Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Referred by GTG tech for Windows 10 Loading/Freezing issues [Closed]


  • This topic is locked This topic is locked

#1
winterlady

winterlady

    Member

  • Member
  • PipPip
  • 31 posts

Hi!

 

I have been working with and referred by a GTG technician, phillpower2, he has tried to resolve my issues but unfortunately they still occur. 

 

Please follow the link here to the topic and conversations for your review as to what has been tried to resolve my problems:

http://www.geekstogo...view=getnewpost

 

Due to the problems still occurring he feels I may have transferred a Malware infection from my older laptop with Windows 8.1 OS to my new HP Pavilion Notebook with Windows 10 OS.

 

Per his instructions I followed the link to this forum he provided but found the instructions to the Malware and Spyware Cleaning Guide do not include the Windows 10 OS so I have not initiated the process.

 

Please advise if these steps are safe to perform on the Windows 10 OS before I proceed.

 

Thank you!


  • 0

Advertisements


#2
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hello Winterlady and :welcome:

My name is Bruce1270 and I will be helping you with your malware problem.

A few things before we get started.
  • Please read all instructions carefully. If there is anything you do not understand please ask me first before doing anything.
  • Please be patient. I am a volunteer who does this in my spare time so I will try to get back to you as soon as possible.
  • Please follow all instructions in the order given.
  • Please do not install any other software unless advised. This may hinder the removal process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • Please make sure you reply within 4 days to my responses, if there is no reply within 4 days, the topic will be closed and you will need to request the topic be reopened.


    Important!

    Please save or print off these instructions. Part of this fix may require you to be in safe mode where you will not be able to access the internet or my instructions!

    I would strongly recommend you back up your personal data and folders before we begin.

    Malware removal can be very long, complicated and may take multiple steps. I understand this may be frustrating but please stay with this topic until your machine is declared clean. The results will hopefully be very rewarding. :happy:
    As we go along please tell me how the computer is running now. Please be as descriptive as possible e.g. I'm still getting web redirects, I am unable to access the internet etc.

    OK. Let's move on.

    Please advise if these steps are safe to perform on the Windows 10 OS before I proceed.


    Yes. Farbar Recovery Scan Tool is perfectly safe to run on Windows 10. :)

    Please do the following:

    Please download Farbar Recovery Scan Tool and save it to your Desktop.
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click on the file and select run as administrator (if you don't have this option just double click the file to run it). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from (this should be your desktop).
  • Please copy (CTRL + C) and paste (CTRL + V) the FRST.txt log back here.
  • The first time the tool is run it generates another log Addition.txt - also located in the same directory as FRST.exe.
  • Please also paste that along with the FRST.txt into your reply.
    Note: Please do not attach any logs unless specifically requested. It's easier if you simply copy and paste them into your reply. It's OK if you have to use more than one post to do so.

    Thanks.

  • 0

#3
winterlady

winterlady

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

Hi bruce1270,

 

Thanks so much for your assistance, I greatly appreciate your dedication to offering your expertise while in your spare time!

 

As I can not be certain my ongoing issues are related to some type of infection or whether it's just the operating system itself the amount of time to return this laptop with no obligations to me is rapidly coming to an end but I would at least like to give these steps a try if possible before sending it back.

 

The strange part is the issues only occur intermittently as you know from my posts with tech support so it may be a difficult decision to make in the amount of time I have left, if I chose to return the computer it has to be done by June 20th.

 

Per your instructions I have copied and pasted the FRST.txt log below and will post the Addition.txt log in a following post.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2016
Ran by pocho (administrator) on DESKTOP-3GE0AH5 (14-06-2016 20:13:14)
Running from C:\Users\pocho\Downloads
Loaded Profiles: pocho (Available Profiles: pocho & Hough)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\avp.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\avpui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Vivaldi Technologies AS) C:\Users\pocho\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\pocho\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\pocho\AppData\Local\Vivaldi\Application\vivaldi.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Vivaldi Technologies AS) C:\Users\pocho\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\pocho\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\pocho\AppData\Local\Vivaldi\Application\vivaldi.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Vivaldi Technologies AS) C:\Users\pocho\AppData\Local\Vivaldi\Application\vivaldi.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(Vivaldi Technologies AS) C:\Users\pocho\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\pocho\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\pocho\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\pocho\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\pocho\AppData\Local\Vivaldi\Application\vivaldi.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.168_none_76587b40265ca57e\TiWorker.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8496344 2015-07-06] (Realtek Semiconductor)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [127528 2015-07-08] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [654088 2015-02-17] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-07-07] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795336 2015-06-21] (CyberLink Corp.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [23972712 2016-05-31] (Dropbox, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2331441506-1810103855-2456791680-1001\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [611584 2016-03-09] (NETGEAR Inc.)
HKU\S-1-5-21-2331441506-1810103855-2456791680-1001\...\Run: [GoogleChromeAutoLaunch_1407E1D250CC286235B1BC1857588223] => C:\Users\pocho\AppData\Local\Vivaldi\Application\vivaldi.exe [1349240 2016-06-02] (Vivaldi Technologies AS)
HKU\S-1-5-21-2331441506-1810103855-2456791680-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{d3e634af-d179-424e-93fb-18e1f5e3c92f}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2331441506-1810103855-2456791680-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-2331441506-1810103855-2456791680-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://my.yahoo.com/
HKU\S-1-5-21-2331441506-1810103855-2456791680-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
SearchScopes: HKLM-x32 -> {3A828EEB-5042-4A02-8435-9E3B69EDAA34} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2331441506-1810103855-2456791680-1001 -> {3A828EEB-5042-4A02-8435-9E3B69EDAA34} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-04-30] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-05-06] (Hewlett-Packard)
 
Edge: 
======
Edge HomeButtonPage: HKU\S-1-5-21-2331441506-1810103855-2456791680-1001 -> about:my.yahoo.com
 
FireFox:
========
FF ProfilePath: C:\Users\pocho\AppData\Roaming\Mozilla\Firefox\Profiles\j6jpzsdf.default
FF Homepage: hxxps://my.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-30] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-30] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-05] (Adobe Systems, Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2016-04-01] ()
FF Extension: WOT - C:\Users\pocho\AppData\Roaming\Mozilla\Firefox\Profiles\j6jpzsdf.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2016-05-30]
FF Extension: YesScript - C:\Users\pocho\AppData\Roaming\Mozilla\Firefox\Profiles\j6jpzsdf.default\extensions\[email protected] [2016-06-04]
FF Extension: Share Button for Pinterest - C:\Users\pocho\AppData\Roaming\Mozilla\Firefox\Profiles\j6jpzsdf.default\Extensions\{677a8f98-fd64-40b0-a883-b8c95d0cbf17}.xpi [2016-05-30]
FF Extension: Facebook Photo Zoom - C:\Users\pocho\AppData\Roaming\Mozilla\Firefox\Profiles\j6jpzsdf.default\Extensions\{7c6cdf7c-8ea8-4be7-ae5a-0b3effe14d66}.xpi [2016-06-08]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi [2016-04-29]
 
Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi
CHR HKLM-x32\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdaptiveSleepService; c:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [138752 2015-07-07] () [File not signed]
R2 AVP16.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\avp.exe [236928 2015-12-22] (AO Kaspersky Lab)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-26] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-26] (Dropbox, Inc.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-04-01] (WildTangent)
R2 HPSupportSolutionsFrameworkService; c:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28552 2016-04-26] (Hewlett-Packard Company)
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [608520 2015-02-17] (Hewlett-Packard Development Company, L.P.)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\x64\vssbridge64.exe [152488 2015-12-22] (AO Kaspersky Lab)
S3 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2016-03-09] (NETGEAR)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2015-07-06] (Realtek Semiconductor)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [260216 2016-05-26] (Synaptics Incorporated)
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [60432 2015-07-14] (Advanced Micro Devices, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [18968 2015-07-14] (Advanced Micro Devices, INC.)
S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [101104 2015-07-14] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [73976 2015-07-14] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [277240 2015-07-14] (Advanced Micro Devices, Inc. )
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-07-14] (Advanced Micro Devices)
R3 clwvd6; C:\Windows\system32\DRIVERS\clwvd6.sys [41704 2013-10-29] (CyberLink Corporation)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-09-11] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [79752 2015-12-01] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [78200 2015-12-02] (AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [182664 2015-12-11] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\drivers\klhk.sys [237488 2016-04-29] (AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP16.0.1\Bases\klids.sys [182360 2016-06-14] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [987568 2016-04-29] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [51288 2016-04-29] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [52608 2015-11-11] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45960 2015-12-07] (AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [87944 2015-10-06] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [112520 2015-12-03] (AO Kaspersky Lab)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [194440 2015-12-03] (AO Kaspersky Lab)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2016-05-28] (CACE Technologies, Inc.)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [301784 2015-06-10] (Realtek Semiconductor Corp.)
S3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [886528 2015-06-01] (Realtek                                            )
S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402136 2015-06-10] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [4619520 2015-07-21] (Realtek Semiconductor Corporation                           )
R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [67704 2016-05-26] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [33960 2015-07-13] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-24] (HP Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-14 20:13 - 2016-06-14 20:13 - 00019684 _____ C:\Users\pocho\Downloads\FRST.txt
2016-06-14 20:13 - 2016-06-14 20:13 - 00000000 ____D C:\FRST
2016-06-14 20:06 - 2016-06-14 20:12 - 00001485 _____ C:\Users\pocho\Desktop\FRST64 - Shortcut.lnk
2016-06-14 19:28 - 2016-06-14 20:12 - 02385920 _____ (Farbar) C:\Users\pocho\Downloads\FRST64.exe
2016-06-14 06:49 - 2016-06-14 06:49 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-06-14 06:49 - 2016-06-14 06:49 - 00001182 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-06-14 06:49 - 2016-06-14 06:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-06-14 06:48 - 2016-06-14 06:48 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-06-14 06:48 - 2016-06-14 06:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-06-14 06:48 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-06-14 06:48 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-06-14 06:48 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-06-14 06:46 - 2016-06-14 06:47 - 22851472 _____ (Malwarebytes ) C:\Users\pocho\Downloads\mbam-setup-2.2.1.1043.exe
2016-06-14 06:32 - 2016-06-14 06:32 - 00000000 ____D C:\Program Files\Common Files\AV
2016-06-14 06:32 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2016-06-14 06:28 - 2016-06-14 06:28 - 00001471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-06-14 06:28 - 2016-06-14 06:28 - 00001459 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-06-14 06:28 - 2016-06-14 06:28 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2016-06-14 06:28 - 2016-06-14 06:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-06-14 06:27 - 2016-06-14 06:38 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-06-14 06:27 - 2016-06-14 06:34 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-06-14 06:27 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2016-06-14 06:25 - 2016-06-14 06:26 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\pocho\Downloads\spybot-2.4.exe
2016-06-14 05:38 - 2016-06-14 05:38 - 00000000 ___HD C:\OneDriveTemp
2016-06-13 07:14 - 2016-06-13 07:14 - 1063962638 _____ C:\WINDOWS\MEMORY.DMP
2016-06-13 07:14 - 2016-06-13 07:14 - 00624044 _____ C:\WINDOWS\Minidump\061316-22890-01.dmp
2016-06-13 07:14 - 2016-06-13 07:14 - 00000000 ____D C:\WINDOWS\Minidump
2016-06-11 10:23 - 2016-06-11 10:23 - 00000000 ____D C:\Users\Hough\AppData\Roaming\Macromedia
2016-06-11 10:23 - 2016-06-11 10:23 - 00000000 ____D C:\Users\Hough\AppData\Local\Macromedia
2016-06-11 09:08 - 2016-06-11 09:14 - 00000000 ____D C:\Users\Hough\AppData\Local\Mozilla
2016-06-11 09:08 - 2016-06-11 09:08 - 00000000 ____D C:\Users\Hough\AppData\Roaming\Mozilla
2016-06-11 09:07 - 2016-06-11 09:08 - 00002374 _____ C:\Users\Hough\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-06-11 09:07 - 2016-06-11 09:08 - 00000000 ___RD C:\Users\Hough\OneDrive
2016-06-11 09:07 - 2016-06-11 09:07 - 00000000 ____D C:\Users\Hough\AppData\Local\Dropbox
2016-06-11 09:06 - 2016-06-11 09:06 - 00000000 ____D C:\Users\Hough\AppData\Local\Publishers
2016-06-11 09:06 - 2016-06-11 09:06 - 00000000 ____D C:\Users\Hough\AppData\Local\Comms
2016-06-11 09:06 - 2016-06-11 09:06 - 00000000 ____D C:\Users\Hough\AppData\Local\ActiveSync
2016-06-11 09:05 - 2016-06-11 09:07 - 00000000 ____D C:\Users\Hough\AppData\Local\CyberLink
2016-06-11 09:05 - 2016-06-11 09:05 - 00000000 ____D C:\Users\Hough\Documents\YouCam
2016-06-11 09:05 - 2016-06-11 09:05 - 00000000 ____D C:\Users\Hough\AppData\Local\Hewlett-Packard
2016-06-11 09:05 - 2016-06-11 09:05 - 00000000 ____D C:\Users\Hough\AppData\Local\DropboxOEM
2016-06-11 09:04 - 2016-06-11 09:25 - 00000000 ____D C:\Users\Hough\AppData\Local\Packages
2016-06-11 09:04 - 2016-06-11 09:07 - 00000000 ____D C:\Users\Hough
2016-06-11 09:04 - 2016-06-11 09:04 - 00000020 ___SH C:\Users\Hough\ntuser.ini
2016-06-11 09:04 - 2016-06-11 09:04 - 00000000 _SHDL C:\Users\Hough\My Documents
2016-06-11 09:04 - 2016-06-11 09:04 - 00000000 _SHDL C:\Users\Hough\Documents\My Videos
2016-06-11 09:04 - 2016-06-11 09:04 - 00000000 _SHDL C:\Users\Hough\Documents\My Pictures
2016-06-11 09:04 - 2016-06-11 09:04 - 00000000 _SHDL C:\Users\Hough\Documents\My Music
2016-06-11 09:04 - 2016-06-11 09:04 - 00000000 ____D C:\Users\Hough\AppData\Roaming\Synaptics
2016-06-11 09:04 - 2016-06-11 09:04 - 00000000 ____D C:\Users\Hough\AppData\Roaming\Adobe
2016-06-11 09:04 - 2016-06-11 09:04 - 00000000 ____D C:\Users\Hough\AppData\Local\VirtualStore
2016-06-11 09:04 - 2016-06-11 09:04 - 00000000 ____D C:\Users\Hough\AppData\Local\TileDataLayer
2016-06-11 09:04 - 2016-06-07 08:13 - 00000000 ____D C:\Users\Hough\Documents\hp.system.package.metadata
2016-06-11 09:04 - 2016-06-07 08:13 - 00000000 ____D C:\Users\Hough\Documents\hp.applications.package.appdata
2016-06-11 09:04 - 2016-06-07 08:13 - 00000000 ____D C:\Users\Hough\AppData\Local\Microsoft Help
2016-06-09 07:06 - 2016-06-09 07:06 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-06-07 12:27 - 2016-06-07 12:27 - 00000000 ____D C:\Users\pocho\AppData\Local\ActiveSync
2016-06-07 12:24 - 2016-06-07 12:24 - 00000020 ___SH C:\Users\pocho\ntuser.ini
2016-06-07 11:57 - 2016-06-07 08:31 - 00000000 ___DC C:\WINDOWS\Panther
2016-06-07 11:49 - 2016-06-07 11:49 - 00000000 ____D C:\Windows.old
2016-06-07 11:46 - 2016-06-07 11:46 - 24604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 18676224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 13383168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-06-07 11:46 - 2016-06-07 11:46 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 06605504 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 05502976 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 05324288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 05240960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 04775424 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 04515256 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-06-07 11:46 - 2016-06-07 11:46 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-06-07 11:46 - 2016-06-07 11:46 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 03673424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 03591168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-06-07 11:46 - 2016-06-07 11:46 - 03575296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 03078144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 02919832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 02598912 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 02403680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-06-07 11:46 - 2016-06-07 11:46 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 02152280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-06-07 11:46 - 2016-06-07 11:46 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 02000896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-06-07 11:46 - 2016-06-07 11:46 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 01902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 01848072 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 01819208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 01776768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 01731072 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 01714688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 01594920 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 01575936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 01536088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 01522152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 01444352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 01410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 01395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-06-07 11:46 - 2016-06-07 11:46 - 01372304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 01319424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-06-07 11:46 - 2016-06-07 11:46 - 01297752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 01239552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 01211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 01161120 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 01152864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-06-07 11:46 - 2016-06-07 11:46 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-06-07 11:46 - 2016-06-07 11:46 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 01098240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 01092464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 01089888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-06-07 11:46 - 2016-06-07 11:46 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 01052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-06-07 11:46 - 2016-06-07 11:46 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-06-07 11:46 - 2016-06-07 11:46 - 00988672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00958976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-06-07 11:46 - 2016-06-07 11:46 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-06-07 11:46 - 2016-06-07 11:46 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-06-07 11:46 - 2016-06-07 11:46 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00770640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00725776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00713920 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00707608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00696672 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2016-06-07 11:46 - 2016-06-07 11:46 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00686976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00650304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00639488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00638816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-06-07 11:46 - 2016-06-07 11:46 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-06-07 11:46 - 2016-06-07 11:46 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00619296 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00605440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-06-07 11:46 - 2016-06-07 11:46 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-06-07 11:46 - 2016-06-07 11:46 - 00582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00577368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-06-07 11:46 - 2016-06-07 11:46 - 00569744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00565600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-06-07 11:46 - 2016-06-07 11:46 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00550656 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00541304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-06-07 11:46 - 2016-06-07 11:46 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00534872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-06-07 11:46 - 2016-06-07 11:46 - 00530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2016-06-07 11:46 - 2016-06-07 11:46 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00522176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00513368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00498960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-06-07 11:46 - 2016-06-07 11:46 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00453472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00451928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-06-07 11:46 - 2016-06-07 11:46 - 00413536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-06-07 11:46 - 2016-06-07 11:46 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-06-07 11:46 - 2016-06-07 11:46 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlansec.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-06-07 11:46 - 2016-06-07 11:46 - 00390496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00378208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2016-06-07 11:46 - 2016-06-07 11:46 - 00374008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-06-07 11:46 - 2016-06-07 11:46 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-06-07 11:46 - 2016-06-07 11:46 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AccountsRt.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-06-07 11:46 - 2016-06-07 11:46 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2016-06-07 11:46 - 2016-06-07 11:46 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00330072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-06-07 11:46 - 2016-06-07 11:46 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00306832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-06-07 11:46 - 2016-06-07 11:46 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00294592 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00291360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2016-06-07 11:46 - 2016-06-07 11:46 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-06-07 11:46 - 2016-06-07 11:46 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-06-07 11:46 - 2016-06-07 11:46 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2016-06-07 11:46 - 2016-06-07 11:46 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-06-07 11:46 - 2016-06-07 11:46 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-06-07 11:46 - 2016-06-07 11:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00217440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00204048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-06-07 11:46 - 2016-06-07 11:46 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00190144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-06-07 11:46 - 2016-06-07 11:46 - 00188256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-06-07 11:46 - 2016-06-07 11:46 - 00183904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-06-07 11:46 - 2016-06-07 11:46 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-06-07 11:46 - 2016-06-07 11:46 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-06-07 11:46 - 2016-06-07 11:46 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00131424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufxsynopsys.sys
2016-06-07 11:46 - 2016-06-07 11:46 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2016-06-07 11:46 - 2016-06-07 11:46 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00100232 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-06-07 11:46 - 2016-06-07 11:46 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdport.sys
2016-06-07 11:46 - 2016-06-07 11:46 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\filecrypt.sys
2016-06-07 11:46 - 2016-06-07 11:46 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-06-07 11:46 - 2016-06-07 11:46 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
2016-06-07 11:46 - 2016-06-07 11:46 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00081144 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-06-07 11:46 - 2016-06-07 11:46 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00074424 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2016-06-07 11:46 - 2016-06-07 11:46 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-06-07 11:46 - 2016-06-07 11:46 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2016-06-07 11:46 - 2016-06-07 11:46 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00058400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00058208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwminit.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-06-07 11:46 - 2016-06-07 11:46 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe
2016-06-07 11:46 - 2016-06-07 11:46 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe
2016-06-07 11:46 - 2016-06-07 11:46 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2016-06-07 11:46 - 2016-06-07 11:46 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-06-07 11:46 - 2016-06-07 11:46 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsdchngr.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2016-06-07 11:46 - 2016-06-07 11:46 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-06-07 11:46 - 2016-06-07 11:46 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2016-06-07 11:46 - 2016-06-07 11:46 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacchooks.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacchooks.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00002186 _____ C:\WINDOWS\SysWOW64\AppxProvisioning.xml
2016-06-07 11:46 - 2016-06-07 11:46 - 00002186 _____ C:\WINDOWS\system32\AppxProvisioning.xml
2016-06-07 11:35 - 2016-06-07 11:35 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-06-07 11:31 - 2016-06-07 11:31 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-06-07 11:31 - 2016-06-07 11:31 - 00000000 ____D C:\Program Files\MSBuild
2016-06-07 11:31 - 2016-06-07 11:31 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-06-07 11:31 - 2016-06-07 11:31 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-06-07 11:31 - 2016-06-07 11:31 - 00000000 ____D C:\inetpub
2016-06-07 11:30 - 2015-10-23 21:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2016-06-07 11:30 - 2015-10-23 21:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-06-07 11:30 - 2015-10-23 21:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2016-06-07 11:30 - 2015-10-23 21:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2016-06-07 11:30 - 2015-10-23 21:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2016-06-07 11:30 - 2015-10-23 21:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-06-07 08:30 - 2016-06-07 08:30 - 00000000 _SHDL C:\Users\Default\My Documents
2016-06-07 08:30 - 2016-06-07 08:30 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2016-06-07 08:30 - 2016-06-07 08:30 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2016-06-07 08:30 - 2016-06-07 08:30 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2016-06-07 08:30 - 2016-06-07 08:30 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2016-06-07 08:30 - 2016-06-07 08:30 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2016-06-07 08:30 - 2016-06-07 08:30 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2016-06-07 08:23 - 2016-06-07 08:23 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2016-06-07 08:13 - 2016-06-07 08:13 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-06-07 08:13 - 2016-06-07 08:13 - 00000000 ____D C:\Users\Default\Documents\hp.system.package.metadata
2016-06-07 08:13 - 2016-06-07 08:13 - 00000000 ____D C:\Users\Default\Documents\hp.applications.package.appdata
2016-06-07 08:13 - 2016-06-07 08:13 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2016-06-07 08:13 - 2016-06-07 08:13 - 00000000 ____D C:\Users\Default User\Documents\hp.system.package.metadata
2016-06-07 08:13 - 2016-06-07 08:13 - 00000000 ____D C:\Users\Default User\Documents\hp.applications.package.appdata
2016-06-07 08:13 - 2016-06-07 08:13 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2016-06-07 08:08 - 2016-06-07 08:15 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2016-06-07 08:05 - 2016-06-14 05:37 - 00000000 ____D C:\Users\pocho
2016-06-07 08:05 - 2016-06-07 08:05 - 00000000 _SHDL C:\Users\pocho\My Documents
2016-06-07 08:05 - 2016-06-07 08:05 - 00000000 _SHDL C:\Users\pocho\Documents\My Videos
2016-06-07 08:05 - 2016-06-07 08:05 - 00000000 _SHDL C:\Users\pocho\Documents\My Pictures
2016-06-07 08:05 - 2016-06-07 08:05 - 00000000 _SHDL C:\Users\pocho\Documents\My Music
2016-06-07 08:04 - 2016-06-14 18:26 - 00972040 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-06-07 08:04 - 2016-06-07 08:04 - 00929278 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2016-06-07 08:01 - 2016-06-08 18:34 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2016-06-07 08:01 - 2016-06-07 08:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2016-06-07 08:01 - 2016-06-07 08:08 - 00000000 ____D C:\Program Files\AMD
2016-06-07 08:01 - 2016-06-07 08:01 - 00012317 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2016-06-07 08:01 - 2016-06-07 08:01 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2016-06-07 08:01 - 2016-06-07 08:01 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2016-06-07 08:01 - 2016-06-07 08:01 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-06-07 08:01 - 2016-06-07 08:01 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2016-06-07 08:01 - 2016-06-07 08:01 - 00000000 ____D C:\Program Files\Realtek
2016-06-07 08:01 - 2016-06-07 08:01 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2016-06-07 08:01 - 2016-06-07 08:01 - 00000000 _____ C:\WINDOWS\ativpsrm.bin
2016-06-07 08:00 - 2016-06-07 08:00 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_AMDASF_01011.Wdf
2016-06-07 08:00 - 2016-06-07 08:00 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_amdpsp_01011.Wdf
2016-06-07 08:00 - 2016-06-07 08:00 - 00000000 ____D C:\Program Files\Synaptics
2016-06-06 21:41 - 2016-06-06 21:41 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-DESKTOP-3GE0AH5-Windows-10-Home-(64-bit).dat
2016-06-06 21:41 - 2016-06-06 21:41 - 00000000 ____D C:\RegBackup
2016-06-06 19:43 - 2016-06-07 08:23 - 00003008 _____ C:\WINDOWS\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2016-06-06 19:43 - 2016-06-07 08:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-06-06 19:43 - 2016-06-06 21:52 - 00002243 _____ C:\Users\pocho\Desktop\Tweaking.com - Windows Repair.lnk
2016-06-06 19:43 - 2016-06-06 19:43 - 00185548 _____ C:\WINDOWS\Tweaking.com - Windows Repair Setup Log.txt
2016-06-06 19:43 - 2016-06-06 19:43 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2016-06-06 19:08 - 2016-06-06 19:08 - 00000000 ____D C:\Users\pocho\AppData\LocalLow\Temp
2016-06-06 19:06 - 2016-06-06 19:06 - 00599883 _____ C:\Users\pocho\Documents\How To Enable Hidden Administrator Account In Windows 10.oxps
2016-06-06 18:37 - 2016-06-06 19:42 - 21381936 _____ (Tweaking.com) C:\Users\pocho\Downloads\tweaking.com_windows_repair_aio_setup.exe
2016-06-04 21:50 - 2016-06-04 21:50 - 00002341 _____ C:\Users\pocho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vivaldi.lnk
2016-06-04 21:50 - 2016-06-04 21:50 - 00002333 _____ C:\Users\pocho\Desktop\Vivaldi.lnk
2016-06-04 21:50 - 2016-06-04 21:50 - 00000000 ____D C:\Users\pocho\AppData\Local\Vivaldi
2016-06-04 21:49 - 2016-06-04 21:50 - 38498936 _____ (Vivaldi Technologies AS) C:\Users\pocho\Downloads\Vivaldi.1.2.490.39.exe
2016-06-04 21:29 - 2016-06-04 21:29 - 02505761 _____ (Emmet Gray) C:\Users\pocho\Downloads\SetupEdgeManage.exe
2016-06-04 21:29 - 2016-06-04 21:29 - 00000000 ____D C:\Users\pocho\AppData\Local\Downloaded Installations
2016-06-04 08:22 - 2016-06-07 08:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-06-04 08:13 - 2016-06-06 22:33 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-06-04 08:12 - 2016-06-04 08:46 - 00564004 _____ C:\WINDOWS\ntbtlog.txt
2016-06-04 08:06 - 2016-06-04 08:15 - 06042904 _____ (AVAST Software) C:\Users\pocho\Downloads\avastclear.exe
2016-06-04 07:37 - 2016-06-04 07:38 - 07618360 _____ (McAfee, Inc.) C:\Users\pocho\Downloads\MCPR.exe
2016-06-03 07:04 - 2016-06-03 07:04 - 00001394 _____ C:\Users\pocho\Documents\Response to Geeks To Go - June 03 2016.txt
2016-06-03 05:57 - 2016-06-03 05:59 - 05111240 _____ (Piriform Ltd) C:\Users\pocho\Downloads\spsetup129.exe
2016-06-02 23:06 - 2016-06-02 23:06 - 00002544 _____ C:\Users\pocho\Documents\Windows 10 White Screen Freeze Issue - posted in Geeks To Go Forum June 02 2016.txt
2016-06-01 06:57 - 2016-06-01 07:12 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-06-01 06:57 - 2016-06-01 06:57 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-05-31 06:08 - 2016-05-31 06:08 - 00076491 _____ C:\Users\pocho\Downloads\garfield_the_cat.zip
2016-05-31 06:08 - 2016-05-31 06:08 - 00060192 _____ C:\Users\pocho\Downloads\the_curious_cat.zip
2016-05-31 06:06 - 2016-05-31 06:06 - 00044786 _____ C:\Users\pocho\Downloads\catalina.zip
2016-05-31 06:05 - 2016-05-31 06:06 - 00015819 _____ C:\Users\pocho\Downloads\cat_eyes.zip
2016-05-30 08:48 - 2016-05-30 08:48 - 00000000 ____D C:\Users\pocho\AppData\Local\Macromedia
2016-05-29 21:26 - 2016-05-29 21:26 - 00000000 ____D C:\Users\pocho\AppData\Local\AMD
2016-05-29 21:26 - 2016-05-29 21:26 - 00000000 ____D C:\ProgramData\BlueStacks
2016-05-29 21:25 - 2016-05-29 21:25 - 00000000 ____D C:\Users\pocho\AppData\Roaming\WildTangent
2016-05-28 22:52 - 2016-05-28 22:58 - 00000000 ____D C:\Users\pocho\AppData\Local\Mozilla
2016-05-28 22:52 - 2016-05-28 22:52 - 00001239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-05-28 22:52 - 2016-05-28 22:52 - 00001227 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-05-28 22:52 - 2016-05-28 22:52 - 00000000 ____D C:\Users\pocho\AppData\Roaming\Mozilla
2016-05-28 22:52 - 2016-05-28 22:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-05-28 22:52 - 2016-05-28 22:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-05-28 22:50 - 2016-05-28 22:51 - 00242120 _____ C:\Users\pocho\Downloads\Firefox Setup Stub 46.0.1.exe
2016-05-28 22:36 - 2016-06-13 05:41 - 00000000 ____D C:\Users\pocho\AppData\Local\NETGEARGenie
2016-05-28 22:35 - 2016-05-28 22:35 - 00369168 _____ (CACE Technologies, Inc.) C:\WINDOWS\system32\wpcap.dll
2016-05-28 22:35 - 2016-05-28 22:35 - 00281104 _____ (CACE Technologies, Inc.) C:\WINDOWS\SysWOW64\wpcap.dll
2016-05-28 22:35 - 2016-05-28 22:35 - 00106000 _____ (CACE Technologies, Inc.) C:\WINDOWS\system32\packet.dll
2016-05-28 22:35 - 2016-05-28 22:35 - 00096784 _____ (CACE Technologies, Inc.) C:\WINDOWS\SysWOW64\packet.dll
2016-05-28 22:35 - 2016-05-28 22:35 - 00035344 _____ (CACE Technologies, Inc.) C:\WINDOWS\system32\Drivers\npf.sys
2016-05-28 22:35 - 2016-05-28 22:35 - 00002146 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR Genie.lnk
2016-05-28 22:35 - 2016-05-28 22:35 - 00002134 _____ C:\Users\Public\Desktop\NETGEAR Genie.lnk
2016-05-28 22:35 - 2016-05-28 22:35 - 00000000 ____D C:\Program Files (x86)\NETGEAR Genie
2016-05-28 22:34 - 2016-05-28 22:35 - 46059976 _____ (NETGEAR Inc.) C:\Users\pocho\Downloads\NETGEARGenie-install.exe
2016-05-28 22:18 - 2016-06-14 19:54 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-05-28 22:18 - 2016-06-11 11:56 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-05-28 22:18 - 2016-06-07 08:23 - 00003350 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-05-28 22:18 - 2016-06-07 08:23 - 00003044 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-05-28 12:43 - 2016-05-28 12:43 - 01193680 _____ (Adobe Systems Incorporated) C:\Users\pocho\Downloads\flashplayer21pp_fa_install (1).exe
2016-05-28 12:35 - 2016-05-30 08:46 - 00000000 ____D C:\Users\pocho\AppData\Local\Adobe
2016-05-26 23:19 - 2016-06-07 08:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-05-26 23:18 - 2016-06-01 06:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2016-05-26 23:17 - 2016-05-26 23:17 - 00000000 ____D C:\Program Files\Microsoft Office
2016-05-26 23:16 - 2016-05-26 23:16 - 00000000 __RHD C:\MSOCache
2016-05-26 23:16 - 2016-05-26 23:16 - 00000000 ____D C:\Users\pocho\AppData\Local\Microsoft Help
2016-05-26 23:11 - 2016-05-26 23:13 - 326305224 _____ (Microsoft Corporation) C:\Users\pocho\Downloads\MicrosoftInstaller.exe
2016-05-26 22:25 - 2016-06-09 05:39 - 00003970 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1464315905
2016-05-26 22:25 - 2016-06-09 05:39 - 00001127 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-05-26 22:25 - 2016-05-26 22:25 - 00001215 _____ C:\Users\Public\Desktop\Opera.lnk
2016-05-26 22:25 - 2016-05-26 22:25 - 00000000 ____D C:\Users\pocho\AppData\Roaming\Opera Software
2016-05-26 22:25 - 2016-05-26 22:25 - 00000000 ____D C:\Users\pocho\AppData\Local\Opera Software
2016-05-26 22:24 - 2016-06-10 06:12 - 00000000 ____D C:\Program Files (x86)\Opera
2016-05-26 22:24 - 2016-05-26 22:24 - 00725424 _____ (Opera Software) C:\Users\pocho\Downloads\OperaSetup.exe
2016-05-26 22:13 - 2016-05-26 22:14 - 02009264 _____ (Kaspersky Lab) C:\Users\pocho\Downloads\setup.exe
2016-05-26 22:01 - 2016-06-14 18:59 - 00000000 ___RD C:\Users\pocho\Dropbox
2016-05-26 22:01 - 2016-05-26 22:01 - 00001310 _____ C:\Users\pocho\Desktop\Dropbox.lnk
2016-05-26 21:59 - 2016-05-26 21:59 - 00000000 ____D C:\Users\pocho\AppData\Roaming\Dropbox
2016-05-26 21:58 - 2016-06-14 20:03 - 00000938 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-05-26 21:58 - 2016-06-14 18:58 - 00000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-05-26 21:58 - 2016-06-07 08:23 - 00003452 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2016-05-26 21:58 - 2016-06-07 08:23 - 00003228 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2016-05-26 21:58 - 2016-05-26 22:01 - 00000000 ____D C:\Users\pocho\AppData\Local\Dropbox
2016-05-26 21:58 - 2016-05-26 21:58 - 00000000 ____D C:\ProgramData\Dropbox
2016-05-26 21:57 - 2016-05-26 22:00 - 00000000 ____D C:\Users\pocho\AppData\Roaming\DropboxOEM
2016-05-26 21:44 - 2016-06-07 08:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security
2016-05-26 21:44 - 2016-05-26 21:44 - 00002215 _____ C:\Users\Public\Desktop\Safe Money.lnk
2016-05-26 21:44 - 2016-05-26 21:44 - 00002191 _____ C:\Users\Public\Desktop\Kaspersky Total Security.lnk
2016-05-26 21:43 - 2016-06-14 18:58 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-05-26 21:43 - 2016-05-26 21:43 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-05-26 21:43 - 2016-04-29 06:12 - 00987568 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2016-05-26 21:43 - 2016-04-29 06:12 - 00237488 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
2016-05-26 21:43 - 2015-12-11 17:31 - 00182664 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2016-05-26 21:43 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2016-05-26 21:42 - 2016-05-28 22:13 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2016-05-26 21:28 - 2016-05-26 21:28 - 00000000 ____D C:\Users\pocho\AppData\Roaming\AVAST Software
2016-05-26 21:14 - 2016-05-26 21:42 - 166179864 _____ (Kaspersky Lab) C:\Users\pocho\Downloads\kts16.0.1.445abcen_10308.exe
2016-05-26 20:06 - 2016-06-01 07:04 - 00000000 ____D C:\Program Files (x86)\Google
2016-05-26 20:06 - 2016-06-01 07:03 - 00000000 ____D C:\Users\pocho\AppData\Local\Google
2016-05-26 20:06 - 2016-05-26 20:06 - 00987728 _____ (Google Inc.) C:\Users\pocho\Downloads\ChromeSetup.exe
2016-05-26 20:00 - 2016-05-26 20:03 - 00000000 ____D C:\Users\pocho\AppData\Local\MicrosoftEdge
2016-05-26 19:55 - 2016-05-26 19:55 - 00000000 ____D C:\Users\pocho\AppData\Local\NetworkTiles
2016-05-26 13:31 - 2016-05-26 13:31 - 00000000 ____D C:\Users\Public\CyberLink
2016-05-26 13:04 - 2016-05-26 13:04 - 00000000 ____D C:\Users\pocho\AppData\Roaming\Macromedia
2016-05-26 13:02 - 2016-06-14 18:58 - 00000000 ___RD C:\Users\pocho\OneDrive
2016-05-26 13:02 - 2016-06-07 12:30 - 00002374 _____ C:\Users\pocho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-05-26 13:02 - 2016-05-26 13:01 - 01804696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01011.dll
2016-05-26 13:02 - 2016-05-26 13:01 - 00067704 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_AMDASF.sys
2016-05-26 13:01 - 2016-05-26 13:01 - 00862840 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\SynTP.sys
2016-05-26 13:01 - 2016-05-26 13:01 - 00807032 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynCOM.dll
2016-05-26 13:01 - 2016-05-26 13:01 - 00435320 _____ (Synaptics Incorporated) C:\WINDOWS\SysWOW64\SynCom.dll
2016-05-26 13:01 - 2016-05-26 13:01 - 00287864 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPCo41.dll
2016-05-26 13:01 - 2016-05-26 13:01 - 00285816 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPAPI.dll
2016-05-26 13:01 - 2016-05-26 13:01 - 00071288 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel_Aux.sys
2016-05-26 13:01 - 2016-05-26 13:01 - 00067704 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_AMDASF_Aux.sys
2016-05-26 13:01 - 2016-05-26 13:01 - 00066168 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\SynRMIHID_Aux.sys
2016-05-26 13:01 - 2016-05-26 13:01 - 00000000 ____D C:\Users\pocho\AppData\Local\HP_Inc
2016-05-26 13:00 - 2016-05-26 13:01 - 00000000 ____D C:\Users\pocho\AppData\Roaming\Hewlett-Packard
2016-05-26 12:59 - 2016-05-26 13:01 - 00000000 ____D C:\Users\pocho\AppData\Local\Comms
2016-05-26 12:59 - 2016-05-26 12:59 - 00000000 ____D C:\Users\pocho\AppData\Local\Publishers
2016-05-26 12:58 - 2016-05-26 12:58 - 47804432 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl64.dll
2016-05-26 12:58 - 2016-05-26 12:58 - 39731728 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl.dll
2016-05-26 12:58 - 2016-05-26 12:58 - 30783520 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atio6axx.dll
2016-05-26 12:58 - 2016-05-26 12:58 - 27553312 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl12cl64.dll
2016-05-26 12:58 - 2016-05-26 12:58 - 25329680 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atioglxx.dll
2016-05-26 12:58 - 2016-05-26 12:58 - 22336032 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl12cl.dll
2016-05-26 12:58 - 2016-05-26 12:58 - 21653520 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmdag.sys
2016-05-26 12:58 - 2016-05-26 12:58 - 15734304 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticaldd64.dll
2016-05-26 12:58 - 2016-05-26 12:58 - 14319648 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticaldd.dll
2016-05-26 12:58 - 2016-05-26 12:58 - 12175392 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atidxx64.dll
2016-05-26 12:58 - 2016-05-26 12:58 - 10288368 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atidxx32.dll
2016-05-26 12:58 - 2016-05-26 12:58 - 09429368 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdxc64.dll
2016-05-26 12:58 - 2016-05-26 12:58 - 09069104 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd6a.dll
2016-05-26 12:58 - 2016-05-26 12:58 - 08950512 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd64.dll
2016-05-26 12:58 - 2016-05-26 12:58 - 08087568 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdva.dll
2016-05-26 12:58 - 2016-05-26 12:58 - 07744400 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll
2016-05-26 12:58 - 2016-05-26 12:58 - 07555672 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdag.dll
2016-05-26 12:58 - 2016-05-26 12:58 - 03471376 _____ C:\WINDOWS\SysWOW64\atiumdva.cap
2016-05-26 12:58 - 2016-05-26 12:58 - 03437632 _____ C:\WINDOWS\system32\atiumd6a.cap
2016-05-26 12:58 - 2016-05-26 12:58 - 01494528 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll
2016-05-26 12:58 - 2016-05-26 12:58 - 01265184 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll
2016-05-26 12:58 - 2016-05-26 12:58 - 01238224 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll
2016-05-26 12:58 - 2016-05-26 12:58 - 01204784 _____ C:\WINDOWS\system32\amdocl_as64.exe
2016-05-26 12:58 - 2016-05-26 12:58 - 01080864 _____ C:\WINDOWS\system32\amdocl_ld64.exe
2016-05-26 12:58 - 2016-05-26 12:58 - 01014304 _____ C:\WINDOWS\SysWOW64\amdocl_as32.exe
2016-05-26 12:58 - 2016-05-26 12:58 - 00944152 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll
2016-05-26 12:58 - 2016-05-26 12:58 - 00944152 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll
2016-05-26 12:58 - 2016-05-26 12:58 - 00884752 _____ (AMD) C:\WINDOWS\system32\coinst_15.20.dll
2016-05-26 12:58 - 2016-05-26 12:58 - 00816176 _____ C:\WINDOWS\SysWOW64\amdocl_ld32.exe
2016-05-26 12:58 - 2016-05-26 12:58 - 00737410 _____ C:\WINDOWS\system32\atiicdxx.dat
2016-05-26 12:58 - 2016-05-26 12:58 - 00692256 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe
2016-05-26 12:58 - 2016-05-26 12:58 - 00683032 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmpag.sys
2016-05-26 12:58 - 2016-05-26 12:58 - 00662032 _____ C:\WINDOWS\SysWOW64\atiapfxx.blb
2016-05-26 12:58 - 2016-05-26 12:58 - 00662032 _____ C:\WINDOWS\system32\atiapfxx.blb
2016-05-26 12:58 - 2016-05-26 12:58 - 00459800 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll
2016-05-26 12:58 - 2016-05-26 12:58 - 00384536 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe
2016-05-26 12:58 - 2016-05-26 12:58 - 00350232 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODE.exe
2016-05-26 12:58 - 2016-05-26 12:58 - 00322868 _____ C:\WINDOWS\system32\ativvaxy_vi.dat
2016-05-26 12:58 - 2016-05-26 12:58 - 00321200 _____ C:\WINDOWS\system32\ativvaxy_vi_nd.dat
2016-05-26 12:58 - 2016-05-26 12:58 - 00264224 _____ (AMD) C:\WINDOWS\system32\atiesrxx.exe
2016-05-26 12:58 - 2016-05-26 12:58 - 00255808 _____ C:\WINDOWS\system32\ativvaxy_cz_nd.dat
2016-05-26 12:58 - 2016-05-26 12:58 - 00252440 _____ C:\WINDOWS\system32\clinfo.exe
2016-05-26 12:58 - 2016-05-26 12:58 - 00250884 _____ C:\WINDOWS\system32\ativvaxy_FJ.dat
2016-05-26 12:58 - 2016-05-26 12:58 - 00249088 _____ C:\WINDOWS\system32\ativvaxy_FJ_nd.dat
2016-05-26 12:58 - 2016-05-26 12:58 - 00234420 _____ C:\WINDOWS\system32\ativvaxy_cik.dat
2016-05-26 12:58 - 2016-05-26 12:58 - 00232752 _____ C:\WINDOWS\system32\ativvaxy_cik_nd.dat
2016-05-26 12:58 - 2016-05-26 12:58 - 00209936 _____ (AMD) C:\WINDOWS\system32\atitmm64.dll
2016-05-26 12:58 - 2016-05-26 12:58 - 00204952 _____ C:\WINDOWS\SysWOW64\ativvsvl.dat
2016-05-26 12:58 - 2016-05-26 12:58 - 00204952 _____ C:\WINDOWS\system32\ativvsvl.dat
2016-05-26 12:58 - 2016-05-26 12:58 - 00177688 _____ C:\WINDOWS\system32\atieah64.exe
2016-05-26 12:58 - 2016-05-26 12:58 - 00177344 _____ C:\WINDOWS\system32\ativce03.dat
2016-05-26 12:58 - 2016-05-26 12:58 - 00175632 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll
2016-05-26 12:58 - 2016-05-26 12:58 - 00172432 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiuxp64.dll
2016-05-26 12:58 - 2016-05-26 12:58 - 00161312 _____ C:\WINDOWS\SysWOW64\atieah32.exe
2016-05-26 12:58 - 2016-05-26 12:58 - 00159264 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll
2016-05-26 12:58 - 2016-05-26 12:58 - 00157144 _____ C:\WINDOWS\SysWOW64\ativvsva.dat
2016-05-26 12:58 - 2016-05-26 12:58 - 00157144 _____ C:\WINDOWS\system32\ativvsva.dat
2016-05-26 12:58 - 2016-05-26 12:58 - 00153104 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiuxpag.dll
2016-05-26 12:58 - 2016-05-26 12:58 - 00146448 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll
2016-05-26 12:58 - 2016-05-26 12:58 - 00141528 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiu9p64.dll
2016-05-26 12:58 - 2016-05-26 12:58 - 00140240 _____ C:\WINDOWS\system32\samu_krnl_ci.sbin
2016-05-26 12:58 - 2016-05-26 12:58 - 00138832 _____ C:\WINDOWS\system32\samu_krnl_isv_ci.sbin
2016-05-26 12:58 - 2016-05-26 12:58 - 00131104 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll
2016-05-26 12:58 - 2016-05-26 12:58 - 00123648 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiu9pag.dll
2016-05-26 12:58 - 2016-05-26 12:58 - 00120352 _____ C:\WINDOWS\system32\hsa-thunk64.dll
2016-05-26 12:58 - 2016-05-26 12:58 - 00119840 _____ C:\WINDOWS\SysWOW64\hsa-thunk.dll
2016-05-26 12:58 - 2016-05-26 12:58 - 00110624 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll
2016-05-26 12:58 - 2016-05-26 12:58 - 00106520 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll
2016-05-26 12:58 - 2016-05-26 12:58 - 00103968 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll
2016-05-26 12:58 - 2016-05-26 12:58 - 00100816 _____ C:\WINDOWS\system32\ativce02.dat
2016-05-26 12:58 - 2016-05-26 12:58 - 00099104 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll
2016-05-26 12:58 - 2016-05-26 12:58 - 00098336 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll
2016-05-26 12:58 - 2016-05-26 12:58 - 00097584 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll
2016-05-26 12:58 - 2016-05-26 12:58 - 00092704 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6pxx.dll
2016-05-26 12:58 - 2016-05-26 12:58 - 00092160 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll
2016-05-26 12:58 - 2016-05-26 12:58 - 00092152 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll
2016-05-26 12:58 - 2016-05-26 12:58 - 00087072 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiglpxx.dll
2016-05-26 12:58 - 2016-05-26 12:58 - 00087072 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiglpxx.dll
2016-05-26 12:58 - 2016-05-26 12:58 - 00082456 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2016-05-26 12:58 - 2016-05-26 12:58 - 00079904 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalrt64.dll
2016-05-26 12:58 - 2016-05-26 12:58 - 00076832 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2016-05-26 12:58 - 2016-05-26 12:58 - 00073240 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalcl64.dll
2016-05-26 12:58 - 2016-05-26 12:58 - 00069664 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalrt.dll
2016-05-26 12:58 - 2016-05-26 12:58 - 00069648 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmmcl6.dll
2016-05-26 12:58 - 2016-05-26 12:58 - 00068632 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODCLI.exe
2016-05-26 12:58 - 2016-05-26 12:58 - 00066592 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalcl.dll
2016-05-26 12:58 - 2016-05-26 12:58 - 00062480 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\ati2erec.dll
2016-05-26 12:58 - 2016-05-26 12:58 - 00056864 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmmcl.dll
2016-05-26 12:58 - 2016-05-26 12:58 - 00047664 _____ C:\WINDOWS\system32\kapp_ci.sbin
2016-05-26 12:58 - 2016-05-26 12:58 - 00047128 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll
2016-05-26 12:58 - 2016-05-26 12:58 - 00043536 _____ C:\WINDOWS\system32\kapp_si.sbin
2016-05-26 12:58 - 2016-05-26 12:58 - 00023056 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll
2016-05-26 12:58 - 2016-05-26 12:58 - 00023048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll
2016-05-26 12:57 - 2016-06-14 18:59 - 00000000 ____D C:\Users\pocho\Documents\YouCam
2016-05-26 12:57 - 2016-05-26 13:16 - 00000000 ____D C:\Users\pocho\AppData\Local\PackageStaging
2016-05-26 12:57 - 2016-05-26 13:01 - 00000000 ____D C:\Users\pocho\AppData\Local\CyberLink
2016-05-26 12:57 - 2016-05-26 12:58 - 00484176 _____ C:\WINDOWS\system32\amdmiracast.dll
2016-05-26 12:57 - 2016-05-26 12:57 - 06496264 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmantle64.dll
2016-05-26 12:57 - 2016-05-26 12:57 - 05085728 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmantle32.dll
2016-05-26 12:57 - 2016-05-26 12:57 - 00833800 _____ C:\WINDOWS\system32\amdicdxx.dat
2016-05-26 12:57 - 2016-05-26 12:57 - 00315104 _____ (Advanced Micro Devices) C:\WINDOWS\system32\Drivers\amdacpksd.sys
2016-05-26 12:57 - 2016-05-26 12:57 - 00222240 _____ C:\WINDOWS\system32\amdgfxinfo64.dll
2016-05-26 12:57 - 2016-05-26 12:57 - 00208912 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll
2016-05-26 12:57 - 2016-05-26 12:57 - 00175648 _____ C:\WINDOWS\system32\amde31a.dat
2016-05-26 12:57 - 2016-05-26 12:57 - 00163608 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdhcp64.dll
2016-05-26 12:57 - 2016-05-26 12:57 - 00153608 _____ C:\WINDOWS\system32\amdhdl64.dll
2016-05-26 12:57 - 2016-05-26 12:57 - 00148400 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdhcp32.dll
2016-05-26 12:57 - 2016-05-26 12:57 - 00140832 _____ C:\WINDOWS\SysWOW64\amdhdl32.dll
2016-05-26 12:57 - 2016-05-26 12:57 - 00127440 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll
2016-05-26 12:57 - 2016-05-26 12:57 - 00120080 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll
2016-05-26 12:57 - 2016-05-26 12:57 - 00000000 ____D C:\Users\pocho\AppData\Local\DropboxOEM
2016-05-26 12:56 - 2016-06-07 12:52 - 00000000 ____D C:\Users\pocho\AppData\Local\Packages
2016-05-26 12:56 - 2016-05-26 22:01 - 00000000 ____D C:\Users\pocho\AppData\Local\VirtualStore
2016-05-26 12:56 - 2016-05-26 19:56 - 00000000 ____D C:\Users\pocho\AppData\Local\Hewlett-Packard
2016-05-26 12:56 - 2016-05-26 12:56 - 00016148 _____ C:\WINDOWS\system32\DESKTOP-3GE0AH5_defaultuser0_HistoryPrediction.bin
2016-05-26 12:56 - 2016-05-26 12:56 - 00000184 _____ C:\WINDOWS\insFileSpec
2016-05-26 12:56 - 2016-05-26 12:56 - 00000000 ____D C:\Users\pocho\AppData\Roaming\Synaptics
2016-05-26 12:56 - 2016-05-26 12:56 - 00000000 ____D C:\Users\pocho\AppData\Roaming\Adobe
2016-05-26 12:56 - 2016-05-26 12:56 - 00000000 ____D C:\Users\pocho\AppData\Local\TileDataLayer
2016-05-26 12:56 - 2015-10-09 07:45 - 00001292 _____ C:\Users\Public\Desktop\HP Smart Friend.lnk
2016-05-26 12:54 - 2015-07-23 09:02 - 00000000 ___HD C:\Users\pocho\Documents\hp.system.package.metadata
2016-05-26 12:54 - 2015-07-23 09:02 - 00000000 ___HD C:\Users\pocho\Documents\hp.applications.package.appdata
2016-05-26 12:47 - 2016-04-22 03:57 - 00453288 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-14 20:12 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2016-06-14 19:23 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-14 19:23 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-14 19:11 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-06-14 18:20 - 2015-10-09 07:42 - 01000348 _____ C:\WINDOWS\SysWOW64\rootpa.e2e
2016-06-14 18:19 - 2016-04-27 02:32 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-13 22:33 - 2015-10-09 08:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-06-13 06:00 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-06-11 09:04 - 2016-04-27 02:39 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-06-08 18:34 - 2015-10-30 02:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-06-07 11:57 - 2015-10-30 03:24 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-06-07 11:48 - 2016-04-27 02:20 - 00000000 ____D C:\Program Files\Windows Journal
2016-06-07 11:48 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-06-07 11:48 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-06-07 11:48 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-06-07 11:48 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-06-07 11:48 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-06-07 11:47 - 2015-10-30 03:24 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-06-07 11:31 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2016-06-07 11:31 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2016-06-07 11:31 - 2015-10-30 03:19 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2016-06-07 11:31 - 2015-10-30 03:19 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2016-06-07 11:31 - 2015-10-30 03:19 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2016-06-07 11:31 - 2015-10-30 03:19 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2016-06-07 11:31 - 2015-10-30 03:19 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2016-06-07 11:31 - 2015-10-30 03:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2016-06-07 11:31 - 2015-10-30 03:18 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2016-06-07 11:31 - 2015-10-30 03:18 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2016-06-07 11:31 - 2015-10-30 03:18 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2016-06-07 11:31 - 2015-10-30 03:18 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2016-06-07 11:31 - 2015-10-30 03:18 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2016-06-07 11:31 - 2015-10-30 03:18 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2016-06-07 08:32 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\rescache
2016-06-07 08:31 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\appcompat
2016-06-07 08:30 - 2015-10-09 08:55 - 00024768 _____ C:\WINDOWS\diagwrn.xml
2016-06-07 08:30 - 2015-10-09 08:55 - 00024768 _____ C:\WINDOWS\diagerr.xml
2016-06-07 08:27 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-06-07 08:27 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\Registration
2016-06-07 08:23 - 2015-10-09 08:14 - 00002172 _____ C:\WINDOWS\System32\Tasks\DropboxOEM
2016-06-07 08:23 - 2015-10-09 08:02 - 00002490 _____ C:\WINDOWS\System32\Tasks\YCMServiceAgent
2016-06-07 08:22 - 2015-10-30 03:24 - 00000000 __RHD C:\Users\Public\Libraries
2016-06-07 08:16 - 2016-04-27 02:29 - 00251312 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-06-07 08:15 - 2016-04-27 02:20 - 00000000 ____D C:\WINDOWS\ShellNew
2016-06-07 08:15 - 2015-10-30 03:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-06-07 08:15 - 2015-10-30 02:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-06-07 08:15 - 2015-10-09 08:05 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-06-07 08:15 - 2015-10-09 08:02 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2016-06-07 08:15 - 2015-10-09 07:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2016-06-07 08:15 - 2015-10-09 07:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2016-06-07 08:13 - 2015-07-10 05:05 - 00000000 ____D C:\Users\Default.migrated
2016-06-07 08:09 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-06-07 08:09 - 2015-07-23 09:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Adobe
2016-06-07 08:08 - 2015-10-30 03:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-06-07 08:08 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-06-07 08:04 - 2015-10-30 02:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-06-07 07:12 - 2016-04-27 03:46 - 00000000 ___HD C:\$WINDOWS.~BT
2016-06-04 08:53 - 2015-10-09 07:56 - 00000000 ____D C:\ProgramData\AVAST Software
2016-06-04 08:23 - 2015-10-09 08:14 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-05-29 21:27 - 2015-10-09 08:05 - 00002357 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - hp.lnk
2016-05-29 21:26 - 2015-10-09 08:05 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2016-05-29 21:25 - 2015-10-09 08:05 - 00000000 ____D C:\ProgramData\WildTangent
2016-05-26 13:01 - 2015-07-23 09:02 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-05-26 12:56 - 2015-07-23 09:03 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2016-05-26 12:56 - 2015-07-13 12:28 - 00000000 ___HD C:\SYSTEM.SAV
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-06-07 07:58
 
==================== End of FRST.txt ============================

  • 0

#4
winterlady

winterlady

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

Hi Bruce1270,

 

Please see below the other log Additional.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2016
Ran by pocho (2016-06-14 20:15:36)
Running from C:\Users\pocho\Downloads
Windows 10 Home Version 1511 (X64) (2016-06-07 12:31:23)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2331441506-1810103855-2456791680-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2331441506-1810103855-2456791680-503 - Limited - Disabled)
Guest (S-1-5-21-2331441506-1810103855-2456791680-501 - Limited - Disabled)
Hough (S-1-5-21-2331441506-1810103855-2456791680-1002 - Limited - Enabled) => C:\Users\Hough
pocho (S-1-5-21-2331441506-1810103855-2456791680-1001 - Administrator - Enabled) => C:\Users\pocho
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
12 Labours of Hercules III: Girl Power (x32 Version: 3.0.2.118 - WildTangent) Hidden
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 21 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{E7659924-9EC9-B722-0136-A6D414E6E29E}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
Barn Yarn Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Coyote The Outlander (x32 Version: 3.0.2.59 - WildTangent) Hidden
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6713 - CyberLink Corp.)
CyberLink PhotoDirector (Version: 5.0.5.6713 - CyberLink Corp.) Hidden
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.1.5418 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4.4301 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.4.4301 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\{A9CEDD6E-4792-493e-BB35-D86D2E188A5A}) (Version: 6.0.1.4301 - CyberLink Corp.)
Delicious: Emily's Wonder Wedding Premium Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 4.4.29 - Dropbox, Inc.)
Dropbox 25 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.2 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.41.1 - Dropbox, Inc.) Hidden
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Entwined: The Perfect Murder (x32 Version: 3.0.2.59 - WildTangent) Hidden
Evernote v. 5.8.6 (HKLM-x32\...\{FEDC7C10-EF67-11E4-9B07-00505695D7B0}) (Version: 5.8.6.7519 - Evernote Corp.)
Family Vacation 2: Road Trip (x32 Version: 3.0.2.59 - WildTangent) Hidden
Home Makeover (x32 Version: 3.0.2.59 - WildTangent) Hidden
HP 3D DriveGuard (HKLM-x32\...\{E8D0E2B8-B64B-44BC-8E01-00DDACBDF78A}) (Version: 6.0.28.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{1504CF6F-8139-497F-86FC-46174B67CF7F}) (Version: 2.20.51 - Hewlett-Packard Company)
HP Documentation (HKLM\...\HP_Documentation) (Version:  - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8293.5264 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.0.29.6 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{D7D5F438-26EF-45AB-AB89-C476FBCF8584}) (Version: 12.4.18.7 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{D17A3B70-B75E-4C49-83D6-C17DDF65B35F}) (Version: 1.3.4 - Hewlett-Packard Company)
HP Welcome (HKLM\...\HPWelcome) (Version: 1.0 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard)
IGT Slots: Paradise Garden (x32 Version: 3.0.2.59 - WildTangent) Hidden
Imperial Island: Birth of an Empire (x32 Version: 3.0.2.59 - WildTangent) Hidden
Jewel Match Snowscapes (x32 Version: 3.0.2.118 - WildTangent) Hidden
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{F575F386-57EF-4943-B003-A13F13B05EEB}) (Version: 16.0.1.445 - Kaspersky Lab)
Kaspersky Total Security (x32 Version: 16.0.1.445 - Kaspersky Lab) Hidden
Living Legends: Frozen Beauty Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Lost Lands: Dark Overlord Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Lost Souls: Timeless Fables Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Magic Heroes: Save Our Park (x32 Version: 3.0.2.59 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Manor Memoirs Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 46.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1 - Mozilla)
Mystery Expedition: Prisoners of Ice (x32 Version: 3.0.2.59 - WildTangent) Hidden
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.4.15.07 - NETGEAR Inc.)
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Opera Stable 38.0.2220.29 (HKLM-x32\...\Opera 38.0.2220.29) (Version: 38.0.2220.29 - Opera Software)
Plagiarii (x32 Version: 3.0.2.59 - WildTangent) Hidden
Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.370.87 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7548 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.59 - REALTEK Semiconductor Corp.)
Runefall (x32 Version: 3.0.2.126 - WildTangent) Hidden
Rush Hour! Gas Station (x32 Version: 3.0.2.59 - WildTangent) Hidden
Sky High Farm (x32 Version: 3.0.2.59 - WildTangent) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.2.4.0 - Synaptics Incorporated)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.9.1 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vivaldi (HKU\S-1-5-21-2331441506-1810103855-2456791680-1001\...\Vivaldi) (Version: 1.2.490.39 - Vivaldi)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (x32 Version: 4.0.11.16 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2331441506-1810103855-2456791680-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\pocho\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {02F2EFB0-638A-4FEC-B509-87772B8757C9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-30] (Adobe Systems Incorporated)
Task: {1580158D-A302-4620-9536-ECED5717D8BD} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_242_pepper.exe [2016-05-28] (Adobe Systems Incorporated)
Task: {19486A33-D7A8-43B6-AD8C-A83F749855B5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-07-11] (Hewlett-Packard Company)
Task: {1960FC53-9C5D-47FF-8716-5C7225DA7F92} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-26] (Dropbox, Inc.)
Task: {1A21D55F-F8C2-4B02-A538-0B81A1540E79} - System32\Tasks\Hewlett-Packard\HP Support Assistant\First Boot => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe [2015-07-11] (Hewlett-Packard Company)
Task: {273CBB84-891B-41BA-A252-E56C6AF3CBC0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-07-11] (Hewlett-Packard Company)
Task: {2A4B9249-2F37-424D-956C-7107E5E69874} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-05-04] (Hewlett-Packard)
Task: {3273962C-1C4C-4B12-9674-52076D80CEAF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {475E7D92-7A9C-44D7-9F9C-730A9ED95ED8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-06-19] (Hewlett-Packard)
Task: {506DE8D1-3C51-461A-A705-F158FCC51E73} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe [2015-07-01] (CyberLink Corp.)
Task: {9E5663A5-96F2-4979-BF05-C1419B0F7088} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2015-06-19] ()
Task: {A2B51B78-F27A-4D18-9F69-C1DEFF70D8BC} - System32\Tasks\Opera scheduled Autoupdate 1464315905 => C:\Program Files (x86)\Opera\launcher.exe [2016-06-07] (Opera Software)
Task: {A3E1D05E-A449-45C2-80E3-DD3E7E66DA13} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {AE59477F-7AF4-458E-9B1E-FBA741D15768} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2015-05-21] (Hewlett-Packard Development Company, L.P.)
Task: {B000AF2F-E531-4A0B-B869-B2202D456CB1} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-26] (Dropbox, Inc.)
Task: {C1AC5070-A98A-4D4B-94AC-12BAC32661EE} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-11] (Tweaking.com)
Task: {D46FD28E-39BB-4306-9E5B-C088B7600AAD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {D607A50B-39FA-4055-8DCB-5551C1642B3B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {FD05469E-19A5-4072-8D7F-226F7F5F6BBC} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-06-19] (Hewlett-Packard)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_242_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-10-09 08:19 - 2014-04-14 21:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2015-07-07 00:37 - 2015-07-07 00:37 - 00138752 _____ () c:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2016-06-07 11:46 - 2016-06-07 11:46 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-06-07 12:30 - 2016-06-07 12:30 - 00959168 _____ () C:\Users\pocho\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\ClientTelemetry.dll
2016-06-09 06:37 - 2016-06-09 06:38 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-04-27 02:10 - 2016-04-27 02:10 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-06-07 11:46 - 2016-06-07 11:46 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-06-14 06:27 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-06-14 06:27 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-06-14 06:27 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-06-14 06:27 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-06-14 06:27 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-12-22 02:47 - 2015-12-22 02:47 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\kpcengine.2.3.dll
2016-06-09 06:37 - 2016-06-09 06:38 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-06-09 06:37 - 2016-06-09 06:38 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-06-07 12:30 - 2016-06-07 12:30 - 00679624 _____ () C:\Users\pocho\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\ClientTelemetry.dll
2016-06-04 21:50 - 2016-06-02 07:12 - 00947320 _____ () C:\Users\pocho\AppData\Local\Vivaldi\Application\1.2.490.39\ffmpeg.dll
2016-06-04 21:50 - 2016-06-02 07:12 - 01742456 _____ () C:\Users\pocho\AppData\Local\Vivaldi\Application\1.2.490.39\libglesv2.dll
2016-06-04 21:50 - 2016-06-02 07:12 - 00088184 _____ () C:\Users\pocho\AppData\Local\Vivaldi\Application\1.2.490.39\libegl.dll
2016-06-04 08:22 - 2016-05-05 06:09 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-06-04 08:22 - 2016-05-05 06:10 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-06-04 08:22 - 2016-05-05 06:09 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-06-04 08:22 - 2016-05-05 06:09 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-06-04 08:22 - 2016-05-05 06:09 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-06-04 08:22 - 2016-05-31 14:34 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-06-04 08:22 - 2016-05-05 06:11 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-06-04 08:22 - 2016-05-05 06:09 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-06-04 08:22 - 2016-05-31 14:34 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-06-04 08:22 - 2016-05-05 06:09 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-06-04 08:22 - 2016-05-31 14:34 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-06-04 08:22 - 2016-05-05 06:10 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-06-04 08:22 - 2016-05-31 14:34 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-06-04 08:22 - 2016-05-31 14:34 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-06-04 08:22 - 2016-05-31 14:34 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-06-04 08:22 - 2016-05-31 14:34 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-06-04 08:22 - 2016-05-05 06:11 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-06-04 08:22 - 2016-05-05 06:11 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-06-04 08:22 - 2016-05-05 06:11 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-06-04 08:22 - 2016-05-05 06:11 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-06-04 08:22 - 2016-05-31 14:34 - 00021832 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2016-06-04 08:22 - 2016-05-05 06:11 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-06-04 08:22 - 2016-05-05 06:11 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-06-04 08:22 - 2016-05-05 06:11 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-06-04 08:22 - 2016-05-05 06:11 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-06-04 08:22 - 2016-05-05 06:11 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-06-04 08:22 - 2016-05-31 14:34 - 00023872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32._winffi_kernel32.pyd
2016-06-04 08:22 - 2016-05-05 06:09 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-06-04 08:22 - 2016-05-31 14:34 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-06-04 08:22 - 2016-05-05 06:11 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-06-04 08:22 - 2016-05-05 06:11 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-06-04 08:22 - 2016-05-31 14:33 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-06-04 08:22 - 2016-05-05 06:11 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-06-04 08:22 - 2016-05-31 14:34 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-06-04 08:22 - 2016-05-05 06:09 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
2016-06-04 08:22 - 2016-05-05 06:10 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd
2016-06-04 08:22 - 2016-05-31 14:34 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-06-04 08:22 - 2016-05-31 14:34 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-06-04 08:22 - 2016-05-31 14:34 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-06-04 08:22 - 2016-05-31 14:34 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-06-04 08:22 - 2016-05-31 14:34 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-06-04 08:22 - 2016-05-05 06:11 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-06-04 08:22 - 2016-05-31 14:34 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-06-04 08:22 - 2016-05-31 14:34 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-06-04 08:22 - 2016-05-05 06:12 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-06-04 08:22 - 2016-05-31 14:34 - 00031568 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2016-06-04 08:22 - 2016-03-11 20:46 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2016-06-04 08:22 - 2016-05-31 14:34 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-06-04 08:22 - 2016-05-31 14:34 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-06-04 08:22 - 2016-05-05 06:10 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-06-04 08:22 - 2016-05-31 14:34 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-06-04 08:22 - 2016-05-31 14:34 - 01971504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-06-04 08:22 - 2016-05-31 14:34 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-06-04 08:22 - 2016-05-31 14:34 - 00132912 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-06-04 08:22 - 2016-05-31 14:34 - 00223544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-06-04 08:22 - 2016-05-31 14:34 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-06-04 08:22 - 2016-05-05 06:11 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-06-04 08:22 - 2016-05-31 14:34 - 00025928 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2016-06-04 08:22 - 2016-05-31 14:34 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2016-06-04 08:22 - 2016-05-31 14:34 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-06-04 08:22 - 2016-05-31 14:34 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-10 07:04 - 2016-06-06 22:33 - 00000855 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2331441506-1810103855-2456791680-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\pocho\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{F4574C40-259B-4189-9284-26F60D93D5F1}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{1D09E673-210D-4B09-8E96-E74C11603FF5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9EC156BC-C24A-4768-AE69-599AC7A21555}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7700D4F6-A838-4563-BA1D-6462DCD22253}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{234B76C2-30AE-43A8-A10C-9EA7970F7DFE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{CF8C8F03-04FF-4313-9272-D1F68860B788}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{6ECA97E9-1224-47AA-A977-5F1E94BB7490}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
FirewallRules: [{70ABA9D3-898D-4401-AB5A-4534E0331C35}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
FirewallRules: [{516BBF42-2CF4-4408-A9DD-13AB73AB823C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
FirewallRules: [{C3EDAEF5-152B-4925-8ACF-AE5C5C6EEF75}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1D001A20-0366-44EF-AF97-0FD9526B7F8E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1BAD1934-3572-4B15-8E45-2D46EC31D137}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A52BE93E-EB97-4D75-A0AD-1C3996111C12}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Restore Points =========================
 
14-06-2016 19:34:39 PRIOR TO FARBAR RECOVERY SCAN TOOL JUNE 14 2016
 
==================== Faulty Device Manager Devices =============
 
Name: Realtek PCIe FE Family Controller
Description: Realtek PCIe FE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: rt640x64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/14/2016 12:56:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 415766
 
Error: (06/14/2016 12:56:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 415766
 
Error: (06/14/2016 12:56:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (06/14/2016 12:27:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 17247562
 
Error: (06/14/2016 12:27:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 17247562
 
Error: (06/14/2016 12:27:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (06/13/2016 07:22:22 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-3GE0AH5)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/12/2016 07:14:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15206828
 
Error: (06/12/2016 07:14:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15206828
 
Error: (06/12/2016 07:14:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (06/14/2016 06:19:22 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
 
Error: (06/14/2016 06:19:21 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:27:01 PM on ‎6/‎14/‎2016 was unexpected.
 
Error: (06/14/2016 12:37:25 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (06/14/2016 07:39:28 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (06/14/2016 05:40:51 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-3GE0AH5)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}DESKTOP-3GE0AH5pochoS-1-5-21-2331441506-1810103855-2456791680-1001LocalHost (Using LRPC)Microsoft.Windows.FeatureOnDemand.InsiderHub_10.0.10586.0_neutral_neutral_cw5n1h2txyewyS-1-15-2-4016783169-893401051-2237370320-274899566-412088533-2398988950-2155762795
 
Error: (06/14/2016 05:34:43 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
 
Error: (06/14/2016 05:34:38 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:19:16 PM on ‎6/‎13/‎2016 was unexpected.
 
Error: (06/14/2016 05:33:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Microsoft Account Sign-in Assistant service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
 
Error: (06/14/2016 05:33:20 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wlidsvc service.
 
Error: (06/14/2016 05:32:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Network Setup Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
 
 
CodeIntegrity:
===================================
  Date: 2016-06-14 18:23:17.623
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-14 05:48:10.360
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-13 07:19:55.266
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-13 05:35:56.111
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-11 09:15:00.721
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-11 08:14:30.924
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-07 08:23:05.597
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-07 08:20:43.328
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-07 07:59:33.589
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: AMD A4-6210 APU with AMD Radeon R3 Graphics 
Percentage of memory in use: 49%
Total physical RAM: 7102.89 MB
Available physical RAM: 3557.64 MB
Total Virtual: 8894.89 MB
Available Virtual: 4952.71 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:911.35 GB) (Free:830.29 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:18.97 GB) (Free:2.17 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 61C6564D)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

  • 0

#5
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi winterlady

Lets see what we can do.

Step1 - uninstall Spybot


I see that you have Spybot Search & Destroy. We no longer recommend this product because of the poor testing results. I recommend uninstalling this program.

To do this:

right-click the Start button and click Control Panel. Go to Programs and Features (if your Control Panel is in Category view, go to Uninstall a Program).
In the list of installed programs locate and click on Spybot - search & destroy.
Click uninstall.
Say Yes to uninstall and completely remove spybot.
Spybot_uninstall_zpsbz5067sr.jpg
Click on Open Immunizer
Click on Undo Immunization
spybot_uninstall2_zpsjyumq6ck.jpg
Allow it to complete removing the immunization
Click on the X top right hand of Immunization box to close.
Click on Next to continue to uninstall spybot.
Click on Uninstall
Restart the sytem.

Then

I noticed that you run FRST64.exe from Users\\Downloads folder. Please move it to your Desktop. You can do it by right-clicking FRST64.exe, click Cut, then go to Desktop, right-click any free space and click Paste. For the FRST fix to work both FRST64.exe and fixlist.txt must be in the same location and the desktop is where the software is most effective from.


Step2 - FRST fix


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint:
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2331441506-1810103855-2456791680-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
BootExecute: autocheck autochk * sdnclean64.exe
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2331441506-1810103855-2456791680-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
2016-06-14 06:32 - 2016-06-14 06:32 - 00000000 ____D C:\Program Files\Common Files\AV
2016-06-14 06:32 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2016-06-14 06:28 - 2016-06-14 06:28 - 00001471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-06-14 06:28 - 2016-06-14 06:28 - 00001459 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-06-14 06:28 - 2016-06-14 06:28 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2016-06-14 06:28 - 2016-06-14 06:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-06-14 06:27 - 2016-06-14 06:38 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-06-14 06:27 - 2016-06-14 06:34 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-06-14 06:27 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2016-06-14 06:25 - 2016-06-14 06:26 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\pocho\Downloads\spybot-2.4.exe
Task: {3273962C-1C4C-4B12-9674-52076D80CEAF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {A3E1D05E-A449-45C2-80E3-DD3E7E66DA13} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {D46FD28E-39BB-4306-9E5B-C088B7600AAD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
Hosts:
EmptyTemp:

  • Save this as fixlist.txt, in the same location as FRST.exe on your desktop.
    FRSTfix.JPG
  • Run FRST by right clicking on it and selecting Run as Administrator and press Fix
  • On completion a log (fixlog.txt) will be generated.
  • Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.


    Step3 - AdwCleaner



    Download AdwCleaner from here to the Desktop
  • Close all open windows and browsers
  • Double click the Adwcleaner icon to execute the program
  • When the Tool opens for the first time accept the Terms of use
    adwcleaner_zpslhu4ltda.jpg
  • Click the Scan button and wait for the program to finish.
  • Click on options tick -
    Reset proxy settings
    Reset winsock settings
    Reset TCP/IP settings
    Reset IPSec settings
    Reset Internet Explorer policies
    Reset Chrome policies
  • When finished, please click Cleaning button.
  • Upon completion, click Logfile. A log (AdwCleaner[C*].txt) will open.
  • Please copy and paste this in your next reply.


    Things for your next post:
  • fixlog.txt
  • AdwCleaner[C*].txt
  • How is the computer running now?

  • 0

#6
winterlady

winterlady

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

Hi Bruce1270,

 

I have completed the steps and pasted the information below as you requested. 

You asked "How is the computer running now?" ...well so far this evening I've not had any issues with boot up or issues with connecting to the internet although this morning after having followed all the steps except running the AdwCleaner I did have the white screen freeze issue again and had to reboot to resolve. 

 

Another issue is my computer has remained in Selective Startup since selecting that option during the advise of phillpower2 to perform a clean boot prior to running the AIO repair.

I have tried several times now to restart the computer to Normal Startup via msconfig system configuration steps but every time I select the option to return to Normal Startup and reboot it doesn't change it back, the computer remains in Selective Startup. 

I have also attached a screenshot of that taken with my phone for you to see. I don't understand how the computer is starting up as if in Normal mode but clearly shows it is in the Selective Startup. Please advise me what I can do to resolve this new issue.

 

Thanks again for your help!

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:15-06-2016
Ran by pocho (2016-06-16 06:38:14) Run:1
Running from C:\Users\pocho\Desktop
Loaded Profiles: pocho & Hough (Available Profiles: pocho & Hough)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2331441506-1810103855-2456791680-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
BootExecute: autocheck autochk * sdnclean64.exe
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2331441506-1810103855-2456791680-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
2016-06-14 06:32 - 2016-06-14 06:32 - 00000000 ____D C:\Program Files\Common Files\AV
2016-06-14 06:32 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2016-06-14 06:28 - 2016-06-14 06:28 - 00001471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-06-14 06:28 - 2016-06-14 06:28 - 00001459 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-06-14 06:28 - 2016-06-14 06:28 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2016-06-14 06:28 - 2016-06-14 06:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-06-14 06:27 - 2016-06-14 06:38 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-06-14 06:27 - 2016-06-14 06:34 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-06-14 06:27 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2016-06-14 06:25 - 2016-06-14 06:26 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\pocho\Downloads\spybot-2.4.exe
Task: {3273962C-1C4C-4B12-9674-52076D80CEAF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {A3E1D05E-A449-45C2-80E3-DD3E7E66DA13} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {D46FD28E-39BB-4306-9E5B-C088B7600AAD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
Hosts:
EmptyTemp:
*****************
 
Restore point was successfully created.
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe => No running process found
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe => No running process found
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe => No running process found
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SDTray => value not found.
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon => key not found. 
HKU\S-1-5-21-2331441506-1810103855-2456791680-1001\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotPostWindows10UpgradeReInstall => value removed successfully
hklm\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2331441506-1810103855-2456791680-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
SDScannerService => service not found.
SDUpdateService => service not found.
SDWSCService => service not found.
C:\Program Files\Common Files\AV => moved successfully
"C:\Users\Public\Desktop\Post Win10 Spybot-install.exe" => not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk" => not found.
"C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk" => not found.
C:\WINDOWS\System32\Tasks\Safer-Networking => moved successfully
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2" => not found.
C:\ProgramData\Spybot - Search & Destroy => moved successfully
C:\Program Files (x86)\Spybot - Search & Destroy 2 => moved successfully
"C:\WINDOWS\system32\sdnclean64.exe" => not found.
C:\Users\pocho\Downloads\spybot-2.4.exe => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3273962C-1C4C-4B12-9674-52076D80CEAF} => key not found. 
C:\WINDOWS\System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3E1D05E-A449-45C2-80E3-DD3E7E66DA13} => key not found. 
C:\WINDOWS\System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Check for updates => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D46FD28E-39BB-4306-9E5B-C088B7600AAD} => key not found. 
C:\WINDOWS\System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Scan the system => key not found. 
 
=========  netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state on =========
 
Ok.
 
 
========= End of CMD: =========
 
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not restore Hosts.
EmptyTemp: => 367 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 06:40:38 ====

 

 

 

# AdwCleaner v5.200 - Logfile created 16/06/2016 at 07:14:02
# Updated 14/06/2016 by ToolsLib
# Database : 2016-06-16.1 [Server]
# Operating system : Windows 10 Home  (X64)
# Username : pocho - DESKTOP-3GE0AH5
# Running from : C:\Users\pocho\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
[-] Task Deleted : YCMServiceAgent
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
 
*************************
 
:: "Tracing" keys deleted
:: Proxy settings cleared
:: Winsock settings cleared
:: TCP/IP settings cleared
:: IPSec settings cleared
:: IE policies deleted
:: Chrome policies deleted
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [886 bytes] - [16/06/2016 07:14:02]
C:\AdwCleaner\AdwCleaner[S1].txt - [807 bytes] - [16/06/2016 07:08:19]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1030 bytes] ##########

  • 0

#7
winterlady

winterlady

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

Hi Bruce1270,

 

Sorry I didn't realize there was a 5MB limit on attachments so I had to do some resizing of the phone pic to attach it.

 

I just wanted you to see what I was talking about in case I wasn't making sense as to what this start up issue is.

Of course I had to use my phone to capture a screenshot of it.

 

As shown the computer must be in Normal Startup to load all device drivers and services so it's strange that things seem to be loading and working correctly or am I wrong???

 

I would really appreciate any help you can provide in getting my operating system back to a normal startup.

 

Thanks once again!

 

 
 

Attached Thumbnails

  • CAN'T CHANGE FROM SELECTIVE START UP - SCREENSHOT - JUNE 16 2016.jpg

Edited by winterlady, 16 June 2016 - 06:14 PM.

  • 0

#8
winterlady

winterlady

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

 
 


Edited by winterlady, 16 June 2016 - 06:11 PM.

  • 0

#9
winterlady

winterlady

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

 
 


Edited by winterlady, 16 June 2016 - 06:08 PM.

  • 0

#10
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi Winterlady

The screen shot you have provided is correct with the load start up items ticked which means you have reversed the clean boot changes. In windows 10 individual start up items can be managed through task manager, you can see this by right clicking on the bottom of the screen and selecting task manager. Click on start up tab and you can enable/disable individual apps from starting.

My windows 10 boots normally and shows as selective start up so is nothing to worry about. You have come out of the clean boot state. :)


I'm not seeing much else in your logs but we'll do a few more.


Step1 - Malwarebytes


Launch Malwarebytes Anti-Malware
[The MBAM dashboard may appear with an alert to update - click the button Fix Now;

Navigate to the Settings tab > Detection and Protection and ensure all the boxes under Detection Options are checked.

MBAM_settings_zps3dey1yqg.jpg

Return to the Dashboard click on Scan Now;

MBAM_scan_zpsoqfjupkt.jpg

If threats are detected, make sure everything is set to Quarantine and click on Apply actions. If the program asks to reboot your PC, let it do so;
On completion of the scan click on History > Application Log. After that click on the top Scan Log > Export, select Text File and save the log to your Desktop;
Copy and Paste the contents of the log in your next reply.


step2 - aswMBR scan

Download aswMBR.exe ( 511KB ) to your desktop.
If you already have this application, this is a new version I need you to download.
Double click the aswMBR.exe to run it
aswMBR1.png
Click the "Scan" button to start scan
If your computer supports Virtualization Technology, select Yes to use it for rootkit detection.
msgbox.png
On completion of the scan click Save Log, save it to your desktop and post in your next reply
aswMBR2.png
The tool will also produce a copy of the mbrdump labeled MBR.dat. Please zip that file and attach it to a reply.


Step3 - ESET scan

You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Note: You can use either Internet Explorer or Mozilla FireFox for this Scan.
  • Please go here then click on esetbar_zps93905f48.jpg.
  • You will however need to disable your current installed Anti-Virus, how to do so can be read here.
If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

All of the following instructions work with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on Start.
  • When prompted allow Add-On/Active X to install.
  • Make sure Enable detection of potentially unwanted applications is selected.
  • Click the Advanced Settings link.
  • Make sure Remove found threats is NOT checked.
  • Make sure Scan archives IS checked.
  • Make sure Scan for potentially unsafe applications IS checked.
  • Make sure Enable Anti-Stealth technology IS checked
    2.JPG
  • Now click on Start.
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt.
  • Copy and paste that log as a reply to this topic.
  • When completed select Uninstall application on close.
  • Now click on Finish.

    Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


    Things for your next post:
  • MBAM log
  • ESET log
  • aswMBR log and zip file.
  • Any change to your computer?

  • 0

#11
winterlady

winterlady

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

Hi Bruce1270,

 

Sorry I haven't replied until tonight but I've been really busy and haven't had the time to follow your latest instructions. I wanted to at least get back to you to let you know I will try to complete the tasks at hand this evening or at the latest tomorrow after work and send you the logs requested as soon as possible.

 

I do have some concern with following this link aswMBR.exe to down load and run this as the software belongs to Avast and I was previously instructed by your tech support, phillpower2, to uninstall all Avast software already present on my system because he felt it may be causing a conflict with my Kaspersky Security. After doing a little research on this software I didn't like what was found at this link here http://www.file.net/...aswmbr.exe.html. To be on the safe side I don't want to cause more issues than I've already had so for now I will not be performing this step, I will be skipping this process.

 

I am happy to say at this point so far so good with my computer, I haven't had any issues since following your previous instructions. I don't know what was deleted or changed in those processes but it seems something sure has at least right now things are operating smoothly. I don't feel there would be any risk in completing the other two processes you suggested.

 

As you know I already have Malware bytes installed and will run the scan making sure to apply all the options as you've instructed and will follow up with your final instructions to run the ESET online scan.

Once completed I will post the logs / files as soon as possible.

 

As always Thanks so much for your help!


  • 0

#12
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi Winterlady

Thanks for the update. :thumbsup:

I can assure you the tools I ask you to run are perfectly safe but if you feel any concerns or uncomfortable with any of them that is not a problem. :) The aswMBR was only as a precaution and I am not seeing anything serious in your logs.

Look forward to receiving your malwarebytes and ESET logs when you are ready.

Thanks
  • 0

#13
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP