - 03575296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 03449168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 03355136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 03078144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 02912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 02843136 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 02773096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2016-06-02 00:36 - 2016-06-02 00:36 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2016-06-02 00:36 - 2016-06-02 00:36 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 02680320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 02606824 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 02598912 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 02587696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 02186864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 02155008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 02152280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-06-02 00:36 - 2016-06-02 00:36 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-06-02 00:36 - 2016-06-02 00:36 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-06-02 00:36 - 2016-06-02 00:36 - 02026736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 02000896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-06-02 00:36 - 2016-06-02 00:36 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 01902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 01860096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 01848072 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 01847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2016-06-02 00:36 - 2016-06-02 00:36 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 01819208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 01814528 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 01804664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 01776768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 01731072 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 01714688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 01648640 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 01613664 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 01594920 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-06-02 00:36 - 2016-06-02 00:36 - 01575936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 01536088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 01522152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-06-02 00:36 - 2016-06-02 00:36 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 01497088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2016-06-02 00:36 - 2016-06-02 00:36 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 01444352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 01410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 01395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-06-02 00:36 - 2016-06-02 00:36 - 01372304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 01319424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-06-02 00:36 - 2016-06-02 00:36 - 01297752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 01270072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-06-02 00:36 - 2016-06-02 00:36 - 01239552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 01224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 01211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 01161120 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 01152864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-06-02 00:36 - 2016-06-02 00:36 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-06-02 00:36 - 2016-06-02 00:36 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSave.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 01098240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 01089888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-06-02 00:36 - 2016-06-02 00:36 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 01052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 01042432 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 01035776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-06-02 00:36 - 2016-06-02 00:36 - 01009152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-06-02 00:36 - 2016-06-02 00:36 - 00997376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00988672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00958976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00931328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
2016-06-02 00:36 - 2016-06-02 00:36 - 00915456 _____ (Microsoft Corporation) C:\WINDOWS\system32\configurationclient.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00911648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00900608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-06-02 00:36 - 2016-06-02 00:36 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-06-02 00:36 - 2016-06-02 00:36 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00779384 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00770640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00769536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2016-06-02 00:36 - 2016-06-02 00:36 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00725776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00713920 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00713728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00707608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-06-02 00:36 - 2016-06-02 00:36 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00698208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2016-06-02 00:36 - 2016-06-02 00:36 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00686976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\scapi.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00683008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00675064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00650304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00644096 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00640472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00639488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00638816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-06-02 00:36 - 2016-06-02 00:36 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-06-02 00:36 - 2016-06-02 00:36 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00625000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00619296 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00605440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-06-02 00:36 - 2016-06-02 00:36 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00591872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00586208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00586080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-06-02 00:36 - 2016-06-02 00:36 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00578912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2016-06-02 00:36 - 2016-06-02 00:36 - 00577368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-06-02 00:36 - 2016-06-02 00:36 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00572272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00569744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00565600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-06-02 00:36 - 2016-06-02 00:36 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00563552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2016-06-02 00:36 - 2016-06-02 00:36 - 00558592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00550656 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00541304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-06-02 00:36 - 2016-06-02 00:36 - 00540160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00538736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00534872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-06-02 00:36 - 2016-06-02 00:36 - 00530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2016-06-02 00:36 - 2016-06-02 00:36 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00523616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2016-06-02 00:36 - 2016-06-02 00:36 - 00522176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2016-06-02 00:36 - 2016-06-02 00:36 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00513368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00511320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00499432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-06-02 00:36 - 2016-06-02 00:36 - 00463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00453472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00440152 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-06-02 00:36 - 2016-06-02 00:36 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00430944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-06-02 00:36 - 2016-06-02 00:36 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-06-02 00:36 - 2016-06-02 00:36 - 00413536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-06-02 00:36 - 2016-06-02 00:36 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlansec.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00394752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-06-02 00:36 - 2016-06-02 00:36 - 00390496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00378208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2016-06-02 00:36 - 2016-06-02 00:36 - 00376536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00374008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-06-02 00:36 - 2016-06-02 00:36 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AccountsRt.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00337840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-06-02 00:36 - 2016-06-02 00:36 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2016-06-02 00:36 - 2016-06-02 00:36 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00330072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-06-02 00:36 - 2016-06-02 00:36 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00306832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-06-02 00:36 - 2016-06-02 00:36 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00294592 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00291360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2016-06-02 00:36 - 2016-06-02 00:36 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00289248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-06-02 00:36 - 2016-06-02 00:36 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00264544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00264192 _____ (Nokia) C:\WINDOWS\system32\NmaDirect.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00260608 _____ C:\WINDOWS\system32\MTFServer.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-06-02 00:36 - 2016-06-02 00:36 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-06-02 00:36 - 2016-06-02 00:36 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\cemapi.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-06-02 00:36 - 2016-06-02 00:36 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2016-06-02 00:36 - 2016-06-02 00:36 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-06-02 00:36 - 2016-06-02 00:36 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00220064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqmapi.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00217440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuickActionsDataModel.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00205824 _____ (Nokia) C:\WINDOWS\SysWOW64\NmaDirect.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-AppModelExecEvents.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00204048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassam.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00202472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cemapi.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-06-02 00:36 - 2016-06-02 00:36 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00190144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-06-02 00:36 - 2016-06-02 00:36 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00188256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-06-02 00:36 - 2016-06-02 00:36 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00183904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityCommon.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-06-02 00:36 - 2016-06-02 00:36 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerServer.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-06-02 00:36 - 2016-06-02 00:36 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-06-02 00:36 - 2016-06-02 00:36 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2016-06-02 00:36 - 2016-06-02 00:36 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-06-02 00:36 - 2016-06-02 00:36 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2016-06-02 00:36 - 2016-06-02 00:36 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-06-02 00:36 - 2016-06-02 00:36 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2016-06-02 00:36 - 2016-06-02 00:36 - 00147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2016-06-02 00:36 - 2016-06-02 00:36 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00146272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2016-06-02 00:36 - 2016-06-02 00:36 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-06-02 00:36 - 2016-06-02 00:36 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-06-02 00:36 - 2016-06-02 00:36 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00141664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2016-06-02 00:36 - 2016-06-02 00:36 - 00141560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2016-06-02 00:36 - 2016-06-02 00:36 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ETWCoreUIComponentsResources.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ETWCoreUIComponentsResources.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00131424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufxsynopsys.sys
2016-06-02 00:36 - 2016-06-02 00:36 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00127840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2016-06-02 00:36 - 2016-06-02 00:36 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
2016-06-02 00:36 - 2016-06-02 00:36 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ProximityCommon.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys
2016-06-02 00:36 - 2016-06-02 00:36 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-06-02 00:36 - 2016-06-02 00:36 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2016-06-02 00:36 - 2016-06-02 00:36 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MapControls.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2016-06-02 00:36 - 2016-06-02 00:36 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00100232 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-06-02 00:36 - 2016-06-02 00:36 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2016-06-02 00:36 - 2016-06-02 00:36 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdport.sys
2016-06-02 00:36 - 2016-06-02 00:36 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbio.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\filecrypt.sys
2016-06-02 00:36 - 2016-06-02 00:36 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-06-02 00:36 - 2016-06-02 00:36 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-06-02 00:36 - 2016-06-02 00:36 - 00085320 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
2016-06-02 00:36 - 2016-06-02 00:36 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
2016-06-02 00:36 - 2016-06-02 00:36 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00081144 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe
2016-06-02 00:36 - 2016-06-02 00:36 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00080600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwapi.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\provpackageapidll.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-06-02 00:36 - 2016-06-02 00:36 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.XboxLive.ProxyStub.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00074424 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2016-06-02 00:36 - 2016-06-02 00:36 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssign32.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManagerProxy.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\POSyncServices.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-06-02 00:36 - 2016-06-02 00:36 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ihvrilproxy.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00063528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wwapi.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2016-06-02 00:36 - 2016-06-02 00:36 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssign32.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenanceClient.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00058400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosResource.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosResource.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00058208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwminit.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\POSyncServices.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2016-06-02 00:36 - 2016-06-02 00:36 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\rilproxy.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-06-02 00:36 - 2016-06-02 00:36 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wwanpref.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00051680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsUtilsV2.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2016-06-02 00:36 - 2016-06-02 00:36 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PimIndexMaintenanceClient.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-06-02 00:36 - 2016-06-02 00:36 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTypeHelperUtil.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataLanguageUtil.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsplib.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.proxy.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2016-06-02 00:36 - 2016-06-02 00:36 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerClient.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe
2016-06-02 00:36 - 2016-06-02 00:36 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-06-02 00:36 - 2016-06-02 00:36 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\BackgroundTransferHost.exe
2016-06-02 00:36 - 2016-06-02 00:36 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCoreRes.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCoreRes.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00035680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wimmount.sys
2016-06-02 00:36 - 2016-06-02 00:36 - 00035656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2016-06-02 00:36 - 2016-06-02 00:36 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe
2016-06-02 00:36 - 2016-06-02 00:36 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00032040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe
2016-06-02 00:36 - 2016-06-02 00:36 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TimeBrokerClient.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe
2016-06-02 00:36 - 2016-06-02 00:36 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringconfigsp.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-06-02 00:36 - 2016-06-02 00:36 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2016-06-02 00:36 - 2016-06-02 00:36 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-06-02 00:36 - 2016-06-02 00:36 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2016-06-02 00:36 - 2016-06-02 00:36 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-06-02 00:36 - 2016-06-02 00:36 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\irmon.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExtrasXmlParser.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2016-06-02 00:36 - 2016-06-02 00:36 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
2016-06-02 00:36 - 2016-06-02 00:36 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshrm.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe
2016-06-02 00:36 - 2016-06-02 00:36 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\IcsEntitlementHost.exe
2016-06-02 00:36 - 2016-06-02 00:36 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacchooks.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacchooks.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosTrace.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosHost.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\readingviewresources.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlStringsRes.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlStringsRes.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00002186 _____ C:\WINDOWS\SysWOW64\AppxProvisioning.xml
2016-06-02 00:36 - 2016-06-02 00:36 - 00002186 _____ C:\WINDOWS\system32\AppxProvisioning.xml
2016-06-02 00:24 - 2016-06-02 00:24 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-06-02 00:20 - 2016-06-02 00:20 - 00000000 ____D C:\ProgramData\USOShared
2016-06-02 00:20 - 2016-06-02 00:20 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-06-02 00:20 - 2016-06-02 00:20 - 00000000 ____D C:\Program Files\MSBuild
2016-06-02 00:20 - 2016-06-02 00:20 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-06-02 00:20 - 2016-06-02 00:20 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-06-02 00:20 - 2016-06-02 00:20 - 00000000 ____D C:\inetpub
2016-06-02 00:19 - 2016-06-02 00:19 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-06-02 00:19 - 2016-06-02 00:19 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-06-02 00:19 - 2016-06-02 00:19 - 00000000 _SHDL C:\Users\Default\My Documents
2016-06-02 00:19 - 2016-06-02 00:19 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2016-06-02 00:19 - 2016-06-02 00:19 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2016-06-02 00:19 - 2016-06-02 00:19 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2016-06-02 00:19 - 2016-06-02 00:19 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2016-06-02 00:19 - 2016-06-02 00:19 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2016-06-02 00:19 - 2016-06-02 00:19 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2016-06-02 00:19 - 2015-10-23 18:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2016-06-02 00:19 - 2015-10-23 18:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-06-02 00:19 - 2015-10-23 18:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2016-06-02 00:19 - 2015-10-23 18:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2016-06-02 00:19 - 2015-10-23 18:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2016-06-02 00:19 - 2015-10-23 18:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-06-02 00:13 - 2016-06-02 00:13 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-02 00:07 - 2016-06-02 00:07 - 00000000 ____D C:\Users\Public\Documents\CyberLink
2016-06-02 00:04 - 2016-06-02 00:04 - 00000000 ____D C:\Users\Default\Documents\hp.system.package.metadata
2016-06-02 00:04 - 2016-06-02 00:04 - 00000000 ____D C:\Users\Default\Documents\hp.applications.package.appdata
2016-06-02 00:04 - 2016-06-02 00:04 - 00000000 ____D C:\Users\Default User\Documents\hp.system.package.metadata
2016-06-02 00:04 - 2016-06-02 00:04 - 00000000 ____D C:\Users\Default User\Documents\hp.applications.package.appdata
2016-06-02 00:03 - 2016-06-02 00:03 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-06-01 23:57 - 2016-06-01 23:57 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2016-06-01 23:56 - 2016-06-02 00:37 - 00000000 ____D C:\Users\catrina
2016-06-01 23:56 - 2016-06-02 00:09 - 00000000 ____D C:\Users\Administrator
2016-06-01 23:56 - 2016-06-01 23:56 - 00000000 _SHDL C:\Users\catrina\My Documents
2016-06-01 23:56 - 2016-06-01 23:56 - 00000000 _SHDL C:\Users\catrina\Documents\My Videos
2016-06-01 23:56 - 2016-06-01 23:56 - 00000000 _SHDL C:\Users\catrina\Documents\My Pictures
2016-06-01 23:56 - 2016-06-01 23:56 - 00000000 _SHDL C:\Users\catrina\Documents\My Music
2016-06-01 23:56 - 2016-06-01 23:56 - 00000000 _SHDL C:\Users\Administrator\My Documents
2016-06-01 23:56 - 2016-06-01 23:56 - 00000000 _SHDL C:\Users\Administrator\Documents\My Videos
2016-06-01 23:56 - 2016-06-01 23:56 - 00000000 _SHDL C:\Users\Administrator\Documents\My Pictures
2016-06-01 23:56 - 2016-06-01 23:56 - 00000000 _SHDL C:\Users\Administrator\Documents\My Music
2016-06-01 23:55 - 2016-06-02 00:14 - 00972104 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-06-01 23:55 - 2016-06-01 23:55 - 00929278 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2016-06-01 23:52 - 2016-06-02 00:06 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2016-06-01 23:52 - 2016-06-01 23:52 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2016-06-01 23:52 - 2016-06-01 23:52 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2016-06-01 23:52 - 2016-06-01 23:52 - 00000000 ____D C:\Program Files\AMD
2016-06-01 23:52 - 2016-06-01 23:52 - 00000000 _____ C:\WINDOWS\ativpsrm.bin
2016-06-01 23:51 - 2016-06-02 00:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2016-06-01 23:51 - 2016-06-01 23:51 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-06-01 23:51 - 2016-06-01 23:51 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2016-06-01 23:51 - 2016-06-01 23:51 - 00000000 ____D C:\Program Files\Realtek
2016-06-01 23:50 - 2016-06-01 23:50 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2016-06-01 23:50 - 2015-10-30 00:17 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2016-06-01 23:47 - 2016-06-02 00:07 - 00215576 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-05-31 10:12 - 2012-10-24 12:44 - 00656048 _____ (WildTangent, Inc.) C:\ProgramData\uninstall730261.exe
2016-05-29 13:06 - 2016-05-29 16:25 - 952953376 _____ C:\Users\catrina\Downloads\The.Witch.2015.720p.BluRay.H264.AAC-RARBG.mp4
2016-05-29 12:55 - 2016-05-29 16:25 - 974707372 _____ C:\Users\catrina\Downloads\Dirty.Grandpa.2016.720p.BluRay.H264.AAC-RARBG.mp4
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-07 12:01 - 2015-05-13 20:10 - 00000000 ____D C:\FRST
2016-06-07 11:37 - 2015-08-05 21:43 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-07 09:50 - 2015-08-05 21:27 - 00004154 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0A788BEA-587A-4B00-B93B-AEFFBE826DB5}
2016-06-06 19:37 - 2015-08-05 21:43 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-05 19:27 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\Registration
2016-06-05 17:01 - 2015-10-30 00:21 - 00000000 ____D C:\WINDOWS\INF
2016-06-05 16:58 - 2015-07-23 17:17 - 00000000 ____D C:\Users\catrina\Desktop\FRST-OlderVersion
2016-06-04 19:52 - 2013-07-30 13:25 - 00000000 ____D C:\ProgramData\Norton
2016-06-02 17:41 - 2015-08-05 21:44 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-02 04:08 - 2015-07-10 11:37 - 00000000 ____D C:\Users\Public\Downloads\Norton
2016-06-02 01:38 - 2015-10-30 00:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-02 01:24 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-02 01:04 - 2015-08-05 21:26 - 00000000 ____D C:\Users\catrina\AppData\Local\Packages
2016-06-02 00:56 - 2015-10-30 00:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2016-06-02 00:47 - 2015-08-12 09:37 - 00000000 ___RD C:\Users\catrina\OneDrive
2016-06-02 00:46 - 2015-10-30 00:24 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-06-02 00:41 - 2015-10-30 00:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-06-02 00:40 - 2015-10-30 02:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-06-02 00:40 - 2015-10-30 00:24 - 00000000 __RSD C:\WINDOWS\Media
2016-06-02 00:40 - 2015-10-30 00:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-06-02 00:40 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-06-02 00:40 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-06-02 00:40 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-06-02 00:40 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-06-02 00:40 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-06-02 00:40 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-06-02 00:40 - 2015-10-30 00:24 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-06-02 00:40 - 2015-10-30 00:24 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-06-02 00:40 - 2015-10-30 00:24 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-06-02 00:40 - 2015-10-30 00:24 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-06-02 00:40 - 2015-10-29 23:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-06-02 00:40 - 2015-10-29 23:28 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-06-02 00:39 - 2015-10-30 00:24 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-06-02 00:39 - 2015-10-30 00:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-06-02 00:39 - 2015-10-30 00:24 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-06-02 00:39 - 2015-10-30 00:24 - 00000000 ___RD C:\WINDOWS\MiracastView
2016-06-02 00:38 - 2015-10-30 00:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-06-02 00:38 - 2013-12-30 09:54 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-06-02 00:37 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\appcompat
2016-06-02 00:22 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\rescache
2016-06-02 00:20 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2016-06-02 00:20 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-06-02 00:20 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2016-06-02 00:20 - 2015-10-30 00:24 - 00000000 ____D C:\ProgramData\USOPrivate
2016-06-02 00:20 - 2015-10-30 00:19 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2016-06-02 00:20 - 2015-10-30 00:19 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2016-06-02 00:20 - 2015-10-30 00:19 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2016-06-02 00:20 - 2015-10-30 00:19 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2016-06-02 00:20 - 2015-10-30 00:19 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2016-06-02 00:20 - 2015-10-30 00:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2016-06-02 00:20 - 2015-10-30 00:18 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2016-06-02 00:20 - 2015-10-30 00:18 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2016-06-02 00:20 - 2015-10-30 00:18 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2016-06-02 00:20 - 2015-10-30 00:18 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2016-06-02 00:20 - 2015-10-30 00:18 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2016-06-02 00:20 - 2015-10-30 00:18 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2016-06-02 00:19 - 2015-10-29 23:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-06-02 00:19 - 2015-08-12 04:27 - 00045723 _____ C:\WINDOWS\diagwrn.xml
2016-06-02 00:19 - 2015-08-12 04:27 - 00045723 _____ C:\WINDOWS\diagerr.xml
2016-06-02 00:13 - 2015-11-26 22:20 - 00002040 _____ C:\WINDOWS\System32\Tasks\{21FD9DBB-6D6E-462F-B274-4752297044DF}
2016-06-02 00:13 - 2015-11-23 14:31 - 00002486 _____ C:\WINDOWS\System32\Tasks\ProfessionalPCCleaner_Popup
2016-06-02 00:13 - 2015-11-23 14:31 - 00002300 _____ C:\WINDOWS\System32\Tasks\ProfessionalPCCleaner_Start
2016-06-02 00:13 - 2015-08-12 04:46 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2016-06-02 00:13 - 2015-08-05 21:43 - 00003290 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-06-02 00:13 - 2015-08-05 21:43 - 00003062 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-06-02 00:13 - 2015-08-05 21:35 - 00002810 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3730912956-2149780455-674675747-1001
2016-06-02 00:13 - 2013-07-30 13:20 - 00002340 _____ C:\WINDOWS\System32\Tasks\MirageAgent
2016-06-02 00:13 - 2013-07-30 12:51 - 00002352 _____ C:\WINDOWS\System32\Tasks\CLVDLauncher
2016-06-02 00:13 - 2013-07-30 12:51 - 00002352 _____ C:\WINDOWS\System32\Tasks\CLMLSvc_P2G8
2016-06-02 00:11 - 2015-10-30 00:24 - 00000000 __RHD C:\Users\Public\Libraries
2016-06-02 00:06 - 2015-10-29 23:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-06-02 00:05 - 2015-10-30 00:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-06-02 00:05 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-06-02 00:05 - 2015-10-30 00:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-06-02 00:05 - 2013-07-30 13:23 - 00000000 ____D C:\WINDOWS\en
2016-06-02 00:05 - 2013-07-30 13:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2016-06-02 00:05 - 2013-07-30 12:51 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2016-06-02 00:05 - 2013-07-30 12:51 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-06-02 00:05 - 2013-07-30 12:45 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2016-06-02 00:05 - 2013-07-30 12:41 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2016-06-02 00:04 - 2013-08-22 06:36 - 00000000 ____D C:\Users\Default.migrated
2016-06-02 00:00 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2016-06-02 00:00 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2016-06-02 00:00 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2016-06-02 00:00 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2016-06-02 00:00 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\SysWOW64\et-EE
2016-06-02 00:00 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2016-06-02 00:00 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\spool
2016-06-02 00:00 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-06-02 00:00 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2016-06-02 00:00 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2016-06-02 00:00 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2016-06-02 00:00 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\IME
2016-06-02 00:00 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\et-EE
2016-06-02 00:00 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-06-02 00:00 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2016-06-02 00:00 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2016-06-01 23:58 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-06-01 23:58 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\InputMethod
2016-06-01 23:58 - 2015-10-30 00:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-06-01 23:58 - 2015-08-05 21:27 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
2016-06-01 23:58 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\MediaViewer
2016-06-01 23:58 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\ADFS
2016-06-01 23:58 - 2013-07-30 12:48 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2016-06-01 23:58 - 2013-04-03 17:13 - 00000000 ____D C:\ProgramData\PRICache
2016-06-01 23:56 - 2013-04-03 17:13 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages
2016-06-01 23:54 - 2015-10-29 23:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-06-01 23:47 - 2015-10-30 02:13 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2016-06-01 23:02 - 2015-10-30 02:42 - 00000000 ___HD C:\$WINDOWS.~BT
2016-05-31 16:37 - 2015-01-06 08:35 - 00000000 ____D C:\Users\catrina\Desktop\Uninstall
2016-05-31 16:36 - 2015-08-08 09:19 - 00000000 ____D C:\Users\catrina\AppData\Local\ElevatedDiagnostics
2016-05-31 10:13 - 2013-07-30 12:51 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2016-05-31 10:12 - 2013-07-30 12:51 - 00000000 ____D C:\ProgramData\WildTangent
2016-05-30 07:12 - 2014-10-12 16:12 - 00045568 ___SH C:\Users\catrina\Downloads\Thumbs.db
2016-05-29 13:29 - 2014-07-25 22:32 - 00000000 ____D C:\Users\catrina\Documents\Youcam
2016-05-26 17:58 - 2013-08-22 08:36 - 00000000 ___RD C:\WINDOWS\ToastData
2016-05-25 23:40 - 2015-08-07 00:26 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-25 23:32 - 2015-08-07 00:26 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
 
==================== Files in the root of some directories =======
 
2015-09-19 13:33 - 2015-10-17 00:33 - 0000178 _____ () C:\Users\catrina\AppData\Roaming\WB.CFG
2016-05-31 10:12 - 2012-10-24 12:44 - 0656048 _____ (WildTangent, Inc.) C:\ProgramData\uninstall730261.exe
 
Files to move or delete:
====================
C:\Users\catrina\AppData\Local\Temp\{55B734A3-08DB-4499-A563-D5EF636AEACF}\Upgrade.exe
C:\ProgramData\uninstall730261.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-06-01 23:47
 
==================== End of FRST.txt ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-06-2016
Ran by catrina (2016-06-07 12:03:02)
Running from C:\Users\catrina\Desktop
Windows 10 Home Version 1511 (X64) (2016-06-02 07:37:08)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3730912956-2149780455-674675747-500 - Administrator - Disabled) => C:\Users\Administrator
catrina (S-1-5-21-3730912956-2149780455-674675747-1001 - Administrator - Enabled) => C:\Users\catrina
DefaultAccount (S-1-5-21-3730912956-2149780455-674675747-503 - Limited - Disabled)
Guest (S-1-5-21-3730912956-2149780455-674675747-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3730912956-2149780455-674675747-1007 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AMD Catalyst Install Manager (HKLM\...\{3296F1CA-C7E8-2A05-A835-62B4682E992C}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4.6522 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.4.3003 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.2.4016 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.4.2921 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.4.3007 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.1.3007 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.6.6119 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.79 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6668.4491 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{C88F84E5-AE23-44BD-922C-2ABEACACAF7A}) (Version: 7.2.23.56 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 43.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.29064 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.15.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7548 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.6208 - CyberLink Corp.) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3730912956-2149780455-674675747-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\catrina\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {00F26C2D-E025-4804-AE49-628DE2397BF4} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {02C87315-CFE6-45AB-A624-1D94368A07BF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-06-07] (Hewlett-Packard Company)
Task: {0AE20955-7BE7-4662-83EE-C9D06CEF88BB} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
Task: {0EF5E43C-35D4-44A6-BD34-15E445BB8EAC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {0FEF7088-A888-47F3-B0FA-B7E3A2C1604C} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {244B36C9-4D0A-41EB-85BF-C03B03D82061} - System32\Tasks\ProfessionalPCCleaner_Start => C:\Program Files (x86)\Professional PC Cleaner\ProfessionalPCCleaner.exe
Task: {2AD61C83-F1F8-433C-BEAA-7E41A7750AFC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-06-07] (Hewlett-Packard Company)
Task: {2B7182F3-CED5-449B-8ACA-0C0F50795D00} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-11-29] (Hewlett-Packard Company)
Task: {2CC9D81B-E031-4092-85BC-76068E74DA7E} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-12] (CyberLink)
Task: {38643DC3-D1A9-43B1-9BE7-FFCD4627FA74} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {46A0200B-D841-4798-817E-70970210EFC1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-05] (Google Inc.)
Task: {5719E1D5-A0F5-4213-B1C4-1275AF14753B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {66E39BB9-C0C4-451B-AAFB-1E70E4EBCE2C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-06-06] (Hewlett-Packard)
Task: {70CFA540-0165-4950-B101-1AC4F71F6252} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {717D6E66-D3D2-472C-BE4A-507C625B1729} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {7BF7ACC8-CFC0-4419-AB5F-E7A100766DFE} - System32\Tasks\{21FD9DBB-6D6E-462F-B274-4752297044DF} => pcalua.exe -a C:\Users\catrina\AppData\Local\GamesFlight\uflight.exe
Task: {7C4D2D26-2B5F-486C-87FD-6A3EFE70D9F4} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {892518B8-0BED-4B18-B5D7-D7BEFE0010F6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {9BA5995D-D414-4972-911D-DEF34C4F801F} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {9C1583E2-3F57-463A-AFB1-258CFB53063F} - System32\Tasks\ProfessionalPCCleaner_Popup => C:\Program Files (x86)\Professional PC Cleaner\Splash.exe
Task: {AD144F19-563C-42F6-BF9C-0F5D1C88352F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-05] (Google Inc.)
Task: {B49BBAD7-DD4E-46D5-80C3-5760254D42A4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C61D9D52-8B29-470B-851F-FFAC7424FB31} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {CFBE3F22-CB77-4B89-B3FA-B3B49C3C5205} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {D73FA0AB-058F-43E7-BE5D-B520C3A124DF} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {D7C95FA2-092C-4DDA-BBD7-AA47AFDCC75F} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {FD553706-3F6C-420B-BEAC-1B7F2F975899} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\catrina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 00:18 - 2015-10-30 00:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-06-02 00:46 - 2016-06-02 00:46 - 00959168 _____ () C:\Users\catrina\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-06-02 00:37 - 2016-06-02 00:37 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-06-02 01:23 - 2016-06-02 01:24 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-10-30 02:08 - 2015-10-30 02:08 - 08395776 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.10.13.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2015-10-30 02:08 - 2015-10-30 02:08 - 02311680 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.10.13.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-06-02 00:36 - 2016-06-02 00:36 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-06-02 00:46 - 2016-06-02 00:46 - 00679624 _____ () C:\Users\catrina\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2016-06-02 01:23 - 2016-06-02 01:24 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-06-02 01:23 - 2016-06-02 01:24 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-06-02 17:41 - 2016-05-31 23:50 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.79\libglesv2.dll
2016-06-02 17:41 - 2016-05-31 23:50 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.79\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 06:25 - 2015-11-23 14:37 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3730912956-2149780455-674675747-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\catrina\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{B634DEEA-7C40-4895-8403-A6AE9FA0D714}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{64098242-916E-4E0B-8009-843A28E5396C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D03DFC3E-5C67-46A0-9297-117E7E93D46F}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{C96DFA8A-1439-4840-B623-490289667808}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{D34D0CEA-479B-4621-97FB-A5E9415C9B10}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{6DB54BCB-0DCD-410A-BDCF-135296DE57C2}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{CDCBA2BA-0FCB-4208-B629-A11CD88C8B49}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{F8ED7D7E-EAE5-4C16-8D60-27D46CF43AC4}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{78CC9B3D-9B4B-4A79-83A6-1680329E482F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{ECEE4841-C59A-4FF3-B4AA-73E7D8A354FC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{ECC184E6-F71D-497C-BE25-07417C9A0762}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{88194878-C3C3-4461-BF34-EF94DC92BD68}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{25E39814-7148-476D-99B3-A6D963E38773}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{03AE4C69-537D-472F-8171-3D26B1CAB088}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{04F52E89-71F2-4330-9060-C241AF2E51BB}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{6FC0C456-3E0D-444C-8702-556F4970D0B5}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{39F136F0-0ACD-4801-9D3C-694E0006EA2B}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{C36CAA4C-91B6-4A3F-8A55-FA1D308F9737}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{BE16D70F-C564-45FA-A49B-3D4916DF17EA}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{DBFC5238-CC4A-4065-B196-5B814395E060}] => (Allow) C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{F45F65AA-21D1-40FF-A256-C50031E74513}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{825E0E02-790A-4CFE-A8D8-74C346F0FF4E}] => (Allow) LPort=2869
FirewallRules: [{F23F44BA-A7B7-4CA4-9D49-BB53AAE3B007}] => (Allow) LPort=1900
FirewallRules: [{15A3DC85-F7E1-41F4-948E-9769D8E52DA9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DBAFCF13-1F92-4347-B7C1-40EFAC3409E5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9F6BADDF-4462-4FB2-B62E-F4B3304C94B0}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{C007B9F7-A519-4C06-96A9-5D8B9A3084C9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/03/2016 07:33:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WUDFHost.exe, version: 10.0.10586.0, time stamp: 0x5632d175
Faulting module name: ntdll.dll, version: 10.0.10586.306, time stamp: 0x571af2eb
Exception code: 0xc0000374
Fault offset: 0x00000000000ee6fc
Faulting process id: 0x1f14
Faulting application start time: 0xWUDFHost.exe0
Faulting application path: WUDFHost.exe1
Faulting module path: WUDFHost.exe2
Report Id: WUDFHost.exe3
Faulting package full name: WUDFHost.exe4
Faulting package-relative application ID: WUDFHost.exe5
 
Error: (06/03/2016 07:33:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WUDFHost.exe, version: 10.0.10586.0, time stamp: 0x5632d175
Faulting module name: ntdll.dll, version: 10.0.10586.306, time stamp: 0x571af2eb
Exception code: 0xc0000374
Fault offset: 0x00000000000ee6fc
Faulting process id: 0x104c
Faulting application start time: 0xWUDFHost.exe0
Faulting application path: WUDFHost.exe1
Faulting module path: WUDFHost.exe2
Report Id: WUDFHost.exe3
Faulting package full name: WUDFHost.exe4
Faulting package-relative application ID: WUDFHost.exe5
 
Error: (06/02/2016 06:47:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WUDFHost.exe, version: 10.0.10586.0, time stamp: 0x5632d175
Faulting module name: ntdll.dll, version: 10.0.10586.306, time stamp: 0x571af2eb
Exception code: 0xc0000374
Fault offset: 0x00000000000ee6fc
Faulting process id: 0x139c
Faulting application start time: 0xWUDFHost.exe0
Faulting application path: WUDFHost.exe1
Faulting module path: WUDFHost.exe2
Report Id: WUDFHost.exe3
Faulting package full name: WUDFHost.exe4
Faulting package-relative application ID: WUDFHost.exe5
 
Error: (06/02/2016 01:31:53 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CATRINA)
Description: Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/02/2016 01:19:43 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CATRINA)
Description: Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/02/2016 01:13:11 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CATRINA)
Description: Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/02/2016 01:07:16 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CATRINA)
Description: Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/02/2016 01:06:53 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CATRINA)
Description: Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/02/2016 12:58:11 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CATRINA)
Description: Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/02/2016 12:13:30 AM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: 0x8007085A
 
 
System errors:
=============
Error: (06/05/2016 07:26:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The COM+ System Application service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
 
Error: (06/05/2016 07:26:25 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (06/05/2016 07:12:30 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.
 
 Code: 8 0x0 0x0
 
Error: (06/05/2016 07:12:27 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.
 
 Code: 2 0xdeaddeed 0xeeec
 
Error: (06/05/2016 07:12:27 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.
 
 Code: 1 0xc 0x4
 
Error: (06/03/2016 07:33:25 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{3185A766-B338-11E4-A71E-12E3F512A338}{7006698D-2974-4091-A424-85DD0B909E23}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (06/02/2016 12:19:24 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
 
Error: (06/02/2016 12:17:20 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error: 
%%1058
 
Error: (06/02/2016 12:17:20 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error: 
%%1058
 
Error: (06/02/2016 12:17:20 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error: 
%%1058
 
 
CodeIntegrity:
===================================
  Date: 2016-06-07 12:03:11.665
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-07 12:03:11.638
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-07 12:02:20.000
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-07 12:02:19.974
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-07 12:02:19.409
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-07 12:02:19.381
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-07 12:02:19.297
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-07 12:02:19.249
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-02 00:12:57.797
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-02 00:08:42.617
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: AMD A4-5000 APU with Radeon™ HD Graphics 
Percentage of memory in use: 52%
Total physical RAM: 3541.48 MB
Available physical RAM: 1670.09 MB
Total Virtual: 3941.48 MB
Available Virtual: 1801.6 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:445.61 GB) (Free:396.88 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery Image) (Fixed) (Total:17.89 GB) (Free:2.19 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: AE4989AF)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

  • 0

#8
Jr0x

Jr0x

    Malware removal team

  • Malware Removal
  • 1,830 posts
Hi retro1324,

FRST.gifFix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste.
  • Save it on the desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.


Start
CreateRestorePoint:
CloseProcesses:

HKU\S-1-5-21-3730912956-2149780455-674675747-1001\...\Run: [Norton Download Manager{NIS2250215-SHPD-FSD51083}] => C:\Users\catrina\AppData\Local\Temp\{55B734A3-08DB-4499-A563-D5EF636AEACF}\Upgrade.exe [2059272 2015-07-27] (Symantec Corporation) <===== ATTENTION
Toolbar: HKU\S-1-5-21-3730912956-2149780455-674675747-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Task: {00F26C2D-E025-4804-AE49-628DE2397BF4} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {0EF5E43C-35D4-44A6-BD34-15E445BB8EAC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {0FEF7088-A888-47F3-B0FA-B7E3A2C1604C} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {244B36C9-4D0A-41EB-85BF-C03B03D82061} - System32\Tasks\ProfessionalPCCleaner_Start => C:\Program Files (x86)\Professional PC Cleaner\ProfessionalPCCleaner.exe
Task: {38643DC3-D1A9-43B1-9BE7-FFCD4627FA74} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {5719E1D5-A0F5-4213-B1C4-1275AF14753B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {70CFA540-0165-4950-B101-1AC4F71F6252} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {717D6E66-D3D2-472C-BE4A-507C625B1729} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {7C4D2D26-2B5F-486C-87FD-6A3EFE70D9F4} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {892518B8-0BED-4B18-B5D7-D7BEFE0010F6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {9BA5995D-D414-4972-911D-DEF34C4F801F} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {9C1583E2-3F57-463A-AFB1-258CFB53063F} - System32\Tasks\ProfessionalPCCleaner_Popup => C:\Program Files (x86)\Professional PC Cleaner\Splash.exe
Task: {B49BBAD7-DD4E-46D5-80C3-5760254D42A4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C61D9D52-8B29-470B-851F-FFAC7424FB31} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {CFBE3F22-CB77-4B89-B3FA-B3B49C3C5205} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {D7C95FA2-092C-4DDA-BBD7-AA47AFDCC75F} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {FD553706-3F6C-420B-BEAC-1B7F2F975899} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION

C:\Program Files (x86)\Professional PC Cleaner

Emptytemp:
Hosts:
End
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.

Note: Your machine will reboot after the fix.


adwcleaner_new.png Scan with AdwCleaner

Download AdwCleaner from here or from here. Save the file to the Desktop.

Note: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:
    AdwCleaner_Scan_zpsvt1mvqxm.png
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove. Please Do Not delete anything at this time.
  • Do not click the Cleaning button.
  • Click the Logfile button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.
In your next reply, please include the following:
  • FRST fixlog
  • AdwCleaner scan log

  • 0

#9
retro1324

retro1324

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 113 posts

Fix result of Farbar Recovery Scan Tool (x64) Version:09-06-2016

Ran by catrina (2016-06-08 16:51:14) Run:3
Running from C:\Users\catrina\Desktop
Loaded Profiles: catrina (Available Profiles: catrina & Administrator)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
 
HKU\S-1-5-21-3730912956-2149780455-674675747-1001\...\Run: [Norton Download Manager{NIS2250215-SHPD-FSD51083}] => C:\Users\catrina\AppData\Local\Temp\{55B734A3-08DB-4499-A563-D5EF636AEACF}\Upgrade.exe [2059272 2015-07-27] (Symantec Corporation) <===== ATTENTION
Toolbar: HKU\S-1-5-21-3730912956-2149780455-674675747-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Task: {00F26C2D-E025-4804-AE49-628DE2397BF4} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {0EF5E43C-35D4-44A6-BD34-15E445BB8EAC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {0FEF7088-A888-47F3-B0FA-B7E3A2C1604C} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {244B36C9-4D0A-41EB-85BF-C03B03D82061} - System32\Tasks\ProfessionalPCCleaner_Start => C:\Program Files (x86)\Professional PC Cleaner\ProfessionalPCCleaner.exe
Task: {38643DC3-D1A9-43B1-9BE7-FFCD4627FA74} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {5719E1D5-A0F5-4213-B1C4-1275AF14753B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {70CFA540-0165-4950-B101-1AC4F71F6252} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {717D6E66-D3D2-472C-BE4A-507C625B1729} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {7C4D2D26-2B5F-486C-87FD-6A3EFE70D9F4} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {892518B8-0BED-4B18-B5D7-D7BEFE0010F6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {9BA5995D-D414-4972-911D-DEF34C4F801F} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {9C1583E2-3F57-463A-AFB1-258CFB53063F} - System32\Tasks\ProfessionalPCCleaner_Popup => C:\Program Files (x86)\Professional PC Cleaner\Splash.exe
Task: {B49BBAD7-DD4E-46D5-80C3-5760254D42A4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C61D9D52-8B29-470B-851F-FFAC7424FB31} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {CFBE3F22-CB77-4B89-B3FA-B3B49C3C5205} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {D7C95FA2-092C-4DDA-BBD7-AA47AFDCC75F} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {FD553706-3F6C-420B-BEAC-1B7F2F975899} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
 
C:\Program Files (x86)\Professional PC Cleaner
 
Emptytemp:
Hosts:
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-3730912956-2149780455-674675747-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Norton Download Manager{NIS2250215-SHPD-FSD51083} => value removed successfully
HKU\S-1-5-21-3730912956-2149780455-674675747-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{00F26C2D-E025-4804-AE49-628DE2397BF4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00F26C2D-E025-4804-AE49-628DE2397BF4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0EF5E43C-35D4-44A6-BD34-15E445BB8EAC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0EF5E43C-35D4-44A6-BD34-15E445BB8EAC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0FEF7088-A888-47F3-B0FA-B7E3A2C1604C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0FEF7088-A888-47F3-B0FA-B7E3A2C1604C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-Weekend" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{244B36C9-4D0A-41EB-85BF-C03B03D82061}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{244B36C9-4D0A-41EB-85BF-C03B03D82061}" => key removed successfully
C:\WINDOWS\System32\Tasks\ProfessionalPCCleaner_Start => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProfessionalPCCleaner_Start" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{38643DC3-D1A9-43B1-9BE7-FFCD4627FA74}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{38643DC3-D1A9-43B1-9BE7-FFCD4627FA74}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5719E1D5-A0F5-4213-B1C4-1275AF14753B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5719E1D5-A0F5-4213-B1C4-1275AF14753B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{70CFA540-0165-4950-B101-1AC4F71F6252}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{70CFA540-0165-4950-B101-1AC4F71F6252}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{717D6E66-D3D2-472C-BE4A-507C625B1729}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{717D6E66-D3D2-472C-BE4A-507C625B1729}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7C4D2D26-2B5F-486C-87FD-6A3EFE70D9F4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C4D2D26-2B5F-486C-87FD-6A3EFE70D9F4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{892518B8-0BED-4B18-B5D7-D7BEFE0010F6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{892518B8-0BED-4B18-B5D7-D7BEFE0010F6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9BA5995D-D414-4972-911D-DEF34C4F801F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9BA5995D-D414-4972-911D-DEF34C4F801F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9C1583E2-3F57-463A-AFB1-258CFB53063F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C1583E2-3F57-463A-AFB1-258CFB53063F}" => key removed successfully
C:\WINDOWS\System32\Tasks\ProfessionalPCCleaner_Popup => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProfessionalPCCleaner_Popup" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B49BBAD7-DD4E-46D5-80C3-5760254D42A4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B49BBAD7-DD4E-46D5-80C3-5760254D42A4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C61D9D52-8B29-470B-851F-FFAC7424FB31}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C61D9D52-8B29-470B-851F-FFAC7424FB31}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CFBE3F22-CB77-4B89-B3FA-B3B49C3C5205}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFBE3F22-CB77-4B89-B3FA-B3B49C3C5205}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D7C95FA2-092C-4DDA-BBD7-AA47AFDCC75F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D7C95FA2-092C-4DDA-BBD7-AA47AFDCC75F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FD553706-3F6C-420B-BEAC-1B7F2F975899}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD553706-3F6C-420B-BEAC-1B7F2F975899}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"C:\Program Files (x86)\Professional PC Cleaner" => not found.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 796.7 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 16:52:12 ====
 
 
 
# AdwCleaner v5.119 - Logfile created 08/06/2016 at 17:56:31
# Updated 30/05/2016 by Xplode
# Database : 2016-06-07.1 [Server]
# Operating system : Windows 10 Home  (X64)
# Username : catrina - CATRINA
# Running from : C:\Users\catrina\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\Users\catrina\AppData\Local\Gameo
Folder Found : C:\Users\catrina\AppData\Roaming\GoldenGate
 
***** [ Files ] *****
 
File Found : C:\Users\Public\Desktop\eBay.lnk
File Found : C:\Users\catrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url
File Found : C:\Users\catrina\AppData\Roaming\Mozilla\Firefox\Profiles\v2tnow4k.default\searchplugins\search-provided-by-yahoo.xml
 
***** [ DLL ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\gameo
Key Found : HKCU\Software\GoldenGate
Key Found : HKCU\Software\PRODUCTSETUP
Key Found : HKCU\Software\yahooprovidedsearch
Key Found : HKU\S-1-5-21-3730912956-2149780455-674675747-1001\Software\gameo
Key Found : HKU\S-1-5-21-3730912956-2149780455-674675747-1001\Software\GoldenGate
Key Found : HKU\S-1-5-21-3730912956-2149780455-674675747-1001\Software\PRODUCTSETUP
Key Found : HKU\S-1-5-21-3730912956-2149780455-674675747-1001\Software\yahooprovidedsearch
Data Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_instlmtrx_15_48&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDtByCyE0D0D0E0AyDtC0CtN0D0Tzu0StCyEtBtBtN1L2XzutAtFtCtBtFyBtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyCtBtB0FtCtD0CtDtGyD0FyD0BtGtC0CtD0BtGyB0C0AtDtG0C0CtD0EtAyE0DyB0F0AyE0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyC0F0A0EtDtB0EtG0BzyzyzytGyE0AtA0BtGzz0DyC0CtGtCtCyEtD0C0DyB0F0F0BtAtC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDzzzy%26cr%3D90773413%26a%3Dwbf_instlmtrx_15_48%26os%3DWindows%2B8.1
Data Found : HKU\S-1-5-21-3730912956-2149780455-674675747-1001\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_instlmtrx_15_48&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDtByCyE0D0D0E0AyDtC0CtN0D0Tzu0StCyEtBtBtN1L2XzutAtFtCtBtFyBtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyCtBtB0FtCtD0CtDtGyD0FyD0BtGtC0CtD0BtGyB0C0AtDtG0C0CtD0EtAyE0DyB0F0AyE0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyC0F0A0EtDtB0EtG0BzyzyzytGyE0AtA0BtGzz0DyC0CtGtCtCyEtD0C0DyB0F0F0BtAtC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDzzzy%26cr%3D90773413%26a%3Dwbf_instlmtrx_15_48%26os%3DWindows%2B8.1
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}
Key Found : HKU\S-1-5-21-3730912956-2149780455-674675747-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKU\S-1-5-21-3730912956-2149780455-674675747-1001\Software\Microsoft\Internet Explorer\SearchScopes\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A}
 
***** [ Web browsers ] *****
 
[C:\Users\catrina\AppData\Roaming\Mozilla\Firefox\Profiles\v2tnow4k.default\prefs.js] Found : user_pref("browser.search.defaultenginename.US", "Search Provided by Yahoo");
[C:\Users\catrina\AppData\Roaming\Mozilla\Firefox\Profiles\v2tnow4k.default\prefs.js] Found : user_pref("browser.startup.homepage", "hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_instlmtrx_15_48&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Dus%26pa%3DWincy%[...]
[C:\Users\catrina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\catrina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\catrina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : search provided by yahoo.com
[C:\Users\catrina\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Found : hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_instlmtrx_15_48&param1=1&param2=f%3D4%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDtByCyE0D0D0E0AyDtC0CtN0D0Tzu0StCyEtBtBtN1L2XzutAtFtCtBtFyBtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyCtBtB0FtCtD0CtDtGyD0FyD0BtGtC0CtD0BtGyB0C0AtDtG0C0CtD0EtAyE0DyB0F0AyE0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyC0F0A0EtDtB0EtG0BzyzyzytGyE0AtA0BtGzz0DyC0CtGtCtCyEtD0C0DyB0F0F0BtAtC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDzzzy%26cr%3D90773413%26a%3Dwbf_instlmtrx_15_48%26os%3DWindows%2B8.1&p={searchTerms}
[C:\Users\catrina\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : madakpajlmcpaodhfbekojajlhbdklol
 
*************************
 
C:\AdwCleaner\AdwCleaner[S1].txt - [5117 bytes] - [08/06/2016 17:56:31]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [5190 bytes] ##########
 

  • 0

#10
Jr0x

Jr0x

    Malware removal team

  • Malware Removal
  • 1,830 posts
Hi retro1324,


JRTbythisisu.png Fix with Junkware Removal Tool

Please download JRT by Thisisu and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click on JRTbythisisu.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and let this process run uninterrupted.
  • This scan can take a while, depending on your System specs.
  • Upon completion, a log (JRT.txt) will open on your desktop.
Please include the contents of that file in your reply.

Do not forget to re-enable your previously switched off protection software!
Please also manually reboot your machine after this procedure.


adwcleaner_new.pngRe-run AdwCleaner

Close all open windows and browsers.

Re-open AdwCleaner
  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Scan button and wait for the scan to finish.
  • Everything left checked will be deleted.
  • Now click the Cleaning button.
  • Once done it will ask to reboot, allow this.
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C1].txt
JHlUMFt.png Malwarebytes Anti-Malware
  • Download Malwarebytes Anti-Malware to your Desktop
  • Double click the file to open it. Install the program.
  • Before you click Finish, make sure that:
    • Enable free trial of Malwarebytes Anti-Malware Premium is unchecked
    • Launch Malwarebytes Anti-Malware is checked
  • In Database version section, click Update Now
  • Once the update is done, click Settings>Detection and Protection
  • Make sure that all three boxes under Detection Options are checked
    vG7pLOy.png
  • Go back to Dashboard and click the big, green Scan Now button.
  • Wait for Malwarebytes Anti-Malware to finish the scan
  • If the program will detect anything, click Remove Selected. The program might want to reboot the system. Allow it it wants to.
  • Once the deletion is done (or after reboot), go to History, select Application Logs and click the latest Scan Log.
  • Click Export, then click Copy to Clipboard.
  • Paste (CTRL+V) the log into your next reply.
Scan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.
Click there Run ESET Online Scanner.

If using Internet Explorer:
  • Accept the Terms of Use and click Start.
  • Allow the running of add-on.
If using Mozilla Firefox or Google Chrome:
  • Download esetsmartinstaller_enu.exe that you'll be given link to.
  • Double click esetsmartinstaller_enu.exe.
  • Allow the Terms of Use and click Start.
To perform the scan:
  • Make sure that Enable detection of potentially unwanted applications is checked.
  • In the Advanced Settings dropdown menu:
    • Make sure that Remove found threats is unchecked.
    • Scan archives is checked.
    • Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
    • Use custom proxy settings is unchecked.
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When the scan is done, click Finish.
  • A logfile will be created at C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt. Open it using Notepad.
Please include this logfile in your next reply.
Don't forget to re-enable previously switched-off protection software!
 
In your next reply, please include the following:
  • JRT log
  • AdwCleaner log
  • MalwareBytes log
  • ESET log
  • How's your machine running now

  • 0

Advertisements


#11
retro1324

retro1324

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 113 posts

How do i turn off my screen saver bcuz i think it is affecting that las sac from finishing.


  • 0

#12
Jr0x

Jr0x

    Malware removal team

  • Malware Removal
  • 1,830 posts

Hi retro1324,

 

You can right click on your Desktop > Personalise

A Window will open. On the bottom right of the Window, you will see Screen Saver.

Click on it. 

Screen Saver Settings Window will open.

Select "None" on the Screen Saver drop down and click Apply.


  • 0

#13
retro1324

retro1324

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 113 posts

The ESET scan would never finish, no idea why. It would get to almost the end then turn black then all white then close. It kept finding 6 things tho.

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 10 Home x64 
Ran by catrina (Administrator) on Fri 06/10/2016 at  4:38:06.20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 4 
 
Successfully deleted: C:\Users\catrina\AppData\Roaming\goldengate (Folder) 
Successfully deleted: C:\Users\catrina\Start Menu\Programs\play games online.url (Shortcut) 
Successfully deleted: C:\Users\Public\Desktop\ebay.lnk (Shortcut) 
Successfully deleted: C:\Program Files (x86)\pro pc cleaner (Folder) 
 
Deleted the following from C:\Users\catrina\AppData\Roaming\Mozilla\Firefox\Profiles\v2tnow4k.default\prefs.js
user_pref(browser.startup.homepage, hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_instlmtrx_15_48&param1=1&param2=f%3D1%26b%3DFirefo
 
 
 
Registry: 4 
 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 06/10/2016 at  4:40:53.50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
# AdwCleaner v5.119 - Logfile created 10/06/2016 at 10:48:00
# Updated 30/05/2016 by Xplode
# Database : 2016-06-07.1 [Server]
# Operating system : Windows 10 Home  (X64)
# Username : catrina - CATRINA
# Running from : C:\Users\catrina\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Users\catrina\AppData\Local\Gameo
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\catrina\AppData\Roaming\Mozilla\Firefox\Profiles\v2tnow4k.default\searchplugins\search-provided-by-yahoo.xml
 
***** [ DLLs ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKCU\Software\gameo
[-] Key Deleted : HKCU\Software\GoldenGate
[-] Key Deleted : HKCU\Software\PRODUCTSETUP
[-] Key Deleted : HKCU\Software\yahooprovidedsearch
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}
 
***** [ Web browsers ] *****
 
[-] [C:\Users\catrina\AppData\Roaming\Mozilla\Firefox\Profiles\v2tnow4k.default\prefs.js] Deleted : user_pref("browser.search.defaultenginename.US", "Search Provided by Yahoo");
[-] [C:\Users\catrina\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\catrina\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\catrina\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search provided by yahoo.com
[-] [C:\Users\catrina\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Deleted : hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_instlmtrx_15_48&param1=1&param2=f%3D4%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDtByCyE0D0D0E0AyDtC0CtN0D0Tzu0StCyEtBtBtN1L2XzutAtFtCtBtFyBtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyCtBtB0FtCtD0CtDtGyD0FyD0BtGtC0CtD0BtGyB0C0AtDtG0C0CtD0EtAyE0DyB0F0AyE0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyC0F0A0EtDtB0EtG0BzyzyzytGyE0AtA0BtGzz0DyC0CtGtCtCyEtD0C0DyB0F0F0BtAtC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDzzzy%26cr%3D90773413%26a%3Dwbf_instlmtrx_15_48%26os%3DWindows%2B8.1&p={searchTerms}
[-] [C:\Users\catrina\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : madakpajlmcpaodhfbekojajlhbdklol
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [2602 bytes] - [10/06/2016 10:48:00]
C:\AdwCleaner\AdwCleaner[S1].txt - [5273 bytes] - [08/06/2016 17:56:31]
C:\AdwCleaner\AdwCleaner[S2].txt - [3002 bytes] - [10/06/2016 10:14:01]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2821 bytes] ##########
 
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
 
Scan, 6/11/2016 9:36 AM, SYSTEM, CATRINA, Manual, Start:6/10/2016 5:58 PM, Duration:1 hr 38 min 23 sec, Threat Scan, Completed, 0 Malware Detections, 17 Non-Malware Detections, 
 
(end)
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 6/10/2016
Scan Time: 5:58 PM
Logfile: 
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.06.10.05
Rootkit Database: v2016.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: catrina
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 328811
Time Elapsed: 1 hr, 38 min, 23 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 5
PUP.Optional.ProfessionalPCCleaner, HKLM\SOFTWARE\WOW6432NODE\Professional PC Cleaner, Quarantined, [d27bf902fa9f8da903bd5478c2418b75], 
PUP.Optional.InstallCore, HKU\S-1-5-21-3730912956-2149780455-674675747-1001\SOFTWARE\ICSW1.14, Quarantined, [430a59a2a1f865d11a45029660a3827e], 
PUP.Optional.ProfessionalPCCleaner, HKU\S-1-5-21-3730912956-2149780455-674675747-1001\SOFTWARE\ProfessionalPCCleanerLanguage, Quarantined, [6ce1d526efaa74c29f1deede24df728e], 
PUP.Optional.Gameo, HKU\S-1-5-21-3730912956-2149780455-674675747-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\AUDIO\POLICYCONFIG\PROPERTYSTORE\E9080CD5_0, Quarantined, [0e3f7d7e60397abcb9975a6aa55d56aa], 
PUP.Optional.WinYahoo, HKU\S-1-5-21-3730912956-2149780455-674675747-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BFREPORT, Quarantined, [c489fffcc6d364d28b515e8f51b2fb05], 
 
Registry Values: 2
PUP.Optional.Gameo, HKU\S-1-5-21-3730912956-2149780455-674675747-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\AUDIO\POLICYCONFIG\PROPERTYSTORE\e9080cd5_0, {2}.\\?\hdaudio#func_01&ven_10ec&dev_0280&subsys_103c2afd&rev_1000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\singlelineouttopo/00010001|\Device\HarddiskVolume4\Users\catrina\AppData\Roaming\Gameo\gameo.exe%b{00000000-0000-0000-0000-000000000000}, Quarantined, [0e3f7d7e60397abcb9975a6aa55d56aa]
PUP.Optional.WinYahoo, HKU\S-1-5-21-3730912956-2149780455-674675747-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BFREPORT|filename, C:\Users\catrina\AppData\Local\{FCB1CAED-D819-A655-B581-83BD91E97F25}\uninstall.exe, Quarantined, [c489fffcc6d364d28b515e8f51b2fb05]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 4
PUP.Optional.PCProCleaner, C:\Users\catrina\AppData\Roaming\updates, Quarantined, [8ebfde1df5a4b0868c1b545deb182bd5], 
PUP.Optional.ProfessionalPCCleaner, C:\Users\catrina\AppData\Local\Professional_PC_Cleaner, Quarantined, [1a33d823504969cdfe026254a85a6f91], 
PUP.Optional.ProfessionalPCCleaner, C:\Users\catrina\AppData\Local\Professional_PC_Cleaner\ProfessionalPCCleaner.exe_Url_sw5numhdonn240lbdkogdordvzoytvbi, Quarantined, [1a33d823504969cdfe026254a85a6f91], 
PUP.Optional.ProfessionalPCCleaner, C:\Users\catrina\AppData\Local\Professional_PC_Cleaner\ProfessionalPCCleaner.exe_Url_sw5numhdonn240lbdkogdordvzoytvbi\3.0.6.0, Quarantined, [1a33d823504969cdfe026254a85a6f91], 
 
Files: 6
PUP.Optional.ArcadeCandy, C:\Users\catrina\Downloads\GamesFlightGames.exe, Quarantined, [64e92dceb4e579bd242d73efc73afe02], 
PUP.Optional.InstallCore, C:\Users\catrina\Downloads\zipinstall.exe, Quarantined, [65e843b80c8d8aac82f76ad19c6516ea], 
PUP.Optional.WinYahoo, C:\Users\catrina\AppData\LocalLow\Microsoft\Internet Explorer\Services\WinYahoo.ico, Quarantined, [a4a939c26930fe381ad28001cd36e917], 
PUP.Optional.PCProCleaner, C:\Users\catrina\AppData\Roaming\updates\updates.aiu, Quarantined, [8ebfde1df5a4b0868c1b545deb182bd5], 
PUP.Optional.WinYahoo, C:\Users\catrina\AppData\LocalLow\Microsoft\Internet Explorer\Services\Wincy.ico, Quarantined, [fb520bf09cfdbd79a940ac0870931ce4], 
PUP.Optional.ProfessionalPCCleaner, C:\Users\catrina\AppData\Local\Professional_PC_Cleaner\ProfessionalPCCleaner.exe_Url_sw5numhdonn240lbdkogdordvzoytvbi\3.0.6.0\user.config, Quarantined, [1a33d823504969cdfe026254a85a6f91], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#14
Jr0x

Jr0x

    Malware removal team

  • Malware Removal
  • 1,830 posts
Hi retro1324,

Do not worry about ESET. Let's try with another scanner.

Please run a free on line scan with BitDefender Online Scanner
  • Click the green Start Scanner button
  • Click the green Scan Now button and wait a few seconds until a request appears from Bitdefender
  • Accept the plugin installation
  • Restart your browser in Administation mode if requested
  • Click the green Scan Now button again
  • Accept the eula agreement if asked
  • The scan should start. It will be relatively quick.
  • Click View report (note: this is not the green button - Free download - just click on the words View report under the black button "Get QuickScan for your website")
  • Notepad will open with a log
  • Save to your desktop
  • Copy and paste the report back here

  • 0

#15
retro1324

retro1324

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 113 posts

it wont let me get a log it however says im good to go no viruses found ...


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP